A group of London hospitals struggling to contain the fallout from a cyberattack against a critical supplier had known for years about weaknesses that left them vulnerable to hacks, Bloomberg News reported Friday, citing internal documents. From the report: The Guy's and St Thomas' NHS Foundation Trust, which runs five major hospitals in the London area, has failed to meet the UK health service's data security standards in recent years and acknowledged as recently as April that 'cybersecurity remained a high risk" to its operations, according to publicly available documents that outline board of directors' meetings. In January, the board of directors raised questions about the security of digital links between hospital computer systems and those of third-party companies.

Hackers last week brought down the trust's pathology services provider, Synnovis, with severe knock-on effects at hospitals. Doctors have, among other things, been forced to delay medical operations, postpone blood tests and resort to handwritten records. The attack has disrupted blood services so drastically that medical facilities are asking the public for donations, and one hospital is calling on its own staff to contribute. The April report proposed an audit to identify where improvements could be made. It's not clear if improvements took place before the hack on June 3, or whether the vulnerabilities identified in the board of directors' reports -- which include dated IT systems and hardware devices -- had any bearing on the ransomware infection at Synnovis.

An anonymous reader quotes a report from Ars Technica: On Thursday, DuckDuckGo unveiled a new "AI Chat" service that allows users to converse with four mid-range large language models (LLMs) from OpenAI, Anthropic, Meta, and Mistral in an interface similar to ChatGPT while attempting to preserve privacy and anonymity. While the AI models involved can output inaccurate information readily, the site allows users to test different mid-range LLMs without having to install anything or sign up for an account. DuckDuckGo's AI Chat currently features access to OpenAI's GPT-3.5 Turbo, Anthropic's Claude 3 Haiku, and two open source models, Meta's Llama 3 and Mistral's Mixtral 8x7B. The service is currently free to use within daily limits. Users can access AI Chat through the DuckDuckGo search engine, direct links to the site, or by using "!ai" or "!chat" shortcuts in the search field. AI Chat can also be disabled in the site's settings for users with accounts.

According to DuckDuckGo, chats on the service are anonymized, with metadata and IP address removed to prevent tracing back to individuals. The company states that chats are not used for AI model training, citing its privacy policy and terms of use. "We have agreements in place with all model providers to ensure that any saved chats are completely deleted by the providers within 30 days," says DuckDuckGo, "and that none of the chats made on our platform can be used to train or improve the models." However, the privacy experience is not bulletproof because, in the case of GPT-3.5 and Claude Haiku, DuckDuckGo is required to send a user's inputs to remote servers for processing over the Internet. Given certain inputs (i.e., "Hey, GPT, my name is Bob, and I live on Main Street, and I just murdered Bill"), a user could still potentially be identified if such an extreme need arose. In regard to hallucination concerns, DuckDuckGo states in its privacy policy: "By its very nature, AI Chat generates text with limited information. As such, Outputs that appear complete or accurate because of their detail or specificity may not be. For example, AI Chat cannot dynamically retrieve information and so Outputs may be outdated. You should not rely on any Output without verifying its contents using other sources, especially for professional advice (like medical, financial, or legal advice)."

An anonymous reader quotes a report from TorrentFreak: A popular GitHub repo and over 120 forks containing Switch emulation tutorials have been targeted by Nintendo. While most forks are now disabled, the main repository has managed to survive after being given the opportunity to put things right. Whether Nintendo appreciated the irony is unclear, but it appears that use of encoding as a protection measure to obfuscate links, was no match for the video game company's circumvention skills. [...] The Switch Emulators Guide was presented in the context of piracy, something made clear by a note on the main page of the original repo which stated that the tutorial was made, in part, for use on the /r/NewYuzuPiracy subreddit. Since the actions of Yuzu and its eventual demise are part of the unwritten framework for similar takedowns, that sets the tone (although not the legal basis) in favor of takedown.

When asked to provide a description and URL pointing to the copyrighted content allegedly infringed by the repos, Nintendo states that the works are the 'Nintendo Switch firmware" and various games protected by technological protection measures (TPM) which prevent users from unlawfully copying and playing pirated games. The notice states the repos 'provide access' to keys that enable circumvention of its technical measures. "The reported repositories offer and provide access to unauthorized copies of cryptographic keys that are used to circumvent Nintendo's Technological Measures and infringe Nintendo's intellectual property rights. Specifically, the reported repositories provide to users unauthorized copies of cryptographic keys (prod.keys) extracted from the Nintendo Switch firmware," Nintendo writes.

"The prod.keys allow users to bypass Nintendo's Technological Measures for digital games; specifically, prod.keys allow users to decrypt and play Nintendo Switch games in unauthorized ways. Distribution of keys without the copyright owner's authorization is a violation of Section 1201 of the DMCA." Nintendo further notes that unauthorized distribution of prod.keys "facilitates copyright infringement by permitting users to play pirated versions of Nintendo's copyright-protected game software on systems without the Nintendo Technological Measures or systems on which Nintendo's Technological Measures have been disabled." Since the prod.keys are extracted from the Nintendo Switch firmware, which is also protected by copyright, distribution amounts to "infringement of Nintendo Switch firmware itself."

Given that the repo's stated purpose was to provide information on how to circumvent Nintendo's technical protection measures, it's fairly ironic that it appears to have used technical measures itself to hinder detection. "The reported repositories attempt to evade detection of their illegal activities by providing access to prod.keys and unauthorized copies of Nintendo's firmware and video games via encoded links that direct users to third-party websites to download the infringing content," Nintendo explains in its notice. "The repositories provide strings of letters and numbers and then instruct users to 'use [private] to decode the lines of strings given here to get an actual link.' The decoded links take users to sites where they can access the prod.keys and unauthorized copies of Nintendo's copyright-protected material." The image below shows the encoded links (partially redacted) that allegedly link to the content in question on third-party sites. To hide their nature, regular URLs are encoded using Base64, a binary-to-text encoding scheme that transforms them into a sequence of characters. Those characters can be decoded to reveal the original URL using online tools.

London's famed Evening Standard newspaper has announced plans to end its daily outlet, "bringing an end to almost 200 years of publication in the capital," reports The Guardian. Going forward, the company plans to launch "a brand new weekly newspaper later this year and consider options for retaining ES Magazine with reduced frequency," while also working to increase traffic to its website. "In its 197-year history the Evening Standard has altered its format, price, content and distribution models," notes The Guardian. "But giving up on producing a daily print newspaper is the biggest change yet." From the report: The newspaper said it has been hit hard by the introduction of wifi on the London Underground, a shortage of commuters owing to the growth of working from home and changing consumer habits. The Standard lost 84.5 million pounds in the past six years, according to its accounts, and is reliant on funding from its part-owner Evgeny Lebedev. Its other shareholders include a bank with close links to the Saudi government. Industry sources suggested Lebedev had been willing to consider selling the outlet in recent years but no buyer was found.

Paul Kanareck, the newspaper's chair, told staff on Wednesday morning: "The substantial losses accruing from the current operations are not sustainable. Therefore, we plan to consult with our staff and external stakeholders to reshape the business, return to profitability and secure the long-term future of the number one news brand in London." Kanareck said there would be an "impact on staffing," with journalists bracing themselves for further job losses on top of years of redundancies, while design staff on the print edition are expected to be hit hard. Distributors who hand out the newspaper across London are also likely to be out of work, and billboards outside railway stations advertising the day's headline will stand empty on most days.

He suggested there would be a change in focus for the weekly outlet: "A proposed new weekly newspaper would replace the daily publication, allowing for more in-depth analysis of the issues that matter to Londoners, and serve them in a new and relevant way by celebrating the best London has to offer, from entertainment guides to lifestyle, sports, culture and news and the drumbeat of life in the world's greatest city." Closing the Evening Standard will mean that for the first time in centuries, Londoners will have no general-interest daily print newspaper. The finance-focused City AM, which was recently saved by the billionaire Matthew Moulding, will continue to publish four days a week and has recently increased its distribution. Further reading: So it's goodbye to London's Standard, my old paper -- and to the heart of democracy, local news (Opinion; The Guardian)

Danny Goodwin reports via Search Engine Land: A trove of leaked Google documents has given us an unprecedented look inside Google Search and revealed some of the most important elements Google uses to rank content. Thousands of documents, which appear to come from Google's internal Content API Warehouse, were released March 13 on Github by an automated bot called yoshi-code-bot. These documents were shared with Rand Fishkin, SparkToro co-founder, earlier this month.

What's inside. Here's what we know about the internal documents, thanks to Fishkin and [Michael King, iPullRank CEO]:

Current: The documentation indicates this information is accurate as of March.
Ranking features: 2,596 modules are represented in the API documentation with 14,014 attributes.
Weighting: The documents did not specify how any of the ranking features are weighted -- just that they exist.
Twiddlers: These are re-ranking functions that "can adjust the information retrieval score of a document or change the ranking of a document," according to King.
Demotions: Content can be demoted for a variety of reasons, such as: a link doesn't match the target site; SERP signals indicate user dissatisfaction; Product reviews; Location; Exact match domains; and/or Porn.
Change history: Google apparently keeps a copy of every version of every page it has ever indexed. Meaning, Google can "remember" every change ever made to a page. However, Google only uses the last 20 changes of a URL when analyzing links.

Other interesting findings. According to Google's internal documents:

Freshness matters -- Google looks at dates in the byline (bylineDate), URL (syntacticDate) and on-page content (semanticDate).
To determine whether a document is or isn't a core topic of the website, Google vectorizes pages and sites, then compares the page embeddings (siteRadius) to the site embeddings (siteFocusScore).
Google stores domain registration information (RegistrationInfo).
Page titles still matter. Google has a feature called titlematchScore that is believed to measure how well a page title matches a query.
Google measures the average weighted font size of terms in documents (avgTermWeight) and anchor text. What does it all mean? According to King: "[Y]ou need to drive more successful clicks using a broader set of queries and earn more link diversity if you want to continue to rank. Conceptually, it makes sense because a very strong piece of content will do that. A focus on driving more qualified traffic to a better user experience will send signals to Google that your page deserves to rank." [...] Fishkin added: "If there was one universal piece of advice I had for marketers seeking to broadly improve their organic search rankings and traffic, it would be: 'Build a notable, popular, well-recognized brand in your space, outside of Google search.'"

An anonymous reader quotes a report from Ars Technica: If you're tired of Google's AI Overview extracting all value from the web while also telling people to eat glue or run with scissors, you can turn it off -- sort of. Google has been telling people its AI box at the top of search results is the future, and you can't turn it off, but that ignores how Google search works: A lot of options are powered by URL parameters. That means you can turn off AI search with this one simple trick! (Sorry.) Our method for killing AI search is defaulting to the new "web" search filter, which Google recently launched as a way to search the web without Google's alpha-quality AI junk. It's actually pretty nice, showing only the traditional 10 blue links, giving you a clean (well, other than the ads), uncluttered results page that looks like it's from 2011. Sadly, Google's UI doesn't have a way to make "web" search the default, and switching to it means digging through the "more" options drop-down after you do a search, so it's a few clicks deep.

Check out the URL after you do a search, and you'll see a mile-long URL full of esoteric tracking information and mode information. We'll put each search result URL parameter on a new line so the URL is somewhat readable [...]. Most of these only mean something to Google's internal tracking system, but that "&udm=14" line is the one that will put you in a web search. Tack it on to the end of a normal search, and you'll be booted into the clean 10 blue links interface. While Google might not let you set this as a default, if you have a way to automatically edit the Google search URL, you can create your own defaults. One way to edit the search URL is a proxy site like udm14.com, which is probably the biggest site out there popularizing this technique. A proxy site could, if it wanted to, read all your search result queries, though (your query is also in the URL), so whether you trust this site is up to you.

Apple executive Phil Schiller admitted in court on Wednesday that the company's court-mandated changes to its iPhone app store payment system have not significantly increased competition. The ongoing hearings in Oakland, California, are determining whether Apple is properly complying with an antitrust order to allow developers to display links to alternative payment options. Despite Apple's implementation of the changes in January, only a small number of apps have sought approval for external payment links.

U.S. District Judge Yvonne Gonzalez Rogers has expressed frustration with Apple executives, questioning whether they understand the order's intent to increase competition. Schiller defended Apple's response as well-intentioned but acknowledged the need for further action to encourage more apps to utilize external payment options.

A new Pew Research Center analysis shows just how fleeting online content actually is: 1. A quarter of all webpages that existed at one point between 2013 and 2023 are no longer accessible, as of October 2023. In most cases, this is because an individual page was deleted or removed on an otherwise functional website.
2. For older content, this trend is even starker. Some 38% of webpages that existed in 2013 are not available today, compared with 8% of pages that existed in 2023.

This "digital decay" occurs in many different online spaces. We examined the links that appear on government and news websites, as well as in the "References" section of Wikipedia pages as of spring 2023. This analysis found that:
1. 23% of news webpages contain at least one broken link, as do 21% of webpages from government sites. News sites with a high level of site traffic and those with less are about equally likely to contain broken links. Local-level government webpages (those belonging to city governments) are especially likely to have broken links.
2. 54% of Wikipedia pages contain at least one link in their "References" section that points to a page that no longer exists.[...]

Russia is increasingly seeking to encourage and direct hackers to attack British and other western targets, the director of GCHQ has said in her first keynote speech as head of the British intelligence agency. From a report: Anne Keast-Butler said her agency was "increasingly concerned about growing links" between the Russian intelligence services and proxy hacker groups who have long taken advantage of a permissive environment within the country. "Before, Russia simply created the right environments for these groups to operate but now they're nurturing and inspiring these non state cyber actors," she said in a speech to the Cyber UK conference, in what she described as a "globally pervasive" threat.

The spy chief, appointed last year to be the first woman to hold the role, referenced the threat from ransomware -- "the most acute and pervasive cyber threat" -- where cybercriminals, typically from Russia, take control of a company's data and systems and demand significant sums to regain access. GCHQ was "doing everything we can" to counter ransomware actors, Keast-Butler said, degrade their ability to attack systems across government and business and to "produce intelligence that means those involved in ransomware are held to account." There is "no hiding place" for cybercriminals she added.

An anonymous reader shares a report: After launching a feature that adds more AI junk than ever to search results, Google is experimenting with a radical new feature that lets users see only the results they were looking for, in the form of normal text links. As in, what most people actually use Google for. "We've launched a new 'Web' filter that shows only text-based links, just like you might filter to show other types of results, such as images or videos," the official Google Search Liaison Twitter account, run by Danny Sullivan, posted on Tuesday. The option will appear at the top of search results, under the "More" option.

"We've added this after hearing from some that there are times when they'd prefer to just see links to web pages in their search results, such as if they're looking for longer-form text documents, using a device with limited internet access, or those who just prefer text-based results shown separately from search features," Sullivan wrote. "If you're in that group, enjoy!" Searching Google has become a bloated, confusing experience for users in the last few years, as it's gradually started prioritizing advertisements and sponsored results, spammy affiliate content, and AI-generated web pages over authentic, human-created websites.

"Aamrok 3.0, ported to Qt5/KDE Frameworks 5, has been released," writes Slashdot reader serafean. "With the heavy lifting being done, the Qt6/KF6 version is expected later in the year." Originally developed for Linux as part of the KDE desktop environment, Amarok is a free, cross-platform music player that supports various audio formats and a user interface that can be tailored to individual preferences. These are the main features/changes, as highlighted in a KDE blog post: FEATURES:
- Added a visual hint that context view applets can be resized in edit mode.
- Display missing metadata errors in Wikipedia applet UI.
- Add a button to stop automatic Wikipedia page updating. (BR 485813)

CHANGES:
- Replace defunct lyricwiki with lyrics.ovh as lyrics provider for now. (BR 455937)
- Show only relevant items in wikipedia applet right click menu (BR 323941), use monobook skin for opened links and silently ignore non-wikipedia links.
- Don't show non-functional play mode controls in dynamic mode (BR 287055) The changelog is available here. You can find the package on download.kde.org.

Dan Goodin reports via Ars Technica: A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January. A change GitLab implemented in May 2023 made it possible for users to initiate password changes through links sent to secondary email addresses. The move was designed to permit resets when users didn't have access to the email address used to establish the account. In January, GitLab disclosed that the feature allowed attackers to send reset emails to accounts they controlled and from there click on the embedded link and take over the account.

While exploits required no user interaction, hijackings worked only against accounts that weren't configured to use multi-factor authentication. Even with MFA, accounts remained vulnerable to password resets. The vulnerability, tracked as CVE-2023-7028, carries a severity rating of 10 out of a possible 10. The vulnerability, classified as an improper access control flaw, could pose a grave threat. GitLab software typically has access to multiple development environments belonging to users. With the ability to access them and surreptitiously introduce changes, attackers could sabotage projects or plant backdoors that could infect anyone using software built in the compromised environment. An example of a similar supply chain attack is the one that hit SolarWinds in 2021, infecting more than 18,000 of its customers. Other recent examples of supply chain attacks are here, here, and here. These sorts of attacks are powerful. By hacking a single, carefully selected target, attackers gain the means to infect thousands of downstream users, often without requiring them to take any action at all. According to Internet scans performed by security organization Shadowserver, more than 2,100 IP addresses showed they were hosting one or more vulnerable GitLab instances. In order to protect your system, you should enable MFA and install the latest patch. "GitLab users should also remember that patching does nothing to secure systems that have already been breached through exploits," notes Goodin.

404 Media: Apple has removed a number of AI image generation apps from the App Store after 404 Media found these apps advertised the ability to create nonconsensual nude images, a sign that app store operators are starting to take more action against these types of apps.

Overall, Apple removed three apps from the App Store, but only after we provided the company with links to the specific apps and their related ads, indicating the company was not able to find the apps that violated its policy itself.

Apple's action comes after we reported on Monday that Instagram advertises nonconsensual AI nude apps. By browsing Meta's Ad Library, which archives ads on its platform, when they ran, on what platforms, and who paid for them, we were able to find ads for five different apps, each with dozens of ads. Two of the ads were for web-based services, and three were for apps on the Apple App Store. Meta deleted the ads when we flagged them. Apple did not initially respond to a request for comment on that story, but reached out to me after it was published asking for more information. On Tuesday, Apple told us it removed the three apps on its App Store.

An anonymous reader quotes a report from Business Insider: If you think you've been seeing an awful lot more Reddit results lately when you search on Google, you're not imagining things. The internet is in upheaval, and for website owners the rules of "winning" Google Search have never been murkier. Google's generative AI search engine is coming from one direction. It's creeping closer to mainstream deployment and bringing an existential crisis for SEOs and website makers everywhere. Coming from the other direction is an influx of posts from Reddit, Quora, and other internet forums that have climbed up through the traditional set of Google links. Data analysis from Semrush, which predicts traffic based on search ranking, shows that traffic to Reddit has climbed at an impressive clip since August. Semrush estimated that Reddit had over 132 million visitors in August 2023. At the time of publishing, it was projected to have over 346 million visitors in April 2024.

None of this is accidental. For years, Google has been watching users tack on "Reddit" to the end of search queries and finally decided to do something about it. Google started dropping hints in 2022 when it promised to do a better job of promoting sites that weren't just chasing the top of search but were more helpful and human. Last August, Google rolled out a big update to Search that seemed to kick this into action. Reddit, Quora, and other forum sites started getting more visibility in Google, both within the traditional links and within a new "discussions and forums" section, which you may have spotted if you're US-based. The timing of this Reddit bump has led to some conspiracy theories. In February, Google and Reddit announced a blockbuster deal that would let Google train its AI models on Reddit content. Google said the deal, reportedly worth $60 million, would "facilitate more content-forward displays of Reddit information," leading to some speculation that Google promised Reddit better visibility in exchange for the valuable training data. A few weeks later, Reddit also went public.

Steve Paine, marketing manager at Sistrix, called the rise of Reddit "unprecedented." "There hasn't been a website that's grown so much search visibility so quickly in the US in at least the last five years," he told Business Insider. Right now, Reddit ranks high for product searches. Reddit's main competitors are Wikipedia, YouTube, and Fandom, Paine said, and it also competes in "high-value commercial searches," putting it up against Amazon. The "real competitors," he said, are the subreddits that compete with brands on the web. A Google spokesperson told Business Insider that the company is essentially just giving users what they want: "Our research has shown that people often want to learn from others' experiences with a topic, so we've continued to make it easier to find helpful perspectives on Search when it's relevant to a query. Our systems surface content from hundreds of forums and other communities across the web, and we conduct rigorous testing to ensure results are helpful and high quality."

An anonymous reader shares a report: A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for "know your customer" checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm. A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials."

All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."

An anonymous reader quotes a report from TechCrunch: Dropout's Dungeons & Dragons actual play show, Dimension 20, is getting pretty close to selling out a 19,000-seat venue just hours after ticket sales opened to the general public. To the uninitiated, it may seem absurd to go to a massive sports arena and watch people play D&D. As one Redditor commented, "This boggles my mind. When I was playing D&D in the early eighties, I would have never believed that there was a future where people would watch live D&D at Madison Square Garden. It's incomprehensible to me." It is indeed bizarre, albeit fun. But in this monumental moment for the actual play genre, the triumph is eclipsed by the biggest frustration that links sports, music and now D&D fans: Ticketmaster. As Federal Trade Commission chair Lina Khan said amid the Taylor Swift-Ticketmaster scandal, the company's failures "ended up converting more Gen Zers into anti-monopolists overnight than anything [she] could have done."

In the case of Taylor Swift's Eras tour, fans were upset because demand was so high that Ticketmaster's system couldn't handle the traffic. For Dimension 20, the culprit is Ticketmaster's dynamic pricing. As more people try to buy tickets, the price of the tickets increase. About an hour after the Madison Square Garden tickets went on sale, the few dozen upper bowl tickets left were $800. Three hours after, these tickets are around $330, which is still very inflated. "Went onto the presale, tickets were $500+ for the worst ones, we assumed they were scalpers and that the actual sale today would have normal priced tickets $2000 for the lower bowl!? I know it's not dropout setting the price but wow is that a LOT of cash," a Redditor posted. And as a commenter astutely pointed out, thanks to dynamic pricing, Ticketmaster itself is actually the scalper. Of course, Dimension 20 fans are frustrated, especially since the show's content is overtly anti-capitalist. Despite the pricing debacle, the demand for the show is a great sign for both actual play shows and the creator economy at large.

An anonymous reader quotes a report from The Verge: Google says it will start removing links to California news websites in a "short term test for a small percentage of California users." The move is in response to the pending California Journalism Preservation Act (CJPA), which would require Google to pay a fee for linking Californians to news articles. "If passed, CJPA may result in significant changes to the services we can offer Californians and the traffic we can provide to California publishers," Jaffer Zaidi, Google VP of global news partnerships, wrote in a blog post announcing the decision. "The testing process involves removing links to California news websites, potentially covered by CJPA, to measure the impact of the legislation on our product experience." Zaidi adds that Google will also pause "further investments in the California news ecosystem," referring to initiatives like Google News Showcase, product and licensing programs for news organizations, and the Google News Initiative. A study (PDF) conducted in 2023 estimates that Google would owe U.S. publishers around $10 to 12 billion annually if the Journalism Competition and Preservation Act, a national bill, is passed.

An anonymous reader quotes a report from Ars Technica: Starting today, home Internet and mobile broadband providers in the US are required to display consumer labels with information on prices, speeds, and data allowances. "Today's nationwide launch of the Broadband Consumer Labels means internet service providers are now required to display consumer-friendly labels at the point of sale," the Federal Communications Commission said (PDF). "Labels are required for all standalone home or fixed Internet service or mobile broadband plans. Providers must display the label -- not simply an icon or link to the label -- in close proximity to an associated plan's advertisement."

The labels are required now for providers with at least 100,000 subscribers, while ISPs with fewer customers have until October 10, 2024, to comply. "If a provider is not displaying their labels or has posted inaccurate information about its fees or service plans, consumers can file a complaint with the FCC Consumer Complaint Center," an agency webpage says. The October 10 date will also bring an additional requirement that providers "make the labels machine-readable to enable third parties to more easily collect and aggregate data for the purpose of creating comparison-shopping tools for consumers," the FCC said.

The FCC issued a consumer advisory telling broadband users what to look for in the labels. Labels should include the monthly price, state whether it is an introductory rate, the amount of time that an introductory rate applies, and the price after any introductory rate expires. The labels must include any additional monthly charges, one-time fees, early termination fees, and taxes. Speed information should include typical download speed, upload speed, and latency. For data caps, the labels should state how much data is included with the monthly price and how much consumers have to pay for additional usage. Labels should also include links to information on discounts and service bundles, network management practices, and privacy policies.

It appears that a nearly eight-year-long battle by the FCC to require internet companies to display information on the costs, fees, and speeds of their broadband services is finally over. From a report: Starting on Wednesday, all but the smallest ISPs will be required to publish broadband "nutrition labels" on all of their plans, the regulator announced. [...] Each label will include monthly broadband prices, introductory rate details, data allowances, broadband speeds, and links to find out about any available discounts or service bundles. Links to network management practices and privacy policies should be listed as well.