Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.

An anonymous reader quotes a report from The Telegraph: China hacked the mobile phones of senior officials in Downing Street for several years, The Telegraph can disclose. The spying operation is understood to have compromised senior members of the government, exposing their private communications to Beijing. State-sponsored hackers are known to have targeted the phones of some of the closest aides to Boris Johnson, Liz Truss and Rishi Sunak between 2021 and 2024. It is unclear whether the hack included the mobile phones of the prime ministers themselves, but one source with knowledge of the breach said it went "right into the heart of Downing Street."

Intelligence sources in the US indicated that the Chinese espionage operation, known as Salt Typhoon, was ongoing, raising the possibility that Sir Keir Starmer and his senior staff may also have been exposed. MI5 issued an "espionage alert" to Parliament in November about the threat of spying from the Chinese state. [...] The attack raises the possibility that Chinese spies could have read text messages or listened to calls involving senior members of the Government. Even if they were unable to eavesdrop on calls, hackers may have gained access to metadata, revealing who officials were in contact with and how frequently, as well as geolocation data showing their approximate whereabouts.

Skylight, an open-source, TikTok-style video app built on the AT Protocol, surged past 380,000 users after last week's shake-up around TikTok's U.S. ownership and privacy concerns. TechCrunch reports: Launched last year and backed by Mark Cuban and other investors, Skylight's mobile app is built on the AT Protocol, the technology that also powers the decentralized X rival Bluesky, which now has north of 42 million users. Skylight, co-founded by CEO Tori White and CTO Reed Harmeyer, offers a built-in video editor; user profiles; support for likes, commenting, and sharing; and the ability for community curators to create custom feeds for others to follow. The app now has over 150,000 videos uploaded directly to the platform. It can also stream videos from Bluesky because of its AT Protocol integration.

Harmeyer said Saturday that 1.4 million videos were played on the app the day before, up 3x over the past 24 hours. The app had also seen sign-ups increase more than 150%. Other noteworthy stats include over a 50% increase in returning users, over 40% rise in video played on average, and over 100% increase in posts created. This surge was likely triggered by concerns over TikTok's change in ownership and its unfortunately timed technical glitches. [...] Over the weekend, Skylight's CEO, Tori White, said the app added around 20,000 new users and is continuing to grow. So far this January, the app has seen around 95,000 monthly active users. "We've seen what happens when one person dictates what's pushed into people's feeds," White told TechCrunch. "Not only does it harm a creator's connection with their followers, but the entire health of the platform. That's why we built Skylight Social on open standards. We wanted creator and user power to be guaranteed by the technology. Not an empty promise, but an irrevocable right."

California tech executive Gordon Abas Goodarzi has been arrested and charged with murder in the death of his estranged wife, Aryan Papoli, whose body was found last November down an embankment off Highway 138 in San Bernardino County. Authorities initially believed the injuries were consistent with a fall, but the case was later ruled a homicide following a months-long investigation by the San Bernardino County Sheriff's Department. "Arrest records show that Goodarzi is currently in custody without bail and faces a murder charge and that he is set to appear in court Monday," reports SFGATE. From the report: Goodarzi, a California tech executive with ties to BattleBots, is publicly listed as the president and CEO of Magmotor, which describes itself as a "proud" supporter of the combat robot community and claims to support several teams each year. According to his LinkedIn, Goodarzi also previously worked as a research affiliate at UCLA's B. John Garrick Institute for the Risk Sciences since 2023.

Originally from Iran, Papoli and Goodarzi settled in Los Angeles County's verdant Rolling Hills community because of its tranquility and natural beauty, Papoli previously wrote. [...] She described her husband, Goodarzi, as a pioneer in the world of renewable energy, developing both electric and hybrid vehicles since the 1980s. According to Papoli, he also worked as the technical director at Hughes Electronics, which developed and manufactured the EV1, an early iteration of the electric car, in the 1990s.

An anonymous reader quotes a report from the BBC: Google has agreed to pay $68 million to settle a lawsuit claiming it secretly listened to people's private conversations through their phones. [...] the lawsuit claimed Google Assistant would sometimes turn on by mistake -- the phone thinking someone had said its activation phrase when they had not -- and recorded conversations intended to be private. They alleged the recordings were then sent to advertisers for the purpose of creating targeted advertising. The proposed settlement was filed on Friday in a California federal court, and requires approval by US District Judge Beth Labson Freeman.

The claim has been brought as a class action lawsuit rather than an individual case -- meaning if it is approved, the money will be paid out across many different claimants. Those eligible for a payout will have owned Google devices dating back to May 2016. But lawyers for the plaintiffs may ask for up to one-third of the settlement -- amounting to about $22 million in legal fees. The tech firm also denied any wrongdoing, as well as claims that it "recorded, disclosed to third parties, or failed to delete, conversations recorded as the result of a Siri activation" without consent.

Friday 72-year-old Richard Stallman made a two-hour-and-20-minutes appearance at the Georgia Institute of Technology, talking about everything from AI and connected cars to smartphones, age verfication laws, and his favorite Linux distro. But early on, Stallman also told the audience how "I despise DRM...I don't want any copy of anything with DRM. Whatever it is, I never want it so badly that I would bow down to DRM." (So he doesn't use Spotify or Netflix...)

This led to an interesting moment when someone asked him later if we have an ethical obligation to avoid piracy.. First Stallman swapped in his preferred phrase, "forbidden sharing"...

"I won't use the word piracy to refer to sharing. Sharing is good and it should be lawful. Those laws are wrong. Copyright as it is now is an injustice."

Stallman said "I don't hesitate to share copies of anything," but added that "I don't have copies of non-free software, because I'm disgusted by it." After a pause, he added this. "Just because there is a law to to give some people unjust power, that doesn't mean breaking that law becomes wrong....

"Dividing people by forbidding them to help each other is nasty."

And later Stallman was asked how he watches movies, if he's opposed to DRM-heavy sites like Netflix, and the DRM in Blu-ray discs? "The only way I can see a movie is if I get a file — you know, like an MP4 file or MKV file. And I would get that, I suppose, by copying from somebody else."

"Sharing is good. Stopping people from sharing is evil."

Adafruit managing director Phillip Torrone (also long-time Slashdot reader ptorrone ) writes: Washington State lawmakers are proposing bills (HB 2320 and HB 2321) that would require 3D printers and CNC machines to block certain designs using software-based "firearms blueprint detection algorithms." In practice, this means scanning every print file, comparing it against a government-maintained database, and preventing "skilled users" from bypassing the system.

Supporters frame this as a response to untraceable "ghost guns," but even federal prosecutors admit the tools involved are ordinary manufacturing equipment. Critics warn the language is overbroad, technically unworkable, hostile to open source, and likely to push printing toward cloud-locked, subscription-based systems—while doing little to stop criminals.

Newsweek reports on how the U.S. Congress is debating "kill switch" technology for vehicles, "which would be able to monitor diver behavior, detect impairment such as intoxication and intervene..."

"While the technology is not yet a legal requirement in cars, Congress passed a law with the Infrastructure Investment and Jobs Act in 2021 that requires the Department of Transportation to create the mandate." Republican Representative Thomas Massie of Kentucky introduced an amendment to a federal spending bill that would reverse the mandating of the technology. On Thursday, 160 Republicans voted in favor, but the legislation failed 164-268, according to the House Clerk's official roll call — with 57 Republicans joining 211 Democrats in voting against it...

The House vote signals substantial Republican support for curbing any move toward mandated impaired-driving prevention systems, but not enough to pass such legislation. Critics of the kill switch technology see it as government overreach, while those in favor argue that it could prove to be lifesaving.
Thanks to long-time Slashdot reader SonicSpike for sharing the article.

An anonymous reader quotes a report from TorrentFreak: The High Court in New Delhi, India, has granted another pirate site blocking order in favor of American movie industry giants, including Apple, Warner., Netflix, Disney and Crunchyroll. The injunction targets notorious pirate sites, requesting blockades at Indian ISPs. More crucially, however, globally operating domain registrars, including U.S. companies, are also compelled to take action. However, despite earlier cooperation, most don't seem eager to comply. [...] As reported by Verdictum a few days ago, the High Court in New Delhi issued a new blocking injunction on December 18, targeting more than 150 pirate site domains, including yflix.to, animesuge.bz, bs.to, and many others.

The complaint (PDF) is filed by Warner Bros., Apple, Crunchyroll, Disney, and Netflix, which are all connected to the MPA's anti-piracy arm, ACE. The referenced works include some of the most pirated titles, such as Stranger Things, Squid Game, and Silo. In addition to targeting Indian ISPs, the order also lists various domain name registries and related organizations as defendants. This includes American registrars such as Namecheap and GoDaddy, but also the government of the Kingdom of Tonga, which is linked to .to domains. By requiring domain name registrars to take action, the Indian court orders have a global impact.

In addition to suspending the domain names within three days days, the domain name registrars are given four weeks to disclose the relevant subscriber information connected to these domains. "[The registrars] shall lock and suspend Defendant Nos. 1 to 47 websites within 72 hours of being communicated with a copy of this Order and shall file all the Basic Subscriber Information, including the name, address, contact information, email addresses, bank details, IP logs, and any other relevant information [...] within four weeks of being communicated with a copy of this Order," the High Court wrote. While the "Dynamic+" injunction is designed to be a global kill switch, its effectiveness depends entirely on the cooperation of the domain name registrars. Since most of these are based outside of India, their compliance is not guaranteed.

California became the first U.S. state to join the World Health Organization's Global Outbreak Alert and Response Network (GOARN), one day after the U.S. formally exited the WHO. The Hill reports: This announcement comes just one day after the U.S.'s withdrawal from the WHO became official after nearly 80 years of membership, having been a founding member of the organization. "The Trump administration's withdrawal from WHO is a reckless decision that will hurt all Californians and Americans," [California Governor Gavin Newsom] said in a statement. "California will not bear witness to the chaos this decision will bring. We will continue to foster partnerships across the globe and remain at the forefront of public health preparedness, including through our membership as the only state in WHO's Global Outbreak Alert & Response Network."

The U.S. Department of Justice has opened a criminal investigation into Deel over allegations that it recruited a spy inside rival Rippling, according to documents seen by The Wall Street Journal. From the report: An Ireland-based Rippling employee, Keith O'Brien, alleged in an affidavit filed in April that Deel Chief Executive Alex Bouaziz recruited him and gave him instructions for what information to take from Rippling. O'Brien alleged that other executives were involved in the spying plot, including Bouaziz's father, who is Deel's executive chairman and chief strategy officer.

A spokeswoman for Deel said the company isn't aware of a criminal investigation but is willing to cooperate with authorities. The company has previously said: "We deny all legal wrongdoing and look forward to asserting our counterclaims." Unsealed court documents allege that an entity tied to Deel transferred $6,000 to an account owned by the wife of Chief Operating Officer Dan Westgarth, and that the same amount was forwarded from the account to O'Brien seconds later.

An anonymous reader quotes a report from Wired: When TikTok users in the U.S. opened the app today, they were greeted with a pop-up asking them to agree to the social media platform's new terms of service and privacy policy before they could resume scrolling. These changes are part of TikTok's transition to new ownership. In order to continue operating in the U.S., TikTok was compelled by the U.S. government to transition from Chinese control to a new, American-majority corporate entity. Called TikTok USDS Joint Venture LLC, the new entity is made up of a group of investors that includes the software company Oracle. It's easy to tap "agree" and keep on scrolling through videos on TikTok, so users might not fully understand the extent of changes they are agreeing to with this pop-up.

Now that it's under U.S.-based ownership, TikTok potentially collects more detailed information about its users, including precise location data. Here are the three biggest changes to TikTok's privacy policy that users should know about. TikTok's change in location tracking is one of the most notable updates in this new privacy policy. Before this update, the app did not collect the precise, GPS-derived location data of U.S. users. Now, if you give TikTok permission to use your phone's location services, then the app may collect granular information about your exact whereabouts. Similar kinds of precise location data is also tracked by other social media apps, like Instagram and X.

[...] Rather than an adjustment, TikTok's policy on AI interactions adds a new topic to the privacy policy document. Now, users' interactions with any of TikTok's AI tools explicitly fall under data that the service may collect and store. This includes any prompts as well as the AI-generated outputs. The metadata attached to your interactions with AI tools may also be automatically logged. [...] This change to TikTok's privacy policy may not be as immediately noticeable to users, but it will likely have an impact on the types of ads you see outside of TikTok. So, rather than just using your collected data to target you while using the app, TikTok may now further leverage that info to serve you more relevant ads wherever you go online. As part of this advertising change, TikTok also now explicitly mentions publishers as one kind of partner the platform works with to get new data.

The White House doubled down after posting a digitally altered photo of Minnesota protester Nekima Levy Armstrong, dismissing it as a "meme" despite objections from her attorney and comparisons to reality-distorting propaganda. "YET AGAIN to the people who feel the need to reflexively defend perpetrators of heinous crimes in our country I share with you this message: Enforcement of the law will continue. The memes will continue. Thank you for your attention to this matter," White House spokesperson Kaelan Dorr wrote in a post on X. The Hill reports: The statement came after Homeland Security Secretary Kristi Noem posted a photo of Armstrong's arrest Thursday showing Armstrong with what appears to be a blank facial expression. However, the White House later posted an altered version of the same photo that shows Armstrong crying.

Armstrong's attorney Jordan Kushner said in an interview with CNN that an agent was recording Armstrong's arrest on their cellphone. "I've never seen anything like it. It's so unprofessional," Kushner said. "He was ordered to do it because the government was looking to make a spectacle of this case. I observed the whole thing. She was dignified, calm, rational the whole time." Kushner went on to call the move to alter the photo "a hallmark of a fascist regime where they actually alter reality."

A Toronto man posed as a pilot for years in order to fool airlines into giving him hundreds of free flights, prosecutors have alleged, in a case that has prompted comparisons to the Hollywood thriller Catch Me If You Can. From a report: Authorities in Hawaii announced this week that Dallas Pokornik, 33, had been charged with wire fraud after he allegedly fooled three major US carriers into giving him free tickets over a span of four years.

Airlines typically offer standby tickets to their own staff and those with rival airlines as a way of ensuring the broader industry can effectively move employees across continents. According to court documents, Pokornik was a flight attendant for a Toronto-based airline from 2017 to 2019, but then used an employee identification from that carrier to obtain tickets, "which he in fact knew to be fraudulent at the time it was so presented."

The only Toronto-based airline, Porter, told reporters it was "unable to verify any information related to this story." On one occasion, Pokornik is alleged to have requested a jumpseat in an aircraft's cockpit, which are normally reserved for off-duty pilots, even though he was not a pilot and did not have an airman's certificate. Federal rules prohibit the cockpit jumpseats from being used for leisure travel.

An anonymous reader quotes a report from the Korea Herald: South Korea will begin enforcing its Artificial Intelligence Act on Thursday, becoming the first country to formally establish safety requirements for high-performance, or so-called frontier, AI systems -- a move that sets the country apart in the global regulatory landscape. According to the Ministry of Science and ICT, the new law is designed primarily to foster growth in the domestic AI sector, while also introducing baseline safeguards to address potential risks posed by increasingly powerful AI technologies. Officials described the inclusion of legal safety obligations for frontier AI as a world-first legislative step.

The act lays the groundwork for a national-level AI policy framework. It establishes a central decision-making body -- the Presidential Council on National Artificial Intelligence Strategy -- and creates a legal foundation for an AI Safety Institute that will oversee safety and trust-related assessments. The law also outlines wide-ranging support measures, including research and development, data infrastructure, talent training, startup assistance, and help with overseas expansion.

To reduce the initial burden on businesses, the government plans to implement a grace period of at least one year. During this time, it will not carry out fact-finding investigations or impose administrative sanctions. Instead, the focus will be on consultations and education. A dedicated AI Act support desk will help companies determine whether their systems fall within the law's scope and how to respond accordingly. Officials noted that the grace period may be extended depending on how international standards and market conditions evolve. The law applies to three areas only: high-impact AI, safety obligations for high-performance AI and transparency requirements for generative AI.

Enforcement under the Korean law is intentionally light. It does not impose criminal penalties. Instead, it prioritizes corrective orders for noncompliance, with fines -- capped at 30 million won ($20,300) -- issued only if those orders are ignored. This, the government says, reflects a compliance-oriented approach rather than a punitive one. Transparency obligations for generative AI largely align with those in the EU, but Korea applies them more narrowly. Content that could be mistaken for real, such as deepfake images, video or audio, must clearly disclose its AI-generated origin. For other types of AI-generated content, invisible labeling via metadata is allowed. Personal or noncommercial use of generative AI is excluded from regulation. "This is not about boasting that we are the first in the world," said Kim Kyeong-man, deputy minister of the office of artificial intelligence policy at the ICT ministry. "We're approaching this from the most basic level of global consensus."

Korea's approach differs from the EU by defining "high-performance AI" using technical thresholds like cumulative training compute, rather than regulating based on how AI is used. As a result, Korea believes no current models meet the bar for regulation, while the EU is phasing in broader, use-based AI rules over several years.