In the high-stakes world of AI, "The fundamental agreement behind robots.txt [files], and the web as a whole — which for so long amounted to 'everybody just be cool' — may not be able to keep up..." argues the Verge: For many publishers and platforms, having their data crawled for training data felt less like trading and more like stealing. "What we found pretty quickly with the AI companies," says Medium CEO Tony Stubblebin, "is not only was it not an exchange of value, we're getting nothing in return. Literally zero." When Stubblebine announced last fall that Medium would be blocking AI crawlers, he wrote that "AI companies have leached value from writers in order to spam Internet readers."

Over the last year, a large chunk of the media industry has echoed Stubblebine's sentiment. "We do not believe the current 'scraping' of BBC data without our permission in order to train Gen AI models is in the public interest," BBC director of nations Rhodri Talfan Davies wrote last fall, announcing that the BBC would also be blocking OpenAI's crawler. The New York Times blocked GPTBot as well, months before launching a suit against OpenAI alleging that OpenAI's models "were built by copying and using millions of The Times's copyrighted news articles, in-depth investigations, opinion pieces, reviews, how-to guides, and more." A study by Ben Welsh, the news applications editor at Reuters, found that 606 of 1,156 surveyed publishers had blocked GPTBot in their robots.txt file.

It's not just publishers, either. Amazon, Facebook, Pinterest, WikiHow, WebMD, and many other platforms explicitly block GPTBot from accessing some or all of their websites.

On most of these robots.txt pages, OpenAI's GPTBot is the only crawler explicitly and completely disallowed. But there are plenty of other AI-specific bots beginning to crawl the web, like Anthropic's anthropic-ai and Google's new Google-Extended. According to a study from last fall by Originality.AI, 306 of the top 1,000 sites on the web blocked GPTBot, but only 85 blocked Google-Extended and 28 blocked anthropic-ai. There are also crawlers used for both web search and AI. CCBot, which is run by the organization Common Crawl, scours the web for search engine purposes, but its data is also used by OpenAI, Google, and others to train their models. Microsoft's Bingbot is both a search crawler and an AI crawler. And those are just the crawlers that identify themselves — many others attempt to operate in relative secrecy, making it hard to stop or even find them in a sea of other web traffic.

For any sufficiently popular website, finding a sneaky crawler is needle-in-haystack stuff.
In addition, the article points out, a robots.txt file "is not a legal document — and 30 years after its creation, it still relies on the good will of all parties involved.

"Disallowing a bot on your robots.txt page is like putting up a 'No Girls Allowed' sign on your treehouse — it sends a message, but it's not going to stand up in court."

Many websites are using AI tools to generate fake obituaries about average people for profit. These articles lack substantiating details but are optimized for SEO, frequently outranking legitimate obituaries, The Verge reports. The fake obituaries, as one can imagine, are causing distress for grieving families and friends. In response, Google told The Verge that it aims to surface high-quality information but struggles with "data voids." The company terminated some YouTube channels sharing fake notices but declined to say if the flagged websites violate policies.

Quora "used to be a thriving community that worked to answer our most specific questions," writes Slate. "But users are fleeing," while the site hosts "a never-ending avalanche of meaningless, repetitive sludge, filled with bizarre, nonsensical, straight-up hateful, and A.I.-generated entries..."

The site has faced moderation issues, spam, trolls, and bots re-posting questions from Reddit (plus competition for ad revenue from sites like Facebook and Google which forced cuts in Quora's support and moderation teams). But automating its moderation "did not improve the situation...

"Now Quora is even offering A.I.-generated images to accompany users' answers, even though the spawned illustrations make little sense." To top it all off, after Quora began using A.I. to "generate machine answers on a number of selected question pages," the site made clear the possibility that human-crafted answers could be used for training A.I. This meant that the detailed writing Quorans provided mostly for free would be ingested into a custom large language model. Updated terms of service and privacy policies went into effect at the site last summer. As angel investor and Quoran David S. Rose paraphrased them: "You grant all other Quora users the unlimited right to reuse and adapt your answers," "You grant Quora the right to use your answers to train an LLM unless you specifically opt out," and "You completely give up your right to be any part of any class action suit brought against Quora," among others. (Quora's Help Center claims that "as of now, we do not use answers, posts, or comments added to Quora to train LLMs used for generating content on Quora. However, this may change in the future." The site offers an opt-out setting, although it admits that "opting out does not cover everything.")

This raised the issue of consent and ownership, as Quorans had to decide whether to consent to the new terms or take their work and flee. High-profile users, like fantasy author Mercedes R. Lackey, are removing their work from their profiles and writing notes explaining why. "The A.I. thing, the terms of service issue, has been a massive drain of top talent on Quora, just based on how many people have said, Downloaded my stuff and I'm out of there," Lackey told me. It's not that all Quorans want to leave, but it's hard for them to choose to remain on a website where they now have to constantly fight off errors, spam, trolls, and even account impersonators....

The tragedy of Quora is not just that it crushed the flourishing communities it once built up. It's that it took all of that goodwill, community, expertise, and curiosity and assumed that it could automate a system that equated it, apparently without much thought to how pale the comparison is. [Nelson McKeeby, an author who joined Quora in 2013] has a grim prediction for the future: "Eventually Quora will be robot questions, robot answers, and nothing else." I wonder how the site will answer the question of why Quora died, if anyone even bothers to ask.
The article notes that Andreessen Horowitz gave Quora "a much-needed $75 million investment — but only for the sake of developing its on-site generative-text chatbot, Poe."

The Seattle Times reports: Concerns have grown in recent weeks about data privacy and the ongoing impacts of a recent Fred Hutchinson Cancer Center cyberattack that leaked personal information of about 1 million patients last November. Since the breach, which hit the South Lake Union cancer research center's clinical network and has led to a host of email threats from hackers and lawsuits against Fred Hutch, menacing messages from perpetrators have escalated.

Some patients have started to receive "swatting" threats, in addition to spam emails warning people that unless they pay a fee, their names, Social Security and phone numbers, medical history, lab results and insurance history will be sold to data brokers and on black markets. Steve Bernd, a spokesperson for FBI Seattle, said last week there's been no indication of any criminal swatting events... Other patients have been inundated with spam emails since the breach...

According to The New York Times, large data breaches like this are becoming more common. In the first 10 months of 2023, more than 88 million individuals had their medical data exposed, according to the Department of Health and Human Services. Meanwhile, the number of reported ransomware incidents, when a specific malware blocks a victim's personal data until a ransom is paid, has decreased in recent years — from 516 in 2021 to 423 in 2023, according to Bernd of FBI Seattle. In Washington, the number dropped from 84 to 54 in the past three years, according to FBI data.
Fred Hutchinson Cancer Center believes their breach was perpetrated outside the U.S. by exploiting the "Citrix Bleed" vulnerability (which federal cybersecurity officials warn can allow the bypassing of passwords and mutifactor authentication measures).

The article adds that in late November, the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center "urged hospitals and other organizations that used Citrix to take immediate action to patch network systems in order to protect against potentially significant ransomware threats."

Google News is sometimes boosting sites that rip-off other outlets by using AI to rapidly churn out content, 404 Media claims: From the report: Google told 404 Media that although it tries to address spam on Google News, the company ultimately does not focus on whether a news article was written by an AI or a human, opening the way for more AI-generated content making its way onto Google News. The presence of AI-generated content on Google News signals two things: first, the black box nature of Google News, with entry into Google News' rankings in the first place an opaque, but apparently gameable, system. Second, is how Google may not be ready for moderating its News service in the age of consumer-access AI, where essentially anyone is able to churn out a mass of content with little to no regard for its quality or originality.
UPDATE: Engadget argues that "to find such stories required heavily manipulating the search results in Google News," noting that in the cited case, 404 Media's search parameters "are essentially set so that the original stories don't appear."

Engadget got this rebuke from Google. "Claiming that these sites were featured prominently in Google News is not accurate - the sites in question only appeared for artificially narrow queries, including queries that explicitly filtered out the date of an original article.

"We take the quality of our results extremely seriously and have clear policies against content created for the primary purpose of ranking well on News and we remove sites that violate it."

Engadget then wrote, "We apologize for overstating the issue and are including a slightly modified version of the original story that has been corrected for accuracy, and we've updated the headline to make it more accurate."

An anonymous reader quotes a report from TechCrunch: The Apple-versus-Beeper saga is not over yet it seems, even though the iMessage-on-Android Beeper Mini was removed from the Play Store last week. Now, Apple customers who used Beeper's apps are reporting that they've been banned from using iMessage on their Macs -- a move Apple may have taken to disable Beeper's apps from working properly, but ultimately penalizes its own customers for daring to try a non-Apple solution for accessing iMessage. The latest follows a contentious game of cat-and-mouse between Apple and Beeper, which Apple ultimately won. [...]

According to users' recounting of their tech support experiences with Apple, the support reps are telling them their computer has been flagged for spam, or for sending too many messages — even though that's not the case, some argued. This has led many Beeper users to believe this is how Apple is flagging them for removal from the iMessage network. One Beeper customer advised others facing this problem to ask Apple if their Mac was in a "throttled status" or if their Apple ID was blocked for spam to get to the root of the issue. Admitting up front that third-party software was to blame would sometimes result in the support rep being able to lift the ban, some noted.

The news of the Mac bans was earlier reported by Apple news site AppleInsider and Times of India, and is being debated on Y Combinator forum site Hacker News. On the latter, some express their belief that the retaliation against Apple's own users is justified as they had violated Apple's terms, while others said that iMessage interoperability should be managed through regulation, not rogue apps. Far fewer argued that Apple is exerting its power in an anticompetitive fashion here.

An anonymous reader quotes a report from 404 Media: Google search really has been taken over by low-quality SEO spam, according to a new, year-long study by German researchers (PDF). The researchers, from Leipzig University, Bauhaus-University Weimar, and the Center for Scalable Data Analytics and Artificial Intelligence, set out to answer the question "Is Google Getting Worse?" by studying search results for 7,392 product-review terms across Google, Bing, and DuckDuckGo over the course of a year. They found that, overall, "higher-ranked pages are on average more optimized, more monetized with affiliate marketing, and they show signs of lower text quality ... we find that only a small portion of product reviews on the web uses affiliate marketing, but the majority of all search results do."

They also found that spam sites are in a constant war with Google over the rankings, and that spam sites will regularly find ways to game the system, rise to the top of Google's rankings, and then will be knocked down. "SEO is a constant battle and we see repeated patterns of review spam entering and leaving the results as search engines and SEO engineers take turns adjusting their parameters," they wrote. They note that Google, Bing, and DuckDuckGo are regularly tweaking their algorithms and taking down content that is outright spam, but that, overall, this leads only to "a temporary positive effect."

"Search engines seem to lose the cat-and-mouse game that is SEO spam," they write. Notably, Google, Bing, and DuckDuckGo all have the same problems, and in many cases, Google performed better than Bing and DuckDuckGo by the researchers' measures. The researchers warn that this rankings war is likely to get much worse with the advent of AI-generated spam, and that it genuinely threatens the future utility of search engines: "the line between benign content and spam in the form of content and link farms becomes increasingly blurry -- a situation that will surely worsen in the wake of generative AI. We conclude that dynamic adversarial spam in the form of low-quality, mass-produced commercial content deserves more attention."

Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. From a report: A zero-day exploit of Google account security was first teased by a cybercriminal known as "PRISMA" in October 2023, boasting that the technique could be used to log back into a victim's account even after the password is changed. It can also be used to generate new session tokens to regain access to victims' emails, cloud storage, and more as necessary. Since then, developers of infostealer malware -- primarily targeting Windows, it seems -- have steadily implemented the exploit in their code. The total number of known malware families that abuse the vulnerability stands at six, including Lumma and Rhadamanthys, while Eternity Stealer is also working on an update to release in the near future.

Eggheads at CloudSEK say they found the root of the exploit to be in the undocumented Google OAuth endpoint "MultiLogin." The exploit revolves around stealing victims' session tokens. That is to say, malware first infects a person's PC -- typically via a malicious spam or a dodgy download, etc -- and then scours the machine for, among other things, web browser session cookies that can be used to log into accounts.

An anonymous reader quotes a report from ZDNet: Long before Facebook existed, or even before the Internet, there was Usenet. Usenet was the first social network. Now, with Google Groups abandoning Usenet, this oldest of all social networks is doomed to disappear. Some might say it's well past time. As Google declared, "Over the last several years, legitimate activity in text-based Usenet groups has declined significantly because users have moved to more modern technologies and formats such as social media and web-based forums. Much of the content being disseminated via Usenet today is binary (non-text) file sharing, which Google Groups does not support, as well as spam." True, these days, Usenet's content is almost entirely spam, but in its day, Usenet was everything that Twitter and Reddit would become and more.

In 1979, Duke University computer science graduate students Tom Truscott and Jim Ellis conceived of a network of shared messages under various topics. These messages, also known as articles or posts, were submitted to topic categories, which became known as newsgroups. Within those groups, messages were bound together in threads and sub-threads. [...] In 1980, Truscott and Ellis, using the Unix to Unix Copy Protocol (UUCP), hooked up with the University of North Carolina to form the first Usenet nodes. From there, it would rapidly spread over the pre-Internet ARPANet and other early networks. These messages would be stored and retrieved from news servers. These would "peer" to each other so that messages to a newsgroup would be shared from server to server and to user to user so that within hours, your messages would reach the entire networked world. Usenet would evolve its own network protocol, Network News Transfer Protocol (NNTP), to speed the transfer of these messages. Today, the social network Mastodon uses a similar approach with the ActivityPub protocol, while other social networks, such as Threads, are exploring using ActivityPub to connect with Mastodon and the other social networks that support ActivityPub. As the saying goes, everything old is new again.

[...] Usenet was never an organized social network. Each server owner could -- and did -- set its own rules. Mind you, there was some organization to begin with. The first 'mainstream' Usenet groups, comp, misc, news, rec, soc, and sci hierarchies, were widely accepted and disseminated until 1987. Then, faced with a flood of new groups, a new naming plan emerged in what was called the Great Renaming. This led to a lot of disputes and the creation of the talk hierarchy. This and the first six became known as the Big Seven. Then the alt groups emerged as a free speech protest. Afterward, fewer Usenet sites made it possible to access all the newsgroups. Instead, maintainers and users would have to decide which one they'd support. Over the years, Usenet began to decline as discussions were replaced both by spam and flame wars. Group discussions were also overwhelmed by flame wars. "If, going forward, you want to keep an eye on Usenet -- things could change, miracles can happen -- you'll need to get an account from a Usenet provider," writes ZDNet's Steven Vaughan-Nichols. "I favor Eternal September, which offers free access to the discussion Usenet groups; NewsHosting, $9.99 a month with access to all the Usenet groups; EasyNews, $9.98 a month with fast downloads, and a good search engine; and Eweka, 9.50 Euros a month and EU only servers."

"You'll also need a Usenet client. One popular free one is Mozilla's Thunderbird E-Mail client, which doubles as a Usenet client. EasyNews also offers a client as part of its service. If you're all about downloading files, check out SABnzbd."

A 16-year-old high school student reverse engineered Apple's messaging protocol, leading to the launch of an interoperable Android app called "Beeper Mini".

But on Friday the Verge reported that "less than a week after its launch, the app started experiencing technical issues when users were suddenly unable to send and receive blue bubble messages." Reached for comment, Beeper CEO Eric Migicovsky did not deny that Apple has successfully blocked Beeper Mini. "If it's Apple, then I think the biggest question is... if Apple truly cares about the privacy and security of their own iPhone users, why would they stop a service that enables their own users to now send encrypted messages to Android users, rather than using unsecure SMS...? Beeper Mini is here today and works great. Why force iPhone users back to sending unencrypted SMS when they chat with friends on Android?"
Apple says they're unable to verify that end-to-end encryption is maintained when messages are sent through unauthorized channels, according to a statement quoted by TechCrunch: "At Apple, we build our products and services with industry-leading privacy and security technologies designed to give users control of their data and keep personal information safe. We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage. These techniques posed significant risks to user security and privacy, including the potential for metadata exposure and enabling unwanted messages, spam, and phishing attacks. We will continue to make updates in the future to protect our users."
Beeper responded on X: We stand behind what we've built. Beeper Mini is keeps your messages private, and boosts security compared to unencrypted SMS. For anyone who claims otherwise, we'd be happy to give our entire source code to mutually agreed upon third party to evaluate the security of our app.
Ars Technica adds: On Saturday, Migicovsky notified Beeper Cloud (desktop) users that iMessage was working again for them, after a long night of fixes. "Work continues on Beeper Mini," Migicovsky wrote shortly after noon Eastern time.
Engadget notes: The Beeper Mini team has apparently been working around the clock to resolve the outage affecting the new "iMessage on Android" app, and says a fix is "very close." And once the fix rolls out, users' seven-day free trials will be reset so they can start over fresh.
Meanwhile, at around 9 p.m. EST, Beeper CEO Eric Migicovsky posted on X that "For 3 blissful days this week, iPhone and Android users enjoyed high quality encrypted chats. We're working hard to return to that state."

The latest post on the Google Security blog details a new upgrade to Gmail's spam filters that Google is calling "one of the largest defense upgrades in recent years." ArsTechnica: The upgrade comes in the form of a new text classification system called RETVec (Resilient & Efficient Text Vectorizer). Google says this can help understand "adversarial text manipulations" -- these are emails full of special characters, emojis, typos, and other junk characters that previously were legible by humans but not easily understandable by machines. Previously, spam emails full of special characters made it through Gmail's defenses easily.

[...] The reason emails like this have been so difficult to classify is that, while any spam filter could probably swat down an email that says "Congratulations! A balance of $1000 is available for your jackpot account," that's not what this email actually says. A big portion of the letters here are "homoglyphs" -- by diving into the endless depths of the Unicode standard, you can find obscure characters that look like they're part of the normal Latin alphabet but actually aren't.

"Twenty phone companies may soon have all their voice calls blocked by US carriers," reports Ars Technica, "because they didn't submit real plans for preventing robocalls on their networks." The 20 carriers include a mix of US-based and foreign voice service providers that submitted required "robocall mitigation" plans to the Federal Communications Commission about two years ago. The problem is that some of the carriers' submissions were blank pages and others were bizarre images or documents that had no relation to robocalls. The strange submissions, according to FCC enforcement orders issued Monday, included "a .PNG file depicting an indiscernible object," a document titled "Windows Printer Test Page," an image "that depicted the filer's 'Taxpayer Profile' on a Pakistani government website," and "a letter that stated: 'Unfortunately, we do not have such a documents.'"

Monday's FCC announcement said the agency's Enforcement Bureau issued orders demanding that "20 non-compliant companies show cause within 14 days as to why the FCC should not remove them from the database for deficient filings." The orders focus on the certification requirements and do not indicate whether these companies carry large amounts of robocall traffic. Each company will be given "an opportunity to cure any deficiencies in its robocall mitigation program description or explain why its certification is not deficient." After the October 30 deadline, the companies could be removed from the FCC's Robocall Mitigation Database.

Removal from the database would oblige other phone companies to block all of their calls.

Google plans to make it harder for spammers to send messages to Gmail users. From a report: The company said it will require emailers who send more than 5,000 messages per day to Gmail users to offer a one-click unsubscribe button in their messages. It will also require them to authenticate their email address, configuring their systems so they prove they own their domain name and aren't spoofing IP addresses. Alphabet-owned Google says it may not deliver messages from senders whose emails are frequently marked as spam and fall under a "clear spam rate threshold" of 0.3% of messages sent, as measured by Google's Postmaster Tools.

Google says it has signed up Yahoo to make the same changes, and they'll come into effect in February 2024. The moves highlight the ongoing fight between big tech companies and spammers who use open systems such as email to send fraudulent messages and annoy users. For years, machine learning techniques have been used to fight spam, but it remains a back-and-forth battle as spammers discover new techniques to get past filters.

An anonymous reader quotes a report from Ars Technica: A federal judge yesterday granted Google's motion to dismiss a lawsuit filed by the Republican National Committee (RNC), which claims that Google intentionally used Gmail's spam filter to suppress Republicans' fundraising emails. An order (PDF) dismissing the lawsuit was issued yesterday by US District Judge Daniel Calabretta. The RNC is seeking "recovery for donations it allegedly lost as a result of its emails not being delivered to its supporters' inboxes," Calabretta noted. But Google correctly argued that the lawsuit claims are barred by Section 230 of the Communications Decency Act, the judge wrote. The RNC lawsuit was filed in October 2022 in US District Court for the Eastern District of California.

"While it is a close case, the Court concludes that... the RNC has not sufficiently pled that Google acted in bad faith in filtering the RNC's messages into Gmail users' spam folders, and that doing so was protected by Section 230. On the merits, the Court concludes that each of the RNC's claims fail as a matter of law for the reasons described below," he wrote. Calabretta, a Biden appointee, called it "concerning that Gmail's spam filter has a disparate impact on the emails of one political party, and that Google is aware of and has not yet been able to correct this bias." But he noted that "other large email providers have exhibited some sort of political bias" and that if Google did not filter spam, it would harm its users by subjecting them "to harmful malware or harassing messages. On the whole, Google's spam filter, though in this instance imperfect, is not morally blameworthy."

The RNC was given leave to amend another claim that alleged intentional interference with prospective economic relations under California law. The judge dismissed the claim as follows: "The RNC argues that Google's conduct was independently wrongful because '(1) it is political discrimination against the RNC, (2) it is dishonest to Google's users and the public, and (3) Google repeatedly lied about it.' As established above, political discrimination is not prohibited by California anti-discrimination laws and so Google's alleged discrimination would not be unlawful. The latter two reasons do not provide a 'determinable legal standard' under which the Court could find the conduct wrongful; they rest on a 'nebulous' theory of wrongfulness which other courts have rejected." The RNC "has failed to establish that Defendant's alleged interference constituted a separate, independently 'wrongful act' that would be an appropriate predicate offense" but "will be granted leave to amend this claim to establish that Defendant's conduct was unlawful by some legal measure," Calabretta wrote. Google said in a statement: "We welcome the Court's finding that there are no plausible allegations that Gmail's spam filters discriminate for political purposes. We will continue investing in spam-filtering technologies that protect people from unwanted emails while still allowing senders to reach the inboxes of users who want their messages."

Remember when your email address came from your ISP?

Now the cost for small companies to offer email service "has gone up in server and administration costs," reports the Guardian, "without the economies of scale." But in Australia, this has created a problem for people like the Canberra-based customer of iiNet who's had the same email address since the 1990s... TPG — which owns brands that have historically offered email including iiNet all the way back to OzEmail — informed customers in July that it would migrate their email to a separate private service, the Messaging Company, by the end of November. Users will keep their exisiting email addresses on this service, and would get it free for the first year. After that, there will be options of paying for a service, or an ad-based free service after that. The amount to be charged from next year has not yet been decided.

The announcement was met with outrage among users of the long-running web forum Whirlpool. "It's a shitty move. My wife has never set up a Gmail or Yahoo and only ever used her iiNet email address for her business as well as personal. This screws us royally," one user said.

"Us oldies couldn't start out using Gmail etc because they weren't in existence 25 years ago," another said.

"It's a nightmare trying to change logins at many places...."

The other factor is the increasing security risk. Legacy systems, particularly those managed under a variety of absorbed companies, as with TPG, can over time become more at risk of a cybersecurity attack or breach. External providers who offer this service either in place of, or on behalf of the internet service provider are becoming seen as the more secure option....

The Australian Communications Consumer Action Network chief executive, Andrew Williams, says that ultimately internet providers getting out of the email game is a good thing because it means customers don't feel locked into one internet company...

With the rise in data breaches, and the avalanche of spam and scams, the shift offers people the opportunity of a clean email slate, according to Andrew Williams, of the Australian Communications Consumer Action Network.

A Bloomberg investigative reporter wrote a new book titled Number Go Up: Inside Crypto's Wild Rise and Staggering Fall. This week Bloomberg published an excerpt that begins when the reporter received a flirtatious text message from a woman named Vicky Ho for a scam that's called "pig butchering".

"Vicky's random text had found its way to pretty much exactly the wrong target. I'd been investigating the crypto bubble for more than a year..." After a day, Vicky revealed her true love language: Bitcoin price data. She started sending me charts. She told me she'd figured out how to predict market fluctuations and make quick gains of 20% or more. The screenshots she shared showed that during that week alone she'd made $18,600 on one trade, $4,320 on another and $3,600 on a third... For days, she went on chatting without asking for me to send any money. I was supposed to be the mark, but I had to work her to con me.... Vicky sent me a link to download an app called ZBXS. It looked pretty much like other crypto-exchange apps. "New safe and stable trading market," a banner read at the top. Then Vicky gave me some instructions. They involved buying one cryptocurrency using another crypto-exchange app, then transferring the crypto to ZBXS's deposit address on the blockchain, a 42-character string of letters and numbers...

People around the world really were losing huge sums of money to the con. A project finance lawyer in Boston with terminal cancer handed over $2.5 million. A divorced mother of three in St. Louis was defrauded of $5 million. And the victims I spoke to all told me they'd been told to use Tether, the same coin Vicky suggested to me. Rich Sanders, the lead investigator at CipherBlade, a crypto-tracing firm, said that at least $10 billion had been lost to crypto romance scams.

The huge sums involved weren't the most shocking part. I learned that whoever was posing as Vicky was likely a victim as well — of human trafficking. Most "pig-butchering" operations were orchestrated by Chinese gangsters based in Cambodia or Myanmar. They'd lure young people from across Southeast Asia to move abroad with the promise of well-paying jobs in customer service or online gambling. Then, when the workers arrived, they'd be held captive and forced into a criminal racket. Thousands have been tricked this way. Entire office towers are filled with floor after floor of people sending spam messages around the clock, under threat of torture or death.

With the assistance of translators, I started video chatting with people who'd escaped...

I'd heard that [southwestern Cambodia's giant building complex] Chinatown alone held as many as 6,000 captive workers like "Vicky Ho."
Two of the workers interviewed "said they'd seen workers murdered." And another worker said Tether was used specifically because "It's more safe. We are afraid people will track us... It's untraceable."

The reporter's conclusion? "It was hard to see how this slave complex could exist without cryptocurrency."

Friday Microsoft told Bleeping Computer "that they have fixed the issue and Hotmail should no longer fail SPF checks."

But earlier in the day the site reported that "Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record." The email issues began late Thursday night, with users and admins reporting on Reddit, Twitter, and Microsoft forums that their Hotmail emails were failing due to SPF validation errors... The Sender Policy Framework (SPF) is an email security feature that reduces spam and prevents threat actors from spoofing domains in phishing attacks... When a mail server receives an email, it will verify that the hostname/IP address for the sending email servers is part of a domain's SPF record, and if it is, allows the email to be delivered as usual...

After analyzing what was causing email delivery errors, admins noted that Microsoft removed the 'include:spf.protection.outlook.com' record from hotmail.com's SPF record.
Thanks to long-time Slashdot reader Archangel Michaelfor sharing the news.

YouTube knows that it has a spam problem, particularly when it comes to its two-year-old Shorts feature. In an attempt to do something about it, the streamer has announced it's deactivating links in Shorts descriptions, comments and the vertical live feed. From a report: YouTube is also taking away the ability to click on social media icons on any desktop channel banners. The new changes will start to roll out on August 31st. Though YouTube claims it won't continue its "unclickable" crusade, but it adds, "Because abuse tactics evolve quickly, we have to take preventative measures to make it harder for scammers and spammers to mislead or scam users via links."

At the same time, YouTube is adding new links on creators' channels, with a big clickable link appearing by the Subscribe button starting August 23rd. The link can bring users to anything from merchandise sites to social media accounts. The platform also recently introduced more creator tools for Shorts, like voiceovers. However, it won't be until at least the end of September that the streamer introduces "safer" ways to guide people from their Shorts back to the rest of their content.

Leaving a Ubisoft account inactive for too long "apparently puts it at risk of permanent deletion," writes PC Gamer, calling the policy "a customer-unfriendly practice." A piracy and anti-DRM focused Twitter account, PC_enjoyer, recently shared a screenshot of a Ubisoft support email telling the user that their Ubisoft account had been suspended for "inactivity," and would be "permanently closed" after 30 days. The email provided a link to cancel the move. Now, that sounds like a phishing scam, right? I and many commenters wondered that, looking at the original post, but less than a day later, Ubisoft's verified support account responded to the tweet, seemingly confirming the screenshotted email's legitimacy.

"You can avoid the account closure by logging into your account within the 30 days (since receiving the email pictured) and selecting the Cancel Account Closure link contained in the email," Ubisoft Support wrote. "We certainly do not want you to lose access to your games or account so if you have any difficulties logging in then please create a support case with us."

I was unable to find anything regarding account closure for inactivity in Ubisoft's US terms of use or its end user licence agreement, but the company does reserve the right to suspend or end services at any time. Ubisoft has a support page titled "Closure of inactive Ubisoft accounts." The page first describes instances where the service clashes with local data privacy laws, then reads: "We may also close long-term inactive accounts to maintain our database. You will be notified by email if we begin the process of closing your inactive account."

This page links to another dedicated to voluntarily closing one's Ubisoft account, and seems to operate by the same rules: a 30-day suspension before permanent deletion. "As we will be unable to recover the account once it has been closed, we strongly recommend only putting in the request if you are absolutely sure you would like to close your account."
"If you have a good spam filter or just reasonably assume it's a phishing attempt, then you might one day try your old games and find they're just gone," worries long-time Slashdot reader Baron_Yam. "If you're someone who still plays games from decades ago every so often, this is a scenario you might want to think about."

The site Eurogamer reports that when a Twitter user complained that "I lost my Ubisoft account, and all the Ubisoft Steam game[s] I've bought are now useless", Ubisoft Support "responded to say that players can raise a ticket if they would like to recover their account."

The original tweet now includes this "reader-added context" supplied by other Twitter users — along with three informative links: For added context, Ubisoft can be required under certain data protection laws, such as the GDPR, to close inactive accounts if they deem the data no longer necessary for collection.

Ubisoft has claimed they don't close accounts that are inactive for less than 4 years.

Earlier this week, Meta announced it has teamed up with Microsoft to launch Llama 2, its "open-source" large language model (LLM) that uses artificial intelligence to generate text, images, and code. In an opinion piece for The Register, long-time ZDNet contributor and technology analyst, Steven J. Vaughan-Nichols, writes: "Meta is simply open source washing an open but ultimately proprietary LLM." From the report: As Amanda Brock, CEO of OpenUK, said, it's "not an OSI approved license but a significant release of Open Technology ... This is a step to moving AI from the hands of the few to the many, democratizing technology and building trust in its use and future through transparency." And for many developers, that may be enough. [...] But the devil is in the details when it comes to open source. And there, Meta, with its Llama 2 Community License Agreement, falls on its face. As The Register noted earlier, the community agreement forbids the use of Llama 2 to train other language models; and if the technology is used in an app or service with more than 700 million monthly users, a special license is required from Meta. Stefano Maffulli, the OSI's executive director, explained: "While I'm happy that Meta is pushing the bar of available access to powerful AI systems, I'm concerned about the confusion by some who celebrate LLaMa 2 as being open source: if it were, it wouldn't have any restrictions on commercial use (points 5 and 6 of the Open Source Definition). As it is, the terms Meta has applied only allow some commercial use. The keyword is some."

Maffulli then dove in deeper. "Open source means that developers and users are able to decide for themselves how and where to use the technology without the need to engage with another party; they have sovereignty over the technology they use. When read superficially, Llama's license says, 'You can't use this if you're Amazon, Google, Microsoft, Bytedance, Alibaba, or your startup grows as big.' It may sound like a reasonable clause, but it also implicitly says, 'You need to ask us for permission to create a tool that may solve world hunger' or anything big like that." Stephen O'Grady, open source licensing expert and RedMonk co-founder, explained it like this: "Imagine if Linux was open source unless you worked at Facebook." Exactly. Maffulli concluded: "That's why open source has never put restrictions on the field of use: you can't know beforehand what can happen in the future, good or bad."

The OSI isn't the only open-source-savvy group that's minding the Llama 2 license. Karen Sadler, lawyer and executive director at the Software Freedom Conservancy, dug into the license's language and found that "the Additional Commercial Terms in section 2 of the license agreement, which is a limitation on the number of users, makes it non-free and not open source." To Sadler, "it looks like Meta is trying to push a license that has some trappings of an open source license but, in fact, has the opposite result. Additionally, the Acceptable Use Policy, which the license requires adherence to, lists prohibited behaviors that are very expansively written and could be very subjectively applied -- if you send out a mass email, could it be considered spam? If there's reasonably critical material published, would it be considered defamatory?" Last, but far from least, she "didn't notice any public drafting or comment process for this license, which is necessary for any serious effort to introduce a new license."