Apple has implemented conspicuous warning labels featuring red exclamation marks on EU App Store listings that use external payment systems. The company's new tactic targets apps like Instacar, a popular Hungarian vehicle valuation tool with thousands of positive reviews, displaying ominous warnings that the app "does not support the App Store's private and secure payment system."

The associated support page cautions users that external payments require providing personal information directly to developers and third parties "based on their privacy and security controls." The move also follows the Epic vs Apple ruling that prohibits Apple from interfering with developers linking to alternative payment systems.

According to Rest of the World, a major confrontation between Meta and the local authorities in Nigeria is currently taking place: "Local authorities have fined Meta $290 million for regulatory breaches, prompting the social media giant to threaten pulling Facebook and Instagram from the country." Techdirt reports: As with earlier EU fines imposed on the company, the sticking point is Meta's refusal to comply with local privacy laws [...]. The fine itself is small change for Meta, which had a net income of $62 billion on a turnover of $165 billion in 2024, and a market capitalization of $1.5 trillion. Meta's current revenues in Nigeria are relatively small, but its market shares are high: "According to social media performance tracker Napoleoncat, Meta has a massive presence in the country, with Facebook alone reaching about 51.2 million users as of May 2024, more than a fifth of the population. Instagram had 12.6 million Nigerian users as of November 2023, while WhatsApp had about 51 million users, making Nigeria the 10th largest market globally for the messaging app."

Since many Nigerians depend on Meta's platforms, the company might be hoping that there will be public pressure on the government not to impose the fine in order to avoid a shutdown of its services there. But it is hard to see Meta carrying out its threat to walk away from a country expected to be the third most populous nation in the world by 2050. In 2100, the population of Nigeria could reach 541 million according to current projections.

UPDATE: In an update to their blog post, "Nextcloud wrote that as of May 15, Google has offered to restore full file access permissions," reports Ars Technica.

Slashdot originally wrote that Nextcloud had accused Google of sabotaging its Android Files app by revoking the "All files access" permission, which the company said crippled functionality for its 824,000 users and forces reliance on limited alternatives like SAF and MediaStore. The Register reported: Nextcloud's Android Files app is a file synchronization tool that, according to the company, has long had permission to read and write all file types. "Nextcloud has had this feature since its inception in 2016," it said, "and we never heard about any security concerns from Google about it." That changed in 2024, when someone or something at Google's Play Store decided to revoke the permission, effectively crippling the application. Nextcloud was instructed to use "a more privacy-aware replacement." According to Nextcloud, "SAF cannot be used, as it is for sharing/exposing our files to other apps ... MediaStore API cannot be used as it does not allow access to other files, but only media files."

Attempts to raise the issue with Google resulted in little more than copy-and-pasted sections of the developer guide. "Despite multiple appeals from our side and sharing additional background, Google is not considering reinstating upload for all files," Nextcloud said. The issue seems to stem from the Play Store. While a fully functional version is available on F-Droid, the Play Store edition is subject to Google's imposed limitations. Regarding the All files access permission, Google's developer documentation states: "If you target Android 11 and declare All files access, it can affect your ability to publish and update your app on Google Play."

Nextcloud is clearly aggrieved by the change, as are its users. "This might look like a small technical detail but it is clearly part of a pattern of actions to fight the competition," it said. "What we are experiencing is a piece of the script from the big tech playbook." [...] Are there nefarious actors at play here, an automated process that auto-rejects apps with elevated access requirements, or is it just simple incompetence? "Either way," Nextcloud said, "it results in companies like ours just giving up, reducing functionality just to avoid getting kicked out of their app store."

"The issue is that small companies -- like ours -- have pretty much no recourse," it added. Nextcloud went on to criticize oversight processes as slow-moving, with fines that sound hefty but amount to little more than a slap on the wrist. "Big Tech is scared that small players like Nextcloud will disrupt them, like they once disrupted other companies. So they try to shut the door."

Back in 2000, Slashdot founder CmdrTaco marked the 4th anniversary of Jennifer Ringley's pioneering "JenniCam" livestream (saying "It sure beats the Netscape FishCam. It's nuts how Jenni's little cam became such a fixture on The Internet...")

But a new article in the Washington Post remembers how "Once, Ringley looked directly into the camera and held a note in front of her eye. It read: 'I FEEL SO LONELY.'" By 2003, Ringley had shut down the site and disappeared. She began declining interview requests, saying she was enjoying her privacy; her absence on social media continues to this day.
"But by then, the human zoo was everywhere," they write including "social media, where everyone could become a character in their own show." In 2007 Justin Kan launched Justin.TV, which eventually became Twitch, "a thrumming online city for anyone wanting to, as its slogan said, 'waste time watching other people waste time.'"

But the article also notes 2023 stats from the Bureau of Labor Statistics survey that found Americans"were spending far less time socializing than they had 20 years ago — especially 18-to-29-year-olds, who were spending two more hours a day alone." So how did this play out for the next generation of livestreaming influencers? Here's the origin story of "a lonely young woman in Texas" who's "streamed every second of her life for three years and counting." One afternoon, her boyfriend told her to try Twitch, saying, as she recalled: "Your life sucks, you work at CVS, you have no friends. ... This could be helpful." In her first stream, on a Friday night, she played 3½ hours of "World of Warcraft" for her zero followers.
Eight years later... Six hundred and forty-two people are watching when Emily tugs off her sleep mask to begin day No. 1,137 of broadcasting every hour of her life... On the live-streaming service Twitch, one of the world's most popular platforms, Emily is a legendary figure. For three years, she has ceaselessly broadcast her life — every birthday and holiday, every sickness and sleepless night, almost all of it alone. Her commitment has made her a model for success in the new internet economy, where authenticity and endurance are highly prized. It's also made her a good amount of money: $5.99 a month from thousands of subscribers each, plus donations and tips — minus Twitch's 30-to-40 percent cut.

But to get there, Emily, who agreed to be interviewed on the condition that her last name be withheld due to concerns of harassment, has devoted herself to a solitary life of almost constant stimulation. For three years, she has taken no sick days, gone on no vacations, declined every wedding invitation, had no sex. She has broadcast and self-narrated a thousand days of sleeping, driving and crying, lugging her camera backpack through the grocery store, talking through a screen to strangers she'll never meet. Her goal is to buy a house and get married by the age of 30, but she's 28 and says she's too busy to have a boyfriend. Her last date was seven years ago... But no one tells streamers when to record or when to stop. There are no labor codes, performance limits or regulations to keep the platforms from setting incentives impossibly high. Many streamers figure out the optimal strategy themselves: The more you share, the more successful you can be....

Though some Twitch stars are millionaires, most scramble to get by, buffeted by the vagaries of audience attention. Emily's paid-subscription count, which peaked last year at 22,000, has since slumped to around 6,000, dropping her base income to about $5,000 a month, according to estimates from the analytics firm Streams Charts... Sometimes Emily dreads waking up and clocking into the reality show that is her life. She knows staring at screens all night is unhealthy, and when she feels too depressed to stream, she'll stay in bed for hours while her viewers watch. But she worries that taking a break would be "career suicide," as she called it. Some viewers already complain that she showers too long, sleeps in too late, doesn't have enough fun...

She said she "used to show true sadness on stream" but doesn't anymore because it makes viewers uncomfortable. When she hits a breaking point now, she said, she closes herself in the bathroom.

An anonymous reader shared this repost from the Washington Post: It's becoming standard practice at a growing number of U.S. airports: When you reach the front of the security line, an agent asks you to step up to a machine that scans your face to check whether it matches the face on your identification card. Travelers have the right to opt out of the face scan and have the agent do a visual check instead — but many don't realize that's an option.

Sens. Jeff Merkley (D-Oregon) and John Neely Kennedy (R-Louisiana) think it should be the other way around. They plan to introduce a bipartisan bill that would make human ID checks the default, among other restrictions on how the Transportation Security Administration can use facial recognition technology. The Traveler Privacy Protection Act, shared with the Tech Brief on Wednesday ahead of its introduction, is a narrower version of a 2023 bill by the same name that would have banned the TSA's use of facial recognition altogether. This one would allow the agency to continue scanning travelers' faces, but only if they opt in, and would bar the technology's use for any purpose other than verifying people's identities. It would also require the agency to immediately delete the scans of general boarding passengers once the check is complete.

"Facial recognition is incredibly powerful, and it is being used as an instrument of oppression around the world to track dissidents whose opinion governments don't like," Merkley said in a phone interview Wednesday, citing China's use of the technology on the country's Uyghur minority. "It really creates a surveillance state," he went on. "That is a massive threat to freedom and privacy here in America, and I don't think we should trust any government with that power...."

[The TSA] began testing face scans as an option for people enrolled in "trusted traveler" programs, such as TSA PreCheck, in 2021. By 2022, the program quietly began rolling out to general boarding passengers. It is now active in at least 84 airports, according to the TSA's website, with plans to bring it to more than 400 airports in the coming years. The agency says the technology has proved more efficient and accurate than human identity checks. It assures the public that travelers' face scans are not stored or saved once a match has been made, except in limited tests to evaluate the technology's effectiveness.
The bill would also bar the TSA from providing worse treatment to passengers who refuse not to participate, according to FedScoop, and would also forbid the agency from using face-scanning technology to target people or conduct mass surveillance: "Folks don't want a national surveillance state, but that's exactly what the TSA's unchecked expansion of facial recognition technology is leading us to," Sen. Jeff Merkley, D-Ore., a co-sponsor of the bill and a longtime critic of the government's facial recognition program, said in a statement...

Earlier this year, the Department of Homeland Security inspector general initiated an audit of TSA's facial recognition program. Merkley had previously led a letter from a bipartisan group of senators calling for the watchdog to open an investigation into TSA's facial recognition plans, noting that the technology is not foolproof and effective alternatives were already in use.

Google will pay $1.4 billion to the state of Texas, reports the Associated Press, "to settle claims the company collected users' data without permission, the state's attorney general announced Friday." Attorney General Ken Paxton described the settlement as sending a message to tech companies that he will not allow them to make money off of "selling away our rights and freedoms."

"In Texas, Big Tech is not above the law." Paxton said in a statement. "For years, Google secretly tracked people's movements, private searches, and even their voiceprints and facial geometry through their products and services. I fought back and won...."

The state argued Google was "unlawfully tracking and collecting users' private data." Paxton claimed, for example, that Google collected millions of biometric identifiers, including voiceprints and records of face geometry, through such products and services as Google Photos and Google Assistant. Google spokesperson José Castañeda said the agreement settles an array of "old claims," some of which relate to product policies the company has already changed. "We are pleased to put them behind us, and we will continue to build robust privacy controls into our services," he said in a statement. The company also clarified that the settlement does not require any new product changes.
Google's settlement with Texas "far surpasses any other state's claims for similar violations," according to a statement from their attorney general's office. "To date, no state has attained a settlement against Google for similar data-privacy violations greater than $93 million. Even a multistate coalition that included forty states secured just $391 million — almost a billion dollars less than Texas's recovery."

The statement calls the $1.375 billion settlement "a major win for Texans' privacy" that "tells companies that they will pay for abusing our trust."

According to The Information (paywalled), Meta is reportedly developing facial recognition capabilities for its Ray-Ban smart glasses -- technology it previously avoided due to privacy concerns. 404 Media's Joseph Cox writes: The move is an obvious about-face from Meta. It's also interesting to me because Meta's PR chewed my ass off when I dared to report in October that a pair of students took Meta's Ray-Ban glasses and combined them with off-the-shelf facial recognition technology. That tool, which the students called I-XRAY, captured a person's face, ran it through an easy to access facial recognition service called Pimeyes, then went a step further and pulled up information about the subject from across the web, including their home address and phone number.

When I contacted Meta for comment for that story, Dave Arnold, a spokesperson for the company, said in an email he had one question for me. "That Pimeyes facial recognition technology could be used with ANY camera, correct? In other words, this isn't something that only is possible because of Meta Ray-Bans? If so, I think that's an important point to note in the piece," he wrote. This is true. But entirely misses the point of why the students created the tool with Meta's Ray-Ban glasses. They said themselves in a demonstration video they identified dozens of people without their knowledge. You do that by wearing a pair of glasses that look like any other. Meta's Ray-Ban's do have a light that turns on when it's recording, but according to the new report, Meta is questioning whether new versions of its glasses need this.

Facing deep staffing cuts, the IRS plans to lean heavily on AI to maintain tax collection efforts, with Treasury Secretary Scott Bessent stating that smarter IT and the "AI boom" will offset reductions in revenue enforcement staff. The Register reports: When asked by Congressman Steny Hoyer (D-MD) whether proposed reductions in the IRS's IT budget, along with plans to cut additional staff, would affect the agencies ability to collect tax revenue, Bessent said it wouldn't, thanks to the current "AI boom." "I believe through smarter IT, through this AI boom, that we can use that to enhance collections," Bessent told Hoyer and the Committee (24:29 into the video linked [here]). "I expect collections would continue to be very robust as they were this year."

Bessent's comments didn't explain how the IRS intends to deploy AI. Given how much it has slashed its enforcement staff since Trump took office, the agency definitely needs to do something. [...] Bessent's comments didn't explain how the IRS intends to deploy AI. Given how much it has slashed its enforcement staff since Trump took office, the agency definitely needs to do something. "There is nothing that shows historically that bringing in unseasoned collections agents will result in more collections," Bessent told the Committee. "IRS already uses AI for business functions including operational efficiency, compliance and fraud detection, and taxpayer services," the agency told The Register. "AI use cases must follow all relevant IRS privacy and security policies."

Wikipedia is taking legal action against the UK's new Online Safety Act regulations it says could threaten the safety of its volunteer editors and their ability to keep harmful content off the site. From a report: The Wikimedia Foundation -- the non-profit which supports the online encyclopaedia -- is seeking a judicial review of rules which could mean Wikipedia is subjected to the toughest duties required of websites under the act.

Lead counsel Phil Bradley-Schmieg said it was "unfortunate that we must now defend the privacy and safety of Wikipedia's volunteer editors from flawed legislation." The government told the BBC it was committed to implementing the act but could not comment on ongoing legal proceedings. It's thought this is the first judicial review to be brought against the new online safety laws - albeit a narrow part of them - but experts say it may not be the last.

"The Online Safety Act is vast in scope and incredibly complex," Ben Packer, a partner at law firm Linklaters, told the BBC. The law would inevitably have impacts on UK citizens' freedom of expression and other human rights, so as more of it comes into force "we can expect that more challenges may be forthcoming," he told the BBC.

Switzerland will hold a national referendum on the introduction of electronic identity cards after opponents of the legislation secured enough signatures to force a public vote. The Federal Chancellery confirmed Wednesday that 55,344 valid signatures were submitted against the Federal Act on Electronic Identity passed last December.

The proposed e-ID would enable citizens to apply online for criminal record extracts, driving licenses, and age verification when purchasing alcohol. This marks the second referendum on e-ID implementation, after voters rejected a previous version in 2021. The government has revised its approach, making the new system free, optional, and fully state-operated rather than privately managed. If approved, the e-ID would come into force no earlier than 2026, though the collection effort suggests privacy concerns remain paramount for many Swiss voters.

"A federal class action lawsuit filed this week in Texas accused Toyota and an affiliated telematics aggregator of unlawfully collecting drivers' information and then selling that data to Progressive," reports Insurance Journal: The lawsuit alleges that Toyota and Connected Analytic Services (CAS) collected vast amounts of vehicle data, including location, speed, direction, braking and swerving/cornering events, and then shared that information with Progressive's Snapshot data sharing program. The class action seeks an award of damages, including actual, nominal, consequential damages, and punitive, and an order prohibiting further collection of drivers' location and vehicle data.
Florida man Philip Siefke had bought a new Toyota RAV4 XLE in 2021 "equipped with a telematics device that can track and collect driving data," according to the article. But when he tried to sign up for insurance from Progressive, "a background pop-up window appeared, notifying Siefke that Progressive was already in possession of his driving data, the lawsuit says. A Progressive customer service representative explained to Siefke over the phone that the carrier had obtained his driving data from tracking technology installed in his RAV4." (Toyota told him later he'd unknowingly signed up for a "trial" of the data sharing, and had failed to opt out.) The lawsuit alleges Toyota never provided Siefke with any sort of notice that the car manufacture would share his driving data with third parties... The lawsuit says class members suffered actual injury from having their driving data collected and sold to third parties including, but not limited to, damage to and diminution in the value of their driving data, violation of their privacy rights, [and] the likelihood of future theft of their driving data.
The telemetry device "can reportedly gather information about location, fuel levels, the odometer, speed, tire pressure, window status, and seatbelt status," notes CarScoop.com. "In January, Texas Attorney General Ken Paxton started an investigation into Toyota, Ford, Hyundai, and FCA..." According to plaintiff Philip Siefke from Eagle Lake, Florida, Toyota, Progressive, and Connected Analytic Services collect data that can contribute to a "potential discount" on the auto insurance of owners. However, it can also cause insurance premiums to be jacked up.
The plaintiff's lawyer issued a press release: Despite Toyota claiming it does not share data without the express consent of customers, Toyota may have unknowingly signed up customers for "trials" of sharing customer driving data without providing any sort of notice to them. Moreover, according to the lawsuit, Toyota represented through its app that it was not collecting customer data even though it was, in fact, gathering and selling customer information. We are actively investigating whether Toyota, CAS, or related entities may have violated state and federal laws by selling this highly sensitive data without adequate disclosure or consent...

If you purchased a Toyota vehicle and have since seen your auto insurance rates increase (or been denied coverage), or have reason to believe your driving data has been sold, please contact us today or visit our website at classactionlawyers.com/toyota-tracking.
On his YouTube channel, consumer protection attorney Steve Lehto shared a related experience he had — before realizing he wasn't alone. "I've heard that story from so many people who said 'Yeah, I I bought a brand new car and the salesman was showing me how to set everything up, and during the setup process he clicked Yes on something.' Who knows what you just clicked on?!"

Thanks to long-time Slashdot reader sinij for sharing the news.

Did you know there's an initiative to drive Open Source adoption both within the United Nations — and globally? Launched in March, it's the work of the Digital Technology Network (under the UN's chief executive board) which "works to advance open source technologies throughout UN agencies," promoting "collaboration and scalable solutions to support the UN's digital transformation." Fun fact: The first group to endorse the initiative's principles was the Open Source Initiative...

"The Open Source Initiative applauds the United Nations for recognizing the growing importance of Open Source in solving global challenges and building sustainable solutions, and we are honored to be the first to endorse the UN Open Source Principles," said Stefano Maffulli, executive director of OSI.
But that's just the beginining, writes It's FOSS News: As part of the UN Open Source Principles initiative, the UN has invited other organizations to support and officially endorse these principles. To collect responses, they are using CryptPad instead of Google Forms... If you don't know about CryptPad, it is a privacy-focused, open source online collaboration office suite that encrypts all of its content, doesn't log IP addresses, and supports a wide range of collaborative documents and tools for people to use.

While this happened back in late March, we thought it would be a good idea to let people know that a well-known global governing body like the UN was slowly moving towards integrating open source tech into their organization... I sincerely hope the UN continues its push away from proprietary Big Tech solutions in favor of more open, privacy-respecting alternatives, integrating more of their workflow with such tools.
16 groups have already endorsed the UN Open Source Principles (including the GNOME Foundation, the Linux Foundation, and the Eclipse Foundation).

Here's the eight UN Open Source Principles:

1. Open by default: Making Open Source the standard approach for projects
2. Contribute back: Encouraging active participation in the Open Source ecosystem
3. Secure by design: Making security a priority in all software projects
4. Foster inclusive participation and community building: Enabling and facilitating diverse and inclusive contributions
5. Design for reusability: Designing projects to be interoperable across various platforms and ecosystems
6. Provide documentation: Providing thorough documentation for end-users, integrators and developers
7. RISE (recognize, incentivize, support and empower): Empowering individuals and communities to actively participate
8. Sustain and scale: Supporting the development of solutions that meet the evolving needs of the UN system and beyond.

America's federal government "is a veritable cosmos of information, made up of constellations of databases," warns the Atlantic. The FBI "has a facial-recognition apparatus capable of matching people against more than 640 million photos — a database made up of driver's license and passport photos, as well as mug shots. The Homeland Security department holds data "about the movements of every person who travels by air commercially". America's Drug Enforcement Administration "tracks license plates scanned on American roads." And there's also every taxpayer's finance and employment history..." Government agencies including the IRS, the FBI, DHS, and the Department of Defense have all purchased cellphone-location data, and possibly collected them too, via secretive groups such as the National Geospatial-Intelligence Agency. That means the government has at least some ability to map or re-create the past everyday movements of some American citizens.
But now the information at individual agencies "is being pooled together. The question is Why? And what does the administration intend to do with it?" A White House spokesperson confirmed to the Atlantic that data collected by different agencies is now being combined. (They said that "Through data sharing between agencies, departments are collaborating to identify fraud and prevent criminals from exploiting hardworking American taxpayers.") But a March executive explicitly stated an aim "to eliminate the data silos that keep everything separate." The article accuses the administration officials of "not just undoing decades of privacy measures. They appear to be ignoring that they were ever written."

The Atlantic spoke with former government officials "who have spent time in these systems," reporting that "to a person, these experts are alarmed about the possibilities for harm, graft, and abuse... Collecting and then assembling data in the industrial way — just to have them in case they might be useful — would represent a huge and disturbing shift for the government..."

"A fragile combination of decades-old laws, norms, and jungly bureaucracy has so far prevented repositories such as these from assembling into a centralized American surveillance state. But that appears to be changing... DOGE has systematically gained access to sensitive data across the federal government "in ways that people in several agencies have described to us as both dangerous and disturbing."

An anonymous reader quotes a report from the Associated Press: A European Union privacy watchdog fined TikTok 530 million euros ($600 million) on Friday after a four-year investigation found that the video sharing app's data transfers to China put users at risk of spying, in breach of strict EU data privacy rules. Ireland's Data Protection Commission also sanctioned TikTok for not being transparent with users about where their personal data was being sent and ordered the company to comply with the rules within six months.

The Irish national watchdog serves as TikTok's lead data privacy regulator in the 27-nation EU because the company's European headquarters is based in Dublin. "TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," Deputy Commissioner Graham Doyle said in a statement. The Irish watchdog said its investigation found that TikTok failed to address "potential access by Chinese authorities" to European users' personal data under Chinese laws on anti-terrorism, counterespionage, cybersecurity and national intelligence that were identified as "materially diverging" from EU standards. Grahn said TikTok has "has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."

[...] The investigation, which opened in September 2021, also found that TikTok's privacy policy at the time did not name third countries, including China, where user data was transferred. The watchdog said the policy, which has since been updated, failed to explain that data processing involved "remote access to personal data stored in Singapore and the United States by personnel based in China." TikTok faces further scrutiny from the Irish regulator, which said that the company had provided inaccurate information throughout the inquiry by saying that it didn't store European user data on Chinese servers. It wasn't until April that it informed the regulator that it discovered in February that some data had in fact been stored on Chinese servers. TikTok disagrees with the decision and plans to appeal. The company said the decision focuses on a "select period" ending in May 2023, before it embarked on a data localization project called Project Clover that involved building three data centers in Europe.

"The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm," said Christine Grahn, TikTok's European head of public policy and government relations. "The decision fails to fully consider these considerable data security measures."

Meta has eliminated key privacy protections for Ray-Ban Meta smart glasses users in a policy update that took effect April 29th. The company now permanently enables Meta AI with camera functionality unless "Hey Meta" voice commands are completely disabled, while simultaneously removing users' ability to opt out of having their voice recordings stored in the cloud.

These recordings are kept for up to a year for Meta's product development, with the company only deleting accidental voice interactions after 90 days. Users can manually delete individual recordings but cannot prevent the initial collection.

Google Play's app marketplace has seen a dramatic 47% drop in available apps -- from 3.4 million to 1.8 million -- since the start of 2024. An analysis by app intelligence provider Appfigures attributes the decline to stricter quality standards, expanded human reviews, and increased enforcement against low-quality and deceptive apps. TechCrunch reports: In July 2024, Google announced it would raise the minimum quality requirements for apps, which may have impacted the number of available Play Store app listings.

Instead of only banning broken apps that crashed, wouldn't install, or run properly, the company said it would begin banning apps that demonstrated "limited functionality and content." That included static apps without app-specific features, such as text-only apps or PDF file apps. It also included apps that provided little content, like those that only offered a single wallpaper. Additionally, Google banned apps that were designed to do nothing or have no function, which may have been tests or other abandoned developer efforts.

Reached for comment, Google confirmed that its new policies were factors here, which also included an expanded set of verification requirements, required app testing for new personal developer accounts, and expanded human reviews to check for apps that try to deceive or defraud users. In addition, the company pointed to other 2024 investments in AI for threat detection, stronger privacy policies, improved developer tools, and more. As a result, Google prevented 2.36 million policy-violating apps from being published on its Play Store and banned more than 158,000 developer accounts that had attempted to publish harmful apps, it said. TechCrunch also notes that a new trader status rule, which went into effect in the EU this February, could be another contributing factor. It requires developers to display their names and addresses in their app listings, and failure to comply would see their apps removed from EU app stores.

An anonymous reader quotes a report from Wired: Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers' exposure to government surveillance and the likelihood of being caught up in police investigations. A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of "connected cars," with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement's knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies -- not the law -- determine driver privacy.

"Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera," one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. "If the vehicle has an active subscription," they add, "it does create more data." The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data -- revealing its location -- roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead. [...] Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car's systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

Onchain investigator ZachXBT flagged a suspicious $330.7 million Bitcoin transfer that was quickly laundered into Monero, causing XMR's price to spike by 50%. CoinTelegraph reports: The transaction, reported on April 28, saw funds moved from a potential victim's wallet to the address bc1qcry...vz55g. Following the transfer, the stolen stash was quickly laundered through over six instant exchanges and swapped into privacy-focused cryptocurrency Monero. The large-scale conversion led to a 50% spike in XMR's price with the token reaching an intraday high of $339, according to data from CoinMarketCap.

At the time of writing, XMR has settled slightly but remains up 25% in the past 24 hours, trading at $289. When asked whether North Korea's Lazarus Group was behind the attack, ZachXBT dismissed the theory, stating it was "highly probable it's not," suggesting independent hackers were responsible. "While there are concerns of more criminals moving to privacy coins for anonymity, the vast majority of criminal activity still uses mainstream cryptocurrencies, such as Bitcoin, Ethereum and stablecoins," Chainalysis said. "Cryptocurrency is only useful if you can buy and sell goods and services or cash out into fiat, and that is much more difficult with privacy coins, especially as many mainstream exchanges have offboarded the use of privacy coins, such as Monero."

The sale of bankrupt DNA data bank 23andMe is delayed as the company struggles to secure a lead bidder who can meet regulatory and privacy requirements, pushing the initial auction deadline from Friday to Monday. Seeking Alpha reports: 23andMe Holdings (OTC:MEHCQ), currently in Chapter 11 bankruptcy proceedings, is requiring that any potential bidders for the company's assets "guaranty that they will comply with the Company's privacy policies and applicable law." The genetics company said this is necessary to protect customers' data.

In addition, bidders will need to submit documentation of their intended use of any data, describe the privacy programs and security controls they have in place or would implement, and say whether they would ask for current privacy policies to be amended. 23andMe has also filed a motion asking for the appointment of an independent customer Data representative to review whether a proposed deal is in alignment with the company's privacy policies and data privacy laws.

"4chan, down for more than a week after hackers got in through an insecure script that handled PDFs, is back online," notes BoingBoing. (They add that Thursday saw 4chan's first blog postin years — just the words "Testing testing 123 123...") But 4chan posted a much longer explanation on Friday," confirming their servers were compromised by a malicious PDF upload from "a hacker using a UK IP address," granting access to their databases and administrative dashboard.

The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...

The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.

We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.

4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.