The Washington Post's editorial board looks at America's "net neutrality" debate.

But first they note that America's communications-regulating FCC has "limited authority to regulate unless broadband is considered a 'common carrier' under the Telecommunications Act of 1996." The FCC under President Barack Obama moved to reclassify broadband so it could regulate broadband companies; the FCC under President Donald Trump reversed the change. Dismayed advocates warned the world that, without the protections in place, the internet would break. You'll never guess what happened next: nothing. Or, at least, almost nothing. The internet did not break, and internet service providers for the most part did not block and they did not throttle.

All the same, today's FCC, under Chairwoman Jessica Rosenworcel, has just moved to re-reclassify broadband. The interesting part is that her strongest argument doesn't have much to do with net neutrality, but with some of the other benefits the country could see from having a federal watchdog keeping an eye on the broadband business... Broadband is an essential service... Yet there isn't a single government agency with sufficient authority to oversee this vital tool. Asserting federal authority over broadband would empower regulation of any blocking, throttling or anti-competitive paid traffic prioritization that they might engage in. But it could also help ensure the safety and security of U.S. networks.

The FCC has, on national security grounds, removed authorization for companies affiliated with adversary states, such as China's Huawei, from participating in U.S. telecommunications markets. The agency can do this for phone carriers. But it can't do it for broadband, because it isn't allowed to. Or consider public safety during a crisis. The FCC doesn't have the ability to access the data it needs to know when and where there are broadband outages — much less the ability to do anything about those outages if they are identified. Similarly, it can't impose requirements for network resiliency to help prevent those outages from occurring in the first place — during, say, a natural disaster or a cyberattack.

The agency has ample power to police the types of services that are becoming less relevant in American life, such as landline telephones, and little power to police those that are becoming more important every day.
The FCC acknowledges this power would also allow them to prohibit "throttling" of content. But the Post's editorial also makes the argument that here in 2023 that's "unlikely to have any major effect on the broadband industry in either direction... Substantial consequences have only become less likely as high-speed bandwidth has become less limited."

To explore America's "transition to a post-quantum world," the Washington Post interviewed U.S. federal official Nick Polk, who is focused on national security issues including quantum computing and is also a senior advisor to a White House federal chief information security officer): The Washington Post: The U.S. is in the early stages of a major shift focused on bolstering government network defenses, pushing federal agencies to adopt a new encryption standard known as post-quantum cryptography that aims to prevent systems from being vulnerable to advanced decryption techniques enabled by quantum computers in the near future...

Nick Polk: We've been using asymmetric encryption for a very long time now, and it's been ubiquitous since about 2014, when the U.S. government and some of the large tech companies decided that they're going to make it a default on most web browsers... Interestingly enough, regarding the post-quantum cryptographic standards being developed, the only thing that's quantum about them is that it has "quantum" in the name. It's really just a different type of math that's much more difficult for a quantum computer to be able to reverse-engineer. The National Institute of Standards and Technology is looking at different mathematical models to cover all their bases. The interesting thing is that these post-quantum standards are actually being used to protect classical computers that we have now, like laptops...

Given the breadth of the U.S. government and the amount of computing power we use, we really see ourselves and our role as a steward of the tech ecosystem. One of the things that came out of [this week's Inside Quantum Technology conference in New York City] was that we are very quickly moving along with the private sector to migrate to post-quantum cryptography. I think you're gonna see very shortly a lot of very sensitive private sector industries start to migrate or start to advertise that they're going to migrate. Banks are a perfect example. That means meeting with vendors regularly, and testing their algorithms to ensure that we can accurately and effectively implement them on federal systems...

The administration and national security memorandum set 2035 as our deadline as a government to migrate our [national security] systems to post-quantum cryptography. That's supposed to time with the development of operational quantum computers. We need to ensure that we start now, so that we don't end up not meeting the deadline before computers are operational... This is a prioritized migration for the U.S. government. We're going to start with our most critical systems — that includes what we call high-value assets, and high-impact systems. So for example, we're gonna prioritize systems that have personal health information.

That's our biggest emphasis — both when we talk to private industry and when we encourage agencies when they talk to their contractors and vendors — to really think about where your most sensitive data is and then prioritize those systems for migration.

PC Magazine reports: A powerful piece of malware has been disguising itself as a trivial cryptocurrency miner to help it evade detection for more than five years, according to antivirus provider Kaspersky. This so-called "StripedFly" malware has infected over 1 million Windows and Linux computers around the globe since 2016, Kaspersky says in a report released Thursday...

StripedFly incorporated a version of EternalBlue, the notorious NSA-developed exploit that was later leaked and used in the WannaCry ransomware attack to infect hundreds of thousands of Windows machines back in 2017. According to Kaspersky, StripedFly uses its own custom EternalBlue attack to infiltrate unpatched Windows systems and quietly spread across a victim's network, including to Linux machines. The malware can then harvest sensitive data from infected computers, such as login credentials and personal data. "Furthermore, the malware can capture screenshots on the victim's device without detection, gain significant control over the machine, and even record microphone input," the company's security researchers added.

To evade detection, the creators behind StripedFly settled on a novel method by adding a cryptocurrency mining module to prevent antivirus systems from discovering the malware's full capabilities.

A new study found that adult ADHD "may take a toll on the brain and is linked to a higher likelihood of developing dementia," reports the Washington Post: A study published in JAMA Network Open reported that being diagnosed with ADHD as an adult is associated with a 2.77-fold increased risk of dementia.

The study only showed an association and doesn't tell us whether ADHD is a direct cause of cognitive decline. But the results suggest that "if you do have attention-deficit disorder, you're going to have more trouble with normal brain aging," said Sandra Black, a cognitive neurologist at Sunnybrook Research Institute in Toronto who was not involved in the study. "It adds another risk factor...."

Notably, of the 730 participants with adult ADHD, 13.2 percent (96 participants) were diagnosed with dementia. In contrast, of the 108,388 participants without adult ADHD, just 7 percent (7,630 participants) developed dementia. Intriguingly, adults with ADHD who were taking a psychostimulant medication such as Ritalin or Adderall did not have an increased risk of developing dementia compared with those not taking medication. Only 22.3 percent of people with ADHD had taken a psychostimulant medication at any point.
The Post also notes the work of Sara Becker, a postdoctoral research associate at the University of Calgary. "In a 2023 systematic review, Becker and her colleagues identified only seven previous studies investigating the link between ADHD and neurodegenerative diseases such as dementia, most of which found that adult ADHD conferred a higher dementia risk."
The research highlights the importance of seeking care — and the need for more research. Treatment with psychostimulant medications may attenuate the risk, said Stephen Levine, a professor at the University of Haifa's School of Public Health in Israel and the lead author of the study. Lifestyle changes, such as better sleep and staying socially engaged, can also lower risk for dementia....

A 2020 landmark study by the Lancet Commission highlighted 12 modifiable factors for dementia that, if addressed, could mitigate the risk of dementia by up to 40 percent. Some of these factors are hearing loss, excessive alcohol intake and smoking.
Other lifestyle changes that lower your risk of demential include keeping up your physical activity, and eating a Mediterranean diet, the Post reports (citing cognitive neurologist Sandra Black).

An estimated 3 percent of adults have ADHD.

"For the last two decades, our social networking and social media platforms have been universes unto themselves," writes the Verge's editor-at-large: Each has its own social graph, charting who you follow and who follows you. Each has its own feed, its own algorithms, its own apps, and its own user interfaces (though they've all pretty much landed on the same aesthetics over time). Each also has its own publishing tools, its own character limits, its own image filters. Being online means constantly flitting between these places and their ever-shifting sets of rules and norms. Now, though, we may be at the beginning of a new era. Instead of a half-dozen platforms competing to own your entire life, apps like Mastodon, Bluesky, Pixelfed, Lemmy, and others are building a more interconnected social ecosystem.

If this ActivityPub-fueled change takes off, it will break every social network into a thousand pieces. All posts, of all types, will be separated from their platforms. We'll get new tools for creating those posts, new tools for reading them, new tools for organizing them, and new tools for moderating them and sharing them and remixing them and everything else besides.
He's talking about a decades-old concept called POSSE: Publish (on your) Own Site, Syndicate Everywhere. ("Sometimes the P is also 'Post,' and the E can be 'Elsewhere.' The idea is the same either way." The idea is that you, the poster, should post on a website that you own. Not an app that can go away and take all your posts with it, not a platform with ever-shifting rules and algorithms. Your website. But people who want to read or watch or listen to or look at your posts can do that almost anywhere because your content is syndicated to all those platforms... [Y]our blog becomes the hub for everything, your main home on the internet.
The article argues that for now, "the best we have are tools like Micro.blog, a six-year-old platform for cross-posters." But the article ultimately envisions a future with not just new posting tools, but also new reading tools "with different ideas about how to display and organize posts."

Abner Li reports via 9to5Google: Google today detailed its research into audioplethysmography (APG) that adds heart rate sensing capabilities to active noise canceling (ANC) headphones and earbuds "with a simple software upgrade." Google says the "ear canal [is] an ideal location for health sensing" given that the deep ear artery "forms an intricate network of smaller vessels that extensively permeate the auditory canal."

This audioplethysmography approach works by "sending a low intensity ultrasound probing signal through an ANC headphone's speakers. This signal triggers echoes, which are received via on-board feedback microphones. We observe that the tiny ear canal skin displacement and heartbeat vibrations modulate these ultrasound echoes." A model that Google created works to process that feedback into a heart rate reading, as well as heart rate variability (HRV) measurement. This technique works even with music playing and "bad earbuds seals." However, it was impacted by body motion, and Google countered with a multi-tone approach that serves as a calibration tool to "find the best frequency that measures heart rate, and use only the best frequency to get high-quality pulse waveform."

Google performed two sets of studies with 153 people that found APG "achieves consistently accurate heart rate (3.21% median error across participants in all activity scenarios) and heart rate variability (2.70% median error in inter-beat interval) measurements." Compared to existing HR sensors, it's not impacted by skin tones. Ear canal size and "sub-optimal seal conditions" also do not impact accuracy. Google believes this is a better approach than putting traditional photoplethysmograms (PPG) and electrocardiograms (ECG) sensors, as well as a microcontroller, in headphones/earbuds: "this sensor mounting paradigm inevitably adds cost, weight, power consumption, acoustic design complexity, and form factor challenges to hearables, constituting a strong barrier to its wide adoption."

According to a new study published in iScience, the way pigeons problem-solve matches artificial intelligence. The Guardian reports: In the study, 24 pigeons were given a variety of visual tasks, some of which they learned to categorize in a matter of days, and others in a matter of weeks. The researchers found evidence that the mechanism that pigeons used to make correct choices is similar to the method that AI models use to make the right predictions. "Pigeon behavior suggests that nature has created an algorithm that is highly effective in learning very challenging tasks," said Edward Wasserman, study co-author and professor of experimental psychology at the University of Iowa. "Not necessarily with the greatest speed, but with great consistency."

On a screen, pigeons were shown different stimuli, like lines of different width, placement and orientation, as well as sectioned and concentric rings. Each bird had to peck a button on the right or left to decide which category they belonged to. If they got it correct, they got food, in the form of a pellet; if they got it wrong, they got nothing. "Pigeons don't need a rule," said Brandon Turner, lead author of the study and professor of psychology at Ohio State University. Instead they learn through trial and error. For example, when they were given a visual, say "category A", anything that looked close to that they also classified as "category A", tapping into their ability to identify similarities.

Over the course of the experiments, pigeons improved their ability to make right choices from 55% to 95% of the time when it came to some of the simpler tasks. Presented with a more complex challenge, their accuracy went up from 55% to 68%. In an AI model, the main goal is to recognize patterns and make decisions. Pigeons, as research shows, can do the same. Learning from consequences, when not given a food pellet, pigeons have a remarkable ability to correct their errors. Similarity function is also at play for pigeons, by using their ability to find resemblance between two objects. "With just those two mechanisms alone, you can define a neural network or an artificial intelligent machine to basically solve these categorization problems," said Turner. "It stands to reason that the mechanisms that are present in the AI are also present in the pigeon."

Dan Goodin reports via Ars Technica: Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised. Despite promises that this never-changing address would be hidden and replaced with a private one that was unique to each SSID, Apple devices have continued to display the real one, which in turn got broadcast to every other connected device on the network. [...]

In 2020, Apple released iOS 14 with a feature that, by default, hid Wi-Fi MACs when devices connected to a network. Instead, the device displayed what Apple called a "private Wi-Fi address" that was different for each SSID. Over time, Apple has enhanced the feature, for instance, by allowing users to assign a new private Wi-Fi address for a given SSID. On Wednesday, Apple released iOS 17.1. Among the various fixes was a patch for a vulnerability, tracked as CVE-2023-42846, which prevented the privacy feature from working. Tommy Mysk, one of the two security researchers Apple credited with discovering and reporting the vulnerability (Talal Haj Bakry was the other), told Ars that he tested all recent iOS releases and found the flaw dates back to version 14, released in September 2020. "From the get-go, this feature was useless because of this bug," he said. "We couldn't stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode."

When an iPhone or any other device joins a network, it triggers a multicast message that is sent to all other devices on the network. By necessity, this message must include a MAC. Beginning with iOS 14, this value was, by default, different for each SSID. To the casual observer, the feature appeared to work as advertised. The "source" listed in the request was the private Wi-Fi address. Digging in a little further, however, it became clear that the real, permanent MAC was still broadcast to all other connected devices, just in a different field of the request. Mysk published a short video showing a Mac using the Wireshark packet sniffer to monitor traffic on the local network the Mac is connected to. When an iPhone running iOS prior to version 17.1 joins, it shares its real Wi-Fi MAC on port 5353/UDP.

Google Fiber plans to upgrade some users to 20Gbps service by the end of the year. Ars Technica reports: Google's Wednesday blog post calls this part of a "GFiber Labs" experiment and says the service "will initially be available as an early access offering to a small group of GFiber customers in select areas." The 20Gbps service is made possible by new networking gear: Nokia's 25G PON (passive optical network) technology, which lets Internet service providers push more bandwidth over existing fiber lines. Google says it's "one of the first" ISPs to adopt the technology for consumers, though at least one other US ISP, the Tennessee provider "EPB," has rolled out the technology. Customers will need new networking gear, too, and Google says you'll get a new fiber modem with built-in Wi-Fi 7.

Fierce Telecom spoke with Google's Nick Saporito, head of product at Google Fiber, who said, "We definitely see a need" for 20Gbps service. For now, Saporito says the service is "a very early adopter product," but it will eventually roll out "in most, if not all, of our markets." According to that Fierce report, Fiber is built on Nokia's "Quillion" Fiber platform, which is upgradable, so Google only needed to "plug in a new optical module and replace the optical network terminal on the end-user side" to take its 5 and 8Gbps infrastructure to 20Gbps.

There's no word yet on the price or which utopian Google Fiber cities will get access to the 20Gbps service, but Google has already run trials in Kansas City, Missouri. Currently, Google Fiber costs $70 for 1Gbps and $150 for 8Gbps. Interested customers can sign up for early access at this link.

JPMorgan Chase's digital token JPM Coin now handles $1 billion worth of transactions daily and the bank plans to continue widening its usage, Global Head of Payments Takis Georgakopoulos said. From a report: "JPM Coin gets transacted on a daily basis mostly in US dollars, but we again intend to continue to expand that," Georgakopoulos said Thursday in an interview on Bloomberg Television. JPM Coin enables wholesale clients to make dollar and euro-denominated payments through a private blockchain network. It's one of the few examples of a live blockchain application by a large bank, but remains a small fraction of the $10 trillion in US dollar transactions moved by JPMorgan on a daily basis. The company also runs a blockchain-based repo application, and is exploring a digital deposit token to accelerate cross-border settlements.

Balaji Srinivasan, former CTO of Coinbase and author of the Network State, has announced his first Network State Conference. This is a conference for people interested in founding, funding, and finding new communities.
Topics include startup societies, network states, digital nomadism, competitive government, legalizing innovation, and building alternatives. Speakers include Glenn Greenwald, Vitalik Buterin, Anatoly Yakovenko, Garry Tan, the Winklevosses, and Tyler Cowen. See presentations by startup society founders around the world, invest in them, and search for the community that fits you.

With this and Joseon, the first legally recognized cyber state, the network state movement is beginning to get interesting.

Another anonymous reader quotes from the Joseon Official X Account's reply to Balaji's announcement:

Joseon, the first legally recognized cyber nation state, will be there.
Interestingly, Joseon dons the same grey checkmark that is for governments on its X account.

Pebble, the first of the would-be Twitter replacements to emerge after Elon Musk bought Twitter, is shutting down. The social media platform -- previously known as T2 to indicate a desire to build a Twitter clone -- was founded by former Twitter employees Sarah Oh and Gabor Cselle. Steven Vaughan-Nichols writes via ZDNet: Pebble was an early-stage, Twitter-like social network. Its goal was to become the "place to have the authentic conversations we've always wanted to have." Its founders, who were largely Twitter alumni, designed Pebble to look and feel like pre-Musk Twitter, with a 280-character limit and direct messaging. I rather liked it, but it appears I was in the minority. Pebble was always a bit rough around the edges, and it never made it past about 20,000 users.

In what was still a surprising announcement, Pebble revealed its plans to shut down operations on November 1, 2023. In a letter to users, Pebble said: "The painful truth, however, is that we were not growing quickly enough for investors to believe that we will break out. Combine that with a crowded space of alternatives -- and the uphill climb is even steeper. In order to continue to build out a complete Pebble, we would have needed more investment, and more time." That was not to be -- and Pebble's backers ran out of money and time.

A spokesperson for the platform stated: "While we are immensely proud of what we achieved with our dedicated team and an incredible community, the reality is that our growth rate was not meeting the expectations set by our investors." With the digital landscape burgeoning with alternative platforms, Pebble was competing in an increasingly crowded marketplace. As the platform prepares for its final curtain call, the team behind Pebble is shifting its focus to showing gratitude to its supportive community. They are exploring potential avenues to ensure that the connections formed on Pebble can continue in another guise. Further details are expected to be shared soon.

NASA is demonstrating laser communications on multiple missions -- showcasing the benefits infrared light can have for science and exploration missions transmitting terabytes of important data. NASA: The International Space Station is getting a "flashy" technology demonstration this November. The ILLUMA-T (Integrated Laser Communications Relay Demonstration Low Earth Orbit User Modem and Amplifier Terminal) payload is launching to the International Space Station to demonstrate how missions in low Earth orbit can benefit from laser communications. Laser communications uses invisible infrared light to send and receive information at higher data rates, providing spacecraft with the capability to send more data back to Earth in a single transmission and expediting discoveries for researchers.

Managed by NASA's Space Communications and Navigation (SCaN) program, ILLUMA-T is completing NASA's first bi-directional, end-to-end laser communications relay by working with the agency's LCRD (Laser Communications Relay Demonstration). LCRD launched in December 2021 and is currently demonstrating the benefits of laser communications from geosynchronous orbit by transmitting data between two ground stations on Earth in a series of experiments. Some of LCRD's experiments include studying atmospheric impact on laser signals, confirming LCRD's ability to work with multiple users, testing network capabilities like delay/disruption tolerant networking (DTN) over laser links, and investigating improved navigation capabilities.

An anonymous reader quotes a report from Wired: Hamas' attacks against Israel on October 7 have shifted the geopolitical landscape and triggered a looming Israeli ground assault in the Gaza Strip. Now the ripple effects are reaching the cryptocurrency industry, where they've become the United States Department of the Treasury's rallying cry for a crackdown on cryptocurrency anonymity services. The US Treasury's Financial Crimes Enforcement Network (FinCEN) [on October 19th] released a set of proposed rules that would designate foreign cryptocurrency "mixers" -- services that blend users' digital funds to offer more anonymity and make them harder to trace -- as money laundering tools that pose a threat to national security and would thus face new sanctions and regulations. The new rules, if adopted following a 90-day period of public comment and debate, would potentially represent the broadest restrictions imposed yet on the mixing services and could make it far harder for cryptocurrency holders to put their money through the services before cashing it out at a US cryptocurrency exchange, or even at a foreign exchange that accepts US customers.

While the proposed rules were almost certainly in the works long before October 7, the Treasury's announcement tied the push for a change in policy directly to the use of cryptocurrency by Hamas and militant groups in Gaza. "The Treasury Department is aggressively combatting illicit use of all aspects of the CVC ecosystem by terrorist groups," Wally Adeyemo, deputy secretary of the Treasury, wrote in a statement, using the term "CVC" to mean convertible virtual currency. Adeyemo says that this includes Hamas and Palestinian Islamic Jihad, a militant group that often aligns with Hamas, which Israel blamed for an explosion at a hospital in Gaza earlier this week.

Cryptocurrency mixers have existed almost as long as Bitcoin itself. They offer to take in a user's cryptocurrency, blend it with that of other users, and return the funds so that they are harder to follow from their origin to destination on blockchains, which generally record every transaction in full public view. The Treasury's rule change would designate those cryptocurrency-mixing services -- or at least the majority of them that are based outside the US -- as a "primary money laundering concern." They would thus be considered a threat to US national security as defined by section 311 of the Patriot Act, a section of the law designed to restrict how domestic financial institutions interact with potential sources of terrorist financing. The rule change would mean that US financial services, as well foreign ones with US customers -- including cryptocurrency exchanges -- would have to go through extra record-keeping and reporting requirements for funds that have touched a foreign cryptocurrency mixer, and it might even allow the Treasury to block US exchanges from handling those funds. "We've never seen anything like this before," says Ari Redbord, the head of global policy for TRM Labs, a blockchain analysis firm. Redbord notes that the rule change isn't proposing a blanket ban on foreign mixing services, only new rules for interacting with them. "The reality, however, is that 311 actions oftentimes have a sort of name-and-shame effect, where people are just not wanting to engage with these platforms out of fear of being caught up in money laundering or other type of illicit activity."

"I think the challenge for regulators is, how do we thread the needle between stopping illicit actors from using these platforms but at the same time allow regular users to enable some degree of privacy?" Redbord added. "I think the concern is that this could very much be throwing the baby out with the bathwater."

An anonymous reader quotes a report from Techdirt: Cleveland has spent years being dubbed the "worst connected city in the U.S." thanks to expensive, patchy, and slow broadband. Why Cleveland broadband sucks so badly isn't really a mystery: consolidated monopoly/duopoly power has resulted in a broken market where local giants like AT&T and Charter don't have to compete on price, speeds, availability, customer service, or much of anything else. Data also shows that despite billions in tax breaks, regulatory favors, and subsidies, companies like AT&T have long refused to upgrade low-income and minority Cleveland neighborhoods to fiber. These companies not only engage in this deployment "redlining," but data also makes it clear they often charge these low income and minority neighborhoods more money for the same or slower broadband.

Last week I spent some time talking to Cleveland city leaders and local activists about their plan to do something about it. On one hand, they've doled out $20 million in COVID relief broadband funding to local non-profit DigitalC to deliver fixed wireless broadband at speeds of 100 Mbps for as little as $18. On the other hand, they've convinced a company named SiFi Networks to build a $500 million open access fiber network at no cost to taxpayers. SiFi Networks will benefit from a tight relationship with the city, while making its money from leasing access to the network to ISPs. [...]

Local activists like DigitalC CEO Joshua Edmonds tell me they hope the project teaches U.S. towns and cities that there are alternatives to being feckless supplicants to regional telecom mono/duopolies: "This is a major victory, and I hope that people don't look at it as just a major victory for Cleveland. Every city where there's a prevalent digital divide, where there's political will and ability to execute, people should be paying close attention to what happens in Cleveland, paying close attention to how DigitalC was able to fight and navigate with our coalition of stakeholders."

Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. From a report: Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users' privacy and the essential functionalities of the web. IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.

While IP addresses are potential vectors for tracking, they are also indispensable for critical web functionalities like routing traffic, fraud prevention, and other vital network tasks. The "IP Protection" solution addresses this dual role by routing third-party traffic from specific domains through proxies, making users' IP addresses invisible to those domains. As the ecosystem evolves, so will IP Protection, adapting to continue safeguarding users from cross-site tracking and adding additional domains to the proxied traffic. "Chrome is reintroducing a proposal to protect users against cross-site tracking via IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above," reads a description of the IP Protection feature. Initially, IP Protection will be an opt-in feature, ensuring users have control over their privacy and letting Google monitor behavior trends.

One 80-year-old retired teacher in Los Angeles lost $69,000 in bitcoin to scammers. And 46,000 people lost over $1 billion to crypto scams since 2021 (according to America's Federal Trade Commission).

Now the Los Angeles Times reports California's new moves against scammers using bitcoin ATMs, with a bill one representative says "is about ensuring that people who have been frauded in our communities don't continue to watch our state step aside when we know that these are real problems that are happening." Starting in January, California will limit cryptocurrency ATM transactions to $1,000 per day per person under Senate Bill 401, which Gov. Gavin Newsom signed into law. Some bitcoin ATM machines advertise limits as high as $50,000... Victims of bitcoin ATM scams say limiting the transactions will give people more time to figure out they're being tricked and prevent them from using large amounts of cash to buy cryptocurrency.

But crypto ATM operators say the new laws will harm their industry and the small businesses they pay to rent space for the machines. There are more than 3,200 bitcoin ATMs in California, according to Coin ATM Radar, a site that tracks the machines' locations. "This bill fails to adequately address how to crack down on fraud, and instead takes a punitive path focused on a specific technology that will shudder the industry and hurt consumers, while doing nothing to stop bad actors," said Charles Belle, executive director of the Blockchain Advocacy Coalition...

Law enforcement has cracked down on unlicensed crypto ATMs, but it can be tough for consumers to tell how serious the industry is about addressing the concerns. In 2020, a Yorba Linda man pleaded guilty to charges of operating unlicensed bitcoin ATMs and failing to maintain an anti-money-laundering program even though he knew criminals were using the funds. The illegal business, known as Herocoin, allowed people to buy and sell bitcoin in transactions of up to $25,000 and charged a fee of up to 25%.
So there's also provisions in the law against exorbitant fees: The new law also bars bitcoin ATM operators from collecting fees higher than $5 or 15% of the transaction, whichever is greater, starting in 2025. Legislative staff members visited a crypto kiosk in Sacramento and found markups as high as 33% on some digital assets when they compared the prices at which cryptocurrency is bought and sold. Typically, a crypto ATM charges fees between 12% and 25% over the value of the digital asset, according to a legislative analysis...

Another law would by July 2025 require digital financial asset businesses to obtain a license from the California Department of Financial Protection and Innovation.

The Washington Post tells the story of a veteran political operative and a former army intelligence officer hired to help keep in power the president of the west African nation Burkina Faso: Their company, Percepto International, was a pioneer in what's known as the disinformation-for-hire business. They were skilled in deceptive tricks of social media, reeling people into an online world comprised of fake journalists, news outlets and everyday citizens whose posts were intended to bolster support for [president Roch Marc] Kaboré's government and undercut its critics. But as Percepto began to survey the online landscape across Burkina Faso and the surrounding French-speaking Sahel region of Africa in 2021, they quickly saw that the local political adversaries and Islamic extremists they had been hired to combat were not Kaboré's biggest adversary. The real threat, they concluded, came from Russia, which was running what appeared to be a wide-ranging disinformation campaign aimed at destabilizing Burkina Faso and other democratically-elected governments on its borders.

Pro-Russian fake news sites populated YouTube and pro-Russian groups abounded on Facebook. Local influencers used WhatsApp and Telegram groups to organize pro-Russian demonstrations and praise Russian President Vladimir Putin. Facebook fan pages even hailed the Wagner Group, the Russian paramilitary network run by Yevgeniy Prigozhin, the late one-time Putin ally whose Internet Research Agency launched a disinformation campaign in the United States to influence the 2016 presidential election... Percepto didn't know the full scope of the operation it had uncovered but it warned Kaboré's government that it needed to move fast: Launch a counteroffensive online — or risk getting pushed out in a coup.

Three years later, the governments of five former French colonies, including Burkina Faso, have been toppled. The new leaders of two of those countries, Mali and Burkina Faso, are overtly pro-Russian; in a third, Niger, the prime minister installed after a July coup has met recently with the Russian ambassador. In Mali and the Central African Republic, French troops have been replaced with Wagner mercenaries...

Percepto's experience in French-speaking Africa offers a rare window into the round-the-clock information warfare that is shaping international politics — and the booming business of disinformation-for-hire. Meta, the social media company that operates Facebook, Instagram and WhatsApp, says that since 2017 it has detected more than 200 clandestine influence operations, many of them mercenary campaigns, in 68 countries.
The article also makes an interesting point. "The burden of battling disinformation has fallen entirely on Silicon Valley companies."

"A company backed by BlackRock has abandoned plans to build a 1,300-mile pipeline across the US Midwest to collect and store carbon emissions from the corn ethanol industry," reports Ars Technica.

The move comes "following opposition from landowners and some environmental campaigners." Navigator CO2 on Friday said developing its carbon capture and storage (CCS) project called Heartland Greenway had been "challenging" because of the unpredictable nature of regulatory and government processes in South Dakota and Iowa. Navigator's decision to scrap its flagship $3.1 billion project — one of the biggest of its kind in the US — is a blow for a fledgling industry... It also represents a setback for the carbon-intensive corn ethanol refining industry, a pillar of the rural Midwestern economy which is targeting industry-scale CCS as a way to reduce emissions...

The project faced opposition from local landowners, who expressed concerns about safety and property seizures, and some environmentalists who describe CO2 pipelines as dangerous and a way to prop up the fossil fuels industry, which already has a network of such infrastructure. Addressing the decision by Navigator, the Coalition To Stop CO2 Pipelines said it "celebrates this victory," but added: "we also know that the tax incentives made available by the federal government for carbon capture, transport and storage likely mean another entity will pick up Navigator's project, or find a different route through Illinois."
The article cites one analyst at energy research firm Wood Mackenzie who believes this cancellation could benefit rival carbon-capture companies like Summit Carbon Solutions, which is planning an even larger network of CO2 pipelines throughout the Midwest, and could try to sign deals with Navigator's former customers.

Breached web sites distribute malware to visitors by claiming they need to update their browser. But one group of attackers "have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement," reports security researcher Brian Krebs.

"By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain." [W]hen Cloudflare blocked those accounts the attackers began storing their malicious files as cryptocurrency transactions in the Binance Smart Chain (BSC), a technology designed to run decentralized apps and "smart contracts," or coded agreements that execute actions automatically when certain conditions are met. Nati Tal, head of security at Guardio Labs, the research unit at Tel Aviv-based security firm Guardio, said the malicious scripts stitched into hacked WordPress sites will create a new smart contract on the BSC Blockchain, starting with a unique, attacker-controlled blockchain address and a set of instructions that defines the contract's functions and structure. When that contract is queried by a compromised website, it will return an obfuscated and malicious payload.

"These contracts offer innovative ways to build applications and processes," Tal wrote along with his Guardio colleague Oleg Zaytsev. "Due to the publicly accessible and unchangeable nature of the blockchain, code can be hosted 'on-chain' without the ability for a takedown." Tal said hosting malicious files on the Binance Smart Chain is ideal for attackers because retrieving the malicious contract is a cost-free operation that was originally designed for the purpose of debugging contract execution issues without any real-world impact. "So you get a free, untracked, and robust way to get your data (the malicious payload) without leaving traces," Tal said.

In response to questions from KrebsOnSecurity, the BNB Smart Chain (BSC) said its team is aware of the malware abusing its blockchain, and is actively addressing the issue. The company said all addresses associated with the spread of the malware have been blacklisted, and that its technicians had developed a model to detect future smart contracts that use similar methods to host malicious scripts. "This model is designed to proactively identify and mitigate potential threats before they can cause harm," BNB Smart Chain wrote. "The team is committed to ongoing monitoring of addresses that are involved in spreading malware scripts on the BSC. To enhance their efforts, the tech team is working on linking identified addresses that spread malicious scripts to centralized KYC [Know Your Customer] information, when possible."