hackingbear shares a report from the Associated Press: As the threat of a TikTok ban looms, U.S. TikTok users are flocking to the Chinese social media app Xiaohongshu -- making it the top downloaded app in the U.S. Xiaohongshu, which in English means "Little Red Book" is a Chinese social media app that combines e-commerce, short video and posting functions, enticing mostly Chinese young women from mainland China and regions with with a Chinese diaspora such as Malaysia and Taiwan who use it as a de-facto search engine for product, travel and restaurant recommendations, as well as makeup and skincare tutorials. After the justices seemed inclined to let the law stand, masses of TikTok users began creating accounts on Xiaohongshu, including hashtags such as #tiktokrefugee or #tiktok to their posts. "

I like your makeup," a Xiaohongshu user from Beijing comments one of the posts by Alexis Garman, a 21-year-old TikTok user in Oklahoma with nearly 20,000 followers, and Garman thanks them in a reply. A user from the southwestern province of Sichuan commented "I am your Chinese spy please surrender your personal information or the photographs of your cat (or dog)." "TikTok possibly getting banned doesn't just take away an app, it takes away jobs, friends and community," Garman said. "Personally, the friends and bond I have with my followers will now be gone." Xiaohongshu doesn't even have an English user interface. Reuters reports: In only two days, more than 700,000 new users joined Xiaohongshu, a person close to the company told Reuters. Xiaohongshu [which was founded in 2013 and is backed by investors such as Alibaba, Tencent and Sequoia], did not immediately respond to a request for comment. U.S. downloads of RedNote were up more than 200% year-over-year this week, and 194% from the week prior, according to estimates from app data research firm Sensor Tower. The second most-popular free app on Apple's App Store list on Tuesday, Lemon8, another social media app owned by ByteDance, experienced a similar surge last month, with downloads jumping by 190% in December to about 3.4 million.

OpenAI's "reasoning" AI model, o1, has exhibited a puzzling behavior of "thinking" in Chinese, Persian, or some other language -- "even when asked a question in English," reports TechCrunch. While the exact cause remains unclear, as OpenAI has yet to provide an explanation, AI experts have proposed a few theories. From the report: Several on X, including Hugging Face CEO Clement Delangue, alluded to the fact that reasoning models like o1 are trained on datasets containing a lot of Chinese characters. Ted Xiao, a researcher at Google DeepMind, claimed that companies including OpenAI use third-party Chinese data labeling services, and that o1 switching to Chinese is an example of "Chinese linguistic influence on reasoning."

"[Labs like] OpenAI and Anthropic utilize [third-party] data labeling services for PhD-level reasoning data for science, math, and coding," Xiao wrote in a post on X. "[F]or expert labor availability and cost reasons, many of these data providers are based in China." [...] Other experts don't buy the o1 Chinese data labeling hypothesis, however. They point out that o1 is just as likely to switch to Hindi, Thai, or a language other than Chinese while teasing out a solution.

Other experts don't buy the o1 Chinese data labeling hypothesis, however. They point out that o1 is just as likely to switch to Hindi, Thai, or a language other than Chinese while teasing out a solution. Rather, these experts say, o1 and other reasoning models might simply be using languages they find most efficient to achieve an objective (or hallucinating). "The model doesn't know what language is, or that languages are different," Matthew Guzdial, an AI researcher and assistant professor at the University of Alberta, told TechCrunch. "It's all just text to it."

Tiezhen Wang, a software engineer at AI startup Hugging Face, agrees with Guzdial that reasoning models' language inconsistencies may be explained by associations the models made during training. "By embracing every linguistic nuance, we expand the model's worldview and allow it to learn from the full spectrum of human knowledge," Wang wrote in a post on X. "For example, I prefer doing math in Chinese because each digit is just one syllable, which makes calculations crisp and efficient. But when it comes to topics like unconscious bias, I automatically switch to English, mainly because that's where I first learned and absorbed those ideas."

[...] Luca Soldaini, a research scientist at the nonprofit Allen Institute for AI, cautioned that we can't know for certain. "This type of observation on a deployed AI system is impossible to back up due to how opaque these models are," they told TechCrunch. "It's one of the many cases for why transparency in how AI systems are built is fundamental."

An anonymous reader quotes a report from The Verge: The Biden administration finalized a new rule that would effectively ban all Chinese vehicles from the US under the auspices of blocking the "sale or import" of connected vehicle software from "countries of concern." The rule could have wide-ranging effects on big automakers, like Ford and GM, as well as smaller manufacturers like Polestar -- and even companies that don't produce cars, like Waymo. The rule covers everything that connects a vehicle to the outside world, such as Bluetooth, Wi-Fi, cellular, and satellite components. It also addresses concerns that technology like cameras, sensors, and onboard computers could be exploited by foreign adversaries to collect sensitive data about US citizens and infrastructure. And it would ban China from testing its self-driving cars on US soil.

"Cars today have cameras, microphones, GPS tracking, and other technologies connected to the internet," US Secretary of Commerce Gina Raimondo said in a statement. "It doesn't take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens. To address these national security concerns, the Commerce Department is taking targeted, proactive steps to keep [People's Republic of China] and Russian-manufactured technologies off American roads." The rules for prohibited software go into effect for model year 2027 vehicles, while the ban on hardware from China waits until model year 2030 vehicles. According to Reuters, the rules were updated from the original proposal to exempt vehicles weighing over 10,000 pounds, which would allow companies like BYD to continue to assemble electric buses in California. The Biden administration published a fact sheet with more information about this rule.

"[F]oreign adversary involvement in the supply chains of connected vehicles poses a significant threat in most cars on the road today, granting malign actors unfettered access to these connected systems and the data they collect," the White House said. "As PRC automakers aggressively seek to increase their presence in American and global automotive markets, through this final rule, President Biden is delivering on his commitment to secure critical American supply chains and protect our national security."

The U.S. Justice Department said on Tuesday that it has deleted malware planted on more than 4,200 computers by a group of criminal hackers who were backed by the People's Republic of China. From a report: The malware, known as "PlugX," affected thousands of computers around the globe and was used to infect and steal information, the department said. Investigators said the malware was installed by a band of hackers who are known by the names "Mustang Panda" and "Twill Typhoon."

FBI Director Christopher Wray, in his final interview before stepping down, warned that China poses the greatest long-term threat to U.S. national security, calling it "the defining threat of our generation." China's cyber program has stolen more American personal and corporate data than all other nations combined, Wray told CBS News. He said Chinese government hackers have infiltrated U.S. civilian infrastructure, including water treatment facilities, transportation systems and telecommunications networks, positioning themselves to potentially cause widespread disruption.

"To lie in wait on those networks to be in a position to wreak havoc and can inflict real-world harm at a time and place of their choosing," Wray said. The FBI director, who is leaving his post nearly three years early after President-elect Donald Trump indicated he would make leadership changes, said China has likely accessed communications of some U.S. government personnel. He added that Beijing's pre-positioning on American civilian critical infrastructure has not received sufficient attention.

An anonymous reader shared this report from the New York Times: Russia fined TikTok for not removing prohibited content. The results of a presidential election in Romania were thrown out over concerns the app had been used to spread foreign influence. Albania banned TikTok for a year following the stabbing death of a teenager by another one after the two quarreled online... That was all in just the last month...

TikTok has confronted legal and political scrutiny around the world in recent years, facing outright or partial bans in at least 20 countries, as governments have grown alarmed by its ties to China and its wide influence, especially among young people... [A]s TikTok's algorithm captured attention spans around the world, it alarmed lawmakers, who say TikTok has quickly turned from a domain of cat videos and dance trends into a potentially disruptive social, political and economic force. Officials from Montana to New Zealand have warned that TikTok could be used to incite violence, spread false information and worsen mental health. Lawmakers also worry TikTok could share user data like location and browsing history with the Chinese government. Young people need to be protected from "the frightening pitfalls of the algorithm," [Albania prime minister Edi] Rama said.
TikTok lost its largest audience (India) "after India's simmering geopolitical conflict with China boiled over into hand-to-hand combat along their shared border" — resulting in a total ban in the world's single most-populous country. And the article notes TikTok is also blocked on government devices in Taiwan, Britain, Australia, France, and Canada, "as well as the executive arm of the European Union and New Zealand's Parliament..."

But "Despite the mounting scrutiny, TikTok remains incredibly popular worldwide. More than a billion people use the app every month."

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..."

Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony.

"While the ceremony criticized these products, YouTube was displaying ads for them..."

UPDATE: Slashdot reached out to iFixit co-founder Kyle Wiens, who says this teaches us all a lesson. "The gadget industry is insidious and has their tentacles everywhere."

"Of course they injected ads into our video. The beast can't stop feeding, and will keep growing until we knife it in the heart."

Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.)

One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post.

The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year."

TP-Link won the award for the worst in security.

"What if they ban TikTok and people keep using it anyway?" asks the New York Times, saying a pending ban in America "is vague on how it would be enforced" Some experts say that even if TikTok is actually banned this month or soon, there may be so many legal and technical loopholes that millions of Americans could find ways to keep TikTok'ing. The law is "Swiss cheese with lots of holes in it," said Glenn Gerstell, a former top lawyer at the National Security Agency and a senior adviser at the Center for Strategic and International Studies, a policy research organization. "There are obviously ways around it...." When other countries ban apps, the government typically orders internet providers and mobile carriers to block web traffic to and from the blocked website or app. That's probably not how a ban on TikTok in the United States would work. Two lawyers who reviewed the law said the text as written doesn't appear to order internet and mobile carriers to stop people from using TikTok.

There may not be unanimity on this point. Some lawyers who spoke to Bloomberg News said internet providers would be in legal hot water if they let their customers continue to use a banned TikTok. Alan Rozenshtein, a University of Minnesota associate law professor, said he suspected internet providers aren't obligated to stop TikTok use "because Congress wanted to allow the most dedicated TikTok users to be able to access the app, so as to limit the First Amendment infringement." The law also doesn't order Americans to stop using TikTok if it's banned or to delete the app from our phones....

Odds are that if the Supreme Court declares the TikTok law constitutional and if a ban goes into effect, blacklisting the app from the Apple and Google app stores will be enough to stop most people from using TikTok... If a ban goes into effect and Apple and Google block TikTok from pushing updates to the app on your phone, it may become buggy or broken over time. But no one is quite sure how long it would take for the TikTok app to become unusable or compromised in this situation.
Users could just sideload the app after downloading it outside a phone's official app store, the article points out. (More than 10 million people sideloaded Fortnite within six weeks of its removal from Apple and Google's app stores.) And there's also the option of just using a VPN — or watching TikTok's web site.

(I've never understood why all apps haven't already been replaced with phone-optimized web sites...)

The Biden administration plans one additional round of restrictions on the export of AI chips before leaving office, "a final push in his effort to keep advanced technologies out of the hands of China and Russia," reports Bloomberg. From the report: The US wants to curb the sale of AI chips used in data centers on both a country and company basis, with the goal of concentrating AI development in friendly nations and getting businesses around the world to align with American standards, according to people familiar with the matter. The result would be an expansion of semiconductor caps to most of the world -- an attempt to control the spread of AI technology at a time of soaring demand. The regulations, which could be issued as soon as Friday, would create three tiers of chip trade restrictions, said the people, who asked not to be identified because the discussions are private.

At the top level, a small number of US allies would maintain essentially unmitigated access to American chips. A group of adversaries, meanwhile, would be effectively blocked from importing the semiconductors. And the vast majority of the world would face limits on the total computing power that can go to one country. Countries in the last group would be able to bypass their national limits -- and get their own, significantly higher caps -- by agreeing to a set of US government security requirements and human rights standards, one of the people said. That type of designation -- called a validated end user, or VEU -- aims to create a set of trusted entities that develop and deploy AI in secure environments around the world.

Nvidia CEO Jensen Huang said quantum computers won't be very useful for another 20 years, causing stocks in this emerging sector to plunge more than 40% for a total market value loss of over $8 billion. "If you kind of said 15 years for very useful quantum computers, that'd probably be on the early side. If you said 30, is probably on the late side. But if you picked 20, I think a whole bunch of us would believe it," Huang said during a Q&A with analysts. PCMag reports: The field of quantum computing hasn't gotten nearly as much hype as generative AI and the tech giants promoting it in the past few years. Right now, part of the reason quantum computers aren't currently that helpful is because of their error rates. Nord Quantique CEO Julien Lemyre previously told PCMag that quantum error correction is the future of the field, and his firm is working on a solution. The errors that qubits, the basic unit of information in a quantum machine, currently make result in quantum computers being largely unhelpful. It's an essential hurdle to overcomeâ"but we don't currently know if or when quantum errors will be eliminated.

Chris Erven, CEO and co-founder of Kets Quantum, believes quantum computers will eventually pose a significant threat to cybersecurity. "China is making some of the largest investments in quantum computing, pumping in billions of dollars into research and development in the hope of being the first to create a large-scale, cryptographically relevant machine," Erven tells PCMag in a statement. "Although they may be a few years away from being fully operational, we know a quantum computer will be capable of breaking all traditional cyber defenses we currently use. So they, and others, are actively harvesting now, to decrypt later." "The 15 to 20-year timeline seems very realistic," said Ivana Delevska, investment chief of Spear Invest, which holds Rigetti and IonQ shares in an actively managed ETF. "That is roughly what it took Nvidia to develop accelerated computing."

The Japanese government published an alert on Wednesday accusing a Chinese hacking group of targeting and breaching dozens of government organizations, companies, and individuals in the country since 2019. From a report: Japan's National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity attributed the years-long hacking spree to a group called MirrorFace.

"The MirrorFace attack campaign is an organized cyber attack suspected to be linked to China, with the primary objective of stealing information related to Japan's national security and advanced technology," the authorities wrote in the alert, according to a machine translation. A longer version of the alert said the targets included Japan's Foreign and Defense ministries, the country's space agency, as well as politicians, journalists, private companies and tech think tanks, according to the Associated Press. In July 2024 Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) wrote in a blog post that MirrorFace's "targets were initially media, political organisations, think tanks and universities, but it has shifted to manufacturers and research institutions since 2023."

An anonymous reader shares a report: Akamai has decided to end its content delivery network services in China, but not because it's finding it hard to do business in the Middle Kingdom. News of Akamai's decision to end CDN services in China emerged in a letter it recently published and sent to customers and partners that opens by reminding them the company has a "commitment to providing world-class delivery and security solutions" -- and must therefore inform them that "Effective June 30, 2026, all China CDN services will reach their decommission date."

Customers are offered a choice: do nothing and then be moved to an Akamai CDN located outside China, or use similar services from Chinese companies Tencent Cloud and Wangsu Science & Technology.

China's Xiangshan project aims to deliver a high-performance RISC-V processor by 2025. If it succeeds, it could be "enormously significant" for three reasons, writes The Register's Simon Sharwood. It would elevate RISC-V from low-end silicon to datacenter-level capabilities, leverage the open-source Mulan PSL-2.0 license to disrupt proprietary chip models like Arm and Intel, and reduce China's dependence on foreign technology, mitigating the impact of international sanctions on advanced processors. From the report: The prospect of a 2025 debut appeared on Sunday in a post to Chinese social media service Weibo, penned by Yungang Bao of the Institute of Computing Technology at the Chinese Academy of Sciences. The academy has created a project called Xiangshan that aims to use the permissively licensed RISC-V ISA to create a high-performance chip, with the Scala source code to the designs openly available.

Bao is a leader of the project, and has described the team's ambition to create a company that does for RISC-V what Red Hat did for Linux -- although he said that before Red Hat changed the way it made the source code of RHEL available to the public. The Xiangshan project has previously aspired to six-monthly releases, though it appears its latest design to be taped out was a second-gen chip named Nanhu that emerged in late 2023. That silicon ran at 2GHz and was built on a 14nm process node. The project has since worked on a third-gen design, named Kunminghu, and published the image [here] depicting an overview of its non-trivial micro-architecture.

Thailand has banned plastic waste imports over concerns about toxic pollution, as experts warn that failure to agree a global treaty to cut plastic waste will harm human health. From a report: A law banning imports of plastic waste came into force this month in Thailand, after years of campaigning by activists. Thailand is one of several south-east Asian countries that has historically been paid to receive plastic waste from developed nations. The country became a leading destination for exports of plastic waste from Europe, the US, the UK and Japan in 2018 after China, the world's biggest market for household waste, imposed a ban.

Japan is one of the biggest exporters of waste plastic to Thailand, with about 50m kg exported in 2023. Thai customs officials said more than 1.1m tonnes of plastic scraps were imported between 2018 and 2021. Imports of plastic were often mismanaged in Thailand, with many factories burning the waste rather than recycling it, leading to damage to human health and the environment.

An anonymous reader shares a report: Chinese venture capitalists are hounding failed founders [non-paywalled source], pursuing personal assets and adding the individuals to a national debtor blacklist when they fail to pay up, in moves that are throwing the country's startup funding ecosystem into crisis. The hard-nosed tactics by risk capital providers have been facilitated by clauses known as redemption rights, included in nearly all the financing deals struck during China's boom times.

"My investors verbally promised they wouldn't enforce them, that they had never enforced them before -- and in '17 and '18 that was true -- no one was enforcing them," said Neuroo Education founder Wang Ronghui, who now owes investors millions of dollars after her childcare chain stumbled during the pandemic.

While they are relatively rare in US venture investing, more than 80% of venture and private equity deals in China contain redemption provisions, according to Shanghai-based law firm Lifeng Partners estimates. They typically require companies, and often their founders as well, to buy back investors' shares plus interest if certain targets such as an initial public offering timeline, valuation goals or revenue metrics are not met.

America's aging elevators are facing significant repair delays and rising costs, creating accessibility challenges and leaving vulnerable populations stranded. Experts argue that implementing federal standards and modernizing systems could address these issues. However, fixing the nation's approximately one million elevators is "becoming a heavy lift," reports Axios. From the report: America's aging elevators are time-consuming and costly to fix. The workforce of technicians who know how to fix them is aging. And buildings with elevators in need of repair often need to wait ages for replacement parts due to arcane supply-chain issues. [...] Elevator parts shortages appear to stem largely from two issues: Parts suppliers often prioritize their biggest customers, which in this case happens to be builders in China, where the vast majority of the world's new elevators are installed, according to [Stephen Smith, executive director of the Center for Building in North America]. And parts are often no longer available for aging -- and often obsolete -- elevators, meaning they often have to be custom made.

"In some cases, the entire elevator system may need to be modernized or replaced, leading to substantial costs and potential disruptions to building operations," an advisory called The Elevator Consultants reports. A patchwork of state regulations and union rules make it laborious for building owners and contractors to comply with current standards, according to Smith. who said the U.S. would benefit from federal elevator standards. "The feds have not involved themselves in regulations of the construction industry since Reagan took an axe to it in the 1980s," Smith said. The good news is that "about 80 percent of reliability issues can be solved by replacing the doors," Joseph Bera, at VP at Schindler Elevators, tells commercial real estate publication Propmodo.

An anonymous reader quotes a report from Reuters: The U.S. Defense Department said on Monday it has added Chinese tech giants including gaming and social media leader Tencent Holdings and battery maker CATL to a list of firms it says work with China's military. The list also included chip maker Changxin Memory Technologies, Quectel Wireless and drone maker Autel Robotics, according to a document published on Monday. The annually updated list (PDF) of Chinese military companies, formally mandated under U.S. law as the "Section 1260H list," designated 134 companies, according to a notice posted to the Federal Register.

U.S.-traded shares of Tencent, which is also the parent of Chinese instant messaging app WeChat, fell 8% in over-the-counter trading. Tencent said in a statement that its inclusion on the list was "clearly a mistake." It added: "We are not a military company or supplier. Unlike sanctions or export controls, this listing has no impact on our business." CATL called the designation a mistake, saying it "is not engaged in any military related activities." A Quectel spokesperson said the company "does not work with the military in any country and will ask the Pentagon to reconsider its designation, which clearly has been made in error."

While the designation does not involve immediate bans, it can be a blow to the reputations of affected companies and represents a stark warning to U.S. entities and firms about the risks of conducting business with them. It could also add pressure on the Treasury Department to sanction the companies. Two previously listed companies, drone maker DJI and Lidar-maker Hesai Technologies, both sued the Pentagon last year over their previous designations, but remain on the updated list. The Pentagon also removed six companies it said no longer met the requirements for the designation, including AI firm Beijing Megvii Technology, China Railway Construction Corporation Limited, China State Construction Group Co and China Telecommunications Corporation.

A forthcoming peer-reviewed study (PDF) from Rutgers University's Network Contagion Research Institute argues that TikTok surfaces fewer anti-CCP posts compared to Instagram and YouTube, despite higher user engagement with such content. It also found that heavy TikTok usage correlates with more favorable views of China's human rights record. The findings come a Supreme Court hearing later this week on whether the federal government can ban TikTok. Gizmodo reports: The new peer-reviewed paper, which was first reported by The Free Press, begins by examining whether content on TikTok, Instagram, and YouTube related to the keywords "Tiananmen," "Tibet," "Uyghur," and "Xinjiang" tends to display pro- or anti-CCP sentiment. The researchers found that TikTok's algorithm didn't necessarily surface more pro-CCP content in response to searches for those terms, but it delivered fewer anti-CCP posts than did Instagram or YouTube and significantly more posts that were irrelevant to the subject.

In the second stage of their study, the NCRI team tested whether the lower performance of anti-CCP content was a result of less user engagement (likes and comments) with those posts. They found that TikTok users "liked or commented on anti-CCP content nearly four times as much as they liked or commented on pro-CCP content, yet the search algorithm produced nearly three times as much pro-CCP content" while there was no similar discrepancy on Instagram or YouTube.

Finally, the researchers surveyed 1,214 Americans about their social media usage and their views on China's human rights record. The more time users spent on any social media platform, the more likely they were to have favorable views of China's human rights record, the survey showed. Users were particularly more likely to have favorable views if they spent more than three hours a day using TikTok. The researchers wrote that they could not definitively conclude that spending more time on TikTok resulted in more positive views of China, but "taken together, the findings from these three studies raise the distinct possibility that TikTok is a vehicle for CCP propaganda."

The climate crisis is "wreaking havoc" on the planet's water cycle, with ferocious floods and crippling droughts affecting billions of people, a report has found. The Guardian: Water is people's most vital natural resource but global heating is changing the way water moves around the Earth. The analysis of water disasters in 2024, which was the hottest year on record, found they had killed at least 8,700 people, driven 40 million from their homes and caused economic damage of more than $550bn.

Rising temperatures, caused by continued burning of fossil fuels, disrupt the water cycle in multiple ways. Warmer air can hold more water vapour, leading to more intense downpours. Warmer seas provide more energy to hurricanes and typhoons, supercharging their destructive power. Global heating can also increase drought by causing more evaporation from soil, as well as shifting rainfall patterns.

Deadly flash floods hit Nepal and Brazil in 2024, while river flooding caused devastation in central Europe, China and Bangladesh. Super Typhoon Yagi, which struck south-east Asia in September, was intensified by the climate crisis, as was Storm Boris which hit Europe the same month. Droughts also caused major damage, with crop production in southern Africa halving, causing more than 30 million people to face food shortages. Farmers were also forced to cull livestock as their pastures dried up, and falling output from hydropower dams led to widespread blackouts.

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders.

What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home."

As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security.

In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined.

American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive.
The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched."

And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks.
The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...