Chip technology firm Arm, which is owned by Softbank Group, said on Wednesday it has sued Qualcomm and Qualcomm's recently acquired chip design firm Nuvia for breach of license agreements and trademark infringement. From a report: Arm is seeking an injunction that would require Qualcomm to destroy the designs developed under Nuvia's license agreements with Arm, which Arm said could not be transferred to Qualcomm without Arm approval. Qualcomm acquired Nuvia for $1.4 billion last year.

The lawsuit represents a major break between Qualcomm and Arm, one of its most important technology partners that Qualcomm relied on for years after Qualcomm stopped work on designing its own custom computing cores. But the two companies have been at odds for years, with some inside Qualcomm complaining privately that Arm's slackening pace of innovation is causing Qualcomm's chips to fall behind Apple's processors in performance. Qualcomm bought Nuvia -- a firm founded by former Apple chip architects -- to reboot its efforts to make custom computing cores that would be different from standard Arm designs used by rivals such as Taiwan chip designer MediaTek.

Mike Masnick, reporting for TechDirt: Intel recently announced that it was handing 5,000 patents off to IPValue, which (as it does in these kinds of deals) spun up a shell corporation called Tahoe Research Limited to go see who it can shake down over these patents. Usually, the way these deals work is that the company, Intel, gets some relatively modest amount of cash upfront, but also a piece of anything the troll can squeeze out of others. Considering these are basically zero value patents for Intel, the temptation must be great to at least get something out of them.

A massive Chinese database storing millions of faces and vehicle license plates was left exposed on the internet for months before it quietly disappeared in August. From a report: While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering. At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June. In both cases, the data was likely exposed inadvertently and as a result of human error.

The exposed data belongs to a tech company called Xinai Electronics based in Hangzhou on China's east coast. The company builds systems for controlling access for people and vehicles to workplaces, schools, construction sites, and parking garages across China. Its website touts its use of facial recognition for a range of purposes beyond building access, including personnel management, like payroll, monitoring employee attendance and performance, while its cloud-based vehicle license plate recognition system allows drivers to pay for parking in unattended garages that are managed by staff remotely. It's through a vast network of cameras that Xinai has amassed millions of face prints and license plates, which its website claims the data is "securely stored" on its servers. But it wasn't. Security researcher Anurag Sen found the company's exposed database on an Alibaba-hosted server in China and asked for TechCrunch's help in reporting the security lapse to Xinai. Sen said the database contained an alarming amount of information that was rapidly growing by the day, and included hundreds of millions of records and full web addresses of image files hosted on several domains owned by Xinai.

The Federal Trade Commission (FTC) has sued Kochava, a large location data provider, for allegedly selling data that the FTC says can track people at reproductive health clinics and places of worship, according to an announcement from the agency. From a report: The news is a dramatic move from the FTC in a post-Roe United States, and signals that the agency will take steps against what it identifies as privacy violations around reproductive health and location data. "Defendant's violations are in connection with acquiring consumers' precise geolocation data and selling the data in a format that allows entities to track the consumers' movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health temporary shelters, such as shelters for the homeless, domestic violence survivors, or other at risk populations, and addiction recovery," the lawsuit reads.

An anonymous reader quotes a story from the Linux/Open Source news site It's FOSS: While Firefox is still the default web browser in Debian, you can find the Chromium browser in the repositories. Chromium is the open source project upon which Google has built its Chrome web browser. It is also preferred by many Linux users as it provides almost the same features as Google Chrome.

Earlier, Chromium used Google as the default search engine in Debian. However, Debian is going to use DuckDuckGo as the default search engine for Chromium.

It all started when bug report #956012 was filed in April 2020, stating to use DuckDuckGo as the default search engine for the Chromium package. You can see the decision was not taken in any hurry, as the maintainers took more than two years to close the bug report.

The reason for the change goes as stated in the official package update announcement.

Change default search engine to DuckDuckGo for privacy reasons. Set a different search engine under Settings -> Search Engine (closes: #956012).

What's the deal with that supposed 30TB external SSD being sold for just $31.40 on China-based online shopping site AliExpress? It's also listed on Walmart's website for just $39 — but first, listen to cybersecurity researcher calling himself "Ray [REDACTED]". Scammer gets two 512MB Flash drives. Or 1 gigabyte, or whatever. They then add hacked firmware that makes it misreport its size... when you go to WRITE a big file, hacked firmware simply writes all new data on top of old data, while keeping directory (with false info) intact.
Ars Technica goes over the details: On the inside, this "SSD" looks like two small-capacity microSD cards hot glued to a USB 2.0-capable board. This board's firmware has been modified so that each of these cards reports its capacity as "15.0TB" to the operating system, for a total of 30TB, even though the actual capacity of the cards is much lower.... It preserves the directory structure of whatever you're copying, but when it's "copying" your data, it just keeps writing and rewriting over the tiny microSD cards.

Everything will look fine until you go to access a file, only to find that the data isn't there.

Replies to Ray Redacted's thread are full of alternate versions of this scam, including multiple iterations of the hot-glued microSD version and at least one that hid a USB thumb drive inside a larger enclosure. Fake USB storage devices are neither new nor rare, though this one makes spectacularly egregious claims about its price-per-gigabyte. When it comes to buying storage online, common-sense advice is best: stick to name brands, buy from trustworthy sellers.... and know that if a deal seems too good to be true, it almost certainly is.

"Facebook's corporate parent has reached a tentative settlement in a lawsuit alleging the world's largest social network service allowed millions of its users' personal information to be fed to Cambridge Analytica," reports the Associated Press: Terms of the settlement reached by Meta Platforms, the holding company for Facebook and Instagram, weren't disclosed in court documents filed late Friday. The filing in San Francisco federal court requested a 60-day stay of the action while lawyers finalize the settlement. That timeline suggested further details could be disclosed by late October.

The accord was reached just a few weeks before a Sept. 20 deadline for Meta CEO Mark Zuckerberg and his long-time chief operating officer, Sheryl Sandberg, to submit to depositions during the final phases of pre-trial evidence gathering, according to court documents... The lawsuit, which had been seeking to be certified as a class action representing Facebook users, had asserted the privacy breach proved Facebook is a "data broker and surveillance firm," as well as a social network.
Some background from UPI: The Facebook users sued the platform in June 2018, accusing it of violating privacy rules when it shared personal data with Cambridge Analytica and other third parties.... In March 2018, whistleblower and Cambridge Analytica co-founder Christopher Wylie revealed the data mining company was holding onto Facebook user data without the users' consent even after Facebook told the company to delete it.
Reuters describes Cambridge Analytica as "the now-defunct British political consultancy."

Politico reports that now lawyers for both Facebook and the plaintiffs have "asked the judge to put the lawsuit on hold for 60 days to allow the parties to 'finalize a written settlement agreement' and present it for preliminary approval by the court."

Indian Railway Catering and Tourism Corporation (IRCTC), a state-run firm with a monopoly on online booking of train tickets, has scrapped its plan to monetize customer data after its tender drew concerns from many. TechCrunch: The Indian firm informed the local stock exchange Friday that it was scrapping its proposal because the Indian government had withdrawn the personal data protection bill. In a tender earlier, the firm had proposed appointing a consultant for digital data monetization on rail passengers' data. The tender sought to explore studying customers' behavioral data, their frequency of journeys, as well as geography, the kind of ticket they purchase and mobile number and gender. The plan, had it been approved, would have helped the firm increase its revenue by more than $125 million, according to an estimation by the firm.

Microsoft has confirmed to Sky News that criminals are posting counterfeit packages designed to appear like Office products in order to defraud people. From the report: One such package seen by Sky News is manufactured to a convincing standard and contains an engraved USB drive, alongside a product key. But the USB does not install Microsoft Office when plugged in to a computer. Instead, it contains malicious software which encourages the victim to call a fake support line and hand over access to their PC to a remote attacker.

Microsoft launched an internal investigation into the suspect package after being contacted by Sky News. The company spokesperson confirmed that the USB and the packaging were counterfeit and that they had seen a pattern of such products being used to scam victims before. They added that while Microsoft had seen this type of fraud, it is very infrequent. More often when fraudulent products are sold they tend to be product keys sent to customers via email, with a link to a site for downloading the malicious software.

The vaccine manufacturer Moderna sued Pfizer and BioNTech on Friday, claiming that its rivals' Covid-19 shot violates its patents protecting its groundbreaking technology. NPR reports: The lawsuit alleges the two companies used certain key features of technology Moderna developed to make their COVID-19 vaccine. It argues that Pfizer and BioNtech's vaccine infringes patents Moderna filed between 2010 and 2016 for its messenger RNA or mRNA technology.

All three companies' COVID-19 vaccines used mRNA technology which is a new way to make vaccines. In the past, vaccines were generally made using parts of a virus, or inactivated virus, to stimulate an immune response. With mRNA technology, the vaccine uses messenger RNA created in a lab to send genetic instructions that teach our cells to make a protein or part of a protein that triggers an immune response. In October 2020, Moderna pledged not to enforce its COVID-19 related patents while the pandemic was ongoing, according to a statement from the company. In March this year, it said it will stick to its commitment not to enforce its COVID-19 related patents in low and middle-income countries, but expects rival companies like Pfizer to respect its intellectual property.

New research claims that of five major Big Tech firms, Google tracks more private data about users than any other -- and Apple tracks the least. AppleInsider reports: Apple has previously introduced App Tracking Transparency specifically to protect the privacy of users from other companies. However, a new report says that Apple is also avoiding doing any more tracking itself than is needed to run its services. According to StockApps.com, Apple "is the most privacy-conscious firm out there." "Apple only stores the information that is necessary to maintain users' accounts," it continues. "This is because their website is not as reliant on advertising revenue as are Google, Twitter, and Facebook."

The StockApps.com report does not list what it describes as the "data points" that Big Tech firms collect for every user. However, it says they include location details, browser history, activity on third-party websites, and in Google's case, also emails in Gmail. It also doesn't detail its methodology, but does say that it used marketing firm digitalinformationworld to investigate Apple, Amazon, Facebook, Google, and Twitter. Of these five, Google reportedly tracks 39 separate data points per user, while Apple tracks only 12. Unexpectedly, Facebook is stated as tracking only 14 data points, while Amazon tracks 23, and Twitter tracks 24.

Last year, DuckDuckGo announced a free service designed to fend off email trackers and help people protect their privacy. The Email Protection beta was initially available through a waitlist. Now, it's now in open beta, meaning everyone can try it without having to wait for access. From a report: Email Protection is a forwarding service that removes trackers from messages. DuckDuckGo will tell you which trackers it scrubs as well. During the waitlist beta, DuckDuckGo says it found trackers in 85 percent of testers' emails. Anyone can now sign up for an @duck.com email address, which will work across desktop, iOS and Android. DuckDuckGo says you can create unlimited private email addresses, including a throwaway one for every website, if you prefer. You can also deactivate an address at any time.

Lockdown Mode disables a series of features that can be used to hack iPhone users. But the lack of these features also makes it easier to figure out who is using Lockdown Mode. From a report: Once Apple launches the new iPhone and iPad operating system early next month, users will be able to turn on a new privacy mode that the company calls "extreme." It's made for journalists, activists, politicians, human rights defenders, and anyone else who may be worried about getting targeted by sophisticated hackers, perhaps working for governments armed with spyware made by companies such as NSO Group. Apple calls it "Lockdown Mode" and it works by disabling some regular iPhone features that have been exploited to hack users in the past. But if users turn on Lockdown Mode, they will be easy to fingerprint and identify, according to a developer who created a proof of concept website that detects whether you have Lockdown Mode enabled or not.

John Ozbay, the CEO of privacy focused company Cryptee, and a privacy activist, told Motherboard that any website or online ad can detect whether some regular features are missing, such as loading custom fonts, one of the features that Lockdown Mode disables. "Let's say you're in China, and you're using Lockdown Mode. Now, any website that you visit could effectively detect you are using Lockdown Mode, they have your IP address as well. So they will actually be able to identify that the user with this IP address is using Lockdown Mode," Ozbay said in a call. "It's a tradeoff between security and privacy. [Apple] chose security."

An anonymous reader quotes a report from Reuters: Google has breached a European Union court ruling by sending unsolicited advertising emails directly to the inbox of Gmail users, Austrian advocacy group noyb.eu said on Wednesday in a complaint filed with France's data protection watchdog. The Alphabet unit, whose revenues mainly come from online advertising, should ask Gmail users for their prior consent before sending them any direct marketing emails, noyb.eu said, citing a 2021 decision by the Court of Justice of the European Union (CJUE).

While Google's ad emails may look like normal ones, they include the word "Ad" in green letters on the left-hand side, below the subject of the email, noyb.eu said in its complaint. Also, they do not include a date, the advocacy group added. "It's as if the postman was paid to remove the ads from your mailbox and put his own instead," said Romain Robert, program director at noyb.eu, with reference to Gmail's anti-spam filters that put most unsolicited emails in a separate folder. While any CNIL decision would be only applicable in France, it could compel Google to review its practices in the region.

The New York State Senate just introduced a bill that aims to improve safety around massive trucks and SUVs. Autoblog reports: Manhattan State Senator Brad Hoylman introduced the bill, which includes language requiring the NY DMV to dictate specific rules for vehicles over 3,000 pounds. One new regulation would be that the drivers of such cars have "direct visibility of pedestrians, cyclists, and other vulnerable road users from the driver's position." It's not clear exactly what enforcing that legislation would entail. However, the meat of Hoylman's bill centers on advanced safety technology. A summary of the legislation states, "Studies have shown that Intelligent Speed Assistance (ISA) alone can reduce traffic fatalities by 20%. This, in addition to Advanced Emergency Braking (AEB), Emergency Lane Keeping Systems (ELKS), drowsiness and distraction recognition technology, and rear-view cameras, would help prevent crashes from occurring in the first place."

If you've never heard of ISA, you're not alone. The term is pretty broad in what it encompasses, including speed limit recognition and alerts, speed assist, and speed limiting. The tech is common in Europe, where automakers like Ford offer it in several models. Ford's flavor of speed limiting allows drivers to set a maximum speed and automatically limit the vehicle to within five mph of the posted speed limit. It's optional, however, so drivers can turn it off when desired. If passed, the legislation would require automakers to include those advanced driver assistance systems as standard equipment in new vehicles from 2024 on.

An anonymous reader quotes a report from The New York Times: California is expected to put into effect on Thursday its sweeping plan to prohibit the sale of new gasoline-powered cars by 2035, a groundbreaking move that could have major effects on the effort to fight climate change and accelerate a global transition toward electric vehicles. The rule, issued by the California Air Resources Board, will require that 100 percent of all new cars sold in the state by 2035 be free of the fossil fuel emissions chiefly responsible for warming the planet, up from 12 percent today. It sets interim targets requiring that 35 percent of new passenger vehicles sold in the state by 2026 produce zero emissions. That would climb to 68 percent by 2030. The restrictions are important because not only is California the largest auto market in the United States, but more than a dozen other states typically follow California's lead when setting their own auto emissions standards.

California's action comes on top of an expansive new climate law that President Biden signed last week. The law will invest $370 billion in spending and tax credits on clean energy programs, the largest action ever taken by the federal government to combat climate change. Enactment of that law is projected to help the United States cut its emissions 40 percent below 2005 levels by the end of this decade. Still, it will not be enough to eliminate U.S. emissions by 2050, the target that climate scientists say all major economies must reach if the world is to avert the most catastrophic and deadly impacts of climate change. To help close the gap, White House officials have vowed to couple the bill with new regulations, including on automobile tailpipe emissions. They have also said that reducing emissions enough to stay in line with the science also will require aggressive state policies. Experts said the new California rule, in both its stringency and reach, could stand alongside the Washington law as one of the world's most important climate change policies, and could help take another significant bite out of the nation's emissions of carbon dioxide. The new rule is also expected to influence new policies in Washington and around the world to promote electric vehicles and cut auto pollution. "This is huge," said Margo Oge, an electric vehicles expert who headed the EPA's transportation emissions program under Presidents Bill Clinton, George W. Bush and Barack Obama. "California will now be the only government in the world that mandates zero-emission vehicles. It is unique."

The latest crisis that rocked the Greek government shows the bloc's surveillance problem goes beyond the notorious NSO Group. From a report: The ripple effects of the scandal are reaching the heart of the European Union. Over the past 13 months, it has been revealed that spyware had targeted opposition leaders, journalists, lawyers and activists in France, Spain, Hungary, Poland and even staff within the European Commission, the EU's cabinet-style government, between 2019 and 2021. The bloc has already set up an inquiry into its own use of spyware, but even as the 38-person committee works toward producing a report for early 2023, the number of new scandals is quickly mounting up. What sets the scandal in Greece apart is the company behind the spyware that was used. Until then the surveillance software in every EU scandal could be traced back to one company, the notorious NSO Group. Yet the spyware stalking Koukakis' phone was made by Cytrox, a company founded in the small European nation of North Macedonia and acquired in 2017 by Tal Dilian -- an entrepreneur who achieved notoriety for driving a high-tech surveillance van around the island of Cyprus and showing a Forbes journalist how it could hack into passing people's phones.

In that interview, Dilian said he had acquired Cytrox and absorbed the company into his intelligence company Intellexa, which is now thought to now be based in Greece. The arrival of Cytrox into Europe's ongoing scandal shows the problem is bigger than just the NSO Group. The bloc has a thriving spyware industry of its own. As the NSO Group struggles with intense scrutiny and being blacklisted by the US, its less well-known European rivals are jostling to take its clients, researchers say. Over the past two months, Cytrox is not the only local company to generate headlines for hacking devices within the bloc. In June, Google discovered the Italian spyware vendor RCS Lab was targeting smartphones in Italy and Kazakhstan. Alberto Nobili, RCS' managing director, told WIRED that the company condemns the misuse of its products but declined to comment on whether the cases cited by Google were examples of misuse. "RCS personnel are not exposed, nor participate in any activities conducted by the relevant customers," he says. More recently, in July, spyware made by Austria's DSIRF was detected by Microsoft hacking into law firms, banks, and consultancies in Austria, the UK, and Panama.

On Monday, Apple expanded its DIY repair program to include MacBook Air and MacBook Pro laptops equipped with M1 chips (including the Pro and Max). At least, in theory. The repairability experts at iFixit, who regularly dissect Apple's gadgets, have taken a look at the new program, and their outlook is...mixed. iFixit's Sam Goldheart writes that the new MacBook Pro guides "threw us for a loop." The issue: the documentation "makes MacBook Pros seem less repairable" than they have been in the past. From a report: The repair manual for replacing the 14-inch MacBook Pro's battery, for example, is a whole 162 pages long. (One of the first steps, of course, is "Read the entire manual first.") The reason the guide is so long, it turns out, is that replacing these batteries isn't just a matter of popping the battery out. A user needs to replace the entire top case and keyboard in order to replace the battery. Needless to say, it is unusual for a laptop battery replacement to require a full-computer teardown.

And then, as Goldheart points out, there's the matter of the money. The "top case with battery" part that you'll need to purchase for the 2020 and 2021 MacBook Pro models is not cheap -- after rooting around Apple's store, Verge editor Sean Hollister found that you can expect to pay well upwards of $400 for the top case with battery after the repair credit. "Apple is presenting DIY repairers with a excruciating gauntlet of hurdles: read 162 pages of documentation without getting intimidated and decide to do the repair anyway, pay an exorbitant amount of money for an overkill replacement part, decide whether you want to drop another 50 bucks on the tools they recommend, and do the repair yourself within 14 days, including completing the System Configuration to pair your part with your device," Goldheart writes in summary. "Which makes us wonder, does Apple even want better repairability?"

Streaming media platform Plex sent out an email to its customers earlier today notifying them of a security breach that may have compromised account information, including usernames, email addresses, and passwords. Although there is no sign that the encrypted passwords were exposed, Plex nevertheless is advising all users to change their passwords immediately. From a report: Plex is one of the largest media server apps available, used by around 20 million people to stream video, audio, and photos they upload themselves in addition to an increasing variety of content the service provides to paid subscribers. The email states, "yesterday, we discovered suspicious activity on one of our databases. We immediately began an investigation and it does appear that a third-party was able to access a limited subset of data that includes emails, usernames, and encrypted passwords." There is no confirmation that other personal account information has been compromised, and there's no mention of private media libraries (which may or may not include pirated content, private nudes, and other sensitive content) having been accessed in the breach.

After years of revelations about strange lights in the sky, first hand reports from Navy pilots about UFOs, and governmental investigations, Congress seems to have admitted something startling in print: it doesn't believe all UFOs are "man-made." Motherboard reports: Buried deep in a report that's an addendum to the Intelligence Authorization Act for Fiscal Year 2023, a budget that governs America's clandestine services, Congress made two startling claims. The first is that "cross-domain transmedium threats to the United States national security are expanding exponentially." The second is that it wants to distinguish between UFOs that are human in origin and those that are not: "Temporary nonattributed objects, or those that are positively identified as man-made after analysis, will be passed to appropriate offices and should not be considered under the definition as unidentified aerospace-undersea phenomena," the document states.

The admission is stunning chiefly because, as more information about the U.S. government's study of UFOs has become public, many politicians have stopped just short of claiming the unidentified objects were extraterrestrial or extradimensional in origin. The standard line is typically that, if UFOs exist, then they're likely advanced -- although human-made -- vehicles. Obama refused to confirm the existence of aliens but did say that people have seen a lot of strange stuff in the sky lately when asked directly on The Late Show with James Corden, for example. But now Congress seems to want to specifically distinguish between objects that are "man-made" and those that are not. The admission is stunning chiefly because, as more information about the U.S. government's study of UFOs has become public, many politicians have stopped just short of claiming the unidentified objects were extraterrestrial or extradimensional in origin.

A large question, of course, is why Congress is seemingly admitting this now, in public. After all, lawmakers are privy to classified information that the general public isn't. "It strains credulity to believe that lawmakers would include such extraordinary language in public legislation without compelling evidence," Marik von Rennenkampff, an Obama-era DoD official, said in an op-ed in The Hill about the budget. According to the op-ed, the comments were first noticed by UFO researcher Douglas Johnson. "This implies that members of the Senate Intelligence Committee believe (on a unanimous, bipartisan basis) that some UFOs have non-human origins," von Rennenkampff continued. "After all, why would Congress establish and task a powerful new office with investigating non-'man-made' UFOs if such objects did not exist?" "Make no mistake: One branch of the American government implying that UFOs have non-human origins is an explosive development."