More than 1 billion people will be connected to 5G by the end of 2022, according to the latest mobility report from Ericsson. CNET reports: Between July and September of this year, 5G added 110 million subscribers around the world, upping the total count to 870 million, said the report, released Wednesday. That's almost double the number of 5G subscribers there were by the end of 2021, which the Swedish telecommunications equipment maker estimated to be 580 million. If 5G users hit the 1 billion this year, that means fifth-generation networks will have hit the nine-figure subscriber mark two years faster than 4G did, said Ericsson, confirming that 5G is so far the "fastest-scaling mobile connectivity generation."

4G subscriptions are still growing as well, with 41 million subscribers added between July and September. It's anticipated they will peak at 5.2 billion by the end of the year, and mobile subscriptions overall are forecast to exceed 8.4 billion. By 2028, 5G is expected to reach 5 billion subscriptions globally and make up 55% of all network subscriptions, according to the report. Overall mobile subscriptions in 2028 are expected to be more than 9.2 billion.

hondo77 writes: Two years ago, Disney Research Studios developed AI-powered tools that could generate face swap videos with enough quality and resolution to be used for professional filmmaking (instead of as questionably low-res GIFs shared around the internet). This year, the researchers are demonstrating a new tool that leverages AI tricks to make actors look older or younger, minus the weeks of work usually needed to perfect those kinds of shots.

Using neural networks and machine learning to age or de-age a person has already been tried, and while the results are convincing enough when applied to still images, they hadn't produce photorealistic results on moving video, with temporal artifacts that appear and disappear from frame to frame, and the person's appearance occasionally becoming unrecognizable as the altered video plays. To make an age-altering AI tool that was ready for the demands of Hollywood and flexible enough to work on moving footage or shots where an actor isn't always looking directly at the camera, Disney's researchers, as detailed in a recently published paper, first created a database of thousands of randomly generated synthetic faces. Existing machine learning aging tools were then used to age and de-age these thousands of non-existent test subjects, and those results were then used to train a new neural network called FRAN (face re-aging network).

An anonymous reader quotes a report from Ars Technica: The Comcast "Broadcast TV" fee that isn't included in the company's advertised prices is rising again, tacking as much as $27 onto the monthly bills of cable TV users. Comcast's Broadcast TV and Regional Sports Network fees combined could add nearly $40 to a customer's monthly TV bill after next month's price hikes, all while Comcast advertises much lower prices than people actually pay. "Comcast has started notifying customers and municipalities that it plans to raise video and Internet prices next month, including a whopping $7.35 a month increase for the Broadcast TV fee in one town," a TV Answer Man article said on Saturday. The $7.35-per-month increase is in Taunton, Massachusetts, where Comcast said the Broadcast TV fee will rise from $18.65 to $26.

The Broadcast TV fee is rising from $24.95 a month to $27.25 a month starting on December 20 in Sandown, New Hampshire, a letter (PDF) from Comcast to town government officials said. In Sandown, the Regional Sports Network fee is rising from $11.85 to $12. The TV Answer Man report also said several towns in Michigan were "alerted that the Broadcast Fee will rise from $14.80 to $20.70 a month while the monthly Regional Sports fee will go from $9.50 to $10.15." These are just a few examples as Comcast is raising prices nationwide.

The Broadcast TV charges added to customer bills vary by region. Comcast says the fees are based on the amounts that "broadcast stations charge us to carry them on our cable systems." It's true that Comcast has to pay retransmission consent fees to carry the stations, even though stations can be accessed for free over the air with an antenna. But the sneaky manner in which Comcast and other cable companies pass those costs on to customers can lead to bill shock and unexpected price increases. Comcast's advertised prices do not include the Broadcast TV or the Regional Sports Network fees even though these fees account for a large portion of customers' actual monthly bills. On Comcast's ordering website, the base prices are listed along with a message stating that Broadcast TV and Regional Sports fees are "extra" and that the price is "subject to change." The Broadcast TV and Regional Sports fees also aren't included in how Comcast calculates promotional pricing and thus can be raised even when a customer's promotional rate hasn't expired. Comcast says it's also raising the base prices of monthly service plans, saying the average increase nationwide is 3.8 percent.

Comcast's statement on the price increases blamed the rising cost of video programming but said the overall increases are lower than the most recent inflation rate: "TV networks and other video programmers continue to raise their prices, with broadcast television and sports being the biggest drivers of increases in customers' bills. We're continuing to work hard to manage these costs for our customers while investing in our broadband network to provide the best, most reliable Internet service in the country and to give our customers more low-cost choices in video and connectivity so they can find a package that fits their lifestyle and budget. Our national average increase of 3.8 percent is about half of the most recent rate of inflation."

BlockFi, a cryptocurrency lender and financial services firm, filed for bankruptcy on Monday, becoming the latest company in the crypto industry hobbled by the implosion of the embattled exchange FTX. From a report: BlockFi had been reeling since the spring, when the collapse of several influential crypto firms pushed the market into a panic, sending the value of cryptocurrencies like Bitcoin plunging. In June, FTX agreed to provide the company with a $400 million credit line, which BlockFi's chief executive, Zac Prince, said would provide "access to capital that further bolsters our balance sheet." The deal also gave FTX the option to buy BlockFi.

But that agreement meant that BlockFi was financially entangled with FTX, and its stability was thrust into uncertainty this month after a series of revelations about corporate missteps and suspicious management at FTX. A few days after the exchange collapsed, BlockFi suspended withdrawals, explaining that it had "significant exposure" to FTX, including undrawn amounts from the credit line and assets held on the FTX platform. BlockFi is not the first crypto lender to collapse in a devastating year for the industry. After the spring crash, in which Bitcoin fell 20 percent in a week, two other lenders, Celsius Network and Voyager Digital, filed for bankruptcy. BlockFi, which is based in Jersey City, N.J., was created in 2017 and, as of last year, claimed more than 450,000 retail clients who can obtain loans in minutes, without credit checks. "We are just at the beginning of this story," Flori Marquez, a co-founder of BlockFi, told The New York Times in September. But its business has attracted close scrutiny from regulators.

"China's control of the internet has become so strong that dissidents must cling to any crack in the so-called Great Firewall," writes Qz.

But as anti-government protests sprung up on campuses and cities in China over the weekend, Qz reminds us that "the country's most widespread show of public dissent in decades will have to manage without a crucial communication tool, because Apple restricted its use in China earlier this month." AirDrop, the file-sharing feature on iPhones and other Apple devices, has helped protestors in many authoritarian countries evade censorship. That's because AirDrop relies on direct connections between phones, forming a local network of devices that don't need the internet to communicate. People can opt into receiving AirDrops from anyone else with an iPhone nearby.

That changed on Nov. 9, when Apple released a new version of its mobile operating system, iOS 16.1.1, to customers worldwide. Rather than listing new features, as it often does, the company simply said, "This update includes bug fixes and security updates and is recommended for all users." Hidden in the update was a change that only applies to iPhones sold in mainland China: AirDrop can only be set to receive messages from everyone for 10 minutes, before switching off. There's no longer a way to keep the "everyone" setting on permanently on Chinese iPhones.

The change, first noticed by Chinese readers of 9to5Mac, doesn't apply anywhere else.

Apple didn't respond to questions about the AirDrop change. It plans to make the "Everyone for 10 Minutes" feature a global standard next year, according to Bloomberg.

From the BBC: "Individuals associated with the U.S. military" are linked to an online propaganda campaign, Meta's latest adversarial-threat report says....

On Facebook, 39 accounts, 16 pages, and two groups were removed, as well as 26 accounts on Instagram, for violating the platforms' policy against "coordinated inauthentic behaviour". "This network originated in the United States," Meta wrote. It focused on countries including Afghanistan, Algeria, Iran, Iraq, Kazakhstan, Kyrgyzstan, Russia, Somalia, Syria, Tajikistan, Uzbekistan and Yemen — and mirrored tactics commonly used in propaganda campaigns against the West...

Some of those supporting the U.S. had posed as independent media outlets and some had tried to pass off content from legitimate outlets, such as BBC News Russian, as their own. The operation ran across many internet services, including Twitter, YouTube, Telegram, VKontakte and Odnoklassniki, according to Meta. "Although the people behind this operation attempted to conceal their identities and coordination, our investigation found links to individuals associated with the US military," its report says.
The article adds that experts believe the campaign "was largely ineffective."

This month Road & Track looked at "increased cybersecurity measures" automakers are adding to car systems — and how it's affecting the vendors of "aftermarket" enhancements: As our vehicles start to integrate more complex systems such as Advanced Driver Assist Systems and over-the-air updates, automakers are growing wary of what potential bad actors could gain access to by way of hacking. Whether those hacks come in an attempt to retrieve personal customer data, or to take control of certain aspects of these integrated vehicles, automakers want to leave no part of that equation unchecked. "I think there are very specific reasons why the OEMs are taking encryption more seriously," HP Tuners director of marketing Eddie Xu told R&T. "There's personal identifiable data on vehicles, there's more considerations now than just engine control modules controlling the engine. It's everything involved."

In order to prevent this from becoming a potential safety or legal issue, companies like Ford have moved to heavily encrypt their vehicle's software. S650 Mustang chief engineer Ed Krenz specifically noted that the new FNV architecture can detect when someone attempts to modify any of the vehicle's coding, and that it can respond by shutting down an individual vehicle system or the vehicle entirely if that's what is required.

That sort of total lockout presents an interesting challenge for [car performance] tuners who rely on access to things like engine and transmission control modules to create their products.
Last month Ford acknowledged tuners would find the S650 Mustang "much more difficult," the article points out. And they add that Dodge also "intends to lock down the Engine Control Units of its upcoming electric muscle car offerings, though it will offer performance upgrades via its own over-the-air network."

"We don't want to lock the cars and say you can't modify them," Dodge CEO Kuniskis told Carscoops. "We just want to lock them and say modify them through us so that we know it's done right."

Thanks to long-time Slashdot reader schwit1 for submitting the article.

Somewhere in Silicon Valley is a man "standing up to internet giants Comcast and AT&T," reports the Mercury News. (Alternate URL here.)

"Comcast told him it would cost $17,000 to speed up his internet. He rallied 41 South Bay neighbors to build their own lightning-fast fiber-optic network instead " Tech-rich but internet-poor, residents of the Silicon Valley neighborhood were fed up with sluggish broadband speeds of less than 25 Megabits-per-second (Mbps) download and 3 Mbps upload — the federal definition of a home unserved by adequate internet. Frustrated by the take-it-or-leave-it attitude of internet providers, they created their own solution — and now this tony enclave has one of the fastest residential speeds in the nation.

Scott Vanderlip, a software engineer, said Comcast gave him a $17,000 estimate to connect his home to the faster internet service at a neighbor's home. "You got to be kidding me — I can see it on the pole from my driveway," Vanderlip said, remembering his reaction to Comcast's quote.

So the self-described "town rebel" jumped at the chance to partner with a startup internet service provider called Next Level Networks. If Vanderlip could rally a few neighbors willing to invest a couple thousand dollars, Next Level would get them very fast internet. That was in 2017. Now, Vanderlip is president of the Los Altos Hills Community Fiber Association, which provides super-fast speeds — up to 10 Gigabits-per-second upload and download — to its over 40 association members, letting them transfer huge files and load webpages in the click of a computer mouse, Vanderlip said.

That's 125 times faster than the median download speed in Santa Clara County.
It helped that his home "also happened to sit near a local school with a spare fiber optic internet connection," the article points out.

But a startup internet service provider called Next Level Networks also handled "the infrastructure procurement, contracts, logistics and retail — essentially providing the residents a turnkey fiber optic internet service — while Vanderlip and two of his neighbors, who joined with an investment of $5,000 each, bought the fiber optic infrastructure, crowdsourced new members and mapped out an initial fiber route to their houses."

Thanks to Slashdot reader k6mfw for sharing the story!

ConsenSys has informed users that it is set to collect additional data from those using its popular Infrura tool, attracting criticism on social media in the process. From a report: Infura is an API-based tool that allows users to connect their application to the Ethereum network, which provides the basis for many key Web3 projects, such as Aragon, Gnosis, OpenZeppelin, and ConsenSys's own flagship wallet service MetaMask. After Infrura was first acquired by the New York-based blockchain firm in late 2019, the tool now boasts around 350,000 developers and also includes support for other blockchains like Polygon and Filecoin.

As per updates to ConsenSys' privacy policy, when you use Infura as your default remote procedure call (RPC) provider in MetaMask, it will collect your IP address and your Ethereum wallet address whenever you make a transaction. However, if you're using your own Ethereum node or a third-party RPC provider with MetaMask, ConsenSys says that "neither Infura nor MetaMask will collect your IP address or Ethereum wallet address." Alternative RPCs which can be utilized by Ethereum developers include Alchemy, QuickNode, Moralis, and Tatum. These tools have their own data collection policies, too, which could also be subject to change in the future.

An anonymous reader quotes a report from TechCrunch: Microsoft has warned that malicious hackers are exploiting a discontinued web server found in common Internet of Things (IoT) devices to target organizations in the energy sector. In an analysis published on Tuesday, Microsoft researchers said they had discovered a vulnerable open-source component in the Boa web server, which is still widely used in a range of routers and security cameras, as well as popular software development kits (SDKs), despite the software's retirement in 2005. The technology giant identified the component while investigating a suspected Indian electric grid intrusion first detailed by Recorded Future in April, where Chinese state-sponsored attackers used IoT devices to gain a foothold on operational technology (OT) networks, used to monitor and control physical industrial systems.

Microsoft said it has identified one million internet-exposed Boa server components globally over the span of a one-week period, warning that the vulnerable component poses a "supply chain risk that may affect millions of organizations and devices." The company added that it continues to see attackers attempting to exploit Boa flaws, which include a high-severity information disclosure bug (CVE-2021-33558) and another arbitrary file access flaw (CVE-2017-9833). "The known [vulnerabilities] impacting such components can allow an attacker to collect information about network assets before initiating attacks, and to gain access to a network undetected by obtaining valid credentials," Microsoft said, adding that this can allow the attackers to have a "much greater impact" once the attack is initiated. "The company has warned that mitigating these Boa flaws is difficult due to both the continued popularity of the now-defunct web server and the complex nature of how it is built into the IoT device supply chain," reports TechCrunch. "Microsoft recommends that organizations and network operators patch vulnerable devices where possible, identify devices with vulnerable components, and to configure detection rules to identify malicious activity."

An anonymous reader quotes a report from TechCrunch: Tumblr will add support for ActivityPub, the open, decentralized social networking protocol that's today powering social networking software like Twitter alternative Mastodon, the Instagram-like Pixelfed, video streaming service PeerTube, and others. The news was revealed in a response to a Twitter user's complaint about Mastodon's complexities. Automattic CEO Matt Mullenweg -- whose company acquired Tumblr from Verizon in 2019 -- suggested the user "come to Tumblr" as the site would soon "add activitypub for interconnect."

"Don't stress," he said, before clarifying that Tumblr first has to deal with the waves of new users coming in right now from Twitter, but that support for "interop and activitypub" were due to come "ASAP." In short, this announcement means Tumblr would move from being only a niche blogging platform to instead become a part of a larger, decentralized social network of sorts -- and one whose user base has grown in size in recent days as people flee Elon Musk's Twitter in search of new communities.

The ActivityPub protocol, its website explains, provides a client-to-server API for creating, updating, and deleting content as well as a federal server-to-server API for delivering notifications and subscribing to content. In practice, this means that Mastodon users can interact and follow users on other instances (independently run nodes), as well as with users on other social apps (like PeerTube), which also support the implementation of ActivityPub. It makes for a web of social networks where users can find and follow each other without having to set up new accounts on each new service. This is the opposite approach to today's "walled garden" social networks, where a post on one platform can't be viewed by those on others, unless you re-upload or repost the content directly or share a link to the other site where the content can be found.

An anonymous reader quotes a report from TorrentFreak: In May 2022, Italian police claimed that thousands of people had unwittingly subscribed to a pirate IPTV service being monitored by the authorities. When users tried to access illegal streams, a warning message claimed that they had already been tracked. With fines now being received through the mail, police are making some extraordinary claims about how this was made possible. [...] Today's general consensus is that hitting site operators is much more effective but whenever the opportunity appears, undermining user confidence should be part of the strategy. Italian police have been following the same model by shutting down pirate IPTV services (1,2,3) and warning users they're up next.

Letters recently sent to homes in Italy reveal that police were not bluffing. A copy letter obtained by Iilsole24ore identifies the send as the Nucleo Speciale Tutela Privacy e Frodi Tecnologiche, a Guardia di Finanza unit specializing in IT-related crime. It refers to an anti-IPTV police operation in May. The operation targeted around 500 pirate IPTV resources including websites and Telegram channels. At the time, police also reported that 310+ pieces of IPTV infrastructure, including primary and balancing servers distributing illegal streams, were taken offline. Police also claimed that a tracking system made it possible to identify the users of the pirate streams. The letter suggests extraordinary and potentially unprecedented tactics.

The letters state that Italian authorities were able to track the IPTV users by "arranging for the redirection of all Internet service providers' national connections" so that subscribers placed their orders on a police-controlled server configured to record their activity. In comments to Iilsole24ore, Gian Luca Berruti, head of investigations at the Guardia di Finanza, describes the operation as "decisive" in the fight against cybercrime. Currently deployed to Italy's National Cybersecurity Agency, Berruti references "innovative investigative techniques" supported by "new technological tools." Technical details are not being made public, but it's claimed that IPTV users were tracked by "tracing of all connections to pirate sites (IPs) combined, in real-time," and "cross-referencing telematic information with that derived from the payment mechanisms used." The police operation in May was codenamed Operazione:Dottor Pezzotto. A Telegram channel with exactly the same branding suffered a traffic collapse at exactly the same time. "The letters refer to an administrative copyright infringement fine of just 154 euros or 'in case of recidivism' a total of 1,032 euros," notes the report. "However, if people pay their fines within 60 days, the amounts are reduced to 51 euros and 344 euros respectively."

"Around 1,600 people are believed to have been targeted in this first wave of letters but according to Andrea Duillo, CEO of Sky Italia, this is just the start."

The creator of the Linux/macOS package manager Homebrew has a new package manager named Tea. But according to Stack Overflow's podcast, the software also "aims to solve the problem of providing funding for popular open source projects." While he is not a crypto bull, Max was inspired with a solution for the open source funding dilemma by his efforts to buy and sell an NFT. A contract written in code and shared in public enforced a rule sending a portion of his proceeds to the digital objects original creator. What if the same funding mechanism could be applied to open source projects? In March of 2022, Max and his co-founder launched Tea, a sort of spirtual successor to Homebrew. It has a lot of new features Max wanted in a package manager, plus a blockchain based approach to ensuring that creators, maintainers, and contributors of open source software can all get paid for their efforts.

You can read Max's launch post on Tea here and yes, of course there is a white paper.
The paper describes the proposed solution as "a decentralized system for fairly remunerating open-source developers based on their contributions to the entire ecosystem and enacted through the tea incentive algorithm applied across all entries in the tea registry." And the launch post calls tea "our revolution against a failing system," arguing "We're taking our knowledge of how to make development more efficient and throwing innovations nobody has ever really considered before.

"Package managers haven't been sexy. Until now. Most importantly, we're moving the package registry on-chain (relax, we'll use a low-energy proof of stake chain). This has numerous benefits due to the inherent benefits of blockchain technology." For starters, decentralized storage will make the packages always-available and immutable, signed by maintainers themselves. But there's more: web3 has enabled novel new ways to distribute value, and with our system people who care about the health of the open source ecosystem buy some token and stake it. Periodically, we reward this staking because it is securing our token network. We give a portion of these rewards to the staker and a portion to packages of their choice along with all the dependencies of those packages.

Note that no portion goes to us. We're not like the other app stores.... tea is the home to a DAO that will ensure the open source maintainers that keep the Internet running are rewarded as they deserve.
An introduction to the white paper adds that in the spirit of the open source movement, "we're inviting developers, speculators, and enthusiasts alike to contribute to our white paper and help brew the future of the internet. This is our revolutionary undertaking to create equitable openâsource for web3, and we want you to be a part of laying its groundwork."

Thanks to guest reader for submitting the story.

Six years after we saw the FCC formally propose "nutrition labels" for your carrier's potentially confusing array of plans, the agency says it's finally happening. The Verge reports: This week, it's ordering US internet service providers to adopt the label format you're looking at [here] -- or it will, as soon as some last bureaucratic elements get worked out. They've changed a bit since 2016 -- now, each plan will apparently have its own label rather than ISPs trying to cram all of them into a single sheet, they don't warn you about coverage, and apparently, ISPs will be able to point you to their network management policy legalese instead of having to ding themselves for throttling data or giving some apps a fast lane. They won't have to report packet loss, either, it seems. Thankfully, ISPs will still need to report their typical speeds and latency, not just reiterate their advertised speed. Hopefully, someone will audit that.

Most big ISPs will have six months to slap the new labels onto their websites and distribute them in stores, though the FCC's giving ones with less than 100,000 subscribers a full year to comply. But none of those shot clocks start until the Office of Management and Budget reviews the order to make sure it complies with the Paperwork Reduction Act and similar statutes, the FCC notes, so it might be a bit longer. In the meanwhile, FCC Chair Jessica Rosenworcel suggests that ISPs might want to get ahead of things and adopt them on their own. The FCC also says it hopes these labels will evolve from here [...].

The Spanish police have dismantled a network of pirated streaming sites that illegally distributed content from 2,600 TV channels and 23,000 movies and series to roughly 500,000 users. From a report: The law enforcement action took place in a joint operation involving the Spanish police and EUROPOL, resulting in the arrest of four operators in Malaga. Additionally, 95 resellers in Spain, Malta, Portugal, Cyprus, Greece, and the United Kingdom have been identified. The pirated TV network used numerous websites to advertise and promote subscription-based streaming services, listing unlimited access to channels from different platforms. The live streams from these platforms were decoded with stolen or abused accounts and passwords and then re-broadcasted to the subscribers' video player clients. The resellers bought the subscription packages from the organization operators and resold them to thousands of people in their local countries to profit from the price difference.

An anonymous reader quotes a report from Ars Technica: Last month, the alleged masterminds behind Z-Library -- an e-book pirate site that claims to be "the world's largest library" -- were arrested. According to a press release yesterday from the US Department of Justice, Russian nationals Anton Napolsky and Valeriia Ermakova have been charged with "criminal copyright infringement, wire fraud and money laundering for operating Z-Library." "As alleged, the defendants profited illegally off work they stole, often uploading works within mere hours of publication, and in the process victimized authors, publishers, and booksellers," Breon Peace, the United States attorney for the Eastern District of New York, said in a statement.

At the request of the US government, Napolsky and Ermakova were arrested in Argentina on November 3. On the same day, the US government seized "a complex network of approximately 249 interrelated web domains," the press release said. For many less web-savvy users, the domain seizure essentially shut down access to Z-Library's 11 million e-books, but anyone on the dark web knows it's still up and running -- suggesting that while arresting Napolsky and Ermakova has stifled Z-Library, it has not shuttered it, and it could come back. TorrentFreak reported that it's still unknown if the pair has been involved with Z-Library since the start. Michael J. Driscoll, the assistant director in charge at the New York Federal Bureau of Investigation field office, seems to suspect they have. Although the indictment is only focused on the duo's alleged criminal activity between 2018 and 2022, Driscoll said that they are believed to have "operated a website for over a decade whose central purpose was providing stolen intellectual property, in violation of copyright laws."

"Intellectual property theft crimes deprive their victims of both ingenuity and hard-earned revenue," Driscoll said. "The FBI is determined to ensure those willing to steal and profit from the creativity of others are stopped and made to face the consequences in the criminal justice system." If Napolsky and Ermakova are charged, the indictment said that they will be required to "forfeit any property, real or personal, constituting, or derived from, proceeds obtained directly or indirectly as a result of such offenses." TorrentFreak reported that Argentina has not yet received a request from the US to extradite the accused Z-Library operators, but that will be the next step toward shutting down Z-Library. "Z-Library has linked eager readers to millions of free e-books since 2009, but it wasn't until Z-Library began recently trending on TikTok that authors protesting the piracy decided enough was enough," adds Ars. The TikTok hashtag #zlibrary was viewed 19 million times, which spurred The Authors Guild to complain to the Office of the United States Trade Representative.

"Z-Library is killing us," romance writer Sarina Bowen told officials. "A book we release in the morning is up on Z-Library by lunchtime. This isn't the only site that hurts us, but it's the site that keeps showing up in TikTok videos."

Mozilla today released its annual "State of Mozilla" report and for the most part, the news here is positive. From a report: Mozilla Corporation, the for-profit side of the overall Mozilla organization, generated $585 million from its search partnerships, subscriptions and ad revenue in 2021 -- up 25% from the year before. And while Mozilla continues to mostly rely on its search partnerships, revenue from its new products like the Mozilla VPN, Mozilla Developer Network (MDN) Plus, Pocket and others now accounts for $57 million of its revenue, up 125% compared to the previous year. For the most part, that's driven by ads on the New Tab in Firefox and in Pocket, but the security products now also have an annual revenue of $4 million.

With the launch of this year's report, the Mozilla leadership team is also taking some time to look ahead, because in many ways, this is an inflection point for Mozilla. When Mozilla was founded, the internet was essentially the web and the browser was the way to access it. Since then, the way we experience the internet has changed dramatically and while the browser is still one of the most important tools around, it's not the only one. With that, Mozilla, too, has to change. Its Firefox browser has gone from dominating the space to being something of a niche product, but the organization's mission ("to ensure the internet is a global public resource, open and accessible to all") is just as important today -- and maybe more so -- as it was almost 25 years ago when Mozilla was founded.

An anonymous reader quotes a report from ZDNet: For years, 5G wasn't able to deliver on its high-speed, low-latency promises. Things have changed. Today, 5G is finally delivering on its performance promises. A big reason for that, proclaimed Arpit Joshipura, the Linux Foundation's general manager of Networking, Edge, and IoT at ONE Summit North America, a networking trade show, is 5G's open-source networking foundation. Joshipura said, "The industry has surpassed the tipping point when it comes to leveraging open source for enabling digital transformation. Leading organizations are using our projects' code -- which continues to evolve and mature -- in real-world deployments to scale."

How big a tipping point? According to Joshipura, 5G deployment is now over 50%. And according to some analysts, by 2030, 5G will reach $7 trillion -- that's trillion, not billion -- in economic value. Behind all this, Joshipura said, "is a radical shift toward open networks and frameworks. This continues irrespective of economic and political headwinds. Indeed, open source is probably the only area that hasn't been impacted because of its ability to cross borders and boundaries to do what needs doing." The Linux Foundation is working on an End-to-End, 5G Super Blueprint to bring together a wide variety of open-source networking programs and projects.

"While still a work in progress, it maps out a way to bring together multiple open-source and cloud-native projects into a relatively simple 5G deployment map," adds ZDNet. "It's designed so that any telecom can put together a high-bandwidth, low-latency, scalable, and cost-effective digital networking infrastructure all the way from end-user devices to the edge to cloud applications."

An anonymous reader quotes a report from Ars Technica: Privacy-focused search site DuckDuckGo has added yet another way to prevent more of your data from going to advertisers, opening its App Tracking Protection for Android to beta testers. DuckDuckGo is positioning App Tracking Protection as something like Apple's App Tracking Transparency for iOS devices, but "even more powerful." Enabling the service in the DuckDuckGo app for Android (under the "More from DuckDuckGo" section) installs a local VPN service on your phone, which can then start automatically blocking trackers on DDG's public blocklist. DuckDuckGo says this happens "without sending app data to DuckDuckGo or other remote servers."

Google recently gave Android users some native tools to prevent wanton tracking, including app-by-app location-tracking approval and a limited native ad-tracking opt-out. Apple's App Tracking Transparency asks if users want to block apps from accessing the Identifier for Advertisers (IDFA), but apps can still use the largest tracking networks across many apps to better profile app users. Allison Goodman, senior communications manager for DuckDuckGo, told Ars Technica that App Tracking Protection needs Android's VPN permission so it can monitor network traffic. When it recognizes a tracker from its blocklist, it "looks at the destination domain for any outbound request and blocks them if they are in our blocklist and the requesting app is not owned by the same company that owns the domain." Goodman added that "much of the data collected by trackers is not controlled by [Android] permissions," making App Tracking Protection a complementary offering.

An anonymous reader quotes a report from BleepingComputer: The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell (CVE-2021-44228) remote code execution vulnerability. After deploying the cryptocurrency miner, the Iranian threat actors also set up reverse proxies on compromised servers to maintain persistence within the FCEB agency's network.

"In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," the joint advisory reads. The two U.S. federal agencies added that all organizations who haven't yet patched their VMware systems against Log4Shell should assume that they've already been breached and advise them to start hunting for malicious activity within their networks.

CISA warned in June that VMware Horizon and Unified Access Gateway (UAG) servers are still being preyed upon by multiple threat actors, including state-sponsored hacking groups, using Log4Shell exploits. Log4Shell can be exploited remotely to target vulnerable servers exposed to local or Internet access to move laterally across breached networks to access internal systems that store sensitive data.