The European Union has opened a second formal investigation into TikTok under its Digital Services Act (DSA), an online governance and content moderation framework. The investigation centers around TikTok Lite's "Task and Reward" feature that may harm mental health, especially among minors, by promoting addictive behavior. TechCrunch reports: The Commission also said it's minded to impose interim measures that could force the company to suspend access to the TikTok Lite app in the EU while it investigates concerns the app poses mental health risks to users. Although the EU has given TikTok until April 24 to argue against the measure -- meaning the app remains accessible for now. Penalties for confirmed violations of the DSA can reach up to 6% of global annual turnover. So ByeDance, TikTok's parent, could face hefty fines if EU enforcers do end up deciding it has broken the law.

The EU's first TikTok probe covers multiple issues including the protection of minors, advertising transparency, data access for researchers, and the risk management of addictive design and harmful content. Hence it said the latest investigation will specifically focus on TikTok Lite, a version of the video sharing platform which launched earlier this month in France and Spain and includes a mechanism that allows users to earn points for doing things like watching or liking videos. Points earned through TikTok Lite can be exchanged for things like Amazon gift vouchers or TikTok's own digital currency for gifting to creators. The Commission is worried this so-called "task and reward" feature could negatively impact the mental health of young users by "stimulating addictive behavior."

The EU wrote that the second probe will focus on TikTok's compliance with the DSA obligation to conduct and submit a risk assessment report prior to the launch of the "Task and Reward Lite" program, with a particular focus on negative effects on mental health, including minors' mental health. It also said it will look into measures taken by TikTok to mitigate those risks. In a press release announcing the action, the EU said ByeDance failed to produce a risk assessment about the feature which it had asked to see last week -- when it gave the company 24 hours to produce the document. Since it failed to submit the risk assessment paperwork on April 18 the Commission wrote that it suspects a "prima facie infringement of the DSA."

A military court in Moscow on Monday sentenced Meta spokesperson Andy Stone to six years in prison for "publicly defending terrorism," a verdict handed down in absentia, RIA news agency reported. Reuters: Meta itself is designated an extremist organisation in Russia and its Facebook and Instagram social media platforms have been banned in the country since 2022 when Russia invaded Ukraine.

[...] Russia's interior ministry opened a criminal investigation into Stone late last year, without disclosing specific charges. RIA cited state investigators as saying Stone had published online comments that defended "aggressive, hostile and violent actions" towards Russian soldiers involved in what Moscow calls its "special military operation" in Ukraine.

The co-founder of Silicon Valley-based software testing startup HeadSpin was sentenced Friday to 18 months in prison and a $1 million fine, reports SFGate — for defrauding investors. Lachwani pleaded guilty to two counts of wire fraud and a count of securities fraud in April 2023, after federal prosecutors accused him of, for years, lying to investors about HeadSpin's finances to raise more money. HeadSpin, founded in 2015, grew to a $1.1 billion valuation by 2020 with over $115 million in funding from investors including Google Ventures and Iconiq Capital... He had personally altered invoices, lied to the company accountant and sent slide decks with fraudulent information to investors, [according to the government's 2021 criminal complaint]...

Breyer, per the New York Times, rejected Lachwani's lawyer's argument that because HeadSpin investors didn't end up losing money, he should receive a light sentence. The judge, who often oversees tech industry cases, reportedly said: "If you win, there are no serious consequences — that simply can't be the law." Still, the sentencing was far lighter than it could have been. The government's prosecuting attorneys had asked for a five-year prison term.
The New York Times reported in December that HeadSpin's financial statements had "often arrived months late, if at all, investors said in legal declarations," while the company's financial department "consisted of one external accountant who worked mostly from home using QuickBooks." And the comnpany also had no human resources department or organizational chart... After Manish Lachwani founded the Silicon Valley software start-up HeadSpin in 2015, he inflated the company's revenue numbers by nearly fourfold and falsely claimed that firms including Apple and American Express were customers. He showed a profit where there were losses. He used HeadSpin's cash to make risky trades on tech stocks. And he created fake invoices to cover it all up.

What was especially breathtaking was how easily Mr. Lachwani, now 48, pulled all that off... [HeadSpin] had no chief financial officer, had no human resources department and was never audited. Mr. Lachwani used that lack of oversight to paint a rosier picture of HeadSpin's growth. Even though its main investors knew the start-up's financials were not accurate, according to Mr. Lachwani's lawyers, they chose to invest anyway, eventually propelling HeadSpin to a $1.1 billion valuation in 2020. When the investors pushed Mr. Lachwani to add a chief financial officer and share more details about the company's finances, he simply brushed them off. These details emerged this month in filings in U.S. District Court for the Northern District of California after Mr. Lachwani had pleaded guilty to three counts of fraud in April...

The absence of controls at HeadSpin is part of an increasingly noticeable pattern at Silicon Valley start-ups that have run into trouble. Over the past decade, investors in tech start-ups were so eager to back hot companies that many often overlooked reckless behavior and gave up key controls like board seats, all in the service of fast growth and disruption. Then when founders took the ethos of "fake it till you make it" too far, their investors were often unaware or helpless...

Now, amid a start-up shakeout, more frauds have started coming to light. The founder of the college aid company Frank has been charged, the internet connectivity start-up Cloudbrink has been sued, and the social media app IRL has been investigated and sued. Last month, Mike Rothenberg, a Silicon Valley investor, was found guilty on 21 counts of fraud and money laundering. On Monday, Trevor Milton, founder of the electric vehicle company Nikola, was sentenced to four years in prison for lying about Nikola's technological capabilities.
The Times points out that similarly, FTX only had a three-person board "with barely any influence over the company, tracked its finances on QuickBooks and used a small, little-known accounting firm." And that Theranos had no financial audits for six years.

The EU's European Data Protection Board oversees its privacy-protecting GDPR policies.

Earlier this week, TechCrunch reported that nearly two dozen civil society groups and nonprofits wrote the Board an open letter "urging it not to endorse a strategy used by Meta that they say is intended to bypass the EU's privacy protections for commercial gain."

Meta's strategy is sometimes called "Pay or Okay," writes long-time Slashdot reader AmiMoJo : Meta offers users a choice: "consent" to tracking, or pay over €250/year to use its sites without invasive monetization of personal data.
Meta prefers the phrase "subsccription for no ads," and told TechCrunch it makes them compliant with EU laws: A raft of complaints have been filed against Meta's implementation of the pay-or-consent tactic since it launched the "no ads" subscription offer last fall. Additionally, in a notable step last month, the European Union opened a formal investigation into Meta's tactic, seeking to find whether it breaches obligations that apply to Facebook and Instagram under the competition-focused Digital Markets Act. That probe remains ongoing.
The letter to the Board called for "robust protections that prioritize data subjects' agency and control over their information." And Wednesday the board issued its first decision:

"[I]n most cases, it will not be possible for [social media services] to comply with the requirements for valid consent, if they confront users only with a choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee." The EDPB considers that offering only a paid alternative to services which involve the processing of personal data for behavioural advertising purposes should not be the default way forward for controllers. When developing alternatives, large online platforms should consider providing individuals with an 'equivalent alternative' that does not entail the payment of a fee. If controllers do opt to charge a fee for access to the 'equivalent alternative', they should give significant consideration to offering an additional alternative. This free alternative should be without behavioural advertising, e.g. with a form of advertising involving the processing of less or no personal data.
EDPB Chair, Anu Talus added: "Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy."

"Workers installing a light pole in Missouri cut into a fiber line," reports the Associated Press, knocking out 911 phone service "for emergency agencies in Nebraska, Nevada and South Dakota, an official with the company that operates the line said Thursday." In Kansas City, Missouri, workers installing a light pole for another company Wednesday cut into a Lumen Technologies fiber line, Lumen global issues director Mark Molzen said in an email to The Associated Press. Service was restored within 2 1/2 hours, he said. There were no reports of 911 outages in Kansas City...

The Dundy County Sheriff's Office in Nebraska warned in a social media post Wednesday night that 911 callers would receive a busy signal and urged people to instead call the administrative phone line. About three hours later, officials said mobile and landline 911 services had been restored. In Douglas County, home to Omaha and more than a quarter of Nebraska's residents, officials first learned there was a problem when calls from certain cellphone companies showed up in a system that maps calls but didn't go through over the phone. Operators started calling back anyone whose call didn't go through, and officials reached out to Lumen, which confirmed the outage. Service was restored by 4 a.m.

Kyle Kramer, the technical manager for Douglas County's 911 Center, said the outage highlights the potential problems of having so many calls go over the same network. "As things become more interconnected in our modern world, whether you're on a wireless device or a landline now, those are no longer going over the traditional old copper phone wires that may have different paths in different areas," Kramer said. "Large networks usually have some aggregation point, and those aggregation points can be a high risk."

Kramer said this incident and the two previous 911 outages he has seen in the past year in Omaha make him concerned that communications companies aren't building enough redundancy into their networks.
South Dakota officials called the state-wide outage "unprecedented," with their Department of Public Safety reporting the outage lasted two hours (though texting to 911 still worked in most locations — and of course, people could still call local emergency services using their non-emergency lines.) America's FCC has already begun an investigation.



The article notes that "The outages, ironically, occurred in the midst of National Public Safety Telecommunicators Week."

Thanks to long-time Slashdot reader davidwr for sharing the article.

The U.S. House of Representatives just passed its long-delayed Ukraine aid bill. But along with it they also approved a bill banning TikTok "if its Chinese owner does not sell the video app," according to NPR: While lawmakers in the House advanced a similar bill last month, this effort is different for two reasons: It is attached to a sweeping foreign aid bill providing support for Ukraine and Israel. And it addresses concerns from some members of the Senate by extending the deadline for TikTok to find a buyer. President Biden supports the effort. That means TikTok being forced to sell, or face a possible ban, is on the fast-track to becoming law. It would mark the first time ever the U.S. government has passed a law that could shut down an entire social media platform, setting the stage for what is expected to be a protracted legal battle... TikTok says it has built a firewall between its headquarters in Los Angeles and its parent company in Beijing, but some reports indicate U.S. user data does still move between the two.

While there has been no evidence made public that Chinese government officials have accessed Americans' information through TikTok, the idea that China has the theoretical ability to weaponize an app used by half of America has been enough to set off an all-out crackdown. In Saturday's vote, 360 Representatives voted in favor of the sell-or-be-banned TikTok bill, while just 58 voted against it.

An anonymous reader quotes a report from The Atlantic: In October 2003, Mark Zuckerberg created his first viral site: not Facebook, but FaceMash. Then a college freshman, he hacked into Harvard's online dorm directories, gathered a massive collection of students' headshots, and used them to create a website on which Harvard students could rate classmates by their attractiveness, literally and figuratively head-to-head. The site, a mean-spirited prank recounted in the opening scene of The Social Network, got so much traction so quickly that Harvard shut down his internet access within hours. The math that powered FaceMash -- and, by extension, set Zuckerberg on the path to building the world's dominant social-media empire -- was reportedly, of all things, a formula for ranking chess players: the Elo system.

Fundamentally, what an Elo rating does is predict the outcome of chess matches by assigning every player a number that fluctuates based purely on performance. If you beat a slightly higher-ranked player, your rating goes up a little, but if you beat a much higher-ranked player, your rating goes up a lot (and theirs, conversely, goes down a lot). The higher the rating, the more matches you should win. That is what Elo was designed for, at least. FaceMash and Zuckerberg aside, people have deployed Elo ratings for many sports -- soccer, football, basketball -- and for domains as varied as dating, finance, and primatology. If something can be turned into a competition, it has probably been Elo-ed. Somehow, a simple chess algorithm has become an all-purpose tool for rating everything. In other words, when it comes to the preferred way to rate things, Elo ratings have the highest Elo rating. [...]

Elo ratings don't inherently have anything to do with chess. They're based on a simple mathematical formula that works just as well for any one-on-one, zero-sum competition -- which is to say, pretty much all sports. In 1997, a statistician named Bob Runyan adapted the formula to rank national soccer teams -- a project so successful that FIFA eventually adopted an Elo system for its official rankings. Not long after, the statistician Jeff Sagarin applied Elo to rank NFL teams outside their official league standings. Things really took off when the new ESPN-owned version of Nate Silver's 538 launched in 2014 and began making Elo ratings for many different sports. Some sports proved trickier than others. NBA basketball in particular exposed some of the system's shortcomings, Neil Paine, a stats-focused sportswriter who used to work at 538, told me. It consistently underrated heavyweight teams, for example, in large part because it struggled to account for the meaninglessness of much of the regular season and the fact that either team might not be trying all that hard to win a given game. The system assumed uniform motivation across every team and every game. Pretty much anything, it turns out, can be framed as a one-on-one, zero-sum game. Arpad Emmerich Elo, creator of the Elo rating system, understood the limitations of his invention. "It is a measuring tool, not a device of reward or punishment," he once remarked. "It is a means to compare performances, assess relative strength, not a carrot waved before a rabbit, or a piece of candy given to a child for good behavior."

Google, once known for its unconventional approach to business, has taken a decisive step towards becoming a more traditional company by firing 28 employees who participated in protests against a $1.2 billion contract with the Israeli government. The move comes after sit-in demonstrations on Tuesday at Google offices in Silicon Valley and New York City, where employees opposed the company's support for Project Nimbus, a cloud computing contract they argue harms Palestinians in Gaza. Nine employees were arrested during the protests.

In a note to employees, CEO Sundar Pichai said, "We have a culture of vibrant, open discussion... But ultimately we are a workplace and our policies and expectations are clear: this is a business, and not a place to act in a way that disrupts coworkers or makes them feel unsafe, to attempt to use the company as a personal platform, or to fight over disruptive issues or debate politics."

Google also says that the Project Nimbus contract is "not directed at highly sensitive, classified, or military workloads relevant to weapons or intelligence services."

Axios adds: Google prided itself from its early days on creating a university-like atmosphere for the elite engineers it hired. Dissent was encouraged in the belief that open discourse fostered innovation. "A lot of Google is organized around the fact that people still think they're in college when they work here," then-CEO Eric Schmidt told "In the Plex" author Steven Levy in the 2000s.

What worked for an organization with a few thousand employees is harder to maintain among nearly 200,000 workers. Generational shifts in political and social expectations also mean that Google's leadership and its rank-and-file aren't always aligned.

China ordered Apple to remove some of the world's most popular chat messaging apps from its app store in the country, the latest example of censorship demands on the iPhone seller in the company's second-biggest market. WSJ: Meta's WhatsApp and Threads as well as messaging platforms Signal, Telegram and Line were taken off the Chinese App Store Friday [non-paywalled link]. Apple said it was told to remove certain apps because of national security concerns, without specifying which. "We are obligated to follow the laws in the countries where we operate, even when we disagree," an Apple spokesperson said in a statement.

These messaging apps, which allow users to exchange messages and share files individually and in big groups, combined have more than three billion users globally. They can only be accessed in China through virtual private networks that take users outside China's Great Firewall, but are still commonly used. Beijing has often viewed such platforms with caution, concerned that these apps could be used by its citizens to spread negative content and organize demonstrations or social movements. Much of the news China censors at home often makes it beyond the Great Firewall through such channels.

An anonymous reader quotes a report from Business Insider: If you think you've been seeing an awful lot more Reddit results lately when you search on Google, you're not imagining things. The internet is in upheaval, and for website owners the rules of "winning" Google Search have never been murkier. Google's generative AI search engine is coming from one direction. It's creeping closer to mainstream deployment and bringing an existential crisis for SEOs and website makers everywhere. Coming from the other direction is an influx of posts from Reddit, Quora, and other internet forums that have climbed up through the traditional set of Google links. Data analysis from Semrush, which predicts traffic based on search ranking, shows that traffic to Reddit has climbed at an impressive clip since August. Semrush estimated that Reddit had over 132 million visitors in August 2023. At the time of publishing, it was projected to have over 346 million visitors in April 2024.

None of this is accidental. For years, Google has been watching users tack on "Reddit" to the end of search queries and finally decided to do something about it. Google started dropping hints in 2022 when it promised to do a better job of promoting sites that weren't just chasing the top of search but were more helpful and human. Last August, Google rolled out a big update to Search that seemed to kick this into action. Reddit, Quora, and other forum sites started getting more visibility in Google, both within the traditional links and within a new "discussions and forums" section, which you may have spotted if you're US-based. The timing of this Reddit bump has led to some conspiracy theories. In February, Google and Reddit announced a blockbuster deal that would let Google train its AI models on Reddit content. Google said the deal, reportedly worth $60 million, would "facilitate more content-forward displays of Reddit information," leading to some speculation that Google promised Reddit better visibility in exchange for the valuable training data. A few weeks later, Reddit also went public.

Steve Paine, marketing manager at Sistrix, called the rise of Reddit "unprecedented." "There hasn't been a website that's grown so much search visibility so quickly in the US in at least the last five years," he told Business Insider. Right now, Reddit ranks high for product searches. Reddit's main competitors are Wikipedia, YouTube, and Fandom, Paine said, and it also competes in "high-value commercial searches," putting it up against Amazon. The "real competitors," he said, are the subreddits that compete with brands on the web. A Google spokesperson told Business Insider that the company is essentially just giving users what they want: "Our research has shown that people often want to learn from others' experiences with a topic, so we've continued to make it easier to find helpful perspectives on Search when it's relevant to a query. Our systems surface content from hundreds of forums and other communities across the web, and we conduct rigorous testing to ensure results are helpful and high quality."

An anonymous reader quotes a report from the New York Times: Consumers have grown accustomed to the prospect that their personal data, such as email addresses, social contacts, browsing history and genetic ancestry, are being collected and often resold by the apps and the digital services they use. With the advent of consumer neurotechnologies, the data being collected is becoming ever more intimate. One headband serves as a personal meditation coach by monitoring the user's brain activity. Another purports to help treat anxiety and symptoms of depression. Another reads and interprets brain signals while the user scrolls through dating apps, presumably to provide better matches. ("'Listen to your heart' is not enough," the manufacturer says on its website.) The companies behind such technologies have access to the records of the users' brain activity -- the electrical signals underlying our thoughts, feelings and intentions.

On Wednesday, Governor Jared Polis of Colorado signed a bill that, for the first time in the United States, tries to ensure that such data remains truly private. The new law, which passed by a 61-to-1 vote in the Colorado House and a 34-to-0 vote in the Senate, expands the definition of "sensitive data" in the state's current personal privacy law to include biological and "neural data" generated by the brain, the spinal cord and the network of nerves that relays messages throughout the body. "Everything that we are is within our mind," said Jared Genser, general counsel and co-founder of the Neurorights Foundation, a science group that advocated the bill's passage. "What we think and feel, and the ability to decode that from the human brain, couldn't be any more intrusive or personal to us." "We are really excited to have an actual bill signed into law that will protect people's biological and neurological data," said Representative Cathy Kipp, Democrat of Colorado, who introduced the bill.

TikTok has started testing its Instagram competitor, TikTok Notes, in Canada and Australia. TechCrunch reports: The company said on X that it is in the "early stage" of the app's rollout and that the app is "a dedicated space for photo and text content." "We hope that the TikTok community will use TikTok Notes to continue sharing their moments through photo posts. Whether documenting adventures, expressing creativity, or simply sharing snapshots of one's day, the TikTok Notes experience is designed for those who would like to share and engage through photo content," it said.

The company didn't say much about the app's features and functionality apart from the fact that users can log in with their existing TikTok account. Even the app's description in the app stores is pretty light on details. The screenshots on the App Store listing suggest that the posts will appear in two-column grids on the home page. The screenshots also indicate that you can post multiple photos through a carousel post.

Trump Media & Technology Group Corp., which has been called the "mother of all meme stocks" after it made its stock market debut in late March, announced that its Truth Social platform is moving to launch a live TV streaming platform. Following the news, shares of DJT closed more than 14% lower Tuesday. They ended trading Monday down by more than 18%. CNBC reports: The stock's price has dropped by a whopping 67.7% since Trump Media began trading as a public company on March 26, erasing more than $5 billion in market capitalization. Trump Media's majority shareholder is former President Donald Trump, who holds nearly 60% of its stock.

Earlier Tuesday, Trump Media in a press release said it "has finished the research and development phase of its new live TV streaming platform and will begin scaling up its own content delivery network." The company said it will roll out streaming content in three phases, the first of which will introduce Truth Social's content delivery network for streaming live TV to the app for Android, iOS and web. Phase two will release stand-alone Truth Social streaming apps for phones, tablets and other devices, while phase three will release such apps for home television, Trump Media said. "The streaming content is expected to focus on live TV including news networks, religious channels, family-friendly content including films and documentaries; and other content that has been cancelled, is at risk of cancellation, or is being suppressed on other platforms and services," Trump Media said in its release.

"We're excited to move forward with the next big phase for Truth Social," added CEO Devin Nunes in a statement. "With our streaming content, we aim to provide a permanent home for high-quality news and entertainment that face discrimination by other channels and content delivery service. There is a lot of great content that simply can't find an audience for unjust reasons, and we want to let these creators know they'll soon have a guaranteed platform where they won't be cancelled."

An anonymous reader quotes a report from Futurism: In a new blog post from LastPass, the password management firm used by countless personal and corporate clients to help protect their login information, the company explains that someone used AI voice-cloning tech to spoof the voice of its CEO in an attempt to trick one of its employees. As the company writes in the post, one of its employees earlier this week received several WhatsApp communications -- including calls, texts, and a voice message -- from someone claiming to be its CEO, Karim Toubba. Luckily, the LastPass worker didn't fall for it because the whole thing set off so many red flags. "As the attempted communication was outside of normal business communication channels and due to the employee's suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency)," the post reads, "our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally."

While this LastPass scam attempt failed, those who follow these sorts of things may recall that the company has been subject to successful hacks before. In August 2022, as a timeline of the event compiled by the Cybersecurity Dive blog detailed, a hacker compromised a LastPass engineer's laptop and used it to steal source code and company secrets, eventually getting access to its customer database -- including encrypted passwords and unencrypted user data like email addresses. According to that timeline, the clearly-resourceful bad actor remained active in the company's servers for months, and it took more than two months for LastPass to admit that it had been breached. More than six months after the initial breach, Toubba, the CEO, provided a blow-by-blow timeline of the months-long attack and said he took "full responsibility" for the way things went down in a February 2023 blog post.

The SEC has blocked third-party messaging apps and texts from employees' work phones, "bringing its own practices closer to the standards it's enforcing for the industry," reports Bloomberg. From the report: The SEC's decision to block disappearing-messaging apps will help improve record-keeping and address potential security vulnerabilities at the agency, which saw one of its social-media accounts compromised earlier this year. It follows about $3 billion in fines imposed on financial firms to settle allegations that they failed to keep adequate records of work-related communications on mobile devices and apps such as Signal and Meta's WhatsApp.

The scrutiny prompted Wall Street to overhaul how employees communicate on business matters using mobile phones. Meanwhile, the SEC took a hard look at policies covering its own staff's communications on agency-issued phones. The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts "to lower risk that our systems could be compromised and to enhance recordkeeping," an SEC spokeswoman said in an emailed statement. The process of blocking the apps began in September and has continued over the past several months, she added.

An anonymous reader quotes a report from NPR: An owl. A sharky looking bullet. The Hindu deity Ganesh. The Yin and Yang sign. All painstakingly selected and etched onto a microchip that measures about an inch square. Each microscopic silicon doodle was the handiwork of engineers at Qualcomm Incorporated, a San Diego-based company that creates wireless technology-related products and services. The engineers slipped the drawings into Qualcomm's Q1650 data decoder with care not to disturb any of the chip's functions. They were purposeless etchings, never meant to be uncovered.

These doodles, also known as silicon art, chip graffiti or chip art, and dozens others like it, are remnants of tech history -- from Silicon Valley's infancy to the early 2000s -- when innovation was rapid fire and the tech still had a very human touch. Engineers would add the sketches to their microchip designs in the techie equivalent of signing their artwork. They'd etch them on chips that may end up in your cellphone, laptop or calculator. They spent hours crafting them, even though they were frowned upon by those in the C Suite.

The existence of these doodles came to light decades ago, but social media is discovering them anew. And there is now a small but determined group of online hobbyists working to keep that history alive. They are still cataloguing the miniscule drawings -- many smaller than the width of a human hair and can't be seen without a microscope. These devotees post glossy videos of themselves shucking chips like oysters to see their iridescent insides and the itsy bitsy sketches that may be hidden on them. And they are eagerly saving them from the scrap heap.

An anonymous reader quotes a report from the Washington Post: The Biden administration marked the close of tax season Monday by announcing it had met a modest goal of getting at least 100,000 taxpayers to file through the Internal Revenue Service's new tax software, Direct File -- an alternative to commercial tax preparers. Although the government had billed Direct File as a small-scale pilot, it still represents one of the most significant experiments in tax filing in decades -- a free platform letting Americans file online directly to the government. Monday's announcement aside, though, Direct File's success has proven highly subjective.

By and large, people who tried the Direct File software -- which looks a lot like TurboTax or other commercial tax software, with its question-and-answer format -- gave it rave reviews. "Against all odds, the government has created an actually good piece of technology," a writer for the Atlantic marveled, describing himself as "giddy" as he used the website to chat live with a helpful IRS employee. The Post's Tech Friend columnist Shira Ovide called it "visible proof that government websites don't have to stink." Online, people tweeted praise after filing their taxes, like the user who called it the "easiest tax experience of my life."

While the users might be a happy group, however, there weren't many of them compared to other tax filing options -- and their positive reviews likely won't budge the opposition that Direct File has faced from tax software companies and Republicans from the outset. These headwinds will likely continue if the IRS wants to renew it for another tax season. The program opened to the public midway through tax season, when many low-income filers had already claimed their refunds -- and was restricted to taxpayers in 12 states, with only four types of income (wages, interest, Social Security and unemployment). But it gained popularity as tax season went on: The Treasury Department said more than half of the total users of Direct File completed their returns during the last week.

An anonymous reader shares a report: Over the weekend, developer Mattia La Spina launched iGBA as one of the first retro game emulators legitimately available on the iOS App Store following Apple's rules change regarding such emulators earlier this month. As of Monday morning, though, iGBA has been pulled from the App Store following controversy over the unauthorized reuse of source code from a different emulator project.

iOS 8.1 plugs security hole that made it easy to install emulators Shortly after iGBA's launch, some people on social media began noticing that the project appeared to be based on the code for GBA4iOS, a nearly decade-old emulator that developer Riley Testut and a partner developed as high-schoolers (and distributed via a temporary security hole in the iOS App store). Testut took to social media Sunday morning to call iGBA a "knock-off" of GBA4iOS. "I did not give anyone permission to do this, yet it's now sitting at the top of the charts (despite being filled with ads + tracking)," he wrote.

GBA4iOS is an open source program released under the GNU GPLv2 license, with licensing terms that let anyone "use, modify, and distribute my original code for this project without fear of legal consequences." But those expansive licensing terms only apply "unless you plan to submit your app to Apple's App Store, in which case written permission from me is explicitly required."

DOJ-Collected Information Exposed In Data Breach Affecting 340,000 Information Collected An anonymous reader shared this report from Security Week: Economic analysis and litigation support firm Greylock McKinnon Associates, Inc. (GMA) is notifying over 340,000 individuals that their personal and medical information was compromised in a year-old data breach. The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals.



According to GMA's notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General's Office, both personal and Medicare information was compromised in the data breach... "This information may have included your name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information," the notification letter reads.

The compromised data, GMA says, was obtained by the US Department of Justice "as part of a civil litigation matter". More than 340,000 individuals were affected by the data breach, the company told the Maine Attorney General's Office. The impacted individuals, however, are "not the subject of this investigation or the associated litigation matters", the company tells the affected individuals.

An anonymous reader quotes a report from The Guardian: Hospitals -- despite being places where people implicitly expect to have their personal details kept private -- frequently use tracking technologies on their websites to share user information with Google, Meta, data brokers, and other third parties, according to research published today. Academics at the University of Pennsylvania analyzed a nationally representative sample of 100 non-federal acute care hospitals -- essentially traditional hospitals with emergency departments -- and their findings were that 96 percent of their websites transmitted user data to third parties. Additionally, not all of these websites even had a privacy policy. And of the 71 percent that did, 56 percent disclosed specific third-party companies that could receive user information.

The researchers' latest work builds on a study they published a year ago of 3,747 US non-federal hospital websites. That found 98.6 percent tracked and transferred visitors' data to large tech and social media companies, advertising firms, and data brokers. To find the trackers on websites, the team checked out each hospitals' homepage on January 26 using webXray, an open source tool that detects third-party HTTP requests and matches them to the organizations receiving the data. They also recorded the number of third-party cookies per page. One name in particular stood out, in terms of who was receiving website visitors' information. "In every study we've done, in any part of the health system, Google, whose parent company is Alphabet, is on nearly every page, including hospitals," [Dr Ari Friedman, an assistant professor of emergency medicine at the University of Pennsylvania] observed. "From there, it declines," he continued. "Meta was on a little over half of hospital webpages, and the Meta Pixel is notable because it seems to be one of the grabbier entities out there in terms of tracking."

Both Meta and Google's tracking technologies have been the subject of criminal complaints and lawsuits over the years -- as have some healthcare companies that shared data with these and other advertisers. In addition, between 20 and 30 percent of the hospitals share data with Adobe, Friedman noted. "Everybody knows Adobe for PDFs. My understanding is they also have a tracking division within their ad division." Others include telecom and digital marketing companies like The Trade Desk and Verizon, plus tech giants Oracle, Microsoft, and Amazon, according to Friedman. Then there's also analytics firms including Hotjar and data brokers such as Acxiom. "And two thirds of hospital websites had some kind of data transfer to a third-party domain that we couldn't even identify," he added. Of the 71 hospital website privacy policies that the team found, 69 addressed the types of user information that was collected. The most common were IP addresses (80 percent), web browser name and version (75 percent), pages visited on the website (73 percent), and the website from which the user arrived (73 percent). Only 56 percent of these policies identified the third-party companies receiving user information. In lieu of any federal data privacy law in the U.S., Friedman recommends users protect their personal information via the browser-based tools Ghostery and Privacy Badger, which identify and block transfers to third-party domains.