An anonymous reader quotes a report from The New York Times: There's a big debate in the tech world over whether artificial intelligence models should be "open source." Elon Musk, who helped found OpenAI in 2015, sued the startup and its chief executive, Sam Altman, on claims that the company had diverged from its mission of openness. The Biden administration is investigating the risks and benefits of open source models. Proponents of open source A.I. models say they're more equitable and safer for society, while detractors say they are more likely to be abused for malicious intent. One big hiccup in the debate? There's no agreed-upon definition of what open source A.I. actually means. And some are accusing A.I. companies of "openwashing" -- using the "open source" term disingenuously to make themselves look good. (Accusations of openwashing have previously been aimed at coding projects that used the open source label too loosely.)

In a blog post on Open Future, a European think tank supporting open sourcing, Alek Tarkowski wrote, "As the rules get written, one challenge is building sufficient guardrails against corporations' attempts at 'openwashing.'" Last month the Linux Foundation, a nonprofit that supports open-source software projects, cautioned that "this 'openwashing' trend threatens to undermine the very premise of openness -- the free sharing of knowledge to enable inspection, replication and collective advancement." Organizations that apply the label to their models may be taking very different approaches to openness. [...]

The main reason is that while open source software allows anyone to replicate or modify it, building an A.I. model requires much more than code. Only a handful of companies can fund the computing power and data curation required. That's why some experts say labeling any A.I. as "open source" is at best misleading and at worst a marketing tool. "Even maximally open A.I. systems do not allow open access to the resources necessary to 'democratize' access to A.I., or enable full scrutiny," said David Gray Widder, a postdoctoral fellow at Cornell Tech who has studied use of the "open source" label by A.I. companies.

In what's marked as an EU first, the French government has blocked TikTok in its territory of New Caledonia amid widespread pro-independence protests. Politico reports: A French draft law, passed Monday, would let citizens vote in local elections after 10 years' residency in New Caledonia, prompting opposition from independence activists worried it will dilute the representation of indigenous people. The violent demonstrations that have ensued in the South Pacific island of 270,000 have killed at least five people and injured hundreds. In response to the protests, the government suspended the popular video-sharing app -- owned by Beijing-based ByteDance and favored by young people -- as part of state-of-emergency measures alongside the deployment of troops and an initial 12-day curfew.

French Prime Minister Gabriel Attal didn't detail the reasons for shutting down the platform. The local telecom regulator began blocking the app earlier on Wednesday. "It is regrettable that an administrative decision to suspend TikTok's service has been taken on the territory of New Caledonia, without any questions or requests to remove content from the New Caledonian authorities or the French government," a TikTok spokesperson said. "Our security teams are monitoring the situation very closely and ensuring that our platform remains safe for our users. We are ready to engage in discussions with the authorities."

Digital rights NGO Quadrature du Net on Friday contested the TikTok suspension with France's top administrative court over a "particularly serious blow to freedom of expression online." A growing number of authoritarian regimes worldwide have resorted to internet shutdowns to stifle dissent. This unexpected -- and drastic -- decision by France's center-right government comes amid a rise in far-right activism in Europe and a regression on media freedom. "France's overreach establishes a dangerous precedent across the globe. It could reinforce the abuse of internet shutdowns, which includes arbitrary blocking of online platforms by governments around the world," said Eliska Pirkova, global freedom of expression lead at Access Now.

Apple's grudging accommodation of European law -- allowing third-party browser engines on its mobile devices -- apparently comes with a restriction that makes it difficult to develop and support third-party browser engines for the region. From a report: The Register has learned from those involved in the browser trade that Apple has limited the development and testing of third-party browser engines to devices physically located in the EU. That requirement adds an additional barrier to anyone planning to develop and support a browser with an alternative engine in the EU.

It effectively geofences the development team. Browser-makers whose dev teams are located in the US will only be able to work on simulators. While some testing can be done in a simulator, there's no substitute for testing on device -- which means developers will have to work within Apple's prescribed geographical boundary. Prior to iOS 17.4, Apple required all web browsers on iOS or iPadOS to use Apple's WebKit rendering engine. Alternatives like Gecko (used by Mozilla Firefox) or Blink (used by Google and other Chromium-based browsers) were not permitted. Whatever brand of browser you thought you were using on your iPhone, under the hood it was basically Safari. Browser makers have objected to this for years, because it limits competitive differentiation and reduces the incentive for Apple owners to use non-Safari browsers.

Volkswagen has walked away from talks with Renault to jointly develop an affordable electric version of the Twingo car, Reuters reported Friday, citing sources familiar with the situation, in a setback for the EU carmakers' efforts to fend off Chinese rivals. From the report: The collapse of negotiations could mean the German carmaker may have to go it alone in developing its own affordable electric vehicle (EV). Renault will continue designing its electric Twingo, scheduled to hit the market in 2026. Both had hoped that sharing the work would cut costs that represent a key hurdle for European carmakers in the face of cheaper cars from China.

Volkswagen broke off discussions mainly because Renault had wanted to build the car in one of its plants at a time when VW is seeking to fully utilise its European production network, one of the sources said.

An anonymous reader quotes a report from TechCrunch: Facebook and Instagram are under formal investigation in the European Union over child protection concerns, the Commission announced Thursday. The proceedings follow a raft of requests for information to parent entity Meta since the bloc's online governance regime, the Digital Services Act (DSA), started applying last August. The development could be significant as the formal proceedings unlock additional investigatory powers for EU enforcers, such as the ability to conduct office inspections or apply interim measures. Penalties for any confirmed breaches of the DSA could reach up to 6% of Meta's global annual turnover.

Meta's two social networks are designated as very large online platforms (VLOPs) under the DSA. This means the company faces an extra set of rules -- overseen by the EU directly -- requiring it to assess and mitigate systemic risks on Facebook and Instagram, including in areas like minors' mental health. In a briefing with journalists, senior Commission officials said they suspect Meta of failing to properly assess and mitigate risks affecting children. They particularly highlighted concerns about addictive design on its social networks, and what they referred to as a "rabbit hole effect," where a minor watching one video may be pushed to view more similar content as a result of the platforms' algorithmic content recommendation engines.

Commission officials gave examples of depression content, or content that promotes an unhealthy body image, as types of content that could have negative impacts on minors' mental health. They are also concerned that the age assurance methods Meta uses may be too easy for kids to circumvent. "One of the underlying questions of all of these grievances is how can we be sure who accesses the service and how effective are the age gates -- particularly for avoiding that underage users access the service," said a senior Commission official briefing press today on background. "This is part of our investigation now to check the effectiveness of the measures that Meta has put in place in this regard as well." In all, the EU suspects Meta of infringing DSA Articles 28, 34, and 35. The Commission will now carry out an in-depth investigation of the two platforms' approach to child protection.

The European Commission is set to issue new antitrust charges [non-paywalled link] against Microsoft over concerns that the tech giant is undermining competitors to its videoconferencing app Teams, according to FT. The move comes after Microsoft offered concessions last month, including a global plan to unbundle Teams from other software such as Office, in an attempt to avoid regulatory action.

The EU officials remain concerned that the company's efforts do not sufficiently ensure fairness in the market, the newspaper said. Rivals worry that Microsoft will make Teams run more compatibly with its own software compared to competitor apps, and that the lack of data portability makes it difficult for existing Teams users to switch to alternatives. The case, which originated from a formal complaint submitted by Slack (now owned by Salesforce) in 2020, is now escalating with the Commission's impending formal charge sheet against Microsoft.

An anonymous reader quotes a report from The Guardian: Oil and gas equipment intended to cut methane emissions is preventing scientists from accurately detecting greenhouse gases and pollutants, a satellite image investigation has revealed. Energy companies operating in countries such as the US, UK, Germany and Norway appear to have installed technology that could stop researchers from identifying methane, carbon dioxide emissions and pollutants at industrial facilities involved in the disposal of unprofitable natural gas, known in the industry as flaring. Flares are used by fossil fuel companies when capturing the natural gas would cost more than they can make by selling it. They release carbon dioxide and toxic pollutants when they burn as well as cancer-causing chemicals. Despite the health risks, regulators sometimes prefer flaring to releasing natural gas -- which is 90% methane -- directly into the atmosphere, known as "venting".

The World Bank, alongside the EU and other regulators, have been using satellites for years to find and document gas flares, asking energy companies to find ways of capturing the gas instead of burning or venting it. The bank set up the Zero Routine Flaring 2030 initiative at the Paris climate conference to eradicate unnecessary flaring, and its latest report stated that flaring decreased by 3% globally from 2021 to 2022. But since the initiative, "enclosed combustors" have begun appearing in the same countries that promised to end flaring. Experts say enclosed combustors are functionally the same as flares, except the flame is hidden. Tim Doty, a former regulator at the Texas Commission on Environmental Quality, said: "Enclosed combustors are basically a flare with an internal flare tip that you don't see. Enclosed flaring is still flaring. It's just different infrastructure that they're allowing.

"Enclosed flaring is, in truth, probably less efficient than a typical flare. It's better than venting, but going from a flare to an enclosed flare or a vapor combustor is not an improvement in reducing emissions." The only method of detecting flaring globally is by using satellite-mounted tools called Visible Infrared Imaging Radiometer Suite of detectors (VIIRS), which find flares by comparing heat signatures with bright spots of light visible from space. But when researchers tried to replicate the database, they saw that the satellites were not picking up the enclosed flares. Without the satellite data, countries were forced to rely mostly on self-disclosed reporting from oil and gas companies, researchers said. Environmentalists fear the research community's ability to understand pollution and greenhouse gas emissions from the energy sector could be jeopardized.

An anonymous reader shares a report: Relations between Russia and Germany were already tense, with Germany providing military support to Ukraine in its ongoing war with Russia. German Foreign Minister Annalena Baerbock said Russian state hackers were behind a cyberattack last year that targeted the Social Democrats, the leading party in the governing coalition. "Russian state hackers attacked Germany in cyberspace," she said at a news conference in the Australian city of Adelaide. "We can attribute this attack to the group called APT28, which is steered by the military intelligence service of Russia."

"This is absolutely intolerable and unacceptable and will have consequences," she said. The Russian Embassy in Germany on Friday denied Moscow was involved in a 2023 cyberattack. In a statement the embassy said its envoy "categorically rejected the accusations that Russian state structures were involved in the given incident ... as unsubstantiated and groundless." The Council of the EU later said that Czechia's institutions have also been a target of the cyber campaign. In a statement by the EU's top diplomat, Josep Borrell, the bloc's nations said they "strongly condemn the malicious cyber campaign conducted by the Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia." Further reading: EU and NATO Condemn Russian Cyber Attacks Against Germany and Czechia.

Apple is tweaking how it applies a new fee that can apply to iOS developers in the European Union as it continues to configure its approach to the bloc's Digital Markets Act (DMA): Developers of free apps will be able to avoid the fee entirely under changes it announced Thursday, which apply from today, while other developers earning under a certain revenue threshold will get longer before they have to pay Apple the fee. From a report: The so-called "core technology fee" remains opt in for iOS developers in the region, as Apple continues to offer its standard business terms, but those wanting to take up new entitlements the DMA has required Apple to offer -- such as allowing sideloading of apps, third party app stores, and support for alternative payment tech than Apple's own -- must agree to the set of business terms that include the CTF (as Apple calls it).

The fee remains under scrutiny in the region where the Commission, which enforces the DMA on Apple and other gatekeepers -- and opened its first investigations including on Apple in March -- is actively exploring whether the mechanism is enabling the iPhone maker to avoid its obligations to open up the App Store to competition, such as from third party app stores. But so far the EU hasn't prevented Apple from charging a fee.

Maciej Pocwierz, a senior software engineer Semantive, writing on Medium: A few weeks ago, I began working on the PoC of a document indexing system for my client. I created a single S3 bucket in the eu-west-1 region and uploaded some files there for testing. Two days later, I checked my AWS billing page, primarily to make sure that what I was doing was well within the free-tier limits. Apparently, it wasn't. My bill was over $1,300, with the billing console showing nearly 100,000,000 S3 PUT requests executed within just one day! By default, AWS doesn't log requests executed against your S3 buckets. However, such logs can be enabled using AWS CloudTrail or S3 Server Access Logging. After enabling CloudTrail logs, I immediately observed thousands of write requests originating from multiple accounts or entirely outside of AWS.

Was it some kind of DDoS-like attack against my account? Against AWS? As it turns out, one of the popular open-source tools had a default configuration to store their backups in S3. And, as a placeholder for a bucket name, they used... the same name that I used for my bucket. This meant that every deployment of this tool with default configuration values attempted to store its backups in my S3 bucket! So, a horde of misconfigured systems is attempting to store their data in my private S3 bucket. But why should I be the one paying for this mistake? Here's why: S3 charges you for unauthorized incoming requests. This was confirmed in my exchange with AWS support. As they wrote: "Yes, S3 charges for unauthorized requests (4xx) as well[1]. That's expected behavior." So, if I were to open my terminal now and type: aws s3 cp ./file.txt s3://your-bucket-name/random_key. I would receive an AccessDenied error, but you would be the one to pay for that request. And I don't even need an AWS account to do so.

Another question was bugging me: why was over half of my bill coming from the us-east-1 region? I didn't have a single bucket there! The answer to that is that the S3 requests without a specified region default to us-east-1 and are redirected as needed. And the bucket's owner pays extra for that redirected request. The security aspect: We now understand why my S3 bucket was bombarded with millions of requests and why I ended up with a huge S3 bill. At that point, I had one more idea I wanted to explore. If all those misconfigured systems were attempting to back up their data into my S3 bucket, why not just let them do so? I opened my bucket for public writes and collected over 10GB of data within less than 30 seconds. Of course, I can't disclose whose data it was. But it left me amazed at how an innocent configuration oversight could lead to a dangerous data leak! Lesson 1: Anyone who knows the name of any of your S3 buckets can ramp up your AWS bill as they like. Other than deleting the bucket, there's nothing you can do to prevent it. You can't protect your bucket with services like CloudFront or WAF when it's being accessed directly through the S3 API. Standard S3 PUT requests are priced at just $0.005 per 1,000 requests, but a single machine can easily execute thousands of such requests per second.

Jules Roscoe reports via 404 Media: Russia has replaced Wikipedia with a state-sponsored encyclopedia that is a clone of the original Russian Wikipedia but which conveniently has been edited to omit things that could cast the Russian government in poor light. Real Russian Wikipedia editors used to refer to the real Wikipedia as Ruwiki; the new one is called Ruviki, has "ruwiki" in its url, and has copied all Russian-language Wikipedia articles and strictly edited them to comply with Russian laws. The new articles exclude mentions of "foreign agents," the Russian government's designation for any person or entity which expresses opinions about the government and is supported, financially or otherwise, by an outside nation. [...]

Wikimedia RU, the Russian-language chapter of the non-profit that runs Wikipedia, was forced to shut down in late 2023 amid political pressure due to the Ukraine war. Vladimir Medeyko, the former head of the chapter who now runs Ruviki, told Novaya Gazeta Europe in July that he believed Wikipedia had problems with "reliability and neutrality." Medeyko first announced the project to copy and censor the 1.9 million Russian-language Wikipedia articles in June. The goal, he said at the time, was to edit them so that the information would be "trustworthy" as a source for all Russian users. Independent outlet Bumaga reported in August that around 110 articles about the war in Ukraine were missing in full, while others were severely edited. Ruviki also excludes articles about reports of torture in prisons and scandals of Russian government representatives. [...]

Graphic designer Constantine Konovalov calculated the number of characters changed between Wikipedia RU and Ruviki articles on the same topics, and found that there were 205,000 changes in articles about freedom of speech; 158,000 changes in articles about human rights; 96,000 changes in articles about political prisoners; and 71,000 changes in articles about censorship in Russia. He wrote in a post on X that the censorship was "straight out of a 1984 novel." Interestingly, the Ruviki article about George Orwell's 1984 entirely omits the Ministry of Truth, which is the novel's main propaganda outlet concerned with governing "truth" in the country.

As reported by Bloomberg (paywalled), Apple's iPadOS will need to abide by EU's DMA rules, as it is now designated as a gatekeeper alongside the Safari web browser, iOS operating system and the App Store. "Apple now has six months to ensure full compliance of iPadOS with the DMA obligations," reads the EU's blog post about the change. Engadget reports: What does Apple have to do to ensure iPadOS compliance? According to the DMA, gatekeepers are prohibited from favoring their own services over rivals and from locking users into the ecosystem. The software must also allow third parties to interoperate with internal services, which is why third-party app stores are becoming a thing on iPhones in Europe. The iPad, presumably, will soon follow suit. In other words, the DMA is lobbing some serious stink bombs into Apple's walled garden. In a statement published by Forbes, Apple said it "will continue to constructively engage with the European Commission" to ensure its designated services comply with the DMA, including iPadOS. "iPadOS constitutes an important gateway on which many companies rely to reach their customers," wrote Margrethe Vestager, Executive Vice-President in charge of competition policy at the European Commission. "Today's decision will ensure that fairness and contestability are preserved also on this platform."

What happened after India banned TikTok? The move "mostly drew widespread support" notes the Associated Press, in a country "where protesters had been calling for a boycott of Chinese goods since the deadly confrontation in the remote Karakoram mountain border region." "There was a clamour leading up to this, and the popular narrative was how can we allow Chinese companies to do business in India when we're in the middle of a military standoff," said Nikhil Pahwa, a digital policy expert and founder of tech website MediaNama. Just months before the ban, India had also restricted investment from Chinese companies, Pahwa added. "TikTok wasn't a one-off case. Today, India has banned over 500 Chinese apps to date."

At the time, India had about 200 million TikTok users. And the company also employed thousands of Indians.

TikTok users and content creators, however, needed a place to go — and the ban provided a multi-billion dollar opportunity to snatch up a big market. Within months, Google rolled out YouTube Shorts and Instagram pushed out its Reels feature. Both mimicked the short-form video creation that TikTok had excelled at. "And they ended up capturing most of the market that TikTok had vacated," said Pahwa.
TikTok is also banned in Nepal and Somalia, according to Mashable, and the Associaterd Press adds that it's now also banned in Pakistan, Nepal and Afghanistan "and restricted in many countries in Europe."

Their article concludes that "for the most part, content creators and users in the four years since the ban have moved on to other platforms." They quote one frequent TikTok user as saying they just switched to Instagram after the ban, and "It wasn't really a big deal."

Tutao, known for the encrypted email service Tuta Mail, has filed a Digital Markets Act (DMA) complaint to the EU over an alleged de-ranking in Google Search. From a report: Google Search rankings are all too familiar to search engine optimization (SEO) specialists charged with ensuring web pages rise to the top of search results. In the case of Tutao's products -- Tuta Mail and Tuta Calendar -- all was going well until the beginning of March 2024, when the company claims tuta.com was abruptly de-ranked in Google Search. Rather than being displayed as a search result of thousands of keywords, the count dropped to the hundreds, the developer alleges.

Matthias Pfau, co-founder of Tuta Mail, said: "This reduction in Google Search took us by surprise as we did not change anything on our website during that time. We tried to reach out to Google about this issue, but were met with radio silence." Google denies the claims. It told The Reg: "Search ranking updates absolutely do not aim to preference Google products, or any other particular website. The email provider in question is easily accessible globally on Search. We appreciate the feedback and will look into how we can ensure Search continues to return the most helpful, relevant results."

Tuta Mail's Pfau claims a change in results mean that when a user searches for "encrypted email," Tuta's products no longer show up. However, he went on to allege that if you search for "Tuta" or "Tutanota," the company appears in the results.

Apple has rejected Spotify's new version of its iOS app with in-app pricing information for users in the European Union, the audio streaming firm said on Thursday. Reuters: The Swedish company submitted a new version of its app to Apple with basic pricing and website information, which is a minimum requirement under the European Commission's ruling in its music streaming case, it said in a post on X on Wednesday. Spotify said the Cupertino, California based-Apple rejected its update in a response directly sent to the company.

"Apple has once again defied the European Commission's decision, rejecting our update for attempting to communicate with customers about our prices unless we pay Apple a new tax. Their disregard for consumers and developers is matched only by their disdain for the law," a spokesperson for Spotify said in a statement. In March, Brussels fined Apple with 1.84 billion euros ($1.97 billion) for thwarting competition from music streaming rivals via restrictions on its App Store, marking its first ever EU antitrust penalty, following a 2019 complaint from Spotify.

An anonymous reader quotes a report from The Register: Huawei plans to expand its native HarmonyOS smartphone platform worldwide, despite coming under US-led sanctions that have deprived it of access to key technologies. "We will work hard to build up the HarmonyOS app ecosystem in the China market first, then, from country to country, we will start gradually pushing it out to other parts of the world," Huawei's rotating chairman Erik Xu told attendees at its 21st Analyst Summit in Shenzhen last week. Part of this process will involve porting apps to HarmonyOS and encouraging other app developers to code for the platform.

"In the China market, Huawei smartphone users spend 99 percent of their time on about 5,000 apps. So we decided to spend 2024 porting these apps over to HarmonyOS first in our drive to truly unify the OS and the app ecosystem. We are also encouraging other apps to be ported over to HarmonyOS," Xu said. According to Huawei's rotating chairman, more than 4,000 of those apps are already in the process of being transferred, and the company is "communicating with developers" on the 1,000 or so apps that remain. "This is a massive undertaking, but we have broad support in the industry and from many app developers," he claimed. "Once we have these first 5,000 Android apps -- and thousands of other apps -- up and running on HarmonyOS, we will have a real HarmonyOS: a third mobile operating system for the world," Xu said. That number could reach up to 1 million apps in the future, he claimed. According to Counterpoint Research, HarmonyOS accounted for 4 percent of global market share in the fourth quarter of 2023, and exceeded 16 percent market share in China. That makes it the third largest mobile OS by handset sales, behind Android and iOS.

It remains to be seen whether there will be much of a market for HarmonyOS outside of China, given the current sanctions and sour US/EU-China relations.

The European Union has opened a second formal investigation into TikTok under its Digital Services Act (DSA), an online governance and content moderation framework. The investigation centers around TikTok Lite's "Task and Reward" feature that may harm mental health, especially among minors, by promoting addictive behavior. TechCrunch reports: The Commission also said it's minded to impose interim measures that could force the company to suspend access to the TikTok Lite app in the EU while it investigates concerns the app poses mental health risks to users. Although the EU has given TikTok until April 24 to argue against the measure -- meaning the app remains accessible for now. Penalties for confirmed violations of the DSA can reach up to 6% of global annual turnover. So ByeDance, TikTok's parent, could face hefty fines if EU enforcers do end up deciding it has broken the law.

The EU's first TikTok probe covers multiple issues including the protection of minors, advertising transparency, data access for researchers, and the risk management of addictive design and harmful content. Hence it said the latest investigation will specifically focus on TikTok Lite, a version of the video sharing platform which launched earlier this month in France and Spain and includes a mechanism that allows users to earn points for doing things like watching or liking videos. Points earned through TikTok Lite can be exchanged for things like Amazon gift vouchers or TikTok's own digital currency for gifting to creators. The Commission is worried this so-called "task and reward" feature could negatively impact the mental health of young users by "stimulating addictive behavior."

The EU wrote that the second probe will focus on TikTok's compliance with the DSA obligation to conduct and submit a risk assessment report prior to the launch of the "Task and Reward Lite" program, with a particular focus on negative effects on mental health, including minors' mental health. It also said it will look into measures taken by TikTok to mitigate those risks. In a press release announcing the action, the EU said ByeDance failed to produce a risk assessment about the feature which it had asked to see last week -- when it gave the company 24 hours to produce the document. Since it failed to submit the risk assessment paperwork on April 18 the Commission wrote that it suspects a "prima facie infringement of the DSA."

Scorching weather has baked Europe in more days of "extreme heat stress" than its scientists have ever seen. The Guardian: Heat-trapping pollutants that clog the atmosphere helped push temperatures in Europe last year to the highest or second-highest levels ever recorded, according to the EU's Earth-watching service Copernicus and the World Meteorological Organization (WMO). Europeans are suffering with unprecedented heat during the day and are stressed by uncomfortable warmth at night. The death rate from hot weather has risen 30% in Europe in two decades, the joint State of the Climate report from the two organisations found.

"The cost of climate action may seem high," said WMO secretary-general Celeste Saulo, "but the cost of inaction is much higher." The report found that temperatures across Europe were above average for 11 months of 2023, including the warmest September since records began. The hot and dry weather fuelled large fires that ravaged villages and spewed smoke that choked far-off cities. The blazes that firefighters battled were particularly fierce in drought-stricken southern countries such as Portugal, Spain and Italy. Greece was hit by the largest wildfire recorded in the EU, which burned 96,000 hectares of land, according to the report. Heavy rain also led to deadly floods. Europe was about 7% wetter in 2023 than the average over the last three decades, the report found, and one-third of its river network crossed the "high" flood threshold. One-sixth hit "severe" levels.

The EU's European Data Protection Board oversees its privacy-protecting GDPR policies.

Earlier this week, TechCrunch reported that nearly two dozen civil society groups and nonprofits wrote the Board an open letter "urging it not to endorse a strategy used by Meta that they say is intended to bypass the EU's privacy protections for commercial gain."

Meta's strategy is sometimes called "Pay or Okay," writes long-time Slashdot reader AmiMoJo : Meta offers users a choice: "consent" to tracking, or pay over €250/year to use its sites without invasive monetization of personal data.
Meta prefers the phrase "subsccription for no ads," and told TechCrunch it makes them compliant with EU laws: A raft of complaints have been filed against Meta's implementation of the pay-or-consent tactic since it launched the "no ads" subscription offer last fall. Additionally, in a notable step last month, the European Union opened a formal investigation into Meta's tactic, seeking to find whether it breaches obligations that apply to Facebook and Instagram under the competition-focused Digital Markets Act. That probe remains ongoing.
The letter to the Board called for "robust protections that prioritize data subjects' agency and control over their information." And Wednesday the board issued its first decision:

"[I]n most cases, it will not be possible for [social media services] to comply with the requirements for valid consent, if they confront users only with a choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee." The EDPB considers that offering only a paid alternative to services which involve the processing of personal data for behavioural advertising purposes should not be the default way forward for controllers. When developing alternatives, large online platforms should consider providing individuals with an 'equivalent alternative' that does not entail the payment of a fee. If controllers do opt to charge a fee for access to the 'equivalent alternative', they should give significant consideration to offering an additional alternative. This free alternative should be without behavioural advertising, e.g. with a form of advertising involving the processing of less or no personal data.
EDPB Chair, Anu Talus added: "Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy."

Adult content companies Pornhub, Stripchat and XVideos will have to do risk assessment reports and take measures to address systemic risks linked to their services to comply with new EU online content rules, the European Commission said on Friday. From a report: The three companies were designated as very large online platforms last December under the Digital Services Act (DSA) which requires them to do more to remove illegal and harmful content on their platforms. Pornhub and Stripchat will have to comply with these DSA obligations, among the strictest, on April 21 and XVideos on April 23, the EU executive said. "These specific obligations include submitting risk assessment reports to the Commission, putting in place mitigation measures to address systemic risks linked to the provision of their services," it said in a statement.