Meta has been fined $101.5 million by the Irish Data Protection Commission (DPC) for storing over half a billion user passwords in plain text for years, with some engineers having access to this data for over a decade. The issue, discovered in 2019, predominantly affected non-US users, especially those using Facebook Lite. AppleInsider reports: Meta Ireland was found guilty of infringing four parts of GDPR, including how it "failed to notify the DPC of a personal data breach concerning storage of user passwords in plain text." Meta Ireland did report the failure, but only some months after it was discovered. "It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data," said Graham Doyle, Deputy Commissioner at the DPC, in a statement about the fine. "It must be borne in mind, that the passwords the subject of consideration in this case, are particularly sensitive, as they would enable access to users' social media accounts."

Other than the fine and an official reprimand, the full extent of the DPC's ruling is yet to be released publicly. The details published so far do not reveal whether the passwords included any of US users as well as ones in Ireland or across the rest of the European Union. It's most likely that the issue concerns only non-US users, however. That's because in 2019, Facebook told CNN that the majority of the plain text passwords were for a service called Facebook Lite, which it described as being a cut-down service for areas of the world with slower connectivity.

The United Nations is set to vote on a treaty later this year intended to create norms for fighting cybercrime -- and the Biden administration is fretting over whether to sign on. Politico: The uncertainty over the treaty stems from fears that countries including Russia, Iran and China could use the text as a guise for U.N. approval of their widespread surveillance measures and suppression of the digital rights of their citizens. If the United States chooses not to vote in favor of the treaty, it could become easier for these adversarial nations -- named by the Cybersecurity and Infrastructure Security Agency as the biggest state sponsors of cybercrime -- to take the lead on cyber issues in the future. And if the U.S. walks away from the negotiating table now, it could upset other nations that spent several years trying to nail down the global treaty with competing interests in mind.

While the treaty is not set for a vote during the U.N. General Assembly this week, it's a key topic of debate on the sidelines, following meetings in New York City last week, and committee meetings set for next month once the world's leaders depart. The treaty was troubled from its inception. A cybercrime convention was originally proposed by Russia, and the U.N. voted in late 2019 to start the process to draft it -- overruling objections by the U.S. and other Western nations. Those countries were worried Russia would use the agreement as an alternative to the Budapest Convention -- an existing accord on cybercrime administered by the Council of Europe, which Russia, China and Iran have not joined.

The Justice Department unsealed criminal charges Friday against three Iranian operatives suspected of hacking Donald Trump's presidential campaign and disseminating stolen information to media organizations. From a report: The three accused hackers were employed by Iran's paramilitary Revolutionary Guard and their operation also targeted a broad swath of targets, including government officials, members of the media and non-governmental organizations, the Justice Department said.

The Trump campaign disclosed on Aug. 10 that it had been hacked and said Iranian actors had stolen and distributed sensitive internal documents. Multiple major news organizations that said they were leaked confidential information from inside the Trump campaign, including Politico, The New York Times and The Washington Post, declined to publish it.

"The Federal Trade Commission is cracking down on 'automation' companies that launch and manage online businesses on behalf of customers in exchange for an upfront investment," reports CNBC's Annie Palmer. "The latest case targets Ascend Ecom, which ran an e-commerce money-making scheme, primarily on Amazon." The FTC accuses the e-commerce company of defrauding consumers of at least $25 million through false claims, deceptive marketing practices, and attempts to suppress negative reviews. From the report: Jamaal Sanford received a disturbing email in May of last year. The message, whose sender claimed to be part of a "Russian shadow team," contained Sanford's home address, social security number and his daughter's college. It came with a very specific threat. The sender said Sanford, who lives in Springfield, Missouri, would only only be safe if he removed a negative online review. "Do not play tough guy," the email said. "You have nothing to gain by keeping the reviews and EVERYTHING to lose by not cooperating."

Months earlier, Sanford had left a scathing review for an e-commerce "automation" company called Ascend Ecom on the rating site Trustpilot. Ascend's purported business was the launching and managing of Amazon storefronts on behalf of clients, who would pay money for the service and the promise of earning thousands of dollars in "passive income." Sanford had invested $35,000 in such a scheme. He never recouped the money and is now in debt, according to a Federal Trade Commission lawsuit unsealed on Friday. His experience is a key piece of the FTC's suit, which accuses Ascend of breaking federal laws by making false claims related to earnings and business performance, and threatening or penalizing customers for posting honest reviews, among other violations. The FTC is seeking monetary relief for Ascend customers and to prevent Ascend from doing business permanently.

Mozilla has been hit with a complaint by EU privacy group noyb, accusing it of violating GDPR by tracking Firefox users by default without their consent. TechCrunch reports: Mozilla calls the feature at issue "Privacy Preserving Attribution" (PPA). But noyb argues this is misdirection. And if EU privacy regulators agree with the complaint the Firefox-maker could be slapped with orders to change tack -- or even face a penalty (the GDPR allows for fines of up to 4% of global revenue). "Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites," noyb wrote in a press release. "In essence, the browser is now controlling the tracking, rather than individual websites. While this might be an improvement compared to even more invasive cookie tracking, the company never asked its users if they wanted to enable it. Instead, Mozilla decided to turn it on by default once people installed a recent software update. This is particularly worrying because Mozilla generally has a reputation for being a privacy-friendly alternative when most other browsers are based on Google's Chromium."

Another component of noyb's objection is that Mozilla's move "doesn't replace cookies either" -- Firefox simply wouldn't have the market share and power to shift industry practices -- so all it's done is produce another additional way for websites to target ads. [...] The noyb-backed complaint (PDF), which has been filed with the Austrian data protection authority, accuses Mozilla of failing to inform users about the processing of their personal data and of using an opt-out -- rather than an affirmative "opt-in" -- mechanism. The privacy rights group also wants the regulator to order the deletion of all data collected so far. In a statement attributed to Christopher Hilton, its director of policy and corporate communications, Mozilla said that it has only conducted a "limited test" of a PPA prototype on its own websites.While acknowledging poor communication around the effort, the company emphasized that no user data has been collected or shared and expressed its commitment to engaging with stakeholders as it develops the technology further.

The Verge's Emma Roth reports: NotebookLM, Google's AI note-taking app, can now summarize and help you dig deeper into YouTube videos. The new capability works by analyzing the text in a YouTube video's transcript, including autogenerated ones. Once you add a YouTube link to NotebookLM, it will use AI to provide a brief summary of key topics discussed in the transcript. You can then click on these topics to get more detailed information as well as ask questions. (If you're struggling to come up with something to ask, NotebookLM will suggest some questions.)

After clicking on some of the topics, I found that NotebookLM backs up the information provided in its chat window with a citation that links you directly to the point in the transcript where it's mentioned. You can also create an Audio Overview based on the content, which is a podcast-style discussion hosted by AI. I found that the feature worked on most of the videos I tried, except for ones published within the past two days or so. [...] In addition to adding support for YouTube videos, Google announced that NotebookLM now supports audio recordings as well, allowing you to search transcribed conversations for certain information and create study guides.

California Governor Gavin Newsom has signed a law (AB 2426) to combat "disappearing" purchases of digital games, movies, music, and ebooks. The legislation will force digital storefronts to tell customers they're just getting a license to use the digital media, rather than suggesting they actually own it. From a report: When the law comes into effect next year, it will ban digital storefronts from using terms like "buy" or "purchase," unless they inform customers that they're not getting unrestricted access to whatever they're buying. Storefronts will have to tell customers they're getting a license that can be revoked as well as provide a list of all the restrictions that come along with it. Companies that break the rule could be fined for false advertising.

"Looks like there's a storm brewing, and it's not good news," writes ancient Slashdot reader jd. "Whether or not the bugs are classically security defects or not, this is extremely bad PR for the Linux and Open Source community. It's not clear from the article whether this affects other Open Source projects, such as FreeBSD." From a report: A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems. As per agreements with developers, the flaw, which has existed for over a decade, will be fully disclosed in less than two weeks. Despite the severity of the issue, no Common Vulnerabilities and Exposures (CVE) identifiers have been assigned yet, although experts suggest there should be at least three to six. Leading Linux distributors such as Canonical and RedHat have confirmed the flaw's severity, rating it 9.9 out of 10. This indicates the potential for catastrophic damage if exploited. However, despite this acknowledgment, no working fix is still available. Developers remain embroiled in debates over whether some aspects of the vulnerability impact security.

OpenAI is working on a plan to restructure its core business into a for-profit benefit corporation that will no longer be controlled by its non-profit board. "Chief executive Sam Altman will also receive equity for the first time in the for-profit company, which could be worth $150 billion after the restructuring as it also tries to remove the cap on returns for investors," reports Reuters. From the report: The OpenAI non-profit will continue to exist and own a minority stake in the for-profit company, the sources said. The move could also have implications for how the company manages AI risks in a new governance structure. [...] The details of the proposed corporate structure, first reported by Reuters, highlight significant governance changes happening behind the scenes at one of the most important AI companies. The plan is still being hashed out with lawyers and shareholders and the timeline for completing the restructuring remains uncertain, the sources said. "We remain focused on building AI that benefits everyone, and we're working with our board to ensure that we're best positioned to succeed in our mission. The non-profit is core to our mission and will continue to exist," an OpenAI spokesperson said.

Earlier today, OpenAI's chief technology officer Mira Murati announced her departure from the company. Her resignation follows the departures of founders Ilya Sutskever and John Schulman.

Further reading: OpenAI Pitched White House On Unprecedented Data Center Buildout

As of September 11th, Russia has blocked access to OONI Explorer, citing concerns over circumvention tools. This block affects Russian users' ability to access not only circumvention data but also the extensive dataset on global internet censorship that OONI provides. From a blog post: OONI Explorer is one of the largest open datasets on internet censorship around the world. We first launched this web platform back in 2016 with the goal of enabling researchers, journalists, and human rights defenders to investigate internet censorship based on empirical network measurement data that is contributed by OONI Probe users worldwide. Every day, we publish new measurements from around the world in real-time.

Today, OONI Explorer hosts more than 2 billion network measurements collected from 27 thousand distinct networks in 242 countries and territories since 2012. Out of all countries, OONI Probe users in Russia contribute the second largest volume of measurements (following the U.S, where OONI Probe users contribute the most measurements out of any country). This has enabled us to study various cases of internet censorship in Russia, such as the blocking of Tor, the blocking of independent news media websites, and how internet censorship in Russia changed amid the war in Ukraine.

In this report, we share OONI data on the blocking of OONI Explorer in Russia.

The FAA's air traffic control systems are significantly out of date and won't be updated until the 2030s, according to a report from the U.S. Government Accountability Office (GAO). The Register reports: In a report released Monday, the GAO said that 51 of the FAA's 138 ATC systems -- more than a third -- were unsustainable due to a lack of parts, shortfalls in funding to sustain them, or a lack of technology refresh funding to replace them. A further 54 systems were described as "potentially unsustainable" for similar reasons, with the added caveat that tech refresh funding was available to them. "FAA has 64 ongoing investments aimed at modernizing 90 of the 105 unsustainable and potentially unsustainable systems," the GAO said in its report. "However, the agency has been slow to modernize the most critical and at-risk systems."

The report said the seemingly perilous status of 17 systems was "especially concerning" as these are deemed to have critical operational impact at the same time as being unsustainable and having extended completion dates -- the first of them won't be modernized until 2030 at the earliest. Others aren't planned to be complete until 2035, and four of the 17 "most critical and at-risk FAA ATC systems" have no modernization plans at all. Of the systems on the list, two are more than 40 years old, and a further seven have been in service for more than 30 years.

Steep online discounts aren't as sweet as they used to be. From a report: The average discount offered by online retailers in the US is down to 36% so far this year, data from Centric Market Intelligence shows. That's down two percentage points from last year, and down from an average of 42% in 2019 -- a 14% drop in real terms. Finding a bargain is getting tougher for a variety of reasons, according to retail experts who spoke with Sherwood. Sellers are having to pay more for raw materials, and they're shelling out more in customer-acquisition costs to get you to order from them. Fulfilling online orders is also generally more expensive than selling items in person. All these add up to increased costs that make it harder to offer discounts.

The Department of Justice has filed an antitrust lawsuit against Visa, alleging that the financial services firm has an illegal monopoly over debit network markets and has attempted to unlawfully crush competitors, including fintech companies like PayPal and Square. From a report: The lawsuit follows a multiyear investigation of Visa which the company disclosed in 2021. "We allege that Visa has unlawfully amassed the power to extract fees that far exceed what it could charge in a competitive market," Attorney General Merrick Garland said in a statement. "Merchants and banks pass along those costs to consumers, either by raising prices or reducing quality or service. As a result, Visa's unlawful conduct affects not just the price of one thing -- but the price of nearly everything."

Visa makes more than $7 billion a year in payment processing fees alone, and more than 60 percent of debit transactions in the United States run on Visa's network, the complaint claims. The government alleges that Visa's market dominance is partly due to the "web of exclusionary agreements" it imposes on businesses and banks. Visa has also attempted to "smother" competitors -- including smaller debit networks and newer fintech companies -- the complaint alleges. Visa executives allegedly feel particularly threatened by Apple, which the company has described as an "existential threat," the DOJ claims.

An anonymous reader shares a report: The Pacific country of Kiribati might be surrounded by water, but on land its population is running dry. The ocean around them is steadily encroaching, contaminating underground wells and leeching salt into the soil. "Our waters have been infected," climate activist and law student Christine Tekanene says. "Those who are affected, they now can't survive with the water that changed after sea level rise." The freshwater crisis is just one of the many threats driven by rising seas in Kiribati. Its people live on a series of atolls, peaking barely a couple of metres above a sprawling tract of the Pacific Ocean. As global temperatures rise and ice sheets melt, Kiribati -- and other low-lying nations like it -- are experiencing extreme and regular flooding, frequent coastal erosion and persistent food and water insecurity.

This week the United Nations general assembly will hold a high-level meeting to address the existential threats posed by sea level rise as the issue climbs the international agenda; last year the UN security council debated it for the first time. Wednesday's meeting aims to build political consensus on action to address the widespread social, economic and legal consequences of rising seas. Samoa's UN representative, Fatumanava Dr Pa'olelei Luteru, says the upcoming UN meeting is long overdue and "extremely important" for island nations. "Economically, militarily, we're not powerful," says Luteru, who also serves as the current chair of the Alliance of Small Island States (AOSIS). "At least within the context of the UN and the multilateral system we have the possibility and the opportunity to engage and achieve some of the things that are a priority for us."

An anonymous reader shares a report: The alleged Iranian hack of Donald Trump's orbit continued at least until mid-September and may be ongoing, a document the hackers shared with a progressive publication reveals. Iranian authorities have denied any involvement in the efforts to leak internal documents from Trump's campaign, which have reportedly been sent to major US publications including Politico and The New York Times, and to the Biden campaign. But the campaign and outside analysts have blamed the hack on the Iranians, who have ample reasons for hostility to the former president and also allegedly plotted his assassination.

The publisher of the newsletter Popular Information, Judd Legum, writes this morning that a source under the name "Robert" shared a set of documents with him. Those included a research dossier on JD Vance matching other publications' descriptions of the hacked material. But the leak also included a legal letter to The New York Times complaining about an article that raised questions about the validity of Trump's image as a successful businessman.

Speaking of California, its governor Gavin Newsom has signed into law a a bill that requires schools to limit or ban the use of smartphones, amid a growing consensus that excess usage can increase the risk of mental illness and impair learning. From a report: Thirteen other states this year have banned or restricted cellphones in school or recommended local educators do so, after Florida led the way by banning phones in class in 2023, according to Education Week. California, with nearly 5.9 million public school students, has followed the lead of its own Los Angeles County, whose school board banned smartphones for its 429,000 students in June.

That same month U.S. Surgeon General Vivek Murthy called for a warning label on social media platforms, akin to those on cigarette packages, likening the problem to a mental health emergency. Murthy cited a study in the medical journal JAMA showing adolescents who spend more than three hours a day on social media may be at heightened risk of mental illness, while referring to a Gallup poll showing the average teen spends 4.8 hours per day on social media. California's bill, which passed 76-0 in the state assembly and 38-1 in the senate, requires school boards or other governing bodies to develop a policy to limit or prohibit student use of smartphones on campus by July 1, 2026, and update the policy every five years.

An anonymous reader quotes a report from the New York Times: Paper or paper? In California, shoppers will have only one bag option at the checkout line starting in 2026. A decade ago, California became the first U.S. state to ban single-use plastic bags, the flimsy sacks that regularly blew into waterways, littered streets and collected in landfills. The prohibition, in the nation's most populous state, was considered a turning point in the effort to reduce plastic waste. But the move backfired in a way that few supporters expected. Californians in 2021 actually tossed nearly 50 percent more plastic bags, by weight, than when the law first passed in 2014, according to data from CalRecycle, California's recycling agency. A loophole in the initial ban allowed retailers to provide thick-walled plastic bags and charge 10 cents a piece for them. Though technically reusable and recyclable, the heavier-duty sacks still ended up in many trash cans after a shopping trip.

Gov. Gavin Newsom signed legislation on Sunday banning the sale at grocery checkouts of all plastic bags (Warning: source may be paywalled; alternative source), regardless of thickness. The only option for customers who lack their own reusable shopping bags will be buying paper bags for 10 cents each. "We deserve a cleaner future for our communities, our children and our earth," said Rebecca Bauer-Kahan, a Democratic assemblywoman and co-author of the bill, in a statement. "It's time for us to get rid of these plastic bags and continue to move forward with a more pollution-free environment." Plastic bags are typically used for 12 minutes before being discarded, according to the California Public Interest Research Group, a consumer advocacy group. But those bags live in oceans and landfills for hundreds of years, and can contaminate drinking water and food in the form of microplastics. SB 1053 will go into effect on January 1st, 2026. It also changes the definition of a "recycled paper bag," requiring all bags with that label to be made of at least 50% post-consumer recycled materials starting January 1st, 2028.

A startup called Amogy has successfully converted a 67-year-old diesel tugboat to run on clean ammonia, marking a significant milestone in the transition to zero-emissions propulsion in the maritime industry. The Associated Press reports: Amogy's system uses ammonia to make hydrogen for a fuel cell, making the tug an electric-powered ship. The International Maritime Organization set a target for international shipping to reach net-zero greenhouse gas emissions by, or close to, 2050. Shipping needs to cut emissions rapidly and there are no solutions widely available today to fully decarbonize deep-sea shipping, according to the Global Maritime Forum, a nonprofit that works closely with the industry. There is a lot of interest in ammonia as an alternative fuel because the molecule doesn't contain carbon, said Jesse Fahnestock, who leads the forum's decarbonization work. Ammonia is widely used for fertilizer, so there is already infrastructure in place for handling and transporting it. Ton for ton, it can hold more energy than hydrogen, and it can be stored and distributed more easily.

The tugboat ran on green ammonia produced by renewable electricity. A 2,000-gallon tank fits in the old fuel tank space, for a 10-to 12-hour day at sea. It splits liquid ammonia into its constituents, hydrogen and nitrogen, then funnels the hydrogen into a fuel cell that generates electricity for the vessel without carbon emissions. The process does not burn ammonia like a combustion engine would, so it primarily produces nitrogen in its elemental form and water as emissions. The company says there are trace amounts of nitrogen oxides that it's working to completely eliminate.

Amogy first used ammonia to power a drone in 2021, then a tractor in 2022, a semi-truck in 2023, and now the tugboat to prove the technology. Woo said their system is designed to be used on vessels as small as the tugboat and as large as container ships, and could also make electricity on shore to replace diesel generators for data centers, mining and construction, or other heavy industries. The company has raised about $220 million. Amazon, an enterprise with immense needs for shipping, is among the investors. Nick Ellis, principal of Amazon's $2 billion Climate Pledge Fund, said the company is excited and impressed by what Amogy is doing. By investing, Amazon can show ship owners and builders it wants its goods delivered with zero emissions, he added.

An anonymous reader quotes a report from TechCrunch: With the perennial tensions between proprietary and open source software (OSS) unlikely to end anytime soon, a $3 billion startup is throwing its weight behind a new licensing paradigm -- one that's designed to bridge the open and proprietary worlds, replete with new definition, terminology, and governance model. Developer software company Sentry recently introduced a new license category dubbed "fair source." Sentry is an initial adopter, as are some half dozen others, including GitButler, a developer tooling company from one of GitHub's founders. The fair source concept is designed to help companies align themselves with the "open" software development sphere, without encroaching into existing licensing landscapes, be that open source, open core, or source-available, and while avoiding any negative associations that exist with "proprietary." However, fair source is also a response to the growing sense that open source isn't working out commercially.

"Open source isn't a business model -- open source is a distribution model, it's a software development model, primarily," Chad Whitacre, Sentry's head of open source, told TechCrunch. "And in fact, it places severe limits on what business models are available, because of the licensing terms." Sure, there are hugely successful open source projects, but they are generally components of larger proprietary products. Businesses that have flown the open source flag have mostly retreated to protect their hard work, moving either from fully permissive to a more restrictive "copyleft" license, as the likes of Element did last year and Grafana before it, or ditched open source altogether as HashiCorp did with Terraform. "Most of the world's software is still closed source," Whitacre added. "Kubernetes is open source, but Google Search is closed. React is open source, but Facebook Newsfeed is closed. With fair source, we're carving a space for companies to safely share not just these lower-level infrastructure components, but share access to their core product." Further reading: As Companies Try 'Open Source Rug Pull', Open Source Foundations Considered Helpful

Amazon, Meta, and Tesla were named by the International Trade Union Confederation (ITUC) as some of the worst corporate underminers of democracy . These companies were accused of union busting, monopolizing media and technology, violating human rights, contributing to climate change, and fostering political movements that threaten democratic institutions. The full list of "corporate underminers of democracy for 2024" is Amazon, Blackstone Group, ExxonMobil, Glencore, Meta, Tesla and the Vanguard Group. The Register reports: The International Trade Union Confederation (ITUC) today published a list of seven companies it said were "emblematic" of the ways large international corporations have begun tossing their weight around to influence global affairs. Those businesses, ITUC noted, violate trade union and alleged human rights, monopolize media and technology, exacerbate the climate catastrophe and try to privatize public services in a way that "protects and expands [their] own profits by undermining democracy." "These companies deploy complex lobbying operations to undermine popular will and disrupt existing or nascent global policy that could hold them accountable," ITUC wrote. The desire for greater corporate power, the Confederation added, invariably puts corporate interests in bed with anti-democratic political movements like the modern far-right. Right-wing politicians, ITUC noted, tend to lower taxes, undercut higher wages for workers, crack down on trade unions, and the like - all things sure to please the likes of corporations like Amazon, Tesla, and Meta as evidenced by plenty of prior reporting and research. For Amazon, the ITUC criticized the company for becoming "notorious for its union busting and low wages, monopoly in e-commerce, egregious carbon emissions through its AWS [datacenters], corporate tax evasion and lobbying."

Meta was accused of exploiting user data, undermining privacy laws, manipulating global information, and failing to regulate harmful content on its platforms. "Meta's algorithms can quite literally alter humanity's perceptions of reality," ITUC said. "Its revenue model exploits trillions of personalized data points to deliver highly effective advertising." Some have referred to the company as "a foreign state, populated by people without sovereignty, ruled by a leader with absolute power."

As for Tesla, it was condemned for poor labor practices, anti-union politics, unsafe working conditions, human rights violations, and environmental damage in its supply chain. "The world's most highly-valued automaker has quickly become known as one of its most belligerent employers. Tesla's rapid market success has been outpaced only by the descent of its corporate leaders into anti-democratic, anti-union politics."