"A jury may never see the gun that authorities say was used to kill Blake Story last year," reports Cleveland.com.

"That's because Cleveland police used a facial recognition program — one that explicitly says its results are not admissible in court — to obtain a search warrant, according to court documents." The search turned up what police say is the murder weapon in the suspect's home. But a Cuyahoga County judge tossed that evidence after siding with defense attorneys who argued that the search warrant affidavit was misleading and relied on inadmissible evidence. If an appeals court upholds the judge's ruling to suppress the evidence, prosecutors acknowledge their case is likely lost...

The company that produced the facial recognition report, Clearview AI, has been used in hundreds of law enforcement investigations throughout Ohio and has faced lawsuits over privacy violations.

Not only does Cleveland lack a policy governing the use of artificial intelligence, Ohio lawmakers also have failed to set standards for how police use the tool to investigate crimes. "It's the wild, wild west in Ohio," said Gary Daniels, a lobbyist for the American Civil Liberties Union. The lack of state regulation of how law enforcement uses advanced technologies — no laws similarly govern the use of drones or license plate readers — means it is essentially up to agencies how they use the tools.
The affidavit for the search warrant was signed by a 28-year police force veteran, according to the article — but it didn't disclose the use of Clearview's technology.

Clearview's report acknowledged their results were not admissible in court — but then provided the suspect's name, arrest record, Social Security number, according to the article, and "noted he was the most likely match for the person in the convenience store."

Thanks to tlhIngan (Slashdot reader #30,335) for sharing the news.

Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon, an Israeli maker of hacking software, the company alleged today. From a report: The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the users in question had been targeted and "possibly compromised."

The company declined to disclose where the journalists and members of civil society were based, including whether they were based in the US. The company said it had sent Paragon a "cease and desist" letter and that it was exploring its legal options. WhatsApp said the alleged attacks had been disrupted in December and that it was not clear how long the targets may have been under threat.

Italy's data protection agency has blocked the Chinese AI chatbot DeekSeek after its developers failed to disclose how it collects user data or whether it is stored on Chinese servers. Reuters reports: DeepSeek could not be accessed on Wednesday in Apple or Google app stores in Italy, the day after the authority, known also as the Garante, requested information on its use of personal data. In particular, it wanted to know what personal data is collected, from which sources, for what purposes, on what legal basis and whether it is stored in China. The authority's decision -- aimed at protecting Italian users' data -- came after the Chinese companies that supply chatbot service to DeepSeek provided information that "was considered to totally insufficient," the authority said in a note on its website. The Garante added that the decision had "immediate effect" and that it had also opened an investigation. Thanks to new submitter axettone for sharing the news.

A proposed class-action lawsuit accuses Amazon of secretly tracking consumers' movements through their cellphones via its Amazon Ads SDK embedded in third-party apps, allegedly collecting sensitive geolocation data without consent. The complaint, filed by a California resident in a San Francisco federal court, claims Amazon violated state laws on unauthorized computer access in the process. Reuters reports: This allegedly enabled Amazon to collect an enormous amount of timestamped geolocation data about where consumers live, work, shop and visit, revealing sensitive information such as religious affiliations, sexual orientations and health concerns. "Amazon has effectively fingerprinted consumers and has correlated a vast amount of personal information about them entirely without consumers' knowledge and consent," the complaint said.

The complaint was filed by Felix Kolotinsky of San Mateo, California, who said Amazon collected his personal information through the "Speedtest by Ookla" app on his phone. He said Amazon's conduct violated California's penal law and a state law against unauthorized computer access, and seeks unspecified damages for millions of Californians.

An anonymous reader quotes a report from the Hill: Two federal employees are suing the Office of Personnel Management (OPM) to block the agency from creating a new email distribution system -- an action that comes as the information will reportedly be directed to a former staffer to Elon Musk now at the agency. The suit (PDF), launched by two anonymous federal employees, ties together two events that have alarmed members of the federal workforce and prompted privacy concerns. That includes an unusual email from OPM last Thursday reviewed by The Hill said the agency was testing "a new capability" to reach all federal employees -- a departure from staffers typically being contacted directly by their agency's human resources department.

Also cited in the suit is an anonymous Reddit post Monday from someone purporting to be an OPM employee, saying a new server was installed at their office after a career employee refused to set up a direct line of communication to all federal employees. According to the post, instructions have been given to share responses to the email to OPM chief of staff Amanda Scales, a former employee at Musk's AI company. Federal agencies have separately been directed to send Scales a list of all employees still on their one-year probationary status, and therefore easier to remove from government. The suit says the actions violate the E-Government Act of 2002, which requires a Privacy Impact Assessment before pushing ahead with creation of databases that store personally identifiable information.

Kel McClanahan, executive director of National Security Counselors, a non-profit law firm, noted that OPM has been hacked before and has a duty to protect employees' information. "Because they did that without any indications to the public of how this thing was being managed -- they can't do that for security reasons. They can't do that because they have not given anybody any reason to believe that this server is secure.that this server is storing this information in the proper format that would prevent it from being hacked," he said. McClanahan noted that the emails appear to be an effort to create a master list of federal government employees, as "System of Records Notices" are typically managed by each department. "I think part of the reason -- and this is just my own speculation -- that they're doing this is to try and create that database. And they're trying to sort of create it by smushing together all these other databases and telling everyone who receives the email to respond," he said.

An anonymous reader quotes a report from Ars Technica: Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips' use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program. [...]

The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. "Based on our analysis, we do not believe this issue poses an immediate risk to our users." FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. By inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details. This attack works on both Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities.

SLAP, on the other hand, stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments. Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation.

chicksdaddy share a report from the Security Ledger: Vulnerabilities in Subaru's STARLINK telematics software enabled two, independent security researchers to gain unrestricted access to millions of Subaru vehicles deployed in the U.S., Canada and Japan. In a report published Thursday researchers Sam Curry and Shubham Shah revealed a now-patched flaw in Subaru's STARLINK connected vehicle service that allowed them to remotely control Subarus and access vehicle location information and driver data with nothing more than the vehicle's license plate number, or easily accessible information like the vehicle owner's email address, zip code and phone number. (Note: Subaru STARLINK is not to be confused with the Starlink satellite-based high speed Internet service.)

[Curry and Shah downloaded a year's worth of vehicle location data for Curry's mother's 2023 Impreza (Curry bought her the car with the understanding that she'd let him hack it.) The two researchers also added themselves to a friend's STARLINK account without any notification to the owner and used that access to remotely lock and unlock the friend's Subaru.] The details of Curry and Shah's hack of the STARLINK telematics system bears a strong resemblance to hacks documented in his 2023 report Web Hackers versus the Auto Industry as well as a September, 2024 discovery of a remote access flaw in web-based applications used by KIA automotive dealers that also gave remote attackers the ability to steal owners' personal information and take control of their KIA vehicle. In each case, Curry and his fellow researchers uncovered publicly accessible connected vehicle infrastructure intended for use by [employees and dealers was found to be trivially vulnerable to compromise and lack even basic protections around account creation and authentication].

Meta's AI chatbot will now use personal data from users' Facebook and Instagram accounts for personalized responses in the United States and Canada, the company said in a blog post. The upgraded Meta AI can remember user preferences from previous conversations across Facebook, Messenger, and WhatsApp, such as dietary choices and interests. CEO Mark Zuckerberg said the feature helps create personalized content like bedtime stories based on his children's interests. Users cannot opt out of the data-sharing feature, a Meta spokesperson told TechCrunch.

The EFF has complained that in general "smart" products for babies "collect a ton of information about you and your baby on an ongoing basis". (For this year's "worst in privacy" product at CES they chose a $1,200 baby bassinet equipped with a camera, a microphone, and a radar sensor...)

But today the Washington Post reported on a $1,700 bassinet that surprised the mother of a one-month-old when it "abruptly demanded money for a feature she relied on to soothe her baby to sleep." The internet-connected bassinet... reliably comforted her 1-month-old — just as it had her first child — until it started charging $20 a month for some abilities, including one that keeps the bassinet's motion and sounds at one level all night. The level-lock feature previously was available without a fee. "It all felt really intrusive — like they went into our bedroom and clawed back this feature that we've been depending on...." When the Snoo's maker, Happiest Baby, introduced a premium subscription for some of the bassinet's most popular features in July, owners filed dozens of complaints to the Federal Trade Commission and the Better Business Bureau, coordinated review bombs and vented on social media — saying the company took advantage of their desperation for sleep to bait-and-switch them...

Happiest Baby isn't the only baby gear company that has rolled out a subscription. In 2023, makers of the Miku baby monitor, which retails for up to $400, elicited similar fury from parents when it introduced a $10 monthly subscription for most features. A growing number of internet-connected products have lost software support or functionality after purchase in recent years, such as Spotify's Car Thing — a $90 Bluetooth streaming device that the company announced in May it plans to discontinue — and Levi's $350 smart jacket, which let users control their phones by swiping sensors on its sleeve...

Seventeen consumer protection and tech advocacy groups cited Happiest Baby and Car Thing in a letter urging the FTC to create guidelines that ensure products retain core functionality without the imposition of fees that did not exist when the items were originally bought.
The Times notes that the bassinets are often resold, so the subscription fees are partly to cover the costs of supporting new owners, according to Happiest Baby's vice president for marketing and communications. But the article three additional perspectives:

• "This new technology is actually allowing manufacturers to change the way the status quo has been for decades, which is that once you buy something, you own it and you can do whatever you want. Right now, consumers have no trust that what they're buying is actually going to keep working." — Lucas Gutterman, who leads the Public Interest Research Group's "Design to Last" campaign.

• "It's a shame to be beholden to companies' goodwill, to require that they make good decisions about which settings to put behind a paywall. That doesn't feel good, and you can't always trust that, and there's no guarantee that next week Happiest Baby isn't going to announce that all of the features are behind a paywall." — Elizabeth Chamberlain, sustainability director at iFixit.

• "It's no longer just an out-and-out purchase of something. It's a continuous rental, and people don't know that." — Natasha Tusikov, an associate professor at York University

This weekend Cory Doctorow delved into "the two factors that make services terrible: captive users, and no constraints." If your users can't leave, and if you face no consequences for making them miserable (not solely their departure to a competitor, but also fines, criminal charges, worker revolts, and guerrilla warfare with interoperators), then you have the means, motive and opportunity to turn your service into a giant pile of shit... Every economy is forever a-crawl with parasites and monsters like these, but they don't get to burrow into the system and colonize it until policymakers create rips they can pass through.
Doctorow argues that "more and more critics are coming to understand that lock-in is the root of the problem, and that anti-lock-in measures like interoperability can address it." Even more important than market discipline is government discipline, in the form of regulation. If Zuckerberg feared fines for privacy violations, or moderation failures, or illegal anticompetitive mergers, or fraudulent advertising systems that rip off publishers and advertisers, or other forms of fraud (like the "pivot to video"), he would treat his users better. But Facebook's rise to power took place during the second half of the neoliberal era, when the last shreds of regulatory muscle that survived the Reagan revolution were being devoured... But it's worse than that, because Zuckerberg and other tech monopolists figured out how to harness "IP" law to get the government to shut down third-party technology that might help users resist enshittification... [Doctorow says this is "why companies are so desperate to get you to use their apps rather than the open web"] IP law is why you can't make an alternative client that blocks algorithmic recommendations. IP law is why you can't leave Facebook for a new service and run a scraper that imports your waiting Facebook messages into a different inbox. IP law is why you can't scrape Facebook to catalog the paid political disinformation the company allows on the platform...
But then Doctorow argues that "Legacy social media is at a turning point," citing as "a credible threat" new systems built on open standards like Mastodon (built on Activitypub) and Bluesky (built on Atproto): I believe strongly in improving the Fediverse, and I believe in adding the long-overdue federation to Bluesky. That's because my goal isn't the success of the Fediverse — it's the defeat of enshtitification. My answer to "why spend money fixing Bluesky?" is "why leave 20 million people at risk of enshittification when we could not only make them safe, but also create the toolchain to allow many, many organizations to operate a whole federation of Bluesky servers?" If you care about a better internet — and not just the Fediverse — then you should share this goal, too... Mastodon has one feature that Bluesky sorely lacks — the federation that imposes antienshittificatory discipline on companies and offers an enshittification fire-exit for users if the discipline fails. It's long past time that someone copied that feature over to Bluesky.
Doctorow argues that federated and "federatable" social media "disciplines enshittifiers" by freeing social media's captive audiences.

"Any user can go to any server at any time and stay in touch with everyone else."

An anonymous reader shared this report from TechCrunch: The developer behind Pixelfed, Loops, and Sup, open source alternatives to Instagram, TikTok, and WhatsApp, respectively, is now raising funds on Kickstarter to fuel the apps' further development. The trio is part of the growing open social web, also known as the fediverse, powered by the same ActivityPub protocol used by X alternative Mastodon... [and] challenge Meta's social media empire... "Help us put control back into the hands of the people!" [Daniel Supernault, the Canadian-based developer behind the federated apps] said in a post on Mastodon where he announced the Kickstarter's Thursday launch.

As of the time of writing, the campaign has raised $58,383 so far. While the goal on the Kickstarter site has been surpassed, Supernault said that he hopes to raise $1 million or more so he can hire a small team... A fourth project, PubKit, is also a part of these efforts, offering a toolset to support developers building in the fediverse... The stretch goal of the Kickstarter campaign is to register the Pixelfed Foundation as a not-for-profit and grow its team beyond volunteers. This could help address the issue with Supernault being a single point of failure for the project... Mastodon CEO Eugen Rochko made a similar decision earlier this month to transition to a nonprofit structure. If successful, the campaign would also fund a blogging app as an alternative to Tumblr or LiveJournal at some point in the future.

The funds will also help the apps manage the influx of new users. On Pixelfed.social, the main Pixelfed instance, (like Mastodon, anyone can run a Pixelfed server), there are now more than 200,000 users, thanks in part to the mobile app's launch, according to the campaign details shared with TechCrunch. The server is also now the second-largest in the fediverse, behind only Mastodon.social, according to network statistics from FediDB. New funds will help expand the storage, CDNs, and compute power needed for the growing user base and accelerate development. In addition, they'll help Supernault dedicate more of his time to the apps and the fediverse as a whole while also expanding the moderation, security, privacy, and safety programs that social apps need.

As a part of its efforts, Supernault also wants to introduce E2E encryption to the fediverse.
The Kickstarter campaign promises "authentic sharing reimagined," calling the apps "Beautiful sharing platforms that puts you first. No ads, no algorithms, no tracking — just pure photography and authentic connections... More Privacy, More Safety. More Variety. " Pixelfed/Loops/Sup/Pubkit isn't a ambitious dream or vaporware — they're here today — and we need your support to continue our mission and shoot for the moon to be the best social communication platform in the world.... We're following the both the Digital Platform Charter of Rights & Ethical Web Principles of the W3C for all of our projects as guidelines to building platforms that help people and provide a positive social benefit.
The campaign's page says they're building "a future where social networking respects your privacy, values your freedom, and prioritizes your safety."

Nearly 190 million Americans were affected by February's cyberattack on UnitedHealth's Change Healthcare unit, almost double initial estimates, the company disclosed Friday. The breach, the largest in U.S. medical history, exposed sensitive data including Social Security numbers, medical records, and financial information.

UnitedHealth said it has not detected misuse of the stolen data or found medical databases among compromised files. Change Healthcare, a major U.S. healthcare claims processor, paid multiple ransoms after Russian-speaking hackers known as ALPHV breached its systems using stolen credentials lacking multi-factor authentication, according to CEO Andrew Witty's testimony to Congress.

An anonymous reader quotes a report from Ars Technica: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what's known in the business as a "magic packet." On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Juniper Network's Junos OS has been doing just that. J-Magic, the tracking name for the backdoor, goes one step further to prevent unauthorized access. After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it. The challenge comes in the form of a string of text that's encrypted using the public portion of an RSA key. The initiating party must then respond with the corresponding plaintext, proving it has access to the secret key.

The lightweight backdoor is also notable because it resided only in memory, a trait that makes detection harder for defenders. The combination prompted researchers at Lumin Technology's Black Lotus Lab to sit up and take notice. "While this is not the first discovery of magic packet malware, there have only been a handful of campaigns in recent years," the researchers wrote. "The combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory only agent, makes this an interesting confluence of tradecraft worthy of further observation." The researchers found J-Magic on VirusTotal and determined that it had run inside the networks of 36 organizations. They still don't know how the backdoor got installed.

A federal district court has ruled that backdoor searches of Americans' private communications collected under Section 702 of FISA are unconstitutional without a warrant. "The landmark ruling comes in a criminal case, United States v. Hasbajrami, after more than a decade of litigation, and over four years since the Second Circuit Court of Appeals found that backdoor searches constitute 'separate Fourth Amendment events' and directed the district court to determine a warrant was required," reports the Electronic Frontier Foundation (EFF). "Now, that has been officially decreed." Longtime Slashdot reader schwit1 shares the report: Hasbajrami involves a U.S. resident who was arrested at New York JFK airport in 2011 on his way to Pakistan and charged with providing material support to terrorists. Only after his original conviction did the government explain that its case was premised in part on emails between Mr. Hasbajrami and an unnamed foreigner associated with terrorist groups, emails collected warrantless using Section 702 programs, placed in a database, then searched, again without a warrant, using terms related to Mr. Hasbajrami himself.

The district court found that regardless of whether the government can lawfully warrantlessly collect communications between foreigners and Americans using Section 702, it cannot ordinarily rely on a "foreign intelligence exception" to the Fourth Amendment's warrant clause when searching these communications, as is the FBI's routine practice. And, even if such an exception did apply, the court found that the intrusion on privacy caused by reading our most sensitive communications rendered these searches "unreasonable" under the meaning of the Fourth Amendment. In 2021 alone, the FBI conducted 3.4 million warrantless searches of US person's 702 data.

LinkedIn has been sued by Premium customers alleging the platform disclosed private messages to third parties without consent to train generative AI models. The lawsuit seeks damages for breach of contract and privacy violations, accusing LinkedIn of attempting to minimize scrutiny over its actions. Reuters reports: According to a proposed class action filed on Tuesday night on behalf of millions of LinkedIn Premium customers, LinkedIn quietly introduced a privacy setting last August that let users enable or disable the sharing of their personal data. Customers said LinkedIn then discreetly updated its privacy policy on Sept. 18 to say data could be used to train AI models, and in a "frequently asked questions" hyperlink said opting out "does not affect training that has already taken place."

This attempt to "cover its tracks" suggests LinkedIn was fully aware it violated customers' privacy and its promise to use personal data only to support and improve its platform, in order to minimize public scrutiny and legal fallout, the complaint said. The lawsuit was filed in the San Jose, California, federal court on behalf of LinkedIn Premium customers who sent or received InMail messages, and whose private information was disclosed to third parties for AI training before Sept. 18. It seeks unspecified damages for breach of contract and violations of California's unfair competition law, and $1,000 per person for violations of the federal Stored Communications Act. LinkedIn said in a statement: "These are false claims with no merit."

Streaming platform Plex has introduced public reviews and user profiles, expanding social features launched last October. Users can now comment on others' reviews and make their profiles, watchlists and viewing history searchable, with customizable privacy settings ranging from public to private. Plex Pass subscribers are additionally also gaining access to HEVC encoding for improved visual quality.

The notorious hacker IntelBroker claims to have stolen data from HPE systems, including source code, private repositories, digital certificates, and access to certain services. SecurityWeek reports: The compromised data allegedly includes source code for products such as Zerto and iLO, private GitHub repositories, digital certificates, Docker builds, and even some personal information that the hacker described as "old user PII for deliveries." IntelBroker is also offering access to some services used by HPE, including APIs, WePay, GitHub and GitLab. Contacted by SecurityWeek, HPE said it's aware of the breach claims and is conducting an investigation.

"HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE. HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims," said HPE spokesperson Adam R. Bauer. "There is no operational impact to our business at this time, nor evidence that customer information is involved," Bauer added.

An anonymous reader quotes a report from 404 Media: A powerful AI tool can predict with high accuracy the location of photos based on features inside the image itself -- such as vegetation, architecture, and the distance between buildings -- in seconds, with the company now marketing the tool to law enforcement officers and government agencies. Called GeoSpy, made by a firm called Graylark Technologies out of Boston, the tool has also been used for months by members of the public, with many making videos marveling at the technology, and some asking for help with stalking specific women. The company's founder has aggressively pushed back against such requests, and GeoSpy closed off public access to the tool after 404 Media contacted him for comment.

Based on 404 Media's own tests and conversations with other people who have used it and investors, GeoSpy could radically change what information can be learned from photos posted online, and by whom. Law enforcement officers with very little necessary training, private threat intelligence companies, and stalkers could, and in some cases already are, using this technology. Dedicated open source intelligence (OSINT) professionals can of course do this too, but the training and skillset necessary can take years to build up. GeoSpy allows essentially anyone to do it. "We are working on something for LE [law enforcement] but it's ," Daniel Heinen, the founder of Graylark and GeoSpy, wrote in a message to the GeoSpy community Discord in July.

GeoSpy has been trained on millions of images from around the world, according to marketing material available online. From that, the tool is able to recognize "distinct geographical markers such as architectural styles, soil characteristics, and their spatial relationships." That marketing material says GeoSpy has strong coverage in the United States, but that it also "maintains global capabilities for location identification." [...] GeoSpy has not received much media attention, but it has become something of a sensation on YouTube. Multiple content creators have tested out the tool, and some try to feed it harder and harder challenges. Now that it's been shut off to the public, users have to request access, which is "available exclusively to qualified law enforcement agencies, enterprise users and government entities," according to the company's website.

The law enforcement-version of GeoSpy is more powerful than what was publicly available, according to Heinen's Discord posts. "Geospy.ai is a demo," he wrote in September. "The real work is the law enforcement models."

CNN reports: TikTok appears to be coming back online just hours after President-elect Donald Trump pledged Sunday that he would sign an executive order Monday that aims to restore the banned app. Around 12 hours after first shutting itself down, U.S. users began to have access to TikTok on a web browser and in the app, although the page still showed a warning about the shutdown.
The brief outage was "the first time in history the U.S. government has outlawed a widely popular social media network," reports NPR. Apple and Google removed TikTok from their app stores. (And Apple also removed Lemon8).

The incoming president announced his pending executive order "in a post on his Truth Social account," reports the Associated Press, "as millions of TikTok users in the U.S. awoke to discover they could no longer access the TikTok app or platform."

But two Republican Senators said Sunday that the incoming president doesn't have the power to pause the TikTok ban. Tom Cotton of Arkansas and Peter Ricketts of Nebraska posted on X.com that "Now that the law has taken effect, there's no legal basis for any kind of 'extension' of its effective date. For TikTok to come back online in the future, ByteDance must agree to a sale... severing all ties between TikTok and Communist China. Only then will Americans be protected from the grave threat posted to their privacy and security by a communist-controlled TikTok."

The Associated Press reports that the incoming president offered this rationale for the reprieve in his Truth Social post. "Americans deserve to see our exciting Inauguration on Monday, as well as other events and conversations." The law gives the sitting president authority to grant a 90-day extension if a viable sale is underway. Although investors made a few offers, ByteDance previously said it would not sell. In his post on Sunday, Trump said he "would like the United States to have a 50% ownership position in a joint venture," but it was not immediately clear if he was referring to the government or an American company...

"A law banning TikTok has been enacted in the U.S.," a pop-up message informed users who opened the TikTok app and tried to scroll through videos on Saturday night. "Unfortunately that means you can't use TikTok for now." The service interruption TikTok instituted hours earlier caught most users by surprise. Experts had said the law as written did not require TikTok to take down its platform, only for app stores to remove it. Current users had been expected to continue to have access to videos until the app stopped working due to a lack of updates... "We are fortunate that President Trump has indicated that he will work with us on a solution to reinstate TikTok once he takes office. Please stay tuned," read the pop-up message...

Apple said the apps would remain on the devices of people who already had them installed, but in-app purchases and new subscriptions no longer were possible and that operating updates to iPhones and iPads might affect the apps' performance.

In the nine months since Congress passed the sale-or-ban law, no clear buyers emerged, and ByteDance publicly insisted it would not sell TikTok. But Trump said he hoped his administration could facilitate a deal to "save" the app. TikTok CEO Shou Chew is expected to attend Trump's inauguration with a prime seating location. Chew posted a video late Saturday thanking Trump for his commitment to work with the company to keep the app available in the U.S. and taking a "strong stand for the First Amendment and against arbitrary censorship...."

On Saturday, artificial intelligence startup Perplexity AI submitted a proposal to ByteDance to create a new entity that merges Perplexity with TikTok's U.S. business, according to a person familiar with the matter...
The article adds that TikTok "does not operate in China, where ByteDance instead offers Douyin, the Chinese sibling of TikTok that follows Beijing's strict censorship rules."

Sunday morning Republican House speaker Mike Johnson offered his understanding of Trump's planned executive order, according to Politico. Speaking on Meet the Press, Johnson said "the way we read that is that he's going to try to force along a true divestiture, changing of hands, the ownership.

"It's not the platform that members of Congress are concerned about. It's the Chinese Communist Party and their manipulation of the algorithms."

Thanks to long-time Slashdot reader ArchieBunker for sharing the news.

The FTC announced Thursday that it's banned General Motors and its subsidiary OnStar from selling customer geolocation and driving behavior data for five years. The Verge reports: The settlement comes after a New York Times investigation found that GM had been collecting micro-details about its customers' driving habits, including acceleration, braking, and trip length -- and then selling it to insurance companies and third-party data brokers like LexisNexis and Verisk. Clueless vehicle owners were then left wondering why their insurance premiums were going up.

FTC accused GM of using a "misleading enrollment process" to get vehicle owners to sign up for its OnStar connected vehicle service and Smart Driver feature. The automaker failed to disclose to customers that it was collecting their data, nor did GM seek out their consent to sell it to third parties. After the Times exposed the practice, GM said it was discontinuing its OnStar Smart Driver program. The settlement also requires GM to obtain consent from customers before collecting their driving behavior data, and allow them to request and delete their data if they choose.