DuckDuckGo keeps adding new features to its browser; and while these features are common in other browsers, DuckDuckGo is giving them a privacy-minded twist. The latest is a private, end-to-end encrypted syncing service. There's no account needed, no sign-in, and the company says it never sees what you're syncing. From a report: Using QR codes and shortcodes, and a lengthy backup code you store somewhere safe, DuckDuckGo's browser can keep your bookmarks, passwords, "favorites" (i.e., new tab page shortcuts), and settings for its email protection service synced between devices and browsers. DuckDuckGo points to Google's privacy policy for using its signed-in sync service on Chrome, which uses "aggregated and anonymized synchronized browsing data to improve other Google products and services." DuckDuckGo states that the encryption key for browser sync is stored only locally on your devices and that it lacks any access to your passwords or other data.

Less than a week after naming Laura Chambers as interim CEO, Firefox's maker Mozilla said it is cutting about 60 jobs, or 5% of its workforce. The cuts are primarily in the product development organization. Bloomberg reports: "We're scaling back investment in some product areas in order to focus on areas that we feel have the greatest chance of success," Mozilla said in a statement. "We intend to re-prioritize resources against products like Firefox Mobile, where there's a significant opportunity to grow and establish a better model for the industry."

Mozilla last cut a significant number of jobs four years ago at the height of the Covid-19 pandemic. The not-for-profit company, which competes with Alphabet Inc.'s Google Chrome, Apple Inc.'s Safari and Microsoft Corp.'s Edge, has been grappling with sliding market share of its Firefox web browser in recent years. So far in 2024, the tech sector has cut 32,000 jobs.

An anonymous reader shares a report: The startup that develops the phone app for casino resort giant WinStar has secured an exposed database that was spilling customers' private information to the open web. Oklahoma-based WinStar bills itself as the "world's biggest casino" by square footage. The casino and hotel resort also offers an app, My WinStar, in which guests can access self-service options during their hotel stay, their rewards points and loyalty benefits, and casino winnings.

The app is developed by a Nevada software startup called Dexiga. The startup left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser. Dexiga took the database offline after TechCrunch alerted the company to the security lapse. Anurag Sen, a good-faith security researcher who has a knack for discovering inadvertently exposed sensitive data on the internet, found the database containing personal information, but it was initially unclear who the database belonged to. Sen said the personal data included full names, phone numbers, email addresses and home addresses. Sen shared details of the exposed database with TechCrunch to help identify its owner and disclose the security lapse.

A lawsuit involving the now-defunct Google+ social media site "has been settled for $350 million," reports CPO magazine, "after a lengthy appeals process played out..."

"[T]he total pool after attorney and legal fees are deducted is likely to be well over $200 million." [The lawsuit] dates all the way back to 2018, when Google internally discovered that the Google+ API was being abused to access the private data of about half a million of the social media service's users. Google opted not to publicly declare the breach, as they were not legally compelled to.

News of it came via the Wall Street Journal in late 2018. Google shareholders contend that the company kept the issue under wraps due to the Cambridge Analytica scandal that Facebook was experiencing at the time, believing that they would suffer a similar negative PR blow. This was supported by an internal company memo that became public.

As the news of the exploitable software glitch gradually came out, Google shareholders took a hit as the company collectively lost tens of billions of dollars in market value. The lead plaintiff in the case is Rhode Island Treasurer James Diossa, who was responsible for overseeing a state pension fund that held stock in Google parent company Alphabet.

Google+ was shuttered in 2019 after an eight-year run due in part to repeated technical issues with unauthorized API access (as well as low user engagement).
"If the settlement is approved by the 9th Circuit judge, the proceeds will be available to Google shareholders who held stock at any time from April 23, 2018, to April 30, 2019...

"A separate class-action privacy lawsuit involving users who had private data exposed during the incident was settled in 2018 for $7.5 million, leading to very low payments for each of the claimants."

An anonymous Slashdot reader shared this report from SiliconANGLE: The Rust Foundation, which supports the development of the popular open-source Rust programming language... shared that Google LLC had made a $1 million contribution specifically earmarked for a C++/Rust interoperability effort known as the "Interop Initiative." The initiative aims to foster seamless integration between Rust and the widely used C++ programming language, addressing one of the significant barriers to Rust's adoption in legacy systems entrenched in C++ code.

Rust has the ability to prevent common memory errors that plague C++ programs and offers a path toward more secure and reliable software systems. However, transitioning from C++ to Rust presents notable challenges, particularly for organizations with extensive C++ codebases. The Interop Initiative seeks to mitigate these challenges by facilitating smoother transitions and enabling organizations to leverage Rust's advantages without completely overhauling their existing systems.

As part of the initiative, the Rust Foundation will collaborate closely with the Rust Project Leadership Council, stakeholders and member organizations to develop a comprehensive scope of work. The collaborative effort will focus on enhancing build system integration, exploring artificial intelligence-assisted code conversion techniques and expanding upon existing interoperability frameworks. By addressing these strategic areas, the initiative aims to accelerate the adoption of Rust across the software industry and hence contribute to advancing memory safety and reducing the prevalence of software vulnerabilities.
A post on Google's security blog says they're excited to collaborate "to ensure that any additions made are suitable and address the challenges of Rust adoption that projects using C++ face. Improving memory safety across the software industry is one of the key technology challenges of our time, and we invite others across the community and industry to join us in working together to secure the open source ecosystem for everyone."

The blog post also includes this quote from Google's VP of engineering, Android security and privacy. "Based on historical vulnerability density statistics, Rust has proactively prevented hundreds of vulnerabilities from impacting the Android ecosystem. This investment aims to expand the adoption of Rust across various components of the platform."

The Register adds: Lars Bergstrom, director of Android platform tools and libraries and chair of the Rust Foundation Board, announced the grant and said that the funding will "improve the ability of Rust code to interoperate with existing legacy C++ codebases.... Integrating Rust today is possible where there is a fallback C API, but for high-performance and high-fidelity interoperability, improving the ability to work directly with C++ code is the single biggest initiative that will further the ability to adopt Rust...."

According to Bergstrom, Google's most significant increase in the use of Rust has occurred in Android, where interoperability started receiving attention in 2021, although Rust is also being deployed elsewhere.... Bergstrom said that as of mid-2023, Google had more than 1,000 developers who had committed Rust code, adding that the ad giant recently released the training material it uses. "We also have a team working on building out interoperability," he added. "We hope that this team's work on addressing challenges specific to Google's codebases will complement the industry-wide investments from this new grant we've provided to the Rust Foundation."

Google's grant matches a $1 million grant last November from Microsoft, which also committed $10 million in internal investment to make Rust a "first-class language in our engineering systems." The Google-bucks are expected to fund further interoperability efforts, along the lines of KDAB's bidirectional Rust and C++ bindings with Qt.

An anonymous reader quotes a report from TechCrunch: The maker of a popular smart ski and bike helmet has fixed a security flaw that allowed the easy real-time location tracking of anyone wearing its helmets. Livall makes internet-connected helmets that allow groups of skiers or bike riders to talk with each other using the helmet's in-built speaker and microphone, and share their real-time location in a friend's group using Livall's smartphone apps. Ken Munro, founder of U.K. cybersecurity testing firm Pen Test Partners, said Livall's smartphone apps had a simple flaw allowing easy access to any group's audio chats and location data. Munro says the two apps, one for skiers and one for bike riders, collectively have about a million users.

At the heart of the bug, Munro found that anyone using Livall's apps for group audio chat and sharing their location must be part of the same friends group, which could be accessed using only that group's six-digit numeric code. "That 6-digit group code simply isn't random enough," Munro said in a blog post describing the flaw. "We could brute force all group IDs in a matter of minutes." In doing so, anyone could access any of the 1 million possible permutations of group chat codes.

"As soon as one entered a valid group code, one joined the group automatically," said Munro, adding that this happened without alerting other group members. "It was therefore trivial to silently join any group, giving us access to any users' location and the ability to listen in to any group audio communications," said Munro. "The only way a rogue group user could be detected was if the legitimate user went to check on the members of that group." [...] In an email, Livall's R&D director Richard Yi explained that the company improved the randomness of group codes by also adding letters, and including alerts for new members joining groups. Yi also said the app now allows the shared location to be turned off at the user level.

An Apple executive lobbied against a strong right-to-repair bill in Oregon Thursday, which is the first time the company has had an employee actively outline its stance on right to repair at an open hearing. 404 Media: Apple's position in Oregon shows that despite supporting a weaker right to repair law in California, it still intends to control its own repair ecosystem. It also sets up a highly interesting fight in the state because Google has come out in favor of the same legislation Apple is opposing. "It is our belief that the bill's current language around parts pairing will undermine the security, safety, and privacy of Oregonians by forcing device manufacturers to allow the use of parts of unknown origin in consumer devices," John Perry, Apple's principal secure repair architect, told the legislature. This is a quick about-face for the company, which after years of lobbying against right to repair, began to lobby for it in California last fall. The difference now is that Oregon's bill includes a critical provision that Google says it can easily comply with but that is core for Apple to maintain its dominance over the repair market.

Thousands of people using the London Underground had their movements, behavior, and body language watched by AI surveillance software designed to see if they were committing crimes or were in unsafe situations, new documents obtained by WIRED reveal. From the report: The machine-learning software was combined with live CCTV footage to try to detect aggressive behavior and guns or knives being brandished, as well as looking for people falling onto Tube tracks or dodging fares. From October 2022 until the end of September 2023, Transport for London (TfL), which operates the city's Tube and bus network, tested 11 algorithms to monitor people passing through Willesden Green Tube station, in the northwest of the city. The proof of concept trial is the first time the transport body has combined AI and live video footage to generate alerts that are sent to frontline staff. More than 44,000 alerts were issued during the test, with 19,000 being delivered to station staff in real time.

Documents sent to WIRED in response to a Freedom of Information Act request detail how TfL used a wide range of computer vision algorithms to track people's behavior while they were at the station. It is the first time the full details of the trial have been reported, and it follows TfL saying, in December, that it will expand its use of AI to detect fare dodging to more stations across the British capital. In the trial at Willesden Green -- a station that had 25,000 visitors per day before the Covid-19 pandemic -- the AI system was set up to detect potential safety incidents to allow staff to help people in need, but it also targeted criminal and antisocial behavior. Three documents provided to WIRED detail how AI models were used to detect wheelchairs, prams, vaping, people accessing unauthorized areas, or putting themselves in danger by getting close to the edge of the train platforms.

On Tuesday, The Independent, Tom's Hardware, and many other tech outlets reported on a story about how three million smart toothbrushes were used in a DDoS attack. The only problem? It "didn't actually happen," writes Jason Koebler via 404 Media. "There are no additional details about this apparent attack, and most of the article cites general research by a publicly traded cybersecurity company called Fortinet which has detected malicious, hijacked internet of things devices over the years. A search on Fortinet's website shows no recent published research about hacked smart toothbrushes." From the report: The original article, called "The toothbrushes are attacking," starts with the following passage: "She's at home in the bathroom, but she's part of a large-scale cyber attack. The electric toothbrush is programmed with Java, and criminals have unnoticed installed malware on it - like on 3 million other toothbrushes. One command is enough and the remote-controlled toothbrushes simultaneously access the website of a Swiss company. The site collapses and is paralyzed for four hours. Millions of dollars in damage is caused. This example, which seems like a Hollywood scenario, actually happened. It shows how versatile digital attacks have become." [...]

The "3 million hacked smart toothbrushes" story has now been viral for more than 24 hours and literally no new information about it has emerged despite widespread skepticism from people in the security industry and its virality. The two Fortinet executives cited in the original report did not respond to an email and LinkedIn message seeking clarification, and neither did Fortinet's PR team. The author of the Aargauer Zeitung story also did not respond to a request for more information. I called Fortinet's headquarters, asked to speak to the PR contact listed on the press release about its earnings, which was published after the toothbrush news began to go viral, and was promptly disconnected. The company has continued to tweet about other, unrelated things. They have not responded to BleepingComputer either, nor the many security researchers who are asking for further proof that this actually happened. While we don't know how this happened, Fortinet has been talking specifically about the dangers of internet-connected toothbrushes for years, and has been using it as an example in researcher talks. In a statement to 404 Media, Fortinet said "To clarify, the topic of toothbrushes being used for DDoS attacks was presented during an interview as an illustration of a given type of attack, and it is not based on research from Fortinet or FortiGuard Labs. It appears that due to translations the narrative on this topic has been stretched to the point where hypothetical and actual scenarios are blurred."

Mozilla, which manages the open-source Firefox browser, announced today that Mitchell Baker is stepping down as CEO to focus on AI and internet safety as chair of the nonprofit foundation. Laura Chambers, a Mozilla board member and entrepreneur with experience at Airbnb, PayPal, and eBay, will step in as interim CEO to run operations until a permanent replacement is found. Fortune: Baker, a Silicon Valley pioneer who co-founded the Mozilla Project, says it was her decision to step down as CEO, adding that the move is motivated by a sense of urgency over the current state of the internet and public trust. "We want to offer an alternative for people to have better products," says Baker, who wants to draw more attention to policies, products and processes to challenge business models built on fueling outrage. "What are the connections between this global malaise and how humans are engaging with each other and technology?"

Chambers says she plans to focus on building out new products that address growing privacy concerns while actively looking for a full-time CEO. Prior to being recruited to the Mozilla board three years ago, Chambers says she was feeling "pretty disillusioned" about society because of the influence of money in politics and the growing power of the tech giants. "I was confused about what to do and this felt like a genuine way to make an impact." Chambers says she won't be seeking a permanent CEO role because she plans to move back to Australia later this year for family reasons. "I think this is an example of Mozilla doing the right role modelling in how to manage a succession," says Chambers.

An anonymous reader quotes a report from Ars Technica: While the world awaits closing arguments later this year in the US government's antitrust case over Google's search dominance, a California judge has dismissed a lawsuit from 26 Google users who claimed that Google's default search agreement with Apple violates antitrust law and has ruined everyone's search results. Users had argued (PDF) that Google struck a deal making its search engine the default on Apple's Safari web browser specifically to keep Apple from competing in the general search market. These payments to Apple, users alleged, have "stunted innovation" and "deprived" users of "quality, service, and privacy that they otherwise would have enjoyed but for Google's anticompetitive conduct." They also allege that it created a world where users have fewer choices, enabling Google to prefer its own advertisers, which users said caused an "annoying and damaging distortion" of search results.

In an order (PDF) granting the tech companies' motion to dismiss, US District Judge Rita Lin said that users did not present enough evidence to support claims for relief. Lin dismissed some claims with prejudice but gave leave to amend others, allowing users another chance to keep their case -- now twice-dismissed -- at least partially alive. Under Lin's order, users will not be able to amend claims that Google and Apple executives allegedly sealed the default search deal on the condition that Apple would not create its own general search engine through "private, secret, and clandestine personal meetings." Because plaintiffs showed no evidence pinpointing exactly when Apple allegedly agreed to stay out of the general search market, these meetings, Lin reasoned, could just as easily indicate "rational, legal business behavior," rather than an "illegal conspiracy."

Users attempted to argue that Google and Apple intentionally hid these facts from the public, but Lin wrote that their "conclusory and vague allegations that defendants 'secretly conducted meetings' and 'engaged in conduct to obfuscate internal communications' are plainly insufficient." Sharing bystander photos documenting Google's Sundar Pichai and Apple's Tim Cook meeting at a restaurant with a manila folder tucked under Pichai's elbow did not help users' case. Lin was also not moved by users demonstrating that Google has a history of destroying evidence, because "they put forth no specific factual allegations that defendants did so in this case." However, users will have 30 days to amend currently "inadequately" alleged claims that "Google's exclusive default agreement, under which Apple set Google as the default search engine for its Safari web browser, foreclosed competition in the general search services market in the United States," Lin wrote. If users miss that deadline, the case will be tossed with no opportunities to further amend claims.

Apple is making changes to iOS in Europe to comply with the EU's Digital Markets Act cracking down on Big Tech gatekeepers. The act demands interoperability, fairness and privacy measures including allowing competing browser engines on iOS. Despite better browser choice, Google and Mozilla are unhappy with Apple's proposed changes. Mozilla says restricting browser engine integration to EU apps burdens rivals to build separate implementations. Mozilla's comment: "We are still reviewing the technical details but are extremely disappointed with Apple's proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps. The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations -- a burden Apple themselves will not have to bear. Apple's proposals fail to give consumers viable choices by making it as painful as possible for others to provide competitive alternatives to Safari. This is another example of Apple creating barriers to prevent true browser competition on iOS." Google's VP of engineering for Chrome, Parisa Tabriz, commented on DeMonte's statement, saying, "Strong agree with Mozilla. Apple isn't serious about supporting web browser or engine choice on iOS. Their strategy is overly restrictive, and won't meaningfully lead to real choice for browser developers."

Mozilla has rolled out a new $9 per month service called Mozilla Monitor Plus that automatically scrubs personal information from over 190 data broker sites. The tool builds on the free Firefox Monitor platform, expanding monitoring capabilities and proactively removing exposed details to protect user privacy. Subscribers will also receive data breach alerts under the new service.

An anonymous reader quotes a report from MacRumors: Apple Vision Pro owners who forget the passcode they set will need to take the device to an Apple retail location to get it reset, reports Bloomberg's Mark Gurman. There is apparently no on-device way to reset a Vision Pro passcode if it is forgotten. [...] Customers who have forgotten their Vision Pro passcodes have been told by Apple that they will need to visit a retail store for a fix or will need to ship the headset to Apple if there isn't a nearby store. Like Apple's iOS devices, the incorrect passcode cannot be entered too many times or the device will be disabled, with a waiting period before a passcode can be entered again. Removing the passcode requires erasing all content on the Vision Pro. [...]

There is an erase content setting on the Vision Pro, but there is no way to get into the reset mode using a combination of button presses. Erasing Vision Pro can only be done through the Settings app. Customers who have the $300 Developer Strap may be able to wipe the device from a Mac, but most users will not be able to get this accessory as it is limited to registered developers in the United States.

From mergers to AI, the EU's aggressive rule-making hampers its ability to compete with China and the U.S. Greg Ip, writing for WSJ: These are humbling times for Europe. The continent barely escaped recession late last year as the U.S. boomed. It is losing out to the U.S. on artificial intelligence, and to China on electric vehicles. There is one field where the European Union still leads the world: regulation. Having set the standard on regulating mergers, carbon emissions, data privacy, and e-commerce competition, the EU now seeks to do the same on AI. In December it unveiled a sweeping draft law that bans certain types of AI, tightly regulates others, and imposes huge fines for violators. Its executive arm, the European Commission, might investigate Microsoft's tie-up with OpenAI as potentially anticompetitive. Never before has "America innovates, China replicates, Europe regulates" so aptly captured each region's comparative advantage.

The technocrats who staff the EU in Brussels aren't anti-free market. Just the opposite: they still believe in free trade, unlike the U.S. or China. Much of their regulation is aimed at protecting consumers and competition from meddling national governments. But there's a trade-off between consumer protection and the profit motive that drives investment and innovation, and the EU might be getting that trade-off wrong. For example, to preserve competition, European regulators have resisted mergers that leave just a handful of mobile phone carriers per market. As a result Europe now has 43 groups running 102 mobile operators serving a population of 474 million, while the U.S. has three major networks serving a population of 335 million, according to telecommunications consultant John Strand. China and India are even more concentrated.

European mobile customers as a result pay only about a third of what Americans do. But that's why European carriers invest only half as much per customer and their networks are commensurately worse, Strand said: "Getting a 5G signal in Germany is like finding a Biden supporter at a Trump rally." Putting European networks on a par with the U.S. would cost about $300 billion, he estimated. This has knock-on effects on Europe's tech sector. Swedish telecommunications equipment manufacturer Ericsson's sales in Europe suffer in part because many carriers are too small and unprofitable to update to the latest 5G networks. "Europe has prioritized shorter-term low consumer prices at the expense of quality infrastructure," chief executive Borje Ekholm told me in Davos earlier this month. "I'm very concerned about Europe. We need to invest much more in infrastructure, in being digital."

Slashdot reader Unpopular Opinions requests suggestions from the Slashdot community: Lately a boom of companies decided to play their "nice guy" card, providing us with a trove of information about our own sites, DNS servers, email servers, pretty much anything about any online service you host.

Which is not anything new... Companies have been doing this for decades, except as paid services you requested. Now the trend is basically anyone can do it over my systems, and they are always more than happy to sell anyone, me included, my data they collected without authorization or consent. It's data they never had the rights to collect and/or compile to begin with, including data collected thru access attempts via known default accounts (Administrator, root, admin, guest) and/or leaked credentials provided by hacked databases when a few elements seemingly match...

"Just block those crawlers"? That's what some of those companies advise, but not only does the site operator have to automate it themself, not all companies offer lists of their source IP addresses or identify them. Some use multiple/different crawler domain names from their commercial product, or use cloud providers such as Google Cloud, AWS and Azure â" so one can't just block access to their company's networks without massive implications. They also change their own information with no warning, and many times, no updates to their own lists. Then, there is the indirect cost: computing cost, network cost, development cost, review cycle cost. It is a cat-and-mice game that has become very boring.

With the raise of concerns and ethical questions about AI harvesting and learning from copyrighted work, how are those security companies any different from AI, and how could one legally put a stop on this?
Block those crawlers? Change your Terms of Service? What's the best fix... Share your own thoughts and suggestions in the comments.

How can you stop security firms from harvesting your data?

In the behavior of tech companies, the Atlantic's executive editor warns us about "a clear and coherent ideology that is seldom called out for what it is: authoritarian technocracy. As the most powerful companies in Silicon Valley have matured, this ideology has only grown stronger, more self-righteous, more delusional, and — in the face of rising criticism — more aggrieved." The new technocrats are ostentatious in their use of language that appeals to Enlightenment values — reason, progress, freedom — but in fact they are leading an antidemocratic, illiberal movement. Many of them profess unconditional support for free speech, but are vindictive toward those who say things that do not flatter them. They tend to hold eccentric beliefs.... above all, that their power should be unconstrained. The systems they've built or are building — to rewire communications, remake human social networks, insinuate artificial intelligence into daily life, and more — impose these beliefs on the population, which is neither consulted nor, usually, meaningfully informed. All this, and they still attempt to perpetuate the absurd myth that they are the swashbuckling underdogs.
The article calls out Marc Andreessen's Techno-Optimist Manifesto for saying "We believe in adventure... rebelling against the status quo, mapping uncharted territory, conquering dragons, and bringing home the spoils for our community..." (The Atlantic concludes Andreessen's position "serves only to absolve him and the other Silicon Valley giants of any moral or civic duty to do anything but make new things that will enrich them, without consideration of the social costs, or of history.")

The article notes that Andreessen "also identifies a list of enemies and 'zombie ideas' that he calls upon his followers to defeat, among them 'institutions' and 'tradition.'" But the Atlantic makes a broader critique not just of Andreessen but of other Silicon Valley elites. "The world that they have brought into being over the past two decades is unquestionably a world of reckless social engineering, without consequence for its architects, who foist their own abstract theories and luxury beliefs on all of us..." None of this happens without the underlying technocratic philosophy of inevitability — that is, the idea that if you can build something new, you must. "In a properly functioning world, I think this should be a project of governments," [Sam] Altman told my colleague Ross Andersen last year, referring to OpenAI's attempts to develop artificial general intelligence. But Altman was going to keep building it himself anyway. Or, as Zuckerberg put it to The New Yorker many years ago: "Isn't it, like, inevitable that there would be a huge social network of people? ... If we didn't do this someone else would have done it."
The article includes this damning chat log from a 2004 conversation Zuckerberg had with a friend:

Zuckerberg: If you ever need info about anyone at Harvard.
Zuckerberg: Just ask.
Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS
Friend: What? How'd you manage that one?
Zuckerberg: People just submitted it.
Zuckerberg: I don't know why.
Zuckerberg: They "trust me"
Zuckerberg: Dumb fucks.'

But the article also reminds us that in Facebook's early days, "Zuckerberg listed 'revolutions' among his interests." The main dangers of authoritarian technocracy are not at this point political, at least not in the traditional sense. Still, a select few already have authoritarian control, more or less, to establish the digital world's rules and cultural norms, which can be as potent as political power...

[I]n recent years, it has become clear that regulation is needed, not least because the rise of technocracy proves that Silicon Valley's leaders simply will not act in the public's best interest. Much should be done to protect children from the hazards of social media, and to break up monopolies and oligopolies that damage society, and more. At the same time, I believe that regulation alone will not be enough to meaningfully address the cultural rot that the new technocrats are spreading.... We do not have to live in the world the new technocrats are designing for us. We do not have to acquiesce to their growing project of dehumanization and data mining. Each of us has agency.

No more "build it because we can." No more algorithmic feedbags. No more infrastructure designed to make the people less powerful and the powerful more controlling. Every day we vote with our attention; it is precious, and desperately wanted by those who will use it against us for their own profit and political goals. Don't let them.

• The article specifically recommends "challenging existing norms about the use of apps and YouTube in classrooms, the ubiquity of smartphones in adolescent hands, and widespread disregard for individual privacy. People who believe that we all deserve better will need to step up to lead such efforts."
• "Universities should reclaim their proper standing as leaders in developing world-changing technologies for the good of humankind. (Harvard, Stanford, and MIT could invest in creating a consortium for such an effort — their endowments are worth roughly $110 billion combined.)"

Quora "used to be a thriving community that worked to answer our most specific questions," writes Slate. "But users are fleeing," while the site hosts "a never-ending avalanche of meaningless, repetitive sludge, filled with bizarre, nonsensical, straight-up hateful, and A.I.-generated entries..."

The site has faced moderation issues, spam, trolls, and bots re-posting questions from Reddit (plus competition for ad revenue from sites like Facebook and Google which forced cuts in Quora's support and moderation teams). But automating its moderation "did not improve the situation...

"Now Quora is even offering A.I.-generated images to accompany users' answers, even though the spawned illustrations make little sense." To top it all off, after Quora began using A.I. to "generate machine answers on a number of selected question pages," the site made clear the possibility that human-crafted answers could be used for training A.I. This meant that the detailed writing Quorans provided mostly for free would be ingested into a custom large language model. Updated terms of service and privacy policies went into effect at the site last summer. As angel investor and Quoran David S. Rose paraphrased them: "You grant all other Quora users the unlimited right to reuse and adapt your answers," "You grant Quora the right to use your answers to train an LLM unless you specifically opt out," and "You completely give up your right to be any part of any class action suit brought against Quora," among others. (Quora's Help Center claims that "as of now, we do not use answers, posts, or comments added to Quora to train LLMs used for generating content on Quora. However, this may change in the future." The site offers an opt-out setting, although it admits that "opting out does not cover everything.")

This raised the issue of consent and ownership, as Quorans had to decide whether to consent to the new terms or take their work and flee. High-profile users, like fantasy author Mercedes R. Lackey, are removing their work from their profiles and writing notes explaining why. "The A.I. thing, the terms of service issue, has been a massive drain of top talent on Quora, just based on how many people have said, Downloaded my stuff and I'm out of there," Lackey told me. It's not that all Quorans want to leave, but it's hard for them to choose to remain on a website where they now have to constantly fight off errors, spam, trolls, and even account impersonators....

The tragedy of Quora is not just that it crushed the flourishing communities it once built up. It's that it took all of that goodwill, community, expertise, and curiosity and assumed that it could automate a system that equated it, apparently without much thought to how pale the comparison is. [Nelson McKeeby, an author who joined Quora in 2013] has a grim prediction for the future: "Eventually Quora will be robot questions, robot answers, and nothing else." I wonder how the site will answer the question of why Quora died, if anyone even bothers to ask.
The article notes that Andreessen Horowitz gave Quora "a much-needed $75 million investment — but only for the sake of developing its on-site generative-text chatbot, Poe."

Ivan Mehta reports via TechCrunch: Nearly a week after Apple announced big changes to the App Store because of the European Union's Digital Markets Act (DMA) rules, the company said that the market represents 7% of its global App Store revenues. The company's chief financial officer Luca Maestri said that the monetary impact of these changes will depend on choices made by developers to adopt different systems. "A lot will depend on the choices that will be made. Just to keep it in context, the changes applied to the EU market, which represents roughly 7% of our global app store revenue," he said in reply to an analyst's question.

Because of DMA, Apple has to allow alternative app stores and let developers use third-party payment processors. The company plans to charge a core tech fee if an app crosses a million annual downloads across different app stores. Amid these changes, Apple noted a record quarter for App Store revenues. The company's overall services revenue was $23.1 billion with an 11% jump year-on-year. Apple continued its narrative of defending the App Store and its commission ecosystem by saying that it provides the best privacy and security. CEO Tim Cook emphasized that the company will fall short of providing the best experience to users because of these changes.

"If you think about what we've done over the years is, we've really majored on privacy, security and usability. And we've tried our best to get as close to the past in terms of the things that are -- that people love about our ecosystem as we can, but we are going to fall short of providing the maximum amount that we could supply, because we need to comply with the regulation," he said.

An anonymous reader quotes a report from Reuters: Italy's data protection authority has told OpenAI that its artificial intelligence chatbot application ChatGPT breaches data protection rules, the watchdog said on Monday, as it presses ahead with an investigation started last year. The authority, known as Garante, is one of the European Union's most proactive in assessing AI platform compliance with the bloc's data privacy regime. Last year, it banned ChatGPT over alleged breaches of European Union (EU) privacy rules. The service was reactivated after OpenAI addressed issues concerning, amongst other things, the right of users to decline to consent to the use of personal data to train algorithms. At the time, the regulator said it would continue its investigations. It has since concluded that elements indicate one or more potential data privacy violations, it said in a statement without providing further detail. The Garante on Monday said Microsoft-backed OpenAI has 30 days to present defense arguments, adding that its investigation would take into account work done by a European task force comprising national privacy watchdogs.