AmiMoJo shares a report from Neowin: Anti-malware solutions maker Malwarebytes has recently uncovered a campaign which is serving tech support scams via malicious ads in Microsoft Edge's 'My Feed' section. They provided an image that shows a screenshot of a malvertising campaign where a fake browser locker page is displayed to dupe potential victims. The adware is smart in the way it operates as Malwarebytes has found that the malicious ad banner redirects only potential targets to the tech support scam page. Meanwhile bots, VPNs and geo-locations are shown the actual ad page powered by the Taboola ad network. The firm notes that the differentiation is made with a help of a base64-encoded JavaScript string.

In the span of just 24 hours, Malwarebytes managed to collect over 200 different hostnames. Somewhat unsurprisingly perhaps, one of the associated domains is linked to an individual who appears to be the director of a software company operating in Delhi, India. You can find more details about this malvertising campaign on Malwarebytes' blog post about the topic.

New Fitbit users will be required to sign-up with a Google account, from next year, while it also appears one will be needed to access some of the new features in years to come. Trusted Reviews reports: Google has been slowly integrating Fitbit into the fold since buying the company back in November 2019. Indeed, the latest products are now known as "Fitbit by Google." However, as it currently stands, device owners have been able to maintain separate accounts for Google and Fitbit accounts. Google has now revealed it is bringing Google Accounts to Fitbit in 2023, enabling a single login for both services. From that point on, all new sign ups will be through Google. Fitbit accounts will only be supported until 2025. From that point on, a Google account will be the only way to go. To aid the transition, once the introduction of Google accounts begins, it'll be possible to move existing devices over while maintaining all of the recorded data.

Elon Musk announced that he was activating Starlink in response to U.S. Secretary of State Antony Blinken's tweet announcing the issuing of a General License to provide the Iranian people with access to digital communications. Teslarati reports: Currently, in Iran, massive protests are happening as a result of the death of 22-year-old Mahsa Amini, who was detained by the morality police for her head scarf not being properly worn. Although she had no known heart-related health problems, the police said she suddenly died of heart failure. Eyewitnesses said that she was beaten and her head hit the side of a police car. This along with leaked medical scans suggested cerebral hemorrhage and stroke. In response to her death, there have been several large-scale protests across Iran that received international support from world leaders, celebrities, and organizations.

The Iranian government sided with the morality police and has been suppressing the protests, shooting protestors with metal pellets and birdshot, and deploying tear gas and water cannons. The government also blocked access to many apps including Instagram and WhatsApp and limited internet access to prevent protestors from organizing. This is where Starlink comes in. A few days ago, Elon Musk said that Starlink would seek exemption from Iranian sanctions. This was in response to @Erfankasraie who asked if Elon could provide Starlink to the Iranian people. "It could be a game changer for the future." Elon also responded, "OK," to @agusantonetti who asked if he could do the same for other countries under a dictatorship such as Cuba. Further reading: As Unrest Grows, Iran Restricts Access To Instagram, WhatsApp

A growing body of evidence suggests that pro-Russian hackers and online activists are working with the country's military intelligence agency, according to researchers at Google. From a report: Western officials and security experts are interested in the possible Kremlin links because it would help explain Moscow's intentions both inside and outside Ukraine despite recent military setbacks that prompted Russian President Vladimir Putin this week to announce a mobilization push. Officials in the U.S. and Europe have warned throughout the war that Russian hackers could lash out against Ukraine's allies by targeting critical infrastructure and governments with cyberattacks, but so far that has largely failed to materialize.

Over the past few months, Google's Mandiant cybersecurity group has observed apparent coordination between pro-Russian hacking groups -- ostensibly comprising patriotic citizen hackers -- and cyber break-ins by Russia's military intelligence agency, or GRU. In four instances, Mandiant says it observed hacking activity linked to the GRU in which malicious "wiper" software was installed on a victim's network. The initial wiper software caused disruption by destroying computer systems across the organization. Then, the hacktivists entered the picture. After each of these hacks -- within 24 hours of the wiping -- the hacktivist organizations have published data stolen from the same organizations.

Corporate employees at Amazon got emails about promotions and raises. Then they got emails saying the raises weren't quite what they thought. From a report: A one-time bonus that was part of their compensation package had been miscalculated due to a software error and would be lower than what they had been told, according to an email sent on Thursday and viewed by Insider. The bonuses had initially been calculated using older, higher stock prices, according to Insider, and about 40% of promoted employees this quarter were affected by the error.

"We identified and immediately corrected an issue with some newly promoted employees' compensation communications," an Amazon spokesperson told Fortune. We are working with employees to ensure they understand their updated compensation." Compensation has been a major issue across the tech sector this year as a strong labor market heats up competition for workers. Earlier this year, Amazon announced its plan to double its maximum base salary to $350,000 to attract talent, something that workers at Google cited after the company's annual internal survey revealed their dissatisfaction with pay.

Nvidia Chief Executive Jensen Huang's remarks about Moore's Law from earlier this week: "Moore's Law's dead," Huang said, referring to the standard that the number of transistors on a chip doubles every two years. "And the ability for Moore's Law to deliver twice the performance at the same cost, or at the same performance, half the cost, every year and a half, is over. It's completely over, and so the idea that a chip is going to go down in cost over time, unfortunately, is a story of the past." He added: "Computing is a not a chip problem, it's a software and chip problem."

As Google tries to navigate an unfamiliar environment of slowing growth, cost-cutting and employee dissent over cultural changes, CEO Sundar Pichai is finding himself on the defensive. From a report: At a companywide all-hands meeting this week, Pichai was faced with tough questions from employees related to cuts to travel and entertainment budgets, managing productivity, and potential layoffs, according to audio obtained by CNBC. Pichai was asked, in a question that was highly rated by staffers on Google's internal Dory system, why the company is "nickel-and-diming employees" by slashing travel and swag budgets at a time when "Google has record profits and huge cash reserves," as it did coming out of the Covid pandemic. "How do I say it?" Pichai began his measured response. "Look, I hope all of you are reading the news, externally. The fact that you know, we are being a bit more responsible through one of the toughest macroeconomic conditions underway in the past decade, I think it's important that as a company, we pull together to get through moments like this."

An anonymous reader quotes a report from Bloomberg: Meta was sued for allegedly building a secret work-around to safeguards that Apple launched last year to protect iPhone users from having their internet activity tracked. In a proposed class-action complaint filed Wednesday in San Francisco federal court, two Facebook users accused the company of skirting Apple's 2021 privacy rules and violating state and federal laws limiting the unauthorized collection of personal data. A similar complaint was filed in the same court last week. The suits are based on a report by data privacy researcher Felix Krause, who said that Meta's Facebook and Instagram apps for Apple's iOS inject JavaScript code onto websites visited by users. Krause said the code allowed the apps to track "anything you do on any website," including typing passwords.

According to the suits, Meta's collection of user data from the Facebook app helps it circumvent rules instituted by Apple in 2021 requiring all third-party apps to obtain consent from users before tracking their activities, online or off. Meta has said it expected to miss out on $10 billion in ad revenue in 2022 because of Apple's changes. The Facebook app gets around Apple privacy rules by opening web links in an in-app browser, rather than the user's default browser, according to Wednesday's complaint. "This allows Meta to intercept, monitor and record its users' interactions and communications with third parties, providing data to Meta that it aggregates, analyzes, and uses to boost its advertising revenue," according to the suit. A Meta spokesperson said the allegations are "without merit" and the company will defend itself. "We have designed our in-app browser to respect users' privacy choices, including how data may be used for ads," the company said in an emailed statement.

An anonymous reader quotes a report from Protocol: Google is gunning for Dolby Atmos and Dolby Vision: The company is looking to introduce two new media formats to offer HDR video and 3D audio under a new consumer-recognizable brand without the licensing fees hardware manufacturers currently have to pay Dolby. Google shared plans for the media formats, which are internally known as Project Caviar, at a closed-door event with hardware manufacturers earlier this year. In a video of the presentation that was leaked to Protocol, group product manager Roshan Baliga describes the goal of the project as building "a healthier, broader ecosystem" for premium media experiences. The company's primary focus for Project Caviar is YouTube, which does not currently support Dolby Atmos or Dolby Vision. However, Google also aims to bring other industry players on board, including device manufacturers and service providers. This makes Project Caviar one of Google's most ambitious pushes for open media formats since the company began working on royalty-free video codecs over a decade ago.

Google's open media efforts have until now primarily focused on the development of codecs. The company acquired video codec maker On2 in 2009 to open source some of its technology; it has also played a significant role in the foundation of the Alliance for Open Media, an industry consortium that is overseeing the royalty-free AV1 video codec. Project Caviar is different from those efforts in that it is not another codec. Instead, the project focuses on 3D audio and HDR video formats that make use of existing codecs but allow for more rich and immersive media playback experiences, much like Dolby Atmos and Dolby Vision do. Baliga didn't mention Dolby by name during his presentation, but he still made it abundantly clear that the company was looking to establish alternatives to the Atmos and Vision formats. "We realized that there are premium media experiences where there aren't any great royalty-free solutions," he said, adding that the licensing costs for premium HDR video and 3D audio "can hurt manufacturers and consumers."

Dolby makes most of its money through licensing fees from hardware manufacturers. The company charges TV manufacturers $2 to $3 to license Dolby Vision, according to its Cloud Media Solutions SVP Giles Baker. Dolby hasn't publicly disclosed licensing fees for Atmos; it charges consumers who want to add immersive audio to their Xbox consoles $15 per license, but the fee hardware manufacturers have to pay is said to be significantly lower. Still, in an industry that long has struggled with razor-thin margins, every extra dollar matters. That's especially true because Dolby already charges virtually all device makers a licensing fee for its legacy audio codecs. A manufacturer of streaming boxes that wholesale for $50 has to pay around $2 per unit for Dolby Vision and Dolby Digital, according to a document an industry insider shared with Protocol. "For lower-cost living room devices, the cost may be prohibitive," Baliga said during his presentation.

Iran curbed access on Wednesday to Instagram and WhatsApp, two of the last remaining social networks in the country, amid protests over the death of a woman in police custody, residents and internet watchdog NetBlocks said. Reuters reports: Last week's death of 22-year-old Mahsa Amini, who was arrested by morality police in Tehran for "unsuitable attire," has unleashed anger over issues including freedom in the Islamic Republic and an economy reeling from sanctions. NetBlocks also reported a "nation-scale loss of connectivity" on Iran's mail mobile telephone provider and another company's network. WhatsApp's servers have been disrupted on multiple internet providers, hours after Instagram's services were blocked, London-based NetBlocks said.

The group's data shows a near-total disruption to internet service in parts of Kurdistan province in west Iran since Monday, while the capital city of Tehran and other parts of the country have also faced disruptions since Friday when protests first broke out. Two residents in Tehran and southern Iran said they could only send text and not pictures on WhatsApp and that Instagram appeared to be completely blocked.

DocuSign shares rose almost 5% in extended trading after the electronic signature software maker announced it has hired an Alphabet executive, Allan Thygesen, to be its next CEO. CNBC reports: The announcement comes three month after DocuSign said its CEO for the past five years, Dan Springer, was stepping down. Like other cloud software companies, DocuSign enjoyed a wave of greater interest among investors during the Covid pandemic as consumers and corporate workers became more reliant on digital ways to sign documents. But the interest has died down. Notwithstanding the after-hours move, DocuSign shares have fallen 64% so far this year.

As antitrust regulators around the world dial up scrutiny of platform power, Mozilla has published a piece of research digging into the at times subtle yet always insidious ways operating systems exert influence to keep consumers locked to using their own-brand browsers rather than seeking out and switching to independent options -- while simultaneously warning that competition in the browser market is vital to ensure innovation and choice for consumers and, more broadly, protect the vitality of the open web against the commercial giants trying to wall it up. TechCrunch: "Billions of people across the globe are dependent on operating systems from the largest technology companies. Amazon, Apple, Google, Microsoft and Meta each provide their own browser on their operating systems and each of them uses their gatekeeper position provider to preference their own browsers over independent rivals. Whether it is Microsoft pushing Firefox users to switch their default on Windows computers, Apple restricting the functionality of rival browsers on iOS smartphones or Google failing to apply default browser settings across Android, there are countless examples of independent browsers being inhibited by the operating systems on which they are dependent," Mozilla writes in a summary of its findings. "This matters because American consumers and society as a whole suffer. Not only do people lose the ability to determine their own online experiences but they also receive less innovative and lower quality products. In addition, they can be forced to accept poorer privacy outcomes and even unfair contracts. By contrast, competition from independent browsers can help to drive new features, as well as innovation in areas like privacy and security."

A cache of nearly 160,000 files from Russia's powerful internet regulator provides a rare glimpse inside Vladimir V. Putin's digital crackdown. The New York Times: Four days into the war in Ukraine, Russia's expansive surveillance and censorship apparatus was already hard at work. Roughly 800 miles east of Moscow, authorities in the Republic of Bashkortostan, one of Russia's 85 regions, were busy tabulating the mood of comments in social media messages. They marked down YouTube posts that they said criticized the Russian government. They noted the reaction to a local protest. Then they compiled their findings. One report about the "destabilization of Russian society" pointed to an editorial from a news site deemed "oppositional" to the government that said President Vladimir V. Putin was pursuing his own self-interest by invading Ukraine. A dossier elsewhere on file detailed who owned the site and where they lived. Another Feb. 28 dispatch, titled "Presence of Protest Moods," warned that some had expressed support for demonstrators and "spoke about the need to stop the war." The report was among nearly 160,000 records from the Bashkortostan office of Russia's powerful internet regulator, Roskomnadzor.

Together the documents detail the inner workings of a critical facet of Mr. Putin's surveillance and censorship system, which his government uses to find and track opponents, squash dissent and suppress independent information even in the country's furthest reaches. The leak of the agency's documents "is just like a small keyhole look into the actual scale of the censorship and internet surveillance in Russia," said Leonid Volkov, who is named in the records and is the chief of staff for the jailed opposition leader Aleksei A. Navalny. "It's much bigger," he said. Roskomnadzor's activities have catapulted Russia, along with authoritarian countries like China and Iran, to the forefront of nations that aggressively use technology as a tool of repression. Since the agency was established in 2008, Mr. Putin has turned it into an essential lever to tighten his grip on power as he has transformed Russia into an even more authoritarian state. The internet regulator is part of a larger tech apparatus that Mr. Putin has built over the years, which also includes a domestic spying system that intercepts phone calls and internet traffic, online disinformation campaigns and the hacking of other nations' government systems. The agency's role in this digital dragnet is more extensive than previously known, according to the records.

It has morphed over the years from a sleepy telecom regulator into a full-blown intelligence agency, closely monitoring websites, social media and news outlets, and labeling them as "pro-government," "anti-government" or "apolitical." Roskomnadzor has also worked to unmask and surveil people behind anti-government accounts and provided detailed information on critics' online activities to security agencies, according to the documents. That has supplemented real-world actions, with those surveilled coming under attack for speaking out online. Some have then been arrested by the police and held for months. Others have fled Russia for fear of prosecution. The files reveal a particular obsession with Mr. Navalny and show what happens when the weight of Russia's security state is placed on one target. The system is built to control outbursts like the one this week, when protesters across Russia rallied against a new policy that would press roughly 300,000 people into military service for the war in Ukraine. At least 1,200 people have already been detained for demonstrating. More than 700 gigabytes of records from Roskomnadzor's Bashkortostan branch were made publicly available online in March by DDoSecrets, a group that publishes hacked documents.

Weeks after Twitter's ex-security chief accused the company of cybersecurity mismanagement, Twitter has now informed its users of a bug that didn't close all of a user's active logged-in sessions on Android and iOS after an account's password was reset. From a report: This issue could have implications for those who had reset their password because they believed their Twitter account could be at risk, perhaps because of a lost or stolen device, for instance. Assuming whoever had possession of the device could access its apps, they would have had full access to the impacted user's Twitter account. In a blog post, Twitter explains that it had learned of the bug that had allowed "some" accounts to stay logged in on multiple devices after a user reset their password voluntarily. Typically, when a password reset occurs, the session token that keeps a user logged into the app is also revoked -- but that didn't take place on mobile devices, Twitter says. Web sessions, however, were not impacted and were closed appropriately, it noted.

Former President Donald Trump could be allowed back on Facebook once a suspension of his account expires in 2023, Nick Clegg of parent company Meta Platforms, said Thursday at an exclusive Semafor Exchange event in Washington, DC. From the report: As the company makes its decision, it will talk to experts, weigh the risk of real world harm and act proportionally, he said. It's the first time Clegg, who, as president of global affairs is charged with deciding whether to lift the limit, has publicly discussed his thinking. Trump was prohibited from posting on several online platforms after the January 2021 riots at the Capitol building in Washington, D.C., with Facebook, sister app Instagram, Twitter and Google's YouTube citing his role in inciting the violence. "When you make a decision that affects the public realm, you need to act with great caution," Clegg told Semafor editor-at-large Steve Clemons. "You shouldn't throw your weight about."

Facebook and Instagram's speech policies harmed fundamental human rights of Palestinian users during a conflagration that saw heavy Israeli attacks on the Gaza Strip last May, according to a study commissioned by the social media sites' parent company Meta. From a report: "Meta's actions in May 2021 appear to have had an adverse human rights impact ... on the rights of Palestinian users to freedom of expression, freedom of assembly, political participation, and non-discrimination, and therefore on the ability of Palestinians to share information and insights about their experiences as they occurred," says the long-awaited report, which was obtained by The Intercept in advance of its publication. Commissioned by Meta last year and conducted by the independent consultancy Business for Social Responsibility, or BSR, the report focuses on the company's censorship practices and allegations of bias during bouts of violence against Palestinian people by Israeli forces last spring.

Following protests over the forcible eviction of Palestinian families from the Sheikh Jarrah neighborhood in occupied East Jerusalem, Israeli police cracked down on protesters in Israel and the West Bank, and launched military airstrikes against Gaza that injured thousands of Palestinians, killing 256, including 66 children, according to the United Nations. Many Palestinians attempting to document and protest the violence using Facebook and Instagram found their posts spontaneously disappeared without recourse, a phenomenon the BSR inquiry attempts to explain. Last month, over a dozen civil society and human rights groups wrote an open letter protesting Meta's delay in releasing the report, which the company had originally pledged to release in the "first quarter" of the year. While BSR credits Meta for taking steps to improve its policies, it further blames "a lack of oversight at Meta that allowed content policy errors with significant consequences to occur."

Google announced a new Chromecast with HD streaming support today that costs just $30 and has a remote control with it. From a report: The company is launching the Chromecast with Google TV (HD) -- yes, that's the official name -- in 19 countries including the U.S. This comes two years after Google launched a $49 Chromecast with 4K HDR streaming support and the introduction of a remote. The new Chromecast supports 1080p streaming, and more than 10,000 apps that are on the Google TV platform including Netflix, HBO Max, Disney+, and Prime video.

An anonymous reader shares an excerpt from a report via Motherboard, written by Joseph Cox: Multiple branches of the U.S. military have bought access to a powerful internet monitoring tool that claims to cover over 90 percent of the world's internet traffic, and which in some cases provides access to people's email data, browsing history, and other information such as their sensitive internet cookies, according to contracting data and other documents reviewed by Motherboard. Additionally, Sen. Ron Wyden says that a whistleblower has contacted his office concerning the alleged warrantless use and purchase of this data by NCIS, a civilian law enforcement agency that's part of the Navy, after filing a complaint through the official reporting process with the Department of Defense, according to a copy of the letter shared by Wyden's office with Motherboard.

The material reveals the sale and use of a previously little known monitoring capability that is powered by data purchases from the private sector. The tool, called Augury, is developed by cybersecurity firm Team Cymru and bundles a massive amount of data together and makes it available to government and corporate customers as a paid service. In the private industry, cybersecurity analysts use it for following hackers' activity or attributing cyberattacks. In the government world, analysts can do the same, but agencies that deal with criminal investigations have also purchased the capability. The military agencies did not describe their use cases for the tool. However, the sale of the tool still highlights how Team Cymru obtains this controversial data and then sells it as a business, something that has alarmed multiple sources in the cybersecurity industry.

"The network data includes data from over 550 collection points worldwide, to include collection points in Europe, the Middle East, North/South America, Africa and Asia, and is updated with at least 100 billion new records each day," a description of the Augury platform in a U.S. government procurement record reviewed by Motherboard reads. It adds that Augury provides access to "petabytes" of current and historical data. Motherboard has found that the U.S. Navy, Army, Cyber Command, and the Defense Counterintelligence and Security Agency have collectively paid at least $3.5 million to access Augury. This allows the military to track internet usage using an incredible amount of sensitive information. Motherboard has extensively covered how U.S. agencies gain access to data that in some cases would require a warrant or other legal mechanism by simply purchasing data that is available commercially from private companies. Most often, the sales center around location data harvested from smartphones. The Augury purchases show that this approach of buying access to data also extends to information more directly related to internet usage. "The Augury platform is not designed to target specific users or user activity. The platform specifically does not possess subscriber information necessary to tie records back to any users," said Team Cymru in a statement to Motherboard. "Our platform does not provide user or subscriber information, and it doesn't provide results that show any pattern of life, preventing its ability to be used to target individuals. Our platform only captures a limited sampling of the available data, and is further restricted by only allowing queries against restricted sampled and limited data, which all originates from malware, malicious activity, honeypots, scans, and third parties who provide feeds of the same. Results are then further limited in the scope and volume of what's returned," Team Cymru said in another email.

Charles E. Spirtos from the Navy Office of Information told Motherboard in an email that NCIS specifically "conducts investigations and operations in accordance with all applicable laws and regulations. The use of net flow data by NCIS does not require a warrant." He added that NCIS has not used netflow during any criminal investigation, but that "NCIS uses net flow data for various counterintelligence purposes."

Meanwhile, the Department of Defense Office of the Inspector General, which the whistleblower alleges referred their complaint to the Navy, told Motherboard it had received Wyden's letter and was reviewing it. The Office of the Naval Inspector General declined to comment and directed Motherboard back to its Department of Defense counterpart. The Defense Counterintelligence and Security Agency also deferred to the Department of Defense.

In an interview with Bloomberg, Microsoft President Brad Smith said the company won't label social media posts that appear to be false in order to avoid the appearance that the company is trying to censor speech online. From the report: "I don't think that people want governments to tell them what's true or false," Smith said when asked about Microsoft's role in defining disinformation. "And I don't think they're really interested in having tech companies tell them either." The comments are Smith's strongest indication yet that Microsoft is taking a unique path to tracking and disrupting digital propaganda efforts.

Smith said Microsoft wanted to provide the public with more information about who is speaking, what they are saying and allow them to come to their own judgment about whether content was true. "We have to be very thoughtful and careful because -- and this is also true of every democratic government -- fundamentally, people quite rightly want to make up their own mind and they should," he said. "Our whole approach needs to be to provide people with more information, not less and we cannot trip over and use what others might consider censorship as a tactic."

AmiMoJo shares a report from the Mozilla Foundation: YouTube's user controls -- buttons like "Dislike " and "Not interested" -- largely fail to help users avoid unwanted recommendations like misinformation and violent content, according to new research by Mozilla. An accompanying survey also found that YouTube's controls routinely frustrate and confuse users. Indeed, Mozilla's research found that people who are experiencing unwanted recommendations and turn to the platform's user controls for assistance prevent less than half of unwanted recommendations.

This is especially troubling because Mozilla's past research shows that YouTube recommends videos that violate its very own community guidelines, like misinformation, violent content, hate speech, and spam. For example, one user in this most recent research asked YouTube to stop recommending war footage from Ukraine -- but shortly after was recommended even more grisly content from the region. The study, titled "Does This Button Work? Investigating YouTube's ineffective user controls" is the culmination of months of rigorous qualitative and quantitative research. The study was made possible by the data of more than 20,000 participants who used Mozilla's RegretsReporter browser extension, and by data about more than 500 million YouTube videos. These are the top findings, as highlighted in the report: People don't trust YouTube's user controls. More than a third (39.3%) of people surveyed felt YouTube's user controls did not impact their recommendations at all, and 23% felt the controls had a mixed response. Said one interviewee: "Nothing changed. Sometimes I would report things as misleading and spam and the next day it was back in [...] Even when you block certain sources they eventually return."

People take matters into their own hands. Our study found that people did not always understand how YouTube's controls affect their recommendations, and so took a jury rigged approach instead. People will log out, create new accounts, or use privacy tools just to manage their YouTube recommendations. Said one user: "When the Superbowl came around ... if someone recommended a particular commercial, I used to log out of YouTube, watch the commercial, and then log back in."

The data confirms people are right. The most "effective" user control was "Don't recommend channel," but compared to users who do not make use of YouTube's user controls, only 43% of unwanted recommendations are prevented -- and recommendations from the unwanted channel sometimes persist. Other controls were even less effective: The "Not Interested" tool prevented only 11% of unwanted recommendations.

YouTube can fix this problem. YouTube has the power to confront this issue and do a better job at enabling people to control their recommendations. Our research outlines several concrete suggestions to put people back into the driver's seat, like making YouTube's controls more proactive, allowing users to shape their own experience; and giving researchers increased access to YouTube's API and other tools. Further reading: YouTube Targets TikTok With Revenue Sharing For Shorts, Partner Program Expansion