An anonymous reader shares a report: Chat & Ask AI, one of the most popular AI apps on the Google Play and Apple App stores that claims more than 50 million users, left hundreds of millions of those users' private messages with the app's chatbot exposed, according to an independent security researcher and emails viewed by 404 Media. The exposed chats showed users asked the app "How do I painlessly kill myself," to write suicide notes, "how to make meth," and how to hack various apps.

The exposed data was discovered by an independent security researcher who goes by Harry. The issue is a misconfiguration in the app's usage of the mobile app development platform Google Firebase, which by default makes it easy for anyone to make themselves an "authenticated" user who can access the app's backend storage where in many instances user data is stored.

Harry said that he had access to 300 million messages from more than 25 million users in the exposed database, and that he extracted and analyzed a sample of 60,000 users and a million messages. The database contained user files with a complete history of their chats with the AI, timestamps of those chats, the name they gave the app's chatbot, how they configured the model, and which specific model they used. Chat & Ask AI is a "wrapper" that plugs into various large language models from bigger companies users can choose from, Including OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini.

joshuark shares a report from BleepingComputer: The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. Both the forum's Tor site and its clearnet domain, ramp4u[.]io, now display a seizure notice stating, "The Federal Bureau of Investigation has seized RAMP."

While there has been no official announcement by law enforcement regarding this seizure, the domain name servers have now been switched to those used by the FBI when seizing domains. If so, law enforcement now has access to a significant amount of data tied to the forum's users, including email addresses, IP addresses, private messages, and other potentially incriminating information. In a forum post to the XSS hacking forum, one of the alleged former RAMP operators known as "Stallman" confirmed the seizure.

French lawmakers have voted to ban social media access for children under 15 and prohibit mobile phones in high schools, positioning France as the second country after Australia to impose sweeping age-based digital restrictions. The Guardian reports: The lower national assembly adopted the text by a vote of 130 to 21 in a lengthy overnight session from Monday to Tuesday. It will now go to the Senate, France's upper house, ahead of becoming law. Macron hailed the vote as a "major step" to protect French children and teenagers in a post on X. The legislation, which also provides for a ban on mobile phones in high schools, would make France the second country to take such a step following Australia's ban for under-16s in December. [...] "The emotions of our children and teenagers are not for sale or to be manipulated, either by American platforms or Chinese algorithms," Macron said in a video broadcast on Saturday. Authorities want the measures to be enforced from the start of the 2026 school year for new accounts.

Former prime minister Gabriel Attal, who leads Macron's Renaissance party in the lower house, said he hoped the Senate would pass the bill by mid-February so that the ban could come into force on September 1. He added that "social media platforms will then have until December 31 to deactivate existing accounts" that do not comply with the age limit. [...] The draft bill excludes online encyclopedias and educational platforms. An effective age verification system would have to come into force for the ban to become reality. Work on such a system is under way at the European level.

An anonymous reader quotes a report from Politico: The interim head of the country's cyber defense agency uploaded sensitive contracting documents into a public version of ChatGPT last summer, triggering multiple automated security warnings that are meant to stop the theft or unintentional disclosure of government material from federal networks, according to four Department of Homeland Security officials with knowledge of the incident. The apparent misstep from Madhu Gottumukkala was especially noteworthy because the acting director of the Cybersecurity and Infrastructure Security Agency had requested special permission from CISA's Office of the Chief Information Officer to use the popular AI tool soon after arriving at the agency this May, three of the officials said. The app was blocked for other DHS employees at the time.

None of the files Gottumukkala plugged into ChatGPT were classified, according to the four officials, each of whom was granted anonymity for fear of retribution. But the material included CISA contracting documents (PDF) marked "for official use only," a government designation for information that is considered sensitive and not for public release. Cybersecurity sensors at CISA flagged the uploads this past August, said the four officials. One official specified there were multiple such warnings in the first week of August alone. Senior officials at DHS subsequently led an internal review to assess if there had been any harm to government security from the exposures, according to two of the four officials. It is not clear what the review concluded.

Amazon is discontinuing its Amazon One palm recognition ID system for stores later this year, the company informed users. From a report: The company will discontinue Amazon One services at retail businesses on June 3, 2026, according to a support page for the service and email messages to customers. "In response to limited customer adoption, we're discontinuing Amazon One, our authentication service for facility access and payment," an Amazon spokesperson said. "All customer data associated with Amazon One will be securely deleted after the service ends."

The move coincides with a sweeping pullback from Amazon's physical retail experiments. Amazon announced Tuesday that it's closing all of its Amazon Go and Amazon Fresh locations, a total of 72 stores nationwide, concentrating its efforts instead on its Whole Foods Market locations and grocery delivery from Amazon.com. Amazon One launched in 2020 as a way to help speed up in-store entry and payments, identifying customers who opted-in and eliminating the need for them to present a credit card to pay. It often worked in conjunction with the company's Just Walk Out technology, which uses cameras and sensors to let customers avoid using a checkout line.

An anonymous reader shares a report: Apple is being sued by Reincubate, which makes the Camo smartphone webcam app. It has filed a lawsuit against Apple in a U.S. federal court in New Jersey, accusing the company of anticompetitive conduct and patent infringement. The suit alleges that Apple copied Camo's technology, integrated similar features into iOS, and used control over its software ecosystem to disadvantage Reincubate's Camo product.

Reincubate's Camo and Camo Studio apps allow iOS or Android phones to function as webcams for Mac and PCs. The company launched Camo in 2020. In 2022, Apple introduced Continuity Camera, a feature that enables iPhones to serve as webcams for Macs but works only within Apple's device ecosystem. According to the lawsuit, Apple copied patented features from Camo and built them into iOS to "redirect user demand to Apple's own platform-tied offering."

An anonymous reader quotes a report from Science.org: Some 10,109 doctoral-trained experts in science and related fields left their jobs last year as President Donald Trump dramatically shrank the overall federal workforce. That exodus was only 3% of the 335,192 federal workers who exited last year but represents 14% of the total number of Ph.D.s in science, technology, engineering, and math (STEM) or health fields employed at the end of 2024 as then-President Joe Biden prepared to leave office. The numbers come from employment data posted earlier this month by the White House Office of Personnel Management (OPM). At 14 research agencies Science examined in detail, departures outnumbered new hires last year by a ratio of 11 to one, resulting in a net loss of 4224 STEM Ph.D.s. The graphs that follow show the impact is particularly striking at such scientist-rich agencies as the National Science Foundation (NSF). But across the government, these departing Ph.D.s took with them a wealth of subject matter expertise and knowledge about how the agencies operate.

[...] Science's analysis found that reductions in force, or RIFs, accounted for relatively few departures in 2025. Only at the Centers for Disease Control and Prevention, where 16% of the 519 STEM Ph.D.s who left last year got pink RIF slips, did the percentage exceed 6%, and some agencies reported no STEM Ph.D. RIFs in 2025. At most agencies, the most common reasons for departures were retirements and quitting. Although OPM classifies many of these as voluntary, outside forces including the fear of being fired, the lure of buyout offers, or a profound disagreement with Trump policies, likely influenced many decisions to leave. Many Ph.D.s departed because their position was terminated.

A data breach at SoundCloud exposed information tied to 29.8 million user accounts, according to Have I Been Pwned. While SoundCloud says no passwords or financial data were accessed, attackers mapped email addresses to public profile data and later attempted extortion. BleepingComputer reports: The company confirmed the breach on December 15, following widespread reports from users who were unable to access SoundCloud and saw 403 "Forbidden" errors when connecting via VPN. SoundCloud told BleepingComputer at the time that it had activated its incident response procedures after detecting unauthorized activity involving an ancillary service dashboard. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud said. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."

While SoundCloud didn't provide further details regarding the incident, BleepingComputer learned that the breach affected 20% of all SoundCloud users, roughly 28 million accounts based on publicly reported user figures (SoundCloud later published a security notice confirming the information provided by BleepingComputer's sources). After the breach, BleepingComputer also learned that the ShinyHunters extortion gang was responsible for the attack, with sources saying that the threat group was also attempting to extort SoundCloud. This was confirmed by SoundCloud in a January 15 update, which said the threat actors had "made demands and deployed email flooding tactics to harass users, employees, and partners."

An anonymous reader quotes a report from Ars Technica: The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by disclosing a user's viewing history to Facebook. The case, Michael Salazar v. Paramount Global, hinges on the law's definition of the word "consumer." Salazar filed a class action against Paramount in 2022, alleging that it "violated the VPPA by disclosing his personally identifiable information to Facebook without consent," Salazar's petition to the Supreme Court said. Salazar had signed up for an online newsletter through 247Sports.com, a site owned by Paramount, and had to provide his email address in the process. Salazar then used 247Sports.com to view videos while logged in to his Facebook account.

"As a result, Paramount disclosed his personally identifiable information -- including his Facebook ID and which videos he watched—to Facebook," the petition (PDF) said. "The disclosures occurred automatically because of the Facebook Pixel Paramount installed on its website. Facebook and Paramount then used this information to create and display targeted advertising, which increased their revenues." The 1988 law (PDF) defines consumer as "any renter, purchaser, or subscriber of goods or services from a video tape service provider." The phrase "video tape service provider" is defined to include providers of "prerecorded video cassette tapes or similar audio visual materials," and thus arguably applies to more than just sellers of tapes.

The legal question for the Supreme Court "is whether the phrase 'goods or services from a video tape service provider,' as used in the VPPA's definition of 'consumer,' refers to all of a video tape service provider's goods or services or only to its audiovisual goods or services," Salazar's petition said. The Supreme Court granted his petition (PDF) to hear the case in a list of orders released yesterday. [...] SCOTUSblog says that "the case will likely be scheduled for oral argument in the court's 2026-27 term," which begins in October 2026.

Amazon has agreed to pay $309 million and provide additional remedies in a class-action settlement over claims that customers were wrongly denied refunds after returning items. Plaintiffs say (PDF) the deal delivers over $1 billion in total value, including more than $600 million in refunds and operational changes. Reuters reports: Amazon denied any wrongdoing in agreeing to the settlement. "Following an internal review in 2025, we identified a small subset of returns where we issued a refund without the payment completing, or where we could not verify that the correct item had been sent back to us, so no refund had been issued," an Amazon spokesperson said, adding that the company had taken steps to resolve the issue.

The lawsuit, filed in 2023, said Amazon caused "substantial unjustified monetary losses" for consumers who in some instances properly returned an item but were still charged for it. In a court filing, Amazon said customers accepted the terms of the company's return policies, including the possibility they would be recharged for failing to return the product within a specified time frame. The proposed settlement class covers U.S. purchasers of goods on Amazon from September 2017 who allegedly did not receive timely or correct refunds, or who were later charged despite returning items. Class members are expected to recover the full amount of any incorrectly denied refund or retrocharge, plus interest, the plaintiffs told the court.

Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
See also: "WhatsApp End-to-End Encryption Allegations Questioned By Some Security Experts, Lawyers."

An anonymous reader quotes a report from The Telegraph: China hacked the mobile phones of senior officials in Downing Street for several years, The Telegraph can disclose. The spying operation is understood to have compromised senior members of the government, exposing their private communications to Beijing. State-sponsored hackers are known to have targeted the phones of some of the closest aides to Boris Johnson, Liz Truss and Rishi Sunak between 2021 and 2024. It is unclear whether the hack included the mobile phones of the prime ministers themselves, but one source with knowledge of the breach said it went "right into the heart of Downing Street."

Intelligence sources in the US indicated that the Chinese espionage operation, known as Salt Typhoon, was ongoing, raising the possibility that Sir Keir Starmer and his senior staff may also have been exposed. MI5 issued an "espionage alert" to Parliament in November about the threat of spying from the Chinese state. [...] The attack raises the possibility that Chinese spies could have read text messages or listened to calls involving senior members of the Government. Even if they were unable to eavesdrop on calls, hackers may have gained access to metadata, revealing who officials were in contact with and how frequently, as well as geolocation data showing their approximate whereabouts.

Skylight, an open-source, TikTok-style video app built on the AT Protocol, surged past 380,000 users after last week's shake-up around TikTok's U.S. ownership and privacy concerns. TechCrunch reports: Launched last year and backed by Mark Cuban and other investors, Skylight's mobile app is built on the AT Protocol, the technology that also powers the decentralized X rival Bluesky, which now has north of 42 million users. Skylight, co-founded by CEO Tori White and CTO Reed Harmeyer, offers a built-in video editor; user profiles; support for likes, commenting, and sharing; and the ability for community curators to create custom feeds for others to follow. The app now has over 150,000 videos uploaded directly to the platform. It can also stream videos from Bluesky because of its AT Protocol integration.

Harmeyer said Saturday that 1.4 million videos were played on the app the day before, up 3x over the past 24 hours. The app had also seen sign-ups increase more than 150%. Other noteworthy stats include over a 50% increase in returning users, over 40% rise in video played on average, and over 100% increase in posts created. This surge was likely triggered by concerns over TikTok's change in ownership and its unfortunately timed technical glitches. [...] Over the weekend, Skylight's CEO, Tori White, said the app added around 20,000 new users and is continuing to grow. So far this January, the app has seen around 95,000 monthly active users. "We've seen what happens when one person dictates what's pushed into people's feeds," White told TechCrunch. "Not only does it harm a creator's connection with their followers, but the entire health of the platform. That's why we built Skylight Social on open standards. We wanted creator and user power to be guaranteed by the technology. Not an empty promise, but an irrevocable right."

California tech executive Gordon Abas Goodarzi has been arrested and charged with murder in the death of his estranged wife, Aryan Papoli, whose body was found last November down an embankment off Highway 138 in San Bernardino County. Authorities initially believed the injuries were consistent with a fall, but the case was later ruled a homicide following a months-long investigation by the San Bernardino County Sheriff's Department. "Arrest records show that Goodarzi is currently in custody without bail and faces a murder charge and that he is set to appear in court Monday," reports SFGATE. From the report: Goodarzi, a California tech executive with ties to BattleBots, is publicly listed as the president and CEO of Magmotor, which describes itself as a "proud" supporter of the combat robot community and claims to support several teams each year. According to his LinkedIn, Goodarzi also previously worked as a research affiliate at UCLA's B. John Garrick Institute for the Risk Sciences since 2023.

Originally from Iran, Papoli and Goodarzi settled in Los Angeles County's verdant Rolling Hills community because of its tranquility and natural beauty, Papoli previously wrote. [...] She described her husband, Goodarzi, as a pioneer in the world of renewable energy, developing both electric and hybrid vehicles since the 1980s. According to Papoli, he also worked as the technical director at Hughes Electronics, which developed and manufactured the EV1, an early iteration of the electric car, in the 1990s.

An anonymous reader quotes a report from the BBC: Google has agreed to pay $68 million to settle a lawsuit claiming it secretly listened to people's private conversations through their phones. [...] the lawsuit claimed Google Assistant would sometimes turn on by mistake -- the phone thinking someone had said its activation phrase when they had not -- and recorded conversations intended to be private. They alleged the recordings were then sent to advertisers for the purpose of creating targeted advertising. The proposed settlement was filed on Friday in a California federal court, and requires approval by US District Judge Beth Labson Freeman.

The claim has been brought as a class action lawsuit rather than an individual case -- meaning if it is approved, the money will be paid out across many different claimants. Those eligible for a payout will have owned Google devices dating back to May 2016. But lawyers for the plaintiffs may ask for up to one-third of the settlement -- amounting to about $22 million in legal fees. The tech firm also denied any wrongdoing, as well as claims that it "recorded, disclosed to third parties, or failed to delete, conversations recorded as the result of a Siri activation" without consent.

Friday 72-year-old Richard Stallman made a two-hour-and-20-minutes appearance at the Georgia Institute of Technology, talking about everything from AI and connected cars to smartphones, age verfication laws, and his favorite Linux distro. But early on, Stallman also told the audience how "I despise DRM...I don't want any copy of anything with DRM. Whatever it is, I never want it so badly that I would bow down to DRM." (So he doesn't use Spotify or Netflix...)

This led to an interesting moment when someone asked him later if we have an ethical obligation to avoid piracy.. First Stallman swapped in his preferred phrase, "forbidden sharing"...

"I won't use the word piracy to refer to sharing. Sharing is good and it should be lawful. Those laws are wrong. Copyright as it is now is an injustice."

Stallman said "I don't hesitate to share copies of anything," but added that "I don't have copies of non-free software, because I'm disgusted by it." After a pause, he added this. "Just because there is a law to to give some people unjust power, that doesn't mean breaking that law becomes wrong....

"Dividing people by forbidding them to help each other is nasty."

And later Stallman was asked how he watches movies, if he's opposed to DRM-heavy sites like Netflix, and the DRM in Blu-ray discs? "The only way I can see a movie is if I get a file — you know, like an MP4 file or MKV file. And I would get that, I suppose, by copying from somebody else."

"Sharing is good. Stopping people from sharing is evil."

Adafruit managing director Phillip Torrone (also long-time Slashdot reader ptorrone ) writes: Washington State lawmakers are proposing bills (HB 2320 and HB 2321) that would require 3D printers and CNC machines to block certain designs using software-based "firearms blueprint detection algorithms." In practice, this means scanning every print file, comparing it against a government-maintained database, and preventing "skilled users" from bypassing the system.

Supporters frame this as a response to untraceable "ghost guns," but even federal prosecutors admit the tools involved are ordinary manufacturing equipment. Critics warn the language is overbroad, technically unworkable, hostile to open source, and likely to push printing toward cloud-locked, subscription-based systems—while doing little to stop criminals.

Newsweek reports on how the U.S. Congress is debating "kill switch" technology for vehicles, "which would be able to monitor diver behavior, detect impairment such as intoxication and intervene..."

"While the technology is not yet a legal requirement in cars, Congress passed a law with the Infrastructure Investment and Jobs Act in 2021 that requires the Department of Transportation to create the mandate." Republican Representative Thomas Massie of Kentucky introduced an amendment to a federal spending bill that would reverse the mandating of the technology. On Thursday, 160 Republicans voted in favor, but the legislation failed 164-268, according to the House Clerk's official roll call — with 57 Republicans joining 211 Democrats in voting against it...

The House vote signals substantial Republican support for curbing any move toward mandated impaired-driving prevention systems, but not enough to pass such legislation. Critics of the kill switch technology see it as government overreach, while those in favor argue that it could prove to be lifesaving.
Thanks to long-time Slashdot reader SonicSpike for sharing the article.

An anonymous reader quotes a report from TorrentFreak: The High Court in New Delhi, India, has granted another pirate site blocking order in favor of American movie industry giants, including Apple, Warner., Netflix, Disney and Crunchyroll. The injunction targets notorious pirate sites, requesting blockades at Indian ISPs. More crucially, however, globally operating domain registrars, including U.S. companies, are also compelled to take action. However, despite earlier cooperation, most don't seem eager to comply. [...] As reported by Verdictum a few days ago, the High Court in New Delhi issued a new blocking injunction on December 18, targeting more than 150 pirate site domains, including yflix.to, animesuge.bz, bs.to, and many others.

The complaint (PDF) is filed by Warner Bros., Apple, Crunchyroll, Disney, and Netflix, which are all connected to the MPA's anti-piracy arm, ACE. The referenced works include some of the most pirated titles, such as Stranger Things, Squid Game, and Silo. In addition to targeting Indian ISPs, the order also lists various domain name registries and related organizations as defendants. This includes American registrars such as Namecheap and GoDaddy, but also the government of the Kingdom of Tonga, which is linked to .to domains. By requiring domain name registrars to take action, the Indian court orders have a global impact.

In addition to suspending the domain names within three days days, the domain name registrars are given four weeks to disclose the relevant subscriber information connected to these domains. "[The registrars] shall lock and suspend Defendant Nos. 1 to 47 websites within 72 hours of being communicated with a copy of this Order and shall file all the Basic Subscriber Information, including the name, address, contact information, email addresses, bank details, IP logs, and any other relevant information [...] within four weeks of being communicated with a copy of this Order," the High Court wrote. While the "Dynamic+" injunction is designed to be a global kill switch, its effectiveness depends entirely on the cooperation of the domain name registrars. Since most of these are based outside of India, their compliance is not guaranteed.

California became the first U.S. state to join the World Health Organization's Global Outbreak Alert and Response Network (GOARN), one day after the U.S. formally exited the WHO. The Hill reports: This announcement comes just one day after the U.S.'s withdrawal from the WHO became official after nearly 80 years of membership, having been a founding member of the organization. "The Trump administration's withdrawal from WHO is a reckless decision that will hurt all Californians and Americans," [California Governor Gavin Newsom] said in a statement. "California will not bear witness to the chaos this decision will bring. We will continue to foster partnerships across the globe and remain at the forefront of public health preparedness, including through our membership as the only state in WHO's Global Outbreak Alert & Response Network."