The EU's European Data Protection Board oversees its privacy-protecting GDPR policies.

Earlier this week, TechCrunch reported that nearly two dozen civil society groups and nonprofits wrote the Board an open letter "urging it not to endorse a strategy used by Meta that they say is intended to bypass the EU's privacy protections for commercial gain."

Meta's strategy is sometimes called "Pay or Okay," writes long-time Slashdot reader AmiMoJo : Meta offers users a choice: "consent" to tracking, or pay over €250/year to use its sites without invasive monetization of personal data.
Meta prefers the phrase "subsccription for no ads," and told TechCrunch it makes them compliant with EU laws: A raft of complaints have been filed against Meta's implementation of the pay-or-consent tactic since it launched the "no ads" subscription offer last fall. Additionally, in a notable step last month, the European Union opened a formal investigation into Meta's tactic, seeking to find whether it breaches obligations that apply to Facebook and Instagram under the competition-focused Digital Markets Act. That probe remains ongoing.
The letter to the Board called for "robust protections that prioritize data subjects' agency and control over their information." And Wednesday the board issued its first decision:

"[I]n most cases, it will not be possible for [social media services] to comply with the requirements for valid consent, if they confront users only with a choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee." The EDPB considers that offering only a paid alternative to services which involve the processing of personal data for behavioural advertising purposes should not be the default way forward for controllers. When developing alternatives, large online platforms should consider providing individuals with an 'equivalent alternative' that does not entail the payment of a fee. If controllers do opt to charge a fee for access to the 'equivalent alternative', they should give significant consideration to offering an additional alternative. This free alternative should be without behavioural advertising, e.g. with a form of advertising involving the processing of less or no personal data.
EDPB Chair, Anu Talus added: "Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy."

An anonymous reader quotes a report from The Hill: The House on Wednesday approved a bill that would limit how the government can purchase data from third parties — legislation that scored a vote after negotiations with a group of GOP colleagues who briefly tanked a vote on warrantless spy powers. Dubbed the Fourth Amendment is Not For Sale, the legislation passed 219-199. It requires law enforcement and other government entities to get a warrant before buying information from third-party data brokers who purchase information gleaned from apps. [...] Senior administration officials said the measure would blind U.S. intelligence outfits from getting information easily purchased by foreign intelligence operations.

"In practice, these standards make it impossible for the [intelligence community], law enforcement to acquire a whole host of readily available information that they currently rely on," an administration official said. "Covered customer records as defined in the bill is very broad and includes records pertaining to any U.S. person or indeed any foreigner inside the United States. And as a practical matter, there's often no way to establish whether a particular individual was in the U.S. at a particular time a piece of data was created. Unless you did one thing, which is paradoxically to intrude further into their privacy just to figure out whether you could obtain some data." "It can be impossible to know what's in a data set before one actually obtains a data set," the official continued. "So you'd be barred from getting that which you don't even know."

Senator Elizabeth Warren (D-MA) has written a letter to the Federal Trade Commission, saying that TurboTax "continues to relentlessly upsell" customers while also directing them away from services that would otherwise be free. From a report: As noted in the letter, Warren's staff analyzed TurboTax's services using a sample taxpayer and found that the company attempted to upsell the customer eight times during the tax filing process. Warren writes that in "several cases," these solicitations "appear to be efforts to mislead customers into thinking that they must pay the extra fees in order to file their taxes when that is not the case." Some show up as full-screen prompts, forcing users to scroll to the bottom to deny the upgrade.

In one instance, Warren's team found that TurboTax highlighted its $89 tax filing package as "the right option" for their sample taxpayer, leaving the free option at the bottom of the page. After choosing just one upgrade, Warren's staff found that their sample taxpayer with "simple" filing requirements had to pay an extra $69 to report her unemployment income and educator expenses, plus $64 to file Massachusetts state tax returns. That makes for a grand total of $133 -- a sum people wouldn't have to pay through the IRS's free Direct File service, Warren argues.

Privacy startup Proton already offers an email app, a VPN tool, cloud storage, a password manager, and a calendar app. In April 2022, Proton acquired SimpleLogin, an open-source product that generates email aliases to protect inboxes from spam and phishing. Today, Proton acquired Standard Notes, advancing its already strong commitment to the open-source community. From a report: Standard Notes is an open-source note-taking app, available on both mobile and desktop platforms, with a user base of over 300,000. [...] Proton founder and CEO Andy Yen makes a point of stating that Standard Notes will remain open-source, will continue to undergo independent audits, will continue to develop new features and updates, and that prices for the app/service will not change. Standard Notes has three tiers: Free, which includes 100MB of storage, offline access, and unlimited device sync; Productivity for $90 per year, which includes features like markdown, spreadsheets with advanced formulas, Daily Notebooks, and two-factor authentication; and Professional for $120 per year, which includes 100GB of cloud storage, sharing for up to five accounts, no file limit size, and more.

An anonymous reader quotes a report from Wired: Congress may be closer than ever to passing a comprehensive data privacy framework after key House and Senate committee leaders released a new proposal on Sunday. The bipartisan proposal, titled the American Privacy Rights Act, or APRA, would limit the types of consumer data that companies can collect, retain, and use, allowing solely what they'd need to operate their services. Users would also be allowed to opt out of targeted advertising, and have the ability to view, correct, delete, and download their data from online services. The proposal would also create a national registry of data brokers, and force those companies to allow users to opt out of having their data sold. [...] In an interview with The Spokesman Review on Sunday, [Cathy McMorris Rodgers, House Energy and Commerce Committee chair] claimed that the draft's language is stronger than any active laws, seemingly as an attempt to assuage the concerns of Democrats who have long fought attempts to preempt preexisting state-level protections. APRA does allow states to pass their own privacy laws related to civil rights and consumer protections, among other exceptions.

In the previous session of Congress, the leaders of the House Energy and Commerce Committees brokered a deal with Roger Wicker, the top Republican on the Senate Commerce Committee, on a bill that would preempt state laws with the exception of the California Consumer Privacy Act and the Biometric Information Privacy Act of Illinois. That measure, titled the American Data Privacy and Protection Act, also created a weaker private right of action than most Democrats were willing to support. Maria Cantwell, Senate Commerce Committee chair, refused to support the measure, instead circulating her own draft legislation. The ADPPA hasn't been reintroduced, but APRA was designed as a compromise. "I think we have threaded a very important needle here," Cantwell told The Spokesman Review. "We are preserving those standards that California and Illinois and Washington have."

APRA includes language from California's landmark privacy law allowing people to sue companies when they are harmed by a data breach. It also provides the Federal Trade Commission, state attorneys general, and private citizens the authority to sue companies when they violate the law. The categories of data that would be impacted by APRA include certain categories of "information that identifies or is linked or reasonably linkable to an individual or device," according to a Senate Commerce Committee summary of the legislation. Small businesses -- those with $40 million or less in annual revenue and limited data collection -- would be exempt under APRA, with enforcement focused on businesses with $250 million or more in yearly revenue. Governments and "entities working on behalf of governments" are excluded under the bill, as are the National Center for Missing and Exploited Children and, apart from certain cybersecurity provisions, "fraud-fighting" nonprofits. Frank Pallone, the top Democrat on the House Energy and Commerce Committee, called the draft "very strong" in a Sunday statement, but said he wanted to "strengthen" it with tighter child safety provisions.

Magnetic switches are emerging as a potential game-changer for mechanical keyboards. By using magnets instead of physical contacts, these switches allow users to adjust the actuation point of each key. While still a nascent technology lacking standardization, magnetic switches could bring a new level of customization to keyboards, TechCrunch writes.

Google has introduced a new JPEG library called Jpegli, which reduces noise and improves image quality over traditional JPEGs. Proponents of the technology said it has the potential to make the Internet faster and more beautiful. InfoWorld reports: Announced April 3 and accessible from GitHub, Jpegli maintains high backward compatibility while offering enhanced capabilities and a 35% compression ratio at high-quality compression settings, Google said. Jpegli works by using new techniques to reduce noise and improve image quality. New or improved features include adaptive quantization heuristics from the JPEG XL reference implementation, improved quantization matrix selection, calculation of intermediate results, and the possibility to use more advanced colorspace.

The library provides an interoperable encoder and decoder complying with the original JPEG standard and its most convenient 8-bit formalism and API/ABI compatibility with libjeg-turbo and MozJPEG. When images are compressed or decompressed through Jpegli, more precise and psycho-visually effective computations are also performed; images will look clearer and have fewer observable artifacts. While improving on the density ratio of image quality and compression, Jpegli's coding speed is comparable to traditional approaches such as MozJPEG, according to Google. Web developers can thus integrate Jpegli into existing workflows without sacrificing coding speed, performance, or memory use.

Jpegli can be encoded with 10-plus bits per component. The 10-bit encoding happens in the original 8-bit formalism and the resulting images are interoperable with 8-bit viewers. The 10-bit dynamics are available as an API extension and application code changes are necessary to apply it. Also, Jpegli compresses images more efficiently than traditional JPEG codecs; this can save bandwidth and storage space and make web pages faster, Google said.

An anonymous reader writes: Could you imagine discovering that your identity had been used to take out fraudulent loans and when you tried to resolve the issue by providing your state ID and Social Security card you were instead arrested, charged with multiple felonies, jailed for over a year, incarcerated in a mental hospital and given psychotropic drugs, eventually to be released with a criminal record and a judge's order that you could no longer use your real name? As dystopian as this might sound, it actually happened. And it was only after the victim learned his oppressor worked for The University of Iowa Hospital and contacted their security department was the investigation taken seriously leading to the perpetrator's arrest. The Gazette reports: Matthew David Keirans, 58, was convicted of one count of false statement to a National Credit Union Administration insured institution -- punishable by up to 30 years in federal prison -- and one count of aggravated identity theft -- punishable by up to two years in federal prison. Keirans worked as a systems architect in the hospital's IT department from June 28, 2013 to July 20, 2023, when he was terminated for misconduct related to the identity theft investigation. Keirans worked at the hospital under the name William Donald Woods, an alias he had been using since about 1988, when he worked with the real William Woods at a hot dog cart in Albuquerque, N.M. [...] By 2013, Keirans had moved to eastern Wisconsin. He started his IT job with UI Hospitals and worked remotely. He earned more than $700,000 in his 10 years working for the hospital. In 2023, his salary was $140,501, according to the hospital.

In 2019, the real William Woods was homeless, living in Los Angeles. He went to a branch of the national bank and explained that he recently discovered someone was using his credit and had accumulated a lot of debt. Woods didn't want to pay the debt and asked to know the account numbers for any accounts he had open at the bank so he could close them. Woods gave the bank employee his real Social Security card and an authentic California Identification card, which matched the information the bank had on file. Because there was a large amount of money in the accounts, the bank employee asked Woods a series of security questions that he was unable to answer. The bank employee called Keirans, whose the phone number was connected to the accounts. He answered the security questions correctly and said no one in California should have access to the accounts. The employee called the Los Angeles Police Department, and officers spoke with Woods and Keirans. Keirans faxed the Los Angeles officers a copy of Woods' Social Security card and birth certificate, as well as a Wisconsin driver's license Keirans had acquired under Woods' name. The driver's license had the name William David Woods -- David is Keirans' real middle name -- rather than William Donald Woods. When questioned, Keiran told an LAPD officer he sometimes used David as a middle name, but his real name was William Donald Woods. The real Woods was arrested and charged with identity theft and false impersonation, under a misspelling of Keirans' name: Matthew Kierans.

Because Woods continued to insist, throughout the judicial process, that he was William Woods and not Matthew Kierans, a judge ruled in February 2020 that he was not mentally competent to stand trial and he was sent to a mental hospital in California, where he received psychotropic medication and other mental health treatment. In March 2021, Woods pleaded no contest to the identity theft charges -- meaning he accepted the conviction but did not admit guilt. He was sentenced to two years imprisonment with credit for the two years he already served in the county jail and the hospital and was released. He was also ordered to pay $400 in fines and to stop using the name William Woods. He did not stop. Woods continued to attempt to regain his identity by filing customer disputes with financial organizations in an attempt to clear his credit report. He also reached out to multiple law enforcement agencies, including the Hartland Police Department in Wisconsin, where Keirans lived. Woods eventually discovered where Keirans was working, and in January 2023 he reached out to the University of Iowa Hospitals' security department, who referred his complaint to the University of Iowa Police Department.

University of Iowa Police Detective Ian Mallory opened an investigation into the case. Mallory found the biological father listed on Woods' birth certificate -- which both Woods and Keirans had sent him an official copy of -- and tested the father's DNA against Woods' DNA. The test proved Woods was the man's son. On July 17, 2023, Mallory interviewed Keirans. He asked Keirans what his father's name was, and Keirans accidentally gave the name of his own adoptive father. Mallory then confronted Keirans with the DNA evidence, and Keirans responded by saying, "my life is over" and "everything is gone." He then confessed to the prolonged identity theft, according to court documents. The full story can be ready via The Gazette.

An anonymous reader quotes a report from Popular Science: In the average American house, any download rate above roughly 242 Mbs is considered a solidly speedy broadband internet connection. That's pretty decent, but across the Atlantic, researchers at UK's Aston University recently managed to coax about 1.2 million times that rate using a single fiber optic cable -- a new record for specific wavelength bands. As spotted earlier today by Gizmodo, the international team achieved a data transfer rate of 301 terabits, or 301,000,000 megabits per second by accessing new wavelength bands normally unreachable in existing optical fibers -- the tiny, hollow glass strands that carry data through beams of light. According to Aston University's recent profile, you can think of these different wavelength bands as different colors of light shooting through a (largely) standard cable.

Commercially available fiber cabling utilizes what are known as C- and L-bands to transmit data. By constructing a device called an optical processor, however, researchers could access the never-before-used E- and S-bands. "Over the last few years Aston University has been developing optical amplifiers that operate in the E-band, which sits adjacent to the C-band in the electromagnetic spectrum but is about three times wider," Ian Phillips, the optical processor's creator, said in a statement. "Before the development of our device, no one had been able to properly emulate the E-band channels in a controlled way." But in terms of new tech, the processor was basically it for the team's experiment. "Broadly speaking, data was sent via an optical fiber like a home or office internet connection," Phillips added. What's particularly impressive and promising about the team's achievement is that they didn't need new, high-tech fiber optic lines to reach such blindingly fast speeds. Most existing optical cables have always technically been capable of reaching E- and S-bands, but lacked the equipment infrastructure to do so. With further refinement and scaling, internet providers could ramp up standard speeds without overhauling current fiber optic infrastructures.

Steven J. Vaughan-Nichols, writing for ComputerWorld: Essentially, all software is built using open source. By Synopsys' count, 96% of all codebases contain open-source software. Lately, though, there's been a very disturbing trend. A company will make its program using open source, make millions from it, and then -- and only then -- switch licenses, leaving their contributors, customers, and partners in the lurch as they try to grab billions. I'm sick of it. The latest IT melodrama baddie is Redis. Its program, which goes by the same name, is an extremely popular in-memory database. (Unless you're a developer, chances are you've never heard of it.) One recent valuation shows Redis to be worth about $2 billion -- even without an AI play! That, anyone can understand.

What did it do? To quote Redis: "Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD)." For those of you who aren't open-source licensing experts, this means developers can no longer use Redis' code. Sure, they can look at it, but they can't export, borrow from, or touch it.

Redis pulled this same kind of trick in 2018 with some of its subsidiary code. Now it's done so with the company's crown jewels. Redis is far from the only company to make such a move. Last year, HashiCorp dumped its main program Terraform's Mozilla Public License (MPL) for the Business Source License (BSL) 1.1. Here, the name of the new license game is to prevent anyone from competing with Terraform. Would it surprise you to learn that not long after this, HashiCorp started shopping itself around for a buyer? Before this latest round of license changes, MongoDB and Elastic made similar shifts. Again, you might never have heard of these companies or their programs, but each is worth, at a minimum, hundreds of millions of dollars. And, while you might not know it, if your company uses cloud services behind the scenes, chances are you're using one or more of their programs,