Long-time Slashdot reader Greymane shared this article from Wired: [I]n a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers has created one of what they claim are the first generative AI worms — which can spread from one system to another, potentially stealing data or deploying malware in the process. "It basically means that now you have the ability to conduct or to perform a new kind of cyberattack that hasn't been seen before," says Ben Nassi, a Cornell Tech researcher behind the research. Nassi, along with fellow researchers Stav Cohen and Ron Bitton, created the worm, dubbed Morris II, as a nod to the original Morris computer worm that caused chaos across the Internet in 1988. In a research paper and website shared exclusively with WIRED, the researchers show how the AI worm can attack a generative AI email assistant to steal data from emails and send spam messages — breaking some security protections in ChatGPT and Gemini in the process...in test environments [and not against a publicly available email assistant]...

To create the generative AI worm, the researchers turned to a so-called "adversarial self-replicating prompt." This is a prompt that triggers the generative AI model to output, in its response, another prompt, the researchers say. In short, the AI system is told to produce a set of further instructions in its replies... To show how the worm can work, the researchers created an email system that could send and receive messages using generative AI, plugging into ChatGPT, Gemini, and open source LLM, LLaVA. They then found two ways to exploit the system — by using a text-based self-replicating prompt and by embedding a self-replicating prompt within an image file.

In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which "poisons" the database of an email assistant using retrieval-augmented generation (RAG), a way for LLMs to pull in extra data from outside its system. When the email is retrieved by the RAG, in response to a user query, and is sent to GPT-4 or Gemini Pro to create an answer, it "jailbreaks the GenAI service" and ultimately steals data from the emails, Nassi says. "The generated response containing the sensitive user data later infects new hosts when it is used to reply to an email sent to a new client and then stored in the database of the new client," Nassi says. In the second method, the researchers say, an image with a malicious prompt embedded makes the email assistant forward the message on to others. "By encoding the self-replicating prompt into the image, any kind of image containing spam, abuse material, or even propaganda can be forwarded further to new clients after the initial email has been sent," Nassi says.

In a video demonstrating the research, the email system can be seen forwarding a message multiple times. The researchers also say they could extract data from emails. "It can be names, it can be telephone numbers, credit card numbers, SSN, anything that is considered confidential," Nassi says.
The researchers reported their findings to Google and OpenAI, according to the article, with OpenAI confirming "They appear to have found a way to exploit prompt-injection type vulnerabilities by relying on user input that hasn't been checked or filtered." OpenAI says they're now working to make their systems "more resilient."

Google declined to comment on the research.

An anonymous Slashdot reader shared this report from The Washington Post: A YouTube contractor was addressing the Austin City Council on Thursday, calling on them to urge Google to negotiate with his union, when a colleague interrupted him with jaw-dropping news: His 43-person team of contractors had all been laid off...

The YouTube workers, who work for Google and Cognizant, unanimously voted to unionize under the Alphabet Workers Union-CWA in April 2023. Since then, the workers say that Google has refused to bargain with them. Thursday's layoff signifies continued tensions between Google and its workers, some of whom in 2021 formed a union...

Workers had about 20 minutes to gather their belongings and leave the premises before they were considered trespassing.
Video footage of the moment is embedded at the top of the article. "I was speechless, shocked," said the contractor who'd been speaking. He told the Washington Post "I didn't know what to do. But angered, that was the main feeling." The council meeting was streaming live online and has since spread on social media. The contractors view the layoff as retaliation for unionizing, but Google and information technology subcontractor Cognizant said it was the normal end of a business contract.

The ability for layoffs to spread over social media highlights how the painful experience of a job loss is frequently being made public, from employees sharing recordings of Zoom meetings to posting about their unemployment. The increasing tension between YouTube's contractors and Google comes as massive layoffs continue to hit the tech industry — leaving workers uneasy and companies emboldened. Google already has had rounds of cuts the past two years.

Google has been in a long-running battle with many of its contractors as they seek the perks and high pay that full-time Google workers are accustomed to. The company has tens of thousands of contractors doing everything from food service to sales to writing code... Google maintains that Cognizant is responsible for the contractors' employment and working conditions, and therefore isn't responsible for bargaining with them. Cognizant said it is offering the workers seven weeks of paid time to explore other roles at the company and use its training resources.

Last year, the National Labor Relations Board ruled that Cognizant and Google are joint employers of the contractors. In January, the NLRB sent a cease-and-desist letter to both employers for failing to bargain with the union. Since then the issue of joint employment, which would ultimately determine which company is responsible for bargaining, has landed in an appeals court and has yet to be ruled on.
"Workers say they don't have sick pay, receive minimal benefits and are paid as little as $19 an hour," according to the article, "forcing some to work multiple jobs to make ends meet." Sam Regan, a data analyst contractor for YouTube Music, told the Washington Post that he was one of the last workers to leave the meeting where the layoffs were announced.

"Upon leaving, he heard one of the security guards call the non-emergency police line to report trespassers."

Google is cracking down on rooted Android devices, blocking multiple people from using the RCS message feature in Google Messages. From a report: Users with rooted phones -- a process that unlocks privileged access to the Android operating system, like jailbreaking iPhones -- have made several reports on the Google Messages support page, Reddit, and XDA's web forum over the last few months, finding they're suddenly unable to send or receive RCS messages. One example from Reddit user u/joefuf shows that RCS messages would simply vanish after hitting the send button. Several reports also mention that Google Messages gave no indication that RCS chat was no longer working, and was still showing as connected and working in Google Messages. In a statement sent to the Verge where we asked if Google is blocking rooted devices from using RCS, Google communications manager Ivy Hunt said the company is "ensuring that message-issuing/receiving devices are following the operating measures defined by the RCS standard" in a bid to prevent spam and abuse on Google Messages. In other words, yes, Google is blocking RCS on rooted devices.

An anonymous reader quotes a report from Ars Technica: The FBI and partners from 10 other countries are urging owners of Ubiquiti EdgeRouters to check their gear for signs they've been hacked and are being used to conceal ongoing malicious operations by Russian state hackers. The Ubiquiti EdgeRouters make an ideal hideout for hackers. The inexpensive gear, used in homes and small offices, runs a version of Linux that can host malware that surreptitiously runs behind the scenes. The hackers then use the routers to conduct their malicious activities. Rather than using infrastructure and IP addresses that are known to be hostile, the connections come from benign-appearing devices hosted by addresses with trustworthy reputations, allowing them to receive a green light from security defenses.

"In summary, with root access to compromised Ubiquiti EdgeRouters, APT28 actors have unfettered access to Linux-based operating systems to install tooling and to obfuscate their identity while conducting malicious campaigns," FBI officials wrote in an advisory Tuesday. APT28 -- one of the names used to track a group backed by the Russian General Staff Main Intelligence Directorate known as GRU -- has been doing just for at least the past four years, the FBI has alleged. Earlier this month, the FBI revealed that it had quietly removed Russian malware from routers in US homes and businesses. The operation, which received prior court authorization, went on to add firewall rules that would prevent APT28 -- also tracked under names including Sofacy Group, Forest Blizzard, Pawn Storm, Fancy Bear, and Sednit -- from being able to regain control of the devices.

On Tuesday, FBI officials noted that the operation only removed the malware used by APT28 and temporarily blocked the group using its infrastructure from reinfecting them. The move did nothing to patch any vulnerabilities in the routers or to remove weak or default credentials hackers could exploit to once again use the devices to surreptitiously host their malware. "The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers," they warned. "However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises."

Those actions include:

- Perform a hardware factory reset to remove all malicious files
- Upgrade to the latest firmware version
- Change any default usernames and passwords
- Implement firewall rules to restrict outside access to remote management services

Emanuel Maiberg reports via 404 Media: Dozens of Ghost kitchens, restaurants that serve food exclusively by delivery on apps like DoorDash and Grubhub, are selling food that they promote to customers with AI-generated images. It's common for advertisements to stage or edit pictures of food to make it look more enticing, but in these cases the ghost kitchens are showing people pictures of food that literally doesn't exist, and looks nothing like the actual items they're selling, sometimes because the faulty AI is producing physically impossible food items. [...] Some ghost kitchens exist as unmarked commercial kitchens with no actual restaurant you can visit that simply fulfill orders for a variety of brands that only exist on the food delivery services. Other ghost kitchens piggyback on existing, real restaurant kitchens to fulfill orders for those brands that exist only on food delivery apps.

[The food from a business on DoorDash called Pasta Lovers] actually comes from Tony's Pizzeria in North Brooklyn, which also fulfills orders for a cheesesteak brand called Philly Cheez, a hero sandwich brand called Hero Mania, and a wrap brand called That's A Wrap. All of these brands deliver food from different ghost kitchens across the country, and all of them feature the same type of AI-generated images to promote their food, some of which looks ridiculous. [...]

"We don't allow the use of AI-generated images and if we find a merchant is using any, we will remove those images from their menu," Grubhub, which also operates Seamless, told me in an email. However, at the time of writing the AI-generated images on Seamless I sent the company are still live on its site. "We know how important it is for diners to have realistic expectations of what they are ordering and should expect to receive, which is why we share image guidelines with our partners and our system reviews image submissions before they're allowed on our platform." "DoorDash is committed to showcasing realistic representations of meals that customers would receive when ordering online," DoorDash told me in an email. "Showcasing high-quality, accurate, and realistic menu images is crucial for maintaining customer trust and generating sales through DoorDash Marketplace." "This is all incredibly depressing," concludes Maiberg. "A local pizzeria can't get by unless it makes sandwiches for ghost kitchen brands, the people who make a living taking photographs of food are being displaced by AI tools, and gigantic food delivery apps are still making money by taking a cut from restaurants and screwing over gig delivery drivers."

"AI-generated images of food that people can order and eat finally brings us to a shockingly literal manifestation of Jean Baudrillard's Simulacra. Baudrillard would say the Spicy Philly Cheese from Philly Cheez is "never that which conceals the truth -- it is the truth which conceals that there is none."

Apple has filed a lawsuit against the U.S. Patent and Trademark Office for refusing to grant trademarks covering the company's augmented-reality software development tools "Reality Composer" and "Reality Converter." Reuters reports: Apple, whose augmented-reality technology is a centerpiece of its newly released Vision Pro headset, asked the court (PDF) on Friday to reverse the USPTO's decision that the phrases were not distinctive enough to receive federal trademark protection. "Consumers must exercise imagination to understand how the nonsensical phrases 'reality composer' and 'reality converter' -- which sound like science fiction impossibilities -- relate to Apple's products," the complaint said. "They are suggestive, just as Burger King is a fast-food chain, not an actual monarch."

Apple's Reality Composer and Reality Converter allow developers to create and alter 3-D augmented-reality content for Apple apps. The content is compatible with Apple devices including the Vision Pro mixed-reality headset, which the tech giant began selling earlier this month. Turkish visual-effects company ZeroDensity challenged Apple's trademark applications at the USPTO, arguing that the phrases could not receive federal trademarks because they merely describe what the software does. ZeroDensity also said Apple's trademarks would cause confusion with its own "Reality"-related marks.

ZeroDensity, the named defendant in the case, said in a statement on Monday that it was "surprised and concerned by [Apple's] misinterpretation and misrepresentation of our company" and is "resolute in defending our 'Reality' trademarks." A USPTO tribunal agreed with ZeroDensity that Apple's marks were descriptive without addressing whether they would confuse consumers. Apple said in Friday's complaint that its phrases were "made-up terms coined by Apple that do not describe the underlying software development tools." "In contrast, descriptive terms like Raisin Bran or American Airlines straightforwardly describe the goods and services offered under the brand name," Apple said. "As innovative as Apple is, it cannot 'compose' or 'convert' reality." Apple argued that its marks would not cause consumer confusion and accused ZeroDensity of trying to "claim broad rights in the word 'reality,' which no one entity can monopolize."

Since 2010, billionaire tech investor Peter Thiel has offered to pay about 20 students $100,000 to drop out of school each year "to start companies or nonprofits," reports the Wall Street Journal. His program has now backed 271 people, and this year the applicant pool "is bigger than ever."

So how's it going? Some big successes include Vitalik Buterin, co-founder of Ethereum, the blockchain network; Laura Deming, a key figure in venture investing in aging and longevity; Austin Russell, who runs self-driving technologies company Luminar Technologies; and Paul Gu, co-founder of consumer lending company Upstart...

Thiel and executives of the fellowship acknowledge they have learned painful lessons along the way. Some applicants pursued ambitious ideas that turned out to be unrealistic, for example. "Asteroid mining is great for press releases but maybe we should have pushed back early on," he says. Others were better at applying to be Thiel fellows than they were starting businesses, it turned out... They've also learned that lone geniuses with brilliant ideas aren't usually the kinds of people who can build organizations. "It's a team sport to get something going and build on it, you can't just be a mad genius, you have to have some social skills and emotional intelligence," says Michael Gibson, an early leader of the organization who is co-founder of a venture fund that invests primarily in those who don't have a college degree...

Thiel hasn't attempted to build a better education system, which program officials acknowledge has made it harder to develop talent in the program... Thiel fellows say they don't receive much more than funding from the program and have limited contact with Thiel, though access to a network of former Thiel fellows can be useful. "Meeting some of the other members inspires you to think bigger," says Boyan Slat, a 2016 Thiel fellow who is chief executive of The Ocean Cleanup, a Netherlands-based nonprofit developing technologies to remove plastic from oceans. Slat says he has spoken to Thiel "three or four times."

As a result, Thiel and other staffers have concluded they can't grow beyond the 20 or so young people chosen as fellows each year. "If you scale the program," Thiel says, "you will have a lot more people who aren't quite ready, you would then have to be super-confident you can develop them" — which Thiel and his colleagues say they aren't skilled at doing... About a quarter of the Thiel fellows eventually returned to college to finish their degrees, suggesting that even the dropouts see enduring value in higher education.

Thiel says they "got way more out of it by going back" after launching their businesses.

"The other 75% didn't need a college degree," he says.

Google is shutting down the Google Pay app, as the standalone app has largely been replaced by Google Wallet. According to TechCrunch, Google Pay "will only be available in Singapore and India" after its shuts down in the United States. From the report: Users can continue to access the app's most popular features right from Google Wallet, which Google says is used five times more than the Google Pay app in the United States. After June 4, users will no longer be able to send, request or receive money through the U.S. version of the Google Pay app. Users have until that date to view and transfer their Google Pay balance to their bank account via the app. If you still have funds in your account after that date, you can view and transfer your funds to your bank from the Google Pay website.

Users who used the Google Pay app to find offers and deals can still so do using the new deals destination on Google Search, the company says. Google Wallet is the company's primary place for mobile payments in the United States, and will likely remain so. The app lets you use your phone to pay in stores, board a plane, ride transit, store loyalty cards, save driver's licenses and start your car via a digital key.

The Supreme Court's conservative majority seemed skeptical Wednesday as the Environmental Protection Agency sought to continue enforcing an anti-air-pollution rule in 11 states while separate legal challenges proceed around the country. From a report: The EPA's "good neighbor" rule is intended to restrict smokestack emissions from power plants and other industrial sources that burden downwind areas with smog-causing pollution. Three energy-producing states -- Ohio, Indiana and West Virginia -- challenged the rule, along with the steel industry and other groups, calling it costly and ineffective. The rule is on hold in a dozen states because of the court challenges.

The Supreme Court, with a 6-3 conservative majority, has increasingly reined in the powers of federal agencies, including the EPA, in recent years. The justices have restricted EPA's authority to fight air and water pollution -- including a landmark 2022 ruling that limited EPA's authority to regulate carbon dioxide emissions from power plants that contribute to global warming. The court also shot down a vaccine mandate and blocked President Joe Biden's student loan forgiveness program.

The court is currently weighing whether to overturn its 40-year-old Chevron decision, which has been the basis for upholding a wide range of regulations on public health, workplace safety and consumer protections. A lawyer for the EPA said the "good neighbor" rule was important to protect downwind states that receive unwanted air pollution from other states. Besides the potential health impacts, the states face their own federal deadlines to ensure clean air, said Deputy U.S. Solicitor General Malcolm Stewart, representing the EPA.

An anonymous reader shares a report: When Google Wallet launched in 2022, Google kept the "GPay" app around in a handful of countries. The company announced today that the old Google Pay app is soon going away in the US. That app, which appears as "GPay" on your Android homescreen, was Google's previous vision for mobile payments and finance.

It was "designed around your relationships with people and businesses" with conversation-like threads serving as a purchase history, while keeping track of your spending was another big aspect. GPay will stop working in the US from June 4, 2024. It will remain available for users in India and Singapore as Google continues to "build for the unique needs in those countries." As part of the app going away, Google is shutting down peer-to-peer payments that let you send, request, or receive money from others in the US. Google's P2P offering never really took off.

An anonymous reader shares a report: "The first one, I'll be honest, probably took seven or eight hours," says TJ Gardner. "But the subsequent ones -- Stroke the Beaver, for example -- would have taken about half an hour." Gardner is the creator of the "Stroke" video games, available to download from the PlayStation Store for $4 a pop. Each one features a different animal -- cats, dogs and hamsters, along with less cuddly creatures such as snakes and fish -- and they all follow the same blueprint.

When you start the game, an image of the animal appears against a plain blue background. In the top left-hand corner of the screen are the words "Strokes 0." You press X to stroke the animal. The animal flashes briefly. The number in the corner goes up by 1. After 25 strokes, you are rewarded with a bronze trophy. Keep going until you hit 2,000 strokes, and you will receive a platinum award. That's it. There is no animation; there are no sound effects. Just a picture of an animal under a Creative Commons licence from Wikipedia, and some lo-fi acoustic beats looping endlessly in the background. No running, no jumping, no guns, no baddies, no special moves or power-ups or puzzles. Are the Stroke games even video games at all? The Stroke games, launched in September 2022, have been downloaded more than 120,000 times, amassing nearly $350,000 in sales. Sony takes a 30% cut for hosting the game in the PlayStation Store, leaving Gardner with a pre-tax profit of about $240,000.

"After years of rapid expansion, California's booming EV market may be showing signs of fatigue," reports the Los Angeles Times, "as high vehicle prices, unreliable charging networks and other consumer headaches appear to dampen enthusiasm for zero-emission vehicles.

"For the first time in more than a decade, electric vehicle sales dropped significantly in the last half of 2023..." Sales of all-electric cars and light trucks in California had started off strong in 2023, rising 48% in the first half of the year compared with a year earlier. By that time, California EV sales numbered roughly 190,807 — or slightly more than a quarter of all EV sales in the nation, according to the California New Car Dealers Assn. But it's what happened in the second half of last year though that's generating jitters. Sales in the third quarter fell by 2,840 from the previous period — the first quarterly drop for EVs in California since the Tesla Model S was introduced in 2012. And the fourth quarter was even worse: Sales dropped 10.2%, from 100,151 to 89,933...

Propelled by the sales success of Tesla, and boosted by electric vehicles from other automakers entering the market, consumer acceptance of EVs had seemed like a given until recently. In fact, robust sales growth is a key assumption in the state's zero-emission vehicle plan... Under the no-gas mandate, zero-emission vehicles must account for 35% of all new vehicle sales by model year 2026.... Nationally, EV sales growth also has slowed as automakers such as Ford and General Motors cut back — at least temporarily — on EV and battery production plans. Hertz, the rental car giant, is also pulling back on plans to shift heavily toward EVs. Hertz several years ago announced plans to buy 100,000 Teslas but is now selling off its EV fleet.

Corey Cantor, EV analyst at Bloomberg BNEF, an energy research firm, said that although recent sales figures are worrisome, there's plenty of momentum behind the EV transition, as evidenced by government mandates around the globe and massive investments by motor vehicle manufacturers and their suppliers. Those investments total $616 billion globally over five years, according to consulting firm AlixPartners.
But EVs haven't reached "price parity" with gas-powered engines, the article points out, so just 7.6% of the vehicles sold last year in the U.S. were electric — while in California, the market share for EVS was 20.1%.

The article also quantifies concerns about reliability of California's public charging system, which "according to studies from academic researchers and market analysts, can be counted on to malfunction at least 20% of the time." After $1 billion in state money for charger companies, the state's Energy Commission will now also start collecting reliability statistics, according to the article. But the article also cites wait times at the chargers. "Even if they were reliable, there aren't enough chargers to go around. EV sales have outpaced public charger installation."

Some good news? The federal government is spending $5 billion nationally to put fast chargers on major highways at 50-mile intervals. California will receive $384 million. Seven major automakers have also teamed up to build a North American charging network of their own, called Ionna. The joint venture plans to install at least 30,000 chargers — which would be open to any EV brand — at stations that will provide restrooms, food service and retail stores on site or nearby.

"It appears that Apple Pay is down — particularly for Chase customers," reports the Verge: Verge staffers have had their cards declined while trying to pay with Chase cards using Apple Pay, while using the same physical card works just fine. Several people on Threads confirmed the same issue when I asked — although people with non-Chase banks like Citi appear to be using Apple Pay just fine...

For what it's worth, the Chase customer service line is currently up to 15-minute wait times, and agents are telling people that Apple Pay is "going through maintenance" to receive "an unexpected upgrade," which is a delightful euphemism. Sadly, no one seems to know when things will be fixed.
"Maintenance in progress," says Apple's system status page — saying their maintenance started five hours ago and is "ongoing." (It adds that some users may be "affected," and that some Maryland Users "may have issues.")

But the Verge writes that "we've had reports in both New York and Los Angeles," while commenters on their article add that they've also experienced the same problem in Florida and in Colorado.

UPDATE (2/18/2024): An Apple spokesperson told the Verge Sunday this "was not an Apple Pay issue, and we saw no problems with our systems." (The Verge adds that "the not-so-subtle subtext there being that this was a Chase problem...") The spokesperson added that Apple's maintenance announcement on their system status page was unrelated.

Some ZFS news from Phoronix this week. "At the end of last year OpenZFS 2.2.2 was released to fix a rare but nasty data corruption issue, but it turns out there are other data corruption bug(s) still lurking in the OpenZFS file-system codebase." A Phoronix reader wrote in today about an OpenZFS data corruption bug when employing native encryption and making use of send/recv support. Making use of zfs send on an encrypted dataset can cause one or more snapshots to report errors. OpenZFS data corruption issues in this area have apparently been known for years.

Since May 2021 there's been this open issue around ZFS corruption related to snapshots on post-2.0 OpenZFS. That issue remains open. A new ticket has been opened for OpenZFS as well in proposing to add warnings against using ZFS native encryption and the send/receive support in production environments.
jd (Slashdot reader #1,658) spotted the news — and adds a positive note. "Bugs, old and new, are being catalogued and addressed much more quickly now that core development is done under Linux, even though it is not mainstreamed in the kernel."

According to NASA, the OSIRIS-REx mission has successfully collected 121.6 grams, or almost 4.3 ounces, of rock and dust from the asteroid Bennu. Universe Today reports: These samples have been a long time coming. The OSIRIS-REx (Origins, Spectral Interpretation, Resource Identification, and Security-Regolith Explorer) was approved by NASA back in 2011 and launched in September 2016. It reached its target, the carbonaceous Apollo group asteroid 101955 Bennu, in December 2018. After spending months studying the asteroid and reconnoitring for a suitable sampling location, it selected one in December 2019. After two sampling rehearsals, the spacecraft gathered its sample on October 20th, 2020. In September 2023, the sample finally returned to Earth.

For OSIRIS-REx to be successful, it had to collect at least 60 grams of material. With a final total that is double that, it should open up more research opportunities and allow more of the material to be held untouched for future research. NASA says they will preserve 70% of the sample for the future, including for future generations. The next step is for the material to be put into containers and sent to researchers. More than 200 researchers around the world will receive samples. Many of the samples will find their way to scientists at NASA and institutions in the US, while others will go to researchers at institutions associated with the Canadian Space Agency, JAXA, and other partner nations. Canada will receive 4% of the sample, the first time that Canada's scientific community will have direct access to a returned asteroid sample.

An anonymous reader quotes a report from Ars Technica: On Thursday, AMC notified subscribers of a proposed $8.3 million settlement that provides awards to an estimated 6 million subscribers of its six streaming services: AMC+, Shudder, Acorn TV, ALLBLK, SundanceNow, and HIDIVE. The settlement comes in response to allegations that AMC illegally shared subscribers' viewing history with tech companies like Google, Facebook, and X (aka Twitter) in violation of the Video Privacy Protection Act (VPPA). Passed in 1988, the VPPA prohibits AMC and other video service providers from sharing "information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider." It was originally passed to protect individuals' right to private viewing habits, after a journalist published the mostly unrevealing video rental history of a judge, Robert Bork, who had been nominated to the Supreme Court by Ronald Reagan.

The so-called "Bork Tapes" revealed little -- other than that the judge frequently rented spy thrillers and British costume dramas -- but lawmakers recognized that speech could be chilled by monitoring anyone's viewing habits. While the law was born in the era of Blockbuster Video, subscribers suing AMC wrote in their amended complaint (PDF) that "the importance of legislation like the VPPA in the modern era of datamining is more pronounced than ever before." According to subscribers suing, AMC allegedly installed tracking technologies -- including the Meta Pixel, the X Tracking Pixel, and Google Tracking Technology -- on its website, allowing their personally identifying information to be connected with their viewing history. [...]

If it's approved, AMC has agreed to "suspend, remove, or modify operation of the Meta Pixel and other Third-Party Tracking Technologies so that use of such technologies on AMC Services will not result in AMC's disclosure to the third-party technology companies of the specific video content requested or obtained by a specific individual." All registered users of AMC services who "requested or obtained video content on at least one of the six AMC services" between January 18, 2021, and January 10, 2024, are currently eligible to submit claims under the proposed settlement. The deadline to submit is April 9. In addition to distributing the $8.3 million settlement fund among class members, subscribers will also receive a free one-week digital subscription.

The Chromium team is prototyping Web Monetization to allow websites to automatically receive micro payments from visitors for their content, bypassing traditional ad or subscription models. The Register reports: Earlier this month, Alexander Surkov, a software engineer at open source consultancy Igalia, announced the Chromium team's intent to prototype Web Monetization, an incubating community specification that would let websites automatically receive payments from online visitors, as opposed to advertisers, via a web browser and a designated payment service.

"Web monetization is a web technology that enables website owners to receive micro payments from users as they interact with their content," Surkov wrote in an explanatory document published last summer. "It provides a way for content creators and website owners to be compensated for their work without relying solely on ads or subscriptions. Notably, Web Monetization (WM) offers two unique features -- small payments and no user interaction -- that address several important scenarios currently unmet on the web."

"Open Payments API is an open HTTP-based standard created to facilitate micro transactions on the web," wrote Surkov. "It is implemented by a wallet and enables the transfer of funds between two wallets. It leverages fine-grained access grants, based on GNAP (Grant Negotiation and Authorization Protocol), which gives wallet owners precise control over the permissions granted to applications connected to their wallet." The basic idea is web users will get a digital wallet, provided by Gatehub and Fynbos presently, and web publishers will add a link tag to their site's block formatted like so: . Thereafter, site visitors who have linked their digital wallet to their browser will pay out funds to the requesting publisher, subject to the browser's permissions policy.

A lawsuit involving the now-defunct Google+ social media site "has been settled for $350 million," reports CPO magazine, "after a lengthy appeals process played out..."

"[T]he total pool after attorney and legal fees are deducted is likely to be well over $200 million." [The lawsuit] dates all the way back to 2018, when Google internally discovered that the Google+ API was being abused to access the private data of about half a million of the social media service's users. Google opted not to publicly declare the breach, as they were not legally compelled to.

News of it came via the Wall Street Journal in late 2018. Google shareholders contend that the company kept the issue under wraps due to the Cambridge Analytica scandal that Facebook was experiencing at the time, believing that they would suffer a similar negative PR blow. This was supported by an internal company memo that became public.

As the news of the exploitable software glitch gradually came out, Google shareholders took a hit as the company collectively lost tens of billions of dollars in market value. The lead plaintiff in the case is Rhode Island Treasurer James Diossa, who was responsible for overseeing a state pension fund that held stock in Google parent company Alphabet.

Google+ was shuttered in 2019 after an eight-year run due in part to repeated technical issues with unauthorized API access (as well as low user engagement).
"If the settlement is approved by the 9th Circuit judge, the proceeds will be available to Google shareholders who held stock at any time from April 23, 2018, to April 30, 2019...

"A separate class-action privacy lawsuit involving users who had private data exposed during the incident was settled in 2018 for $7.5 million, leading to very low payments for each of the claimants."

Since 2006 Baldrson (Slashdot reader #78,598) has been part of the team verifying "The Hutter Prize for Lossless Compression of Human Knowledge," an ongoing challenge to compress a 100-MB excerpt of Wikipedia (approximately the amount a human can read in a lifetime).

"The intention of this prize is to encourage development of intelligent compressors/programs as a path to Artificial General Intelligence," explains the project's web site. 15 years ago, Baldrson wrote a Slashdot post explaining the logic (titled "Compress Wikipedia and Win AI Prize"): The basic theory, for which Hutter provides a proof, is that after any set of observations the optimal move by an AI is find the smallest program that predicts those observations and then assume its environment is controlled by that program. Think of it as Ockham's Razor on steroids.
The amount of the prize also increases based on how much compression is achieved. (So if you compress the 1GB file x% better than the current record, you'll receive x% of the prize...) The first prize was awarded in 2006. And now Baldrson writes: Kaido Orav has just improved 1.38% on the Hutter Prize for Lossless Compression of Human Knowledge with his "fx-cmix" entry.

The competition seems to be heating up, with this winner coming a mere 6 months since the prior winner. This is all the more impressive since each improvement in the benchmark approaches the (unknown) minimum size called the Kolmogorov Complexity of the data.

Mozilla has rolled out a new $9 per month service called Mozilla Monitor Plus that automatically scrubs personal information from over 190 data broker sites. The tool builds on the free Firefox Monitor platform, expanding monitoring capabilities and proactively removing exposed details to protect user privacy. Subscribers will also receive data breach alerts under the new service.