In a series of tests using fake data, a U.S. government watchdog was able to steal more than 1GB of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The experiment is detailed in a new report by the Department of the Interior's Office of the Inspector General (OIG), published last week. TechCrunch reports: The goal of the report was to test the security of the Department of the Interior's cloud infrastructure, as well as its "data loss prevention solution," software that is supposed to protect the department's most sensitive data from malicious hackers. The tests were conducted between March 2022 and June 2023, the OIG wrote in the report. The Department of the Interior manages the country's federal land, national parks and a budget of billions of dollars, and hosts a significant amount of data in the cloud. According to the report, in order to test whether the Department of the Interior's cloud infrastructure was secure, the OIG used an online tool called Mockaroo to create fake personal data that "would appear valid to the Department's security tools."

The OIG team then used a virtual machine inside the Department's cloud environment to imitate "a sophisticated threat actor" inside of its network, and subsequently used "well-known and widely documented techniques to exfiltrate data." "We used the virtual machine as-is and did not install any tools, software, or malware that would make it easier to exfiltrate data from the subject system," the report read. The OIG said it conducted more than 100 tests in a week, monitoring the government department's "computer logs and incident tracking systems in real time," and none of its tests were detected nor prevented by the department's cybersecurity defenses.

"Our tests succeeded because the Department failed to implement security measures capable of either preventing or detecting well-known and widely used techniques employed by malicious actors to steal sensitive data," said the OIG's report. "In the years that the system has been hosted in a cloud, the Department has never conducted regular required tests of the system's controls for protecting sensitive data from unauthorized access." That's the bad news: The weaknesses in the Department's systems and practices "put sensitive [personal information] for tens of thousands of Federal employees at risk of unauthorized access," read the report. The OIG also admitted that it may be impossible to stop "a well-resourced adversary" from breaking in, but with some improvements, it may be possible to stop that adversary from exfiltrating the sensitive data.

Wikipedia has downgraded tech website CNET's reliability rating following extensive discussions among its editors regarding the impact of AI-generated content on the site's trustworthiness. "The decision reflects concerns over the reliability of articles found on the tech news outlet after it began publishing AI-generated stories in 2022," adds Ars Technica. Futurism first reported the news. From the report: Wikipedia maintains a page called "Reliable sources/Perennial sources" that includes a chart featuring news publications and their reliability ratings as viewed from Wikipedia's perspective. Shortly after the CNET news broke in January 2023, Wikipedia editors began a discussion thread on the Reliable Sources project page about the publication. "CNET, usually regarded as an ordinary tech RS [reliable source], has started experimentally running AI-generated articles, which are riddled with errors," wrote a Wikipedia editor named David Gerard. "So far the experiment is not going down well, as it shouldn't. I haven't found any yet, but any of these articles that make it into a Wikipedia article need to be removed." After other editors agreed in the discussion, they began the process of downgrading CNET's reliability rating.

As of this writing, Wikipedia's Perennial Sources list currently features three entries for CNET broken into three time periods: (1) before October 2020, when Wikipedia considered CNET a "generally reliable" source; (2) between October 2020 and present, when Wikipedia notes that the site was acquired by Red Ventures in October 2020, "leading to a deterioration in editorial standards" and saying there is no consensus about reliability; and (3) between November 2022 and January 2023, when Wikipedia considers CNET "generally unreliable" because the site began using an AI tool "to rapidly generate articles riddled with factual inaccuracies and affiliate links."

Futurism reports that the issue with CNET's AI-generated content also sparked a broader debate within the Wikipedia community about the reliability of sources owned by Red Ventures, such as Bankrate and CreditCards.com. Those sites published AI-generated content around the same period of time as CNET. The editors also criticized Red Ventures for not being forthcoming about where and how AI was being implemented, further eroding trust in the company's publications. This lack of transparency was a key factor in the decision to downgrade CNET's reliability rating. A CNET spokesperson said in a statement: "CNET is the world's largest provider of unbiased tech-focused news and advice. We have been trusted for nearly 30 years because of our rigorous editorial and product review standards. It is important to clarify that CNET is not actively using AI to create new content. While we have no specific plans to restart, any future initiatives would follow our public AI policy."

Hackers targeting individuals in the cryptocurrency sector are using a sophisticated phishing scheme that begins with a malicious link on Calendly. "The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call," reports Krebs on Security. "But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems." From the report: A search in Google for a string of text from that script turns up a December 2023 blog post from cryptocurrency security firm SlowMist about phishing attacks on Telegram from North Korean state-sponsored hackers. "When the project team clicks the link, they encounter a region access restriction," SlowMist wrote. "At this point, the North Korean hackers coax the team into downloading and running a 'location-modifying' malicious script. Once the project team complies, their computer comes under the control of the hackers, leading to the theft of funds."

SlowMist says the North Korean phishing scams used the "Add Custom Link" feature of the Calendly meeting scheduling system on event pages to insert malicious links and initiate phishing attacks. "Since Calendly integrates well with the daily work routines of most project teams, these malicious links do not easily raise suspicion," the blog post explains. "Consequently, the project teams may inadvertently click on these malicious links, download, and execute malicious code."

SlowMist said the malware downloaded by the malicious link in their case comes from a North Korean hacking group dubbed BlueNoroff, which Kaspersky Labs says is a subgroup of the Lazarus hacking group. "A financially motivated threat actor closely connected with Lazarus that targets banks, casinos, fin-tech companies, POST software and cryptocurrency businesses, and ATMs," Kaspersky wrote of BlueNoroff in Dec. 2023.

According to the Washington Post (paywalled), the FBI is using mobile push notification data to unmask people suspected of serious crimes, such as pedophilia, terrorism, and murder. Gizmodo reports: The Post did a little digging into court records and found evidence of at least 130 search warrants filed by the feds for push notification data in cases spanning 14 states. In those cases, FBI officials asked tech companies like Google, Apple, and Facebook to fork over data related to a suspect's mobile notifications, then used the data to implicate the suspect in criminal behavior linked to a particular app, even though many of those apps were supposedly anonymous communication platforms, like Wickr.

How exactly is this possible? Push notifications, which are provided by a mobile operating system provider, include embedded metadata that can be examined to understand the use of the mobile apps on a particular phone. Apps come laced with a quiet identifier, a "push token," which is stored on the corporate servers of a company like Apple or another phone manufacturer after a user signs up to use a particular app. Those tokens can later be used to identify the person using the app, based on the information associated with the device on which the app was downloaded. Even turning off push notifications on your device doesn't necessarily disable this feature, experts contend. [...]

If finding new ways to catch pedophiles and terrorists doesn't seem like the worst thing in the world, the Post article highlights the voices of critics who fear that this kind of mobile data could be used to track people who have not committed serious crimes -- like political activists or women seeking abortions in states where the procedure has been restricted.

Angie Byron, a long-time member of the Drupal community, offers guidance on avoiding common mistakes and general good-practices for those new to contributing to open-source projects: [...] You might not know it yet, but as a newcomer to an open source project, you have this AMAZING superpower: you are often-times the only one in that whole project capable of reading the documentation through new eyes. Because I can guarantee, the people who wrote that documentation are not new. :-)

So take time to read the docs and file issues (or better yet, pull requests) for anything that was unclear. This lets you get a "feel" for contributing in a project/community without needing to go way down the deep end of learning coding standards and unit tests and commit signing and whatever other bananas things they're about to make you do. :) Also, people are more likely to take time to help you, if you've helped them first!

Jacob Kaplan-Moss, one of the lead developers of Django, writes in a long post that he says has come from a place of frustration: [...] Instead, every time a maintainer finds a way to get paid, people show up to criticize and complain. Non-OSI licenses "don"t count" as open source. Someone employed by Microsoft is "beholden to corporate interests" and not to be trusted. Patreon is "asking for handouts." Raising money through GitHub sponsors is "supporting Microsoft's rent-seeking." VC funding means we're being set up for a "rug pull" or "enshitification." Open Core is "bait and switch."

None of this is hypothetical; each of these examples are actual things I've seen said about maintainers who take money for their work. One maintainer even told me he got criticized for selling t-shirts! Look. There are absolutely problems with every tactic we have to support maintainers. It's true that VC investment comes with strings attached that often lead to problems down the line. It sucks that Patreon or GitHub (and Stripe) take a cut of sponsor money. The additional restrictions imposed by PolyForm or the BSL really do go against the Freedom 0 ideal. I myself am often frustrated by discovering that some key feature I want out of an open core tool is only available to paid licensees.

But you can criticize these systems while still supporting and celebrating the maintainers! Yell at A16Z all you like, I don't care. (Neither do they.) But yelling at a maintainer because they took money from a VC is directing that anger in the wrong direction. The structural and societal problems that make all these different funding models problematic aren't the fault of the people trying to make a living doing open source. It's like yelling at someone for shopping at Dollar General when it's the only store they have access to. Dollar General's predatory business model absolutely sucks, as do the governmental policies that lead to food deserts, but none of that is on the shoulders of the person who needs milk and doesn't have alternatives.

Citing potential national security risks, the Biden administration says it will investigate Chinese-made "smart cars" that can gather sensitive information about Americans driving them. From a report: The probe could lead to new regulations aimed at preventing China from using sophisticated technology in electric cars and other so-called connected vehicles to track drivers and their personal information. Officials are concerned that features such as driver assistance technology could be used to effectively spy on Americans.

While the action stops short of a ban on Chinese imports, President Joe Biden said he is taking unprecedented steps to safeguard Americans' data. "China is determined to dominate the future of the auto market, including by using unfair practices," Biden said in a statement Thursday. "China's policies could flood our market with its vehicles, posing risks to our national security. I'm not going to let that happen on my watch." Biden and other officials noted that China has imposed wide-ranging restrictions on American autos and other foreign vehicles. Commerce Secretary Gina Raimondo said connected cars "are like smart phones on wheels" and pose a serious national security risk.

Emily Shugerman reports via The Daily Beast: Gemini, the crypto startup owned by the Winklevoss twins, will have to return $1.1 billion to customers who lost money in their partnership with the now-bankrupt crypto lender Genesis. In a deal with the New York State Department of Financial Services, Gemini agreed to return the funds lost by customers of its Earn program, in which users could loan their crypto to Genesis in exchange for interest payments. According to the Department of Financial Services, Gemini "did not fully vet or sufficiently monitor [Genesis] throughout the life of Earn," and the company defaulted on its loans and then went bankrupt, leaving some 200,000 Earn customers empty-handed. "Gemini failed to conduct due diligence on an unregulated third party, later accused of massive fraud, harming Earn customers who were suddenly unable to access their assets after Genesis Global Capital experienced a financial meltdown," DFS Superintendent Adrienne A.Harris said in a statement. "Today's settlement is a win for Earn customers, who have a right to the assets they entrusted to Gemini."

In a tweet, Gemini said it was "pleased to announce that we have finally reached a settlement in principle with Genesis and other creditors in the Genesis Bankruptcy that will, if approved by the Bankruptcy Court, result in all Earn users receiving 100% of their digital assets back in kind." The DFS said Gemini would also pay $40 million to the Genesis bankruptcy for the benefit of Earn customers, as well as a $37 million fine for "significant failures that threatened the safety and soundness of the company."

An anonymous reader quotes a report from The Independent: Wildfires sweeping across Texas briefly forced the evacuation of America's main nuclear weapons facility as strong winds, dry grass and unseasonably warm temperatures fed the blaze. Pantex Plant, the main facility that assembles and disassembles America's nuclear arsenal, shut down its operations on Tuesday night as the Windy Deuce fire roared towards the Potter County location. Pantex re-opened and resumed operations as normal on Wednesday morning. Pantex is about 17 miles (27.36 kilometers) northeast of Amarillo and some 320 miles (515 kilometers) northwest of Dallas. Since 1975 it has been the US's main assembly and disassembly site for its atomic bombs. It assembled the last new bomb in 1991. "We have evacuated our personnel, non-essential personnel from the site, just in an abundance of caution," said Laef Pendergraft, a spokesperson for National Nuclear Security Administration's Production Office at Pantex. "But we do have a well-equipped fire department that has trained for these scenarios, that is on-site and watching and ready should any kind of real emergency arise on the plant site."

Michael Larabel reports via Phoronix: Back in 2022 Cloudflare announced they were ditching Nginx for an in-house, Rust-written software called Pingora. Today Cloudflare is open-sourcing the Pingora framework. Cloudflare announced today that they have open-sourced Pingora under an Apache 2.0 license. Pingora is a Rust async multi-threaded framework for building programmable network services. Pingora has long been used internally within Cloudflare and is capable of sustaining a lot of traffic while now Pingora is being open-sourced for helping to build infrastructure outside of Cloudflare. The Pingora Rust code is available on GitHub.

"Today, the KDE Community is announcing a new major release of Plasma 6.0 and Gear 24.02," writes longtime Slashdot reader jrepin. "The new version brings new windows and desktop overview effects, improved color management, a cleaner theme, better overall performance, and much more." From the announcement: KDE Plasma is a modern, feature-rich desktop environment for Linux-based operating systems. Known for its sleek design, customizable interface, and extensive set of applications, it is also open source, devoid of ads, and makes protecting your privacy and personal data a priority.

With Plasma 6, the technology stack has undergone two major upgrades: a transition to the latest version of the application framework, Qt 6, and a migration to the modern Linux graphics platform, Wayland. We will continue providing support for the legacy X11 session for users who prefer to stick with it for now. [...] KDE Gear 24.02 brings many applications to Qt 6. In addition to the changes in Breeze, many applications adopted a more frameless look for their interface.

San Francisco will vote next week on a divisive ballot measure that would authorize police to use surveillance cameras, drones and AI-powered facial recognition as the city struggles to restore a reputation tarnished by street crime and drugs. From a report: The Safer San Francisco initiative, formally called Proposition E, is championed by Mayor London Breed who believes disgruntled citizens will approve the proposal on Tuesday. Although technology fueled the Silicon Valley-adjacent city's decades-long boom, residents have a history of being deeply suspicious. In 2019, San Francisco, known for its progressive politics, became the first large U.S. city to ban government use of facial recognition due to concerns about privacy and misuse.

Breed, who is running for re-election in November, played down the potential for abuse under the ballot measure, saying safeguards are in place. "I get that people are concerned about privacy rights and other things, but technology is all around us," she said in an interview. "It's coming whether we want it to or not. And everyone is walking around with AI in their hands with their phones, recording, videotaping," Breed said. Critics of the proposal contend it could hurt disadvantaged communities and lead to false arrests, arguing surveillance technology requires greater oversight.

President Joe Biden will issue an executive order on Wednesday aimed at curbing foreign governments' ability to buy Americans' sensitive personal information such as heath and geolocation data, according to senior US officials. From a report: The move marks a rare policy effort to address a longstanding US national security concern: the ease with which anyone, including a foreign intelligence services, can legally buy Americans' data and then use the information for espionage, hacking and blackmail. The issue, a senior Justice Department official told reporters this week, is a "growing threat to our national security."

The executive order will give the Justice Department the authority to regulate commercial transactions that "pose an unacceptable risk" to national security by, for example, giving a foreign power large-scale access to Americans' personal data, the Justice Department official said. The department will also issue regulations that require better protection of sensitive government information, including geolocation data on US military members, according to US officials. A lot of the online trade in personal information runs through so-called data brokers, which buy information on people's Social Security numbers, names, addresses, income, employment history and criminal background, as well as other items.

"Countries of concern, such as China and Russia, are buying Americans' sensitive personal data from data brokers," a separate senior administration official told reporters. In addition to health and location data, the executive order is expected to cover other sensitive information like genomic and financial data. Administration officials told reporters the new executive order would be applied narrowly so as not to hurt business transactions that do not pose a national security risk. The White House's press release.

An anonymous reader quotes a report from Fortune: Zurich authorities have apologized to city employees after a technical glitch caused a double payment of monthly salaries that local officials are now trying to claw back. About 175 million francs ($200 million) was sent in error on Monday, which was the payday for February, according to a statement. Workers can't keep the money, and officials are trying to devise a streamlined process so that the 30,000 employees affected can easily return it.

A technical error at state-owned Zuercher Kantonalbank, which handles the city's salary transfers, is to blame. The bank itself said that faulty software from one of Swisscom AG's contractors caused the glitch. "Swisscom is aware of the seriousness of this incident and apologizes for the inconvenience caused," the telecommunications company said in a statement shared by the bank. The unexpected windfall prompted a flurry of employees calling up the city's offices to ask about the extra money, according to Swiss newspapers. Others mockingly described it as "inflation compensation" on the city's intranet, and demanded a repeat.

According to a new study published in the journal Proceedings of the National Academy of Sciences, West Antarctica's Thwaites Glacier began rapidly receding in the 1940s -- much earlier than scientists had previous thought. The Hill notes that it's often referred to as the "doomsday glacier" due to the potentially catastrophic consequences of its hypothetical collapse. From the report: While scientists had already observed the glacier's accelerated retreat by the 1970s, they did not know when it began. Coupled with earlier research about Thwaites's neighboring Pine Island Glacier, the study also provides new, potentially alarming, insight into the cause of the glacier's melting. Scientists tried to reconstruct the glacier's history using analysis of the marine sedimentary record, and they found the Thwaites and Pine Island glaciers both lost contact with the seafloor highs in the 1940s -- at around the same time. These significant changes happened against the backdrop of a massive El Nino weather phenomenon, the scientists found, showing the glaciers "were responding to the same driver(s)."

"The synchronous ice retreat of these two major ice streams suggests that, rather than being driven by internal dynamics unique to each glacier, retreat in the Amundsen Sea drainage sector results from external oceanographic and atmospheric drivers, which recent modeling studies show are modulated by climate variability," the study read. The scientists note that the glaciers' continued retreat shows how difficult it can be to reverse some of the consequences of naturally occurring weather events -- which they say is made even more difficult by human activity. "That ice streams such as Thwaites Glacier and Pine Island Glacier have continued to retreat since then indicates that they were unable to recover after the exceptionally large El Nino event of the 1940s," the scientists wrote. "This may reflect the increasing dominance of anthropogenic forcing since that time but implies that this involved large-scale, in additional to local, atmospheric and ocean circulation changes."

A federal judge in Texas has granted a temporary order blocking the U.S. government from monitoring the energy usage of cryptocurrency mining operations, stating that the industry had shown it would suffer "irreparable injury" if it was made to comply. The Guardian reports: The US Department of Energy had launched an "eemergency" initiative last month aimed at surveying the energy use of mining operations, which typically use vast amounts of computing power to solve various mathematical puzzles to add new tokens to an online network known as a blockchain, allowing the mining of currency such as bitcoin. The growth of cryptocurrency, and the associated mining of it, has been blamed for a surge in electricity use as data centers have sprung up across the US, even reviving, in some cases, ailing coal plants to help power the mining. [...]

"The massive energy consumption of cryptocurrency mining and its rapid growth in the United States threaten to undermine progress towards achieving climate goals, and threaten grids, communities and ratepayers," said Mandy DeRoche, deputy managing attorney of the clean energy program at Earthjustice. Until now, a lack of publicly available information has only benefited an "industry that has thrived in the shadows," DeRoche added.

The crypto mining industry, however, has claimed it is the victim of a "politically motivated campaign" by Joe Biden's administration and has, for now, succeeded in averting a survey that it contends is unfairly onerous. "This is an attack against legitimate American businesses with the administration feigning an emergency to score political points," said Lee Bratcher, president the Texas Blockchain Council, one of the groups that sued to stop the survey. "The White House has been clear that they desire to 'to limit or eliminate' bitcoin miners from operating in the United States. "Although bitcoin is resilient and cannot be banned, the administration is seeking to make the lives of bitcoin miners, their employees, and their communities too difficult to bear operating in the United States. This is deeply concerning."

"Documentation authors at Canonical have launched the Open Documentation Academy to offer an easy way to get started contributing to open-source projects," writes longtime Slashdot reader tykev. From the blog post: Open and inclusive collaboration, and the sharing of ideas, remains the best way to develop software (and to do many other things!), but we also recognise that this "getting involved" step can be difficult. Where do you start? Who do you ask? What needs to be done? We all very much want to help people become open source contributors by building an on-ramp process. It may take some time, and we will need to adapt, but this is exactly why we've started our Open Documentation Academy.

To help you get involved, the Open Documentation Academy provides a curated list of documentation tasks. Choose one, let us know, and get started. Tasks include testing and fixing tutorials, updating the outdated, restructuring large documents, and anything else you may want to suggest. Our list is growing, and a big part of the Documentation Academy will be ensuring there's always a wide range of tasks available, across as many projects and technologies as possible. And of course, we're here to help. We'll guide you through your first contributions, provide advice on approaches, and help you build your confidence.

Fast food chain Wendy's announced it's adopting a similar approach to Uber's Surge Pricing policy by dynamically adjusting the prices of its menu items during peak demand periods at certain locations. The controversial strategy seeks to leverage real-time data to align pricing and demand, enhancing efficiency and potentially improving customer satisfaction. From a report: During a conference call earlier this month, Wendy's CEO Kirk Tanner said the fast-food chain would experiment with dynamic pricing as early as next year. "Beginning as early as 2025, we will begin testing more enhanced features like dynamic pricing and daypart offerings, along with AI-enabled menu changes and suggestive selling," he said. "As we continue to show the benefit of this technology in our company-operated restaurants, franchisee interest in digital menu boards should increase, further supporting sales and profit growth across the system."

Prices seesaw all the time on the sites of online retailers like Amazon that use algorithms and artificial intelligence to monitor competitors and glean insights into individual shoppers, adjusting prices depending on interest in the product or in the brand, said Timothy Webb, an assistant professor at the University of Delaware's hospitality and sport business management program. Coupons and other offers are also routinely dangled in mobile apps to encourage people to make purchases. "A lot of this stuff is already happening even if you don't realize that it is happening. If you have the Starbucks app and I have the Starbucks app, we probably have different offers," Webb said. "We might not be in the drive-through and they just increased the prices, but we are already paying different prices for the same products."

But, he says, Wendy's fans will likely see moderate, not massive, price swings during periods of peak demand. "It's not like $200 or $300 on a flight. This is a hypercompetitive industry. If Wendy's goes up $2 to $3 on a burger at dinner time, I would be shocked. People have too many options. They will just walk down the street and eat at Burger King instead," Webb said. "There will just be little price changes here."

Apple has filed a lawsuit against the U.S. Patent and Trademark Office for refusing to grant trademarks covering the company's augmented-reality software development tools "Reality Composer" and "Reality Converter." Reuters reports: Apple, whose augmented-reality technology is a centerpiece of its newly released Vision Pro headset, asked the court (PDF) on Friday to reverse the USPTO's decision that the phrases were not distinctive enough to receive federal trademark protection. "Consumers must exercise imagination to understand how the nonsensical phrases 'reality composer' and 'reality converter' -- which sound like science fiction impossibilities -- relate to Apple's products," the complaint said. "They are suggestive, just as Burger King is a fast-food chain, not an actual monarch."

Apple's Reality Composer and Reality Converter allow developers to create and alter 3-D augmented-reality content for Apple apps. The content is compatible with Apple devices including the Vision Pro mixed-reality headset, which the tech giant began selling earlier this month. Turkish visual-effects company ZeroDensity challenged Apple's trademark applications at the USPTO, arguing that the phrases could not receive federal trademarks because they merely describe what the software does. ZeroDensity also said Apple's trademarks would cause confusion with its own "Reality"-related marks.

ZeroDensity, the named defendant in the case, said in a statement on Monday that it was "surprised and concerned by [Apple's] misinterpretation and misrepresentation of our company" and is "resolute in defending our 'Reality' trademarks." A USPTO tribunal agreed with ZeroDensity that Apple's marks were descriptive without addressing whether they would confuse consumers. Apple said in Friday's complaint that its phrases were "made-up terms coined by Apple that do not describe the underlying software development tools." "In contrast, descriptive terms like Raisin Bran or American Airlines straightforwardly describe the goods and services offered under the brand name," Apple said. "As innovative as Apple is, it cannot 'compose' or 'convert' reality." Apple argued that its marks would not cause consumer confusion and accused ZeroDensity of trying to "claim broad rights in the word 'reality,' which no one entity can monopolize."

Tumblr and Wordpress are preparing to sell user data to Midjourney and OpenAI, 404Media reported Tuesday, citing a source with internal knowledge about the deals and internal documents. From the report: The exact types of data from each platform going to each company are not spelled out in documentation we've reviewed, but internal communications reviewed by 404 Media make clear that deals between Automattic, the platforms' parent company, and OpenAI and Midjourney are imminent. The internal documentation details a messy and controversial process within Tumblr itself. One internal post made by Cyle Gage, a product manager at Tumblr, states that a query made to prepare data for OpenAI and Midjourney compiled a huge number of user posts that it wasn't supposed to. It is not clear from Gage's post whether this data has already been sent to OpenAI and Midjourney, or whether Gage was detailing a process for scrubbing the data before it was to be sent.