A former executive of smartphone startup OSOM Products has filed a lawsuit alleging the company's founder misused funds for personal expenses, including two Lamborghinis and a lavish lifestyle. Mary Ross, OSOM's ex-Chief Privacy Officer, is seeking access to company records in a Delaware court filing.

OSOM, founded in 2020 by former Essential employees, launched two products: the Solana-backed Saga smartphone and a privacy cable. Android founder Andy Rubin founded Essential, which sought to compete with Apple and Android-makers on a smartphone, but later shutdown after not find many takers for its phone. The lawsuit claims OSOM founder Jason Keats used company money for racing hobbies, first-class travel, and mortgage payments.

Slashdot covered shrinkwrap licenses on software back in 2000 and 2002. But now ewhac (Slashdot reader #5,844) writes: The user Wraithe on the Mastodon network is reporting that a bottle of Vital Proteins(TM) collagen peptides purchased at Costco came with a shrinkwrap contract. Collagen peptides are often used as an anti-aging nutritional supplement. The top of the Vital Proteins bottle has a pull-to-open seal. Printed on the seal is the following: "Read This: By opening and using this product, you agree to be bound by our Terms and Conditions, fully set forth at vitalproteins.com/tc, which includes a mandatory arbitration agreement. If you do not agree to be bound, please return this product immediately."

So-called "shrinkwrap contracts" have been the subject of controversy and derision for decades since their first widespread appearance in the 1970's, attempting to alter the terms of sale after the fact, impose unethical and onerous restrictions on the purchaser, and absolving the vendor of all liability. Most such contracts appear on items involving copyrighted works (computer software, or any item containing computer software). The alleged "validity" of such contracts supposedly proceeds from the (alleged) need that the item requires a copyright license from the vendor to use (because the right to use/read/listen/view/execute is somehow not concomitant with purchase), and that the shrinkwrap contract furnishes such license.

The application of such a contract to a good where copyright has no scope, however, is something new. The alleged contract itself governs consumers' use of, "the VitalProteins.com website and any other applications, content, products, and services (collectively, the "Service")...," contains the usual we're-not-responsible-for-anything indemnification paragraph, and unilaterally removes your right to seek redress in court of law and imposes binding arbitration involving any disputes that may arise between the consumer and the company. Indeed, the arbitration clause is the first numbered section in the alleged contract.
The same contract has been spotted by numerous others — including someone who posted about it on Reddit two years ago. ("When I opened it, encountered a vacuum seal with the following 'READ THIS: by opening and using this product, you agree to...'") But the same verbiage still appears in online listings today for the product from Albertsons, Walgreens, and CVS.

Shrinkwrap contracts. They're not just for software any more...

Casey Newton, former senior editor at the Verge, weighs in on Platformer about the arrest of Telegram CEO Pavel Durov.

"Fending off onerous speech regulations and overzealous prosecutors requires that platform builders act responsibly. Telegram never even pretended to." Officially, Telegram's terms of service prohibit users from posting illegal pornographic content or promotions of violence on public channels. But as the Stanford Internet Observatory noted last year in an analysis of how CSAM spreads online, these terms implicitly permit users who share CSAM in private channels as much as they want to. "There's illegal content on Telegram. How do I take it down?" asks a question on Telegram's FAQ page. The company declares that it will not intervene in any circumstances: "All Telegram chats and group chats are private amongst their participants," it states. "We do not process any requests related to them...."

Telegram can look at the contents of private messages, making it vulnerable to law enforcement requests for that data. Anticipating these requests, Telegram created a kind of jurisdictional obstacle course for law enforcement that (it says) none of them have successfully navigated so far. From the FAQ again:

To protect the data that is not covered by end-to-end encryption, Telegram uses a distributed infrastructure. Cloud chat data is stored in multiple data centers around the globe that are controlled by different legal entities spread across different jurisdictions. The relevant decryption keys are split into parts and are never kept in the same place as the data they protect. As a result, several court orders from different jurisdictions are required to force us to give up any data. [...] To this day, we have disclosed 0 bytes of user data to third parties, including governments.

As a result, investigation after investigation finds that Telegram is a significant vector for the spread of CSAM.... The company's refusal to answer almost any law enforcement request, no matter how dire, has enabled some truly vile behavior. "Telegram is another level," Brian Fishman, Meta's former anti-terrorism chief, wrote in a post on Threads. "It has been the key hub for ISIS for a decade. It tolerates CSAM. Its ignored reasonable [law enforcement] engagement for YEARS. It's not 'light' content moderation; it's a different approach entirely.
The article asks whether France's action "will embolden countries around the world to prosecute platform CEOs criminally for failing to turn over user data." On the other hand, Telegram really does seem to be actively enabling a staggering amount of abuse. And while it's disturbing to see state power used indiscriminately to snoop on private conversations, it's equally disturbing to see a private company declare itself to be above the law.

Given its behavior, a legal intervention into Telegram's business practices was inevitable. But the end of private conversation, and end-to-end encryption, need not be.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a judge in Ohio's Franklin County, came after the city of Columbus fell victim to a ransomware attack on July 18 that siphoned 6.5 terabytes of the city's data. A ransomware group known as Rhysida took credit for the attack and offered to auction off the data with a starting bid of about $1.7 million in bitcoin. On August 8, after the auction failed to find a bidder, Rhysida released what it said was about 45 percent of the stolen data on the group's dark web site, which is accessible to anyone with a TOR browser.

Columbus Mayor Andrew Ginther said on August 13 that a "breakthrough" in the city's forensic investigation of the breach found that the sensitive files Rhysida obtained were either encrypted or corrupted, making them "unusable" to the thieves. Ginther went on to say the data's lack of integrity was likely the reason the ransomware group had been unable to auction off the data. Shortly after Ginther made his remarks, security researcher David Leroy Ross contacted local news outlets and presented evidence that showed the data Rhysida published was fully intact and contained highly sensitive information regarding city employees and residents. Ross, who uses the alias Connor Goodwolf, presented screenshots and other data that showed the files Rhysida had posted included names from domestic violence cases and Social Security numbers for police officers and crime victims. Some of the data spanned years.

On Thursday, the city of Columbus sued Ross (PDF) for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion. The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him "interacting" with them and required special expertise and tools. The suit went on to challenge Ross alerting reporters to the information, which ii claimed would not be easily obtained by others. "Only individuals willing to navigate and interact with the criminal element on the dark web, who also have the computer expertise and tools necessary to download data from the dark web, would be able to do so," city attorneys wrote. "The dark web-posted data is not readily available for public consumption. Defendant is making it so." The same day, a Franklin County judge granted the city's motion for a temporary restraining order (PDF) against Ross. It bars the researcher "from accessing, and/or downloading, and/or disseminating" any city files that were posted to the dark web. The motion was made and granted "ex parte," meaning in secret before Ross was informed of it or had an opportunity to present his case.

A longtime Slashdot reader writes: Regular Slashdot users will certainly be aware of the saga unfolding between the country of Brazil and X. Reuters has already reported that what I have to relay here will come as no surprise to Elon Musk, but reporting on CNN confirms that Brazilian Justice Alexandre de Moraes has ordered X to suspend operations in Brazil until X names a representative to appear on X's behalf in Brazilian Courts.

Is this the end of X or some brilliant Machiavellian ploy on the part of Elon Musk? Only time and the informed and spirited debate of the users here at /. can be sure. Here's a recap of the saga, as told by X's Grok-2 chatbot: The Beginning: Alexandre de Moraes, a Brazilian Supreme Court Justice with a reputation for tackling misinformation, especially around elections, found himself at odds with Elon Musk, the space-faring, electric-car magnate turned social media mogul. The conflict kicked off when Moraes ordered X to block certain accounts in Brazil, part of his broader crackdown on what he deemed as misinformation.

The Escalation: Musk, never one to shy away from a fight, especially when it involves what he perceives as free speech issues, declared on X that he would not comply with Moraes' orders. This defiance wasn't just a tweet; it was a digital declaration of war. Musk accused Moraes of overstepping his bounds, betraying the constitution, and even likened him to Darth Vader in a less than flattering comparison. Moraes, not amused, opened an investigation into Musk for obstruction of justice, accusing him of inciting disobedience and disrespecting Brazil's sovereignty. The stakes were raised with fines of around $20,000 per day for each reactivated account, and threats of arresting X employees in Brazil.

The Drama Unfolds: The internet, as it does, had a field day. Posts on X ranged from Musk supporters calling Moraes a dictator to others backing Moraes, arguing he was defending democracy against foreign billionaires. The conflict became a global spectacle, with Musk's posts drawing international attention, comparing the situation to a battle for free speech versus censorship. Musk, in true Musk fashion, didn't just stop at defiance. He shared all of Moraes' demands publicly, suggesting users use VPNs, and even hinted at closing X's operations in Brazil, which eventually happened, citing the need to protect staff safety.

The Latest Chapter: Recently, X announced the closure of its operations in Brazil, a move seen as the culmination of this legal and ideological battle. Musk framed it as a stand against what he saw as an assault on free speech, while critics viewed it as an overreaction or a strategic retreat.

An anonymous reader quotes a report from Gizmodo: Thousands of Tennesseans were illegally denied Medicaid and other benefits due to programming and data errors in an algorithmic system the state uses to determine eligibility for low-income residents and people with disabilities, a U.S. District Court judge ruled this week. The TennCare Connect system -- built by Deloitte and other contractors for more than $400 million -- is supposed to analyze income and health information to automatically determine eligibility for benefits program applicants. But in practice, the system often doesn't load the appropriate data, assigns beneficiaries to the wrong households, and makes incorrect eligibility determinations, according to the decision (PDF) from Middle District of Tennessee Judge Waverly Crenshaw Jr.

"When an enrollee is entitled to state-administered Medicaid, it should not require luck, perseverance, and zealous lawyering for him or her to receive that healthcare coverage," Crenshaw wrote in his opinion. The decision was a result of a class action lawsuit filed in 2020 on behalf of 35 adults and children who were denied benefits. [...] ]Crenshaw found that TennCare Connect did not consider whether applicants were eligible for all available programs before it terminated their coverage. Deloitte was a major beneficiary of the nationwide modernization effort, winning contracts to build automated eligibility systems in more than 20 states, including Tennessee and Texas. Advocacy groups have asked (PDF) the Federal Trade Commission to investigate Deloitte's practices in Texas, where they say thousands of residents are similarly being inappropriately denied life-saving benefits by the company's faulty systems.

A recent indictment (PDF) of an Alaska man stands out due to the sophisticated use of multiple encrypted communication tools, privacy-focused apps, and dark web technology. "I've never seen anyone who, when arrested, had three Samsung Galaxy phones filled with 'tens of thousands of videos and images' depicting CSAM, all of it hidden behind a secrecy-focused, password-protected app called 'Calculator Photo Vault,'" writes Ars Technica's Nate Anderson. "Nor have I seen anyone arrested for CSAM having used all of the following: [Potato Chat, Enigma, nandbox, Telegram, TOR, Mega NZ, and web-based generative AI tools/chatbots]." An anonymous reader shares the report: According to the government, Seth Herrera not only used all of these tools to store and download CSAM, but he also created his own -- and in two disturbing varieties. First, he allegedly recorded nude minor children himself and later "zoomed in on and enhanced those images using AI-powered technology." Secondly, he took this imagery he had created and then "turned to AI chatbots to ensure these minor victims would be depicted as if they had engaged in the type of sexual contact he wanted to see." In other words, he created fake AI CSAM -- but using imagery of real kids.

The material was allegedly stored behind password protection on his phone(s) but also on Mega and on Telegram, where Herrera is said to have "created his own public Telegram group to store his CSAM." He also joined "multiple CSAM-related Enigma groups" and frequented dark websites with taglines like "The Only Child Porn Site you need!" Despite all the precautions, Herrera's home was searched and his phones were seized by Homeland Security Investigations; he was eventually arrested on August 23. In a court filing that day, a government attorney noted that Herrera "was arrested this morning with another smartphone -- the same make and model as one of his previously seized devices."

The government is cagey about how, exactly, this criminal activity was unearthed, noting only that Herrera "tried to access a link containing apparent CSAM." Presumably, this "apparent" CSAM was a government honeypot file or web-based redirect that logged the IP address and any other relevant information of anyone who clicked on it. In the end, given that fatal click, none of the "I'll hide it behind an encrypted app that looks like a calculator!" technical sophistication accomplished much. Forensic reviews of Herrera's three phones now form the primary basis for the charges against him, and Herrera himself allegedly "admitted to seeing CSAM online for the past year and a half" in an interview with the feds.

A U.S. appeals court has revived a lawsuit against TikTok over a child's death, potentially limiting tech companies' legal shield under Section 230. The 3rd U.S. Circuit Court of Appeals ruled that the law does not protect TikTok from claims that its algorithm recommended a deadly "blackout challenge" to a 10-year-old girl.

Judge Patty Shwartz wrote that Section 230 only immunizes third-party content, not recommendations made by TikTok's own algorithm. The decision marks a departure from previous rulings, citing a recent Supreme Court opinion that platform algorithms reflect "editorial judgments." This interpretation could significantly impact how courts apply Section 230 to social media companies' content curation practices.

Yelp has filed an antitrust lawsuit against Google, accusing the search giant of maintaining its local search monopoly by preferencing its own services over competitors, harming competition and reducing quality. "Yelp claims that the way Google directs users toward its own local search vertical from its general search engine results page should be considered illegal tying of separate products to keep rivals from reaching scale," adds The Verge. From the report: Yelp wants the court to order Google to stop the allegedly anticompetitive conduct and to pay it damages. It demanded a jury trial and filed the suit in the Northern District of California, where a different jury found that Google had an illegal monopoly through its app store in its fight against Epic Games.

The company was emboldened to bring its own lawsuit against Google after the DOJ's win in its antitrust case about the company's allegedly exclusionary practices around the distribution of search services. Yelp CEO Jeremy Stoppelman told The New York Times that following that decision, "the winds on antitrust have shifted dramatically." Previously, he told the Times, he'd hesitated to bring a suit because of the resources it would require and because he saw it as the government's job to enforce the antitrust laws. "Yelp's claims are not new," Google spokesperson Peter Schottenfels said in a statement. "Similar claims were thrown out years ago by the FTC, and recently by the judge in the DOJ's case. On the other aspects of the decision to which Yelp refers, we are appealing. Google will vigorously defend against Yelp's meritless claims."

Three former Backpage executives, including co-founder Michael Lacey, were sentenced to prison for promoting prostitution and laundering money while disguising their activities as a legitimate classified business. The Associated Press reports: A jury convicted Lacey, 76, of a single count of international concealment money laundering last year, but deadlocked on 84 other prostitution facilitation and money laundering charges. U.S. District Judge Diane Humetewa later acquitted Lacey of dozens of charges for insufficient evidence, but he still faces about 30 prostitution facilitation and money laundering charges. Authorities say the site generated $500 million in prostitution-related revenue from its inception in 2004 until it was shut down by the government in 2018.

Lacey's lawyers say their client was focused on running an alternative newspaper chain and wasn't involved in day-to-day operations of Backpage. But Humetewa told Lacey during Wednesday's sentencing he was aware of the allegations against Backpage and did nothing. "In the face of all this, you held fast," Humetewa said. "You didn't do a thing." Two other Backpage executives, Chief Financial Officer John Brunst and Executive Vice President Scott Spear, also were convicted last year and were each sentenced on Wednesday to 10 years in prison. The judge ordered Lacey and the two executives to report to the U.S. Marshals Service in two weeks to start serving their sentences.

An anonymous reader shares a report: Following the arrest of Telegram CEO and co-founder Pavel Durov Saturday, the 39-year-old billionaire, Drov has been indicted on multiple charges after appearing in front of a Paris Court on Wednesday. He has been indicted on charges of Complicity in the administration of an online platform to enable an illicit transaction, by an organized gang. This charge carries a maximum penalty of 10 years imprisonment and a fine of $555,000.

He was also indicted on charges of refusal to communicate at the request of authorities; Complicity in the offenses in particular of making available without legitimate reason a program or data designed to an attack on an automated data processing system, organized gang dissemination of images of minors of a child pornography nature, drug trafficking, organized gang fraud, criminal conspiracy with a view to committing crimes or offenses; Laundering of crimes or offenses by organized games; Provision of cryptology services aimed at ensuring confidentiality functions without compliant declaration. Durov has been placed under judicial supervision with an obligation to provide a deposit of 5 million euros and he must report to the police station twice a week and is banned from leaving France. From earlier today: Telegram CEO Released By Police, Transferred To Court For Possible Indictment.

Telegram CEO Pavel Durov is heading to court for a possible indictment after being released from police custody, authorities in France said on Wednesday. From a report: "An investigating judge has ended Pavel Durov's police custody and will have him brought to court for a first appearance and a possible indictment," according to a statement from the Paris prosecutor's office that was quoted in an Associated Press article. Durov was arrested in Paris on Saturday and questioned by police for several days. The French investigative judge will "decide whether to place him under formal investigation following his arrest as part of a probe into organized crime on the messaging app," Reuters wrote today.

"Being placed under formal investigation in France does not imply guilt or necessarily lead to trial, but indicates that judges consider there is enough to the case to proceed with the probe. Investigations can last years before being sent to trial or shelved," Reuters wrote. The judge's decision on a formal investigation is expected today, the article said. On Monday, prosecutor Laure Beccuau issued a statement saying Durov was arrested "in the context of a judicial investigation" into a "person unnamed." The wording leaves open the possibility that the unnamed person is someone else, but the prosecutor's statement listed a raft of potential charges that may indicate what Durov could be charged with. Update: Telegram CEO Indicted in Paris Court .

U.S. Securities and Exchange Commission (SEC) has issued a Wells notice to OpenSea, the leading non-fungible token (NFT) marketplace, threatening legal action over alleged securities violations. The SEC contends that NFTs traded on OpenSea's platform may constitute securities, a move that could have far-reaching implications for the digital art and collectibles industry. OpenSea CEO Devin Finzer denounced the SEC's action as an overreach that could stifle innovation and harm creators. The company pledged $5 million to cover legal fees for NFT creators and developers who receive Wells notices.

An anonymous reader shared this story from the blog Decrypt: Michael Lewis, author of Going Infinite, an account of the rise and fall of Sam Bankman-Fried, has argued that the disgraced FTX founder didn't have "the character of a thief" in a new The Washington Post article. "His crime was of a piece with his character. The character wasn't the character of a thief. It was the character of a person numb to risk." Lewis explained in the final paragraphs of a 4,500 word essay adapted from a new introduction to his book. "Unable to feel risk himself, he can't really imagine other people feeling much at all about the risk he has subjected them to...."

Lewis doubled down on previous claims that Bankman-Fried wasn't running a Ponzi scheme, arguing that "The crime was unnecessary to the business in a way that, say, Bernie Madoff's was not," and that "The crime made no sense." The collapse of FTX, he added, "might have been avoided and FTX might have survived."

"That doesn't mean I think that Sam Bankman-Fried is innocent. It merely informs how I feel about him," Lewis explained. "I think the truth is closer to 'young person with an intellectually defensible but socially unacceptable moral code makes a huge mistake in trying to live by it' than "criminal on the loose in the financial system.'"
From from The Daily Beast: Lewis also pointed to bankruptcy court filings from FTX in the weeks after Bankman-Fried's sentencing showing that "against the $8.7 billion in missing customer deposits, FTX was now sitting on something like $14.5 to $16.3 billion." "Whatever the exact sum, it was enough to repay all depositors and various other creditors at least 118 cents on the dollar — that is, everyone who imagined they had lost money back in November 2022 would get their money back, with interest," Lewis writes.
Michael Lewis's article offers some vivid details: Inside of three years, he'd gone from socially and emotionally isolated 25-year-old with an upper-middle-class bank account to leader of a small army of math nerds and (according to Forbes magazine) not merely the world's richest person under 30 but maybe the fastest creator of wealth in recorded history... He'd gone from having no friends as a child to having too many as an adult without ever developing a capacity for friendship....

The prosecutors didn't need Sam's help. Sam helped them anyway by ignoring the counsel of his lawyers and testifying on his own behalf... As Lewis Kaplan, the federal judge who presided over the case, said later: "When he wasn't outright lying, he was often evasive, hairsplitting, dodging questions and trying to get the prosecutor to reword questions in ways that he could answer in ways he thought less harmful than a truthful answer to the question that was posed would have been. I've been doing this job for close to 30 years. I've never seen a performance quite like that...." [T]he judge ordered Sam to rise so that he might address him directly. Two hours or so earlier, Sam had shuffled into the courtroom in prison khakis with his head down and his hands oddly clasped behind his back. Just before he'd entered, his guards had told him he was meant to be wearing handcuffs and asked if he could create the impression that he was doing so...

"There is a risk that this man will be in a position to do something very bad in the future, and it's not a trivial risk, not a trivial risk at all," said the judge. "So, in part, my sentence will be for the purpose of disabling him." He then sentenced Sam to 25 years in prison, with no possibility of parole.

A few minutes later, Sam dutifully clasped his hands behind his back and shuffled out of the courtroom.
Lewis adapted his 4,500-word article from the upcoming (updated) paperback edition of his book — which was originally published in 2023 on the same day jurors were selected for Bankman-Fried's trial...

Six months after going public, Reddit "is winning over advertisers," reports Bloomberg, "by showing that it's different than other internet platforms, which often rely on users' identities and personal information to target ads." Instead, Reddit is targeting people based on their interests, relying on the site's [100,000+] deeply detailed communities — called subreddits — to match advertisers with potential customers... Early returns on that strategy have been promising. The text-based site easily surpassed expectations in its first two earnings reports this year, disclosing strong sales and better-than-expected projected growth. The stock is up 66% from its $34 initial public offering price in March.

Beyond targeting subreddits, the company also can use specific keywords to sell what it calls conversation ads. If a Redditor in r/HydroHomies — a community about the benefits of drinking water that has more than 1.2 million users — asks for advice about a specific brand of water bottle, an ad for that exact product could appear next to that user's post. These conversation ads are the fastest-growing ad format on the platform, the company said. They also give marketers a chance to appear in subreddits where customers are already talking about them...

Despite being around for close to 20 years, Reddit only started investing heavily in its advertising business in 2018, and is now hoping that marketers and investors are ready to acknowledge the site has grown up. Executives often point to its unique form of content moderation as proof that it's a safer place for brands than other sites. Reddit largely relies on a group of more than 60,000 human moderators — users who volunteer to serve as a sort of content police — to flag or take down unsavory content. On top of that, the site has a voting system so users can rate the quality of content. "From everything we're seeing, they have a level of brand safety and content safety for advertisers that is very comparable to most other social platforms," said Jack Johnston, senior social innovation director at performance marketing agency Tinuiti, which buys ads on Meta, Pinterest, X and Reddit. "That wasn't necessarily the case a couple years ago."

Those improvements have paid dividends. Reddit recently signed new content partnerships with major sports leagues, including the NFL, NBA and MLB, and the majority of Reddit's advertising revenue comes from Fortune 500 companies. Last year, the site made close to $800 million in ad sales, and counts marquee brands like Toyota, Disney, Samsung and Ulta Beauty among its advertisers. This year, analysts expect Reddit's overall advertising business to eclipse $1.1 billion in revenue and see the company reaching $2 billion in sales as soon as 2027, according to data compiled by Bloomberg. To get there, Reddit will need to court smaller marketers, too. The company makes more than 25% of its revenue from just 10 advertisers, meaning any unexpected pullback from a key partner could have a significant impact on the company's business, said Dan Salmon, lead analyst at New Street Research. "This army of small businesses — that's the most important thing for all of those platforms, for Reddit, for Pinterest, for X," he said...

Advertisers large and small say they're already planning to spend more on Reddit in the coming quarters.
The article points out that more than 90 million people visit Reddit each day.

The Verge's Adi Robertson reports: An appeals court revived a lawsuit against the anonymous messaging service Yolo, which allegedly broke a promise to unmask bullies on the app. In a ruling (PDF) issued Thursday, the Ninth Circuit Court of Appeals said Section 230 of the Communications Decency Act shouldn't block a claim that Yolo misrepresented its terms of service, overruling a lower court decision. But it determined the app can't be held liable for alleged design defects that allowed harassment, letting a different part of that earlier ruling stand.

Yolo was a Snapchat-integrated app that let users send anonymous messages, but in 2021, it was hit with a lawsuit after a teenage user died by suicide. The boy, Carson Bride, had received harassing and sexually explicit messages from anonymized users that -- he believed -- he likely knew. Bride and his family attempted to contact Yolo for help, but Yolo allegedly never answered, and in some cases, emails to the company simply bounced. Snap banned Yolo and another app targeted in the lawsuit, and a year later, it banned all anonymous messaging integration. Bride's family and a collection of other aggrieved parents argued that Yolo broke a legally binding promise to its users. They pointed to a notification where Yolo claimed people would be banned for inappropriate use and deanonymized if they sent "harassing messages" to others. But as the ruling summarizes, the plaintiffs argued that "with a staff of no more than ten people, there was no way Yolo could monitor the traffic of ten million active daily users to make good on its promise, and it in fact never did." Additionally, they claimed Yolo should have known its anonymous design facilitated harassment, making it defective and dangerous.

A lower court threw out both of these claims, saying that under Section 230, Yolo couldn't be held responsible for its users' posts. The appeals court was more sympathetic. It accepted the argument that families were instead holding Yolo responsible for promising users something it couldn't deliver. "Yolo repeatedly informed users that it would unmask and ban users who violated the terms of service. Yet it never did so, and may have never intended to," writes Judge Eugene Siler, Jr. "While yes, online content is involved in these facts, and content moderation is one possible solution for Yolo to fulfill its promise, the underlying duty ... is the promise itself." The Yolo suit built on a previous Ninth Circuit ruling that let another Snap-related lawsuit circumvent Section 230's shield. In 2021, it found Snap could be sued for a "speed filter" that could implicitly encourage users to drive recklessly, even if users were responsible for making posts with that filter. (The overall case is still ongoing.) On top of their misrepresentation claim, the plaintiffs argued Yolo's anonymous messaging capability was similarly risky, an argument the Ninth Circuit didn't buy -- "we refuse to endorse a theory that would classify anonymity as a per se inherently unreasonable risk," Siler wrote.

The Register's Connor Jones reports: The U.S. is suing one of its leading research universities over a litany of alleged failures to meet cybersecurity standards set by the Department of Defense (DoD) for contract awardees. Georgia Institute of Technology (GIT), commonly referred to as Georgia Tech, and its contracting entity, Georgia Tech Research Corporation (GTRC), are being investigated following whistleblower reports from insiders Christopher Craig and Kyle Koza about alleged (PDF) failures to protect controlled unclassified information (CUI). The series of allegations date back to 2019 and continued for years after, although Koza was said to have identified the issues as early as 2018.

Among the allegations is the suggestion that between May 2019 and February 2020, Georgia Tech's Astrolavos Lab -- ironically a group that focuses on cybersecurity issues affecting national security -- failed to develop and implement a cybersecurity plan that complied with DoD standards (NIST 800-171). When the plan was implemented in February 2020, the lawsuit alleges that it wasn't properly scoped -- not all the necessary endpoints were included -- and that for years afterward, Georgia Tech failed to maintain that plan in line with regulations. Additionally, the Astrolavos Lab was accused of failing to implement anti-malware solutions across devices and the lab's network. The lawsuit alleges that the university approved the lab's refusal to deploy the anti-malware software "to satisfy the demands of the professor that headed the lab," the DoJ said. This is claimed to have occurred between May 2019 and December 2021. Refusing to install anti-malware solutions at a contractor like this is not allowed. In fact, it violates federal requirements and Georgia Tech's own policies, but allegedly happened anyway.

The university and the GTRC also, it is claimed, submitted a false cybersecurity assessment score in December 2020 -- a requirement for all DoD contractors to demonstrate they're meeting compliance standards. The two organizations are accused of issuing themselves a score of 98, which was later deemed to be fraudulent based on various factors. To summarize, the issue centers around the claim that the assessment was carried out on a "fictitious" environment, so on that basis the score wasn't given to a system related to the DoD contract, the US alleges. The claims are being made under the False Claims Act (FCA), which is being utilized by the Civil Cyber-Fraud Initiative (CCFI), which was introduced in 2021 to punish entities that knowingly risk the safety of United States IT systems. It's a first-of-its-kind case being pursued as part of the CCFI. All previous cases brought under the CCFI were settled before they reached the litigation stage.

An anonymous reader shares a report: Language models generate text based on statistical probabilities. This led to serious false accusations against a veteran court reporter by Microsoft's Copilot. German journalist Martin Bernklau typed his name and location into Microsoft's Copilot to see how his culture blog articles would be picked up by the chatbot, according to German public broadcaster SWR. The answers shocked Bernklau. Copilot falsely claimed Bernklau had been charged with and convicted of child abuse and exploiting dependents. It also claimed that he had been involved in a dramatic escape from a psychiatric hospital and had exploited grieving women as an unethical mortician.

Copilot even went so far as to claim that it was "unfortunate" that someone with such a criminal past had a family and, according to SWR, provided Bernklau's full address with phone number and route planner. I asked Copilot today who Martin Bernklau from Germany is, and the system answered, based on the SWR report, that "he was involved in a controversy where an AI chat system falsely labeled him as a convicted child molester, an escapee from a psychiatric facility, and a fraudster." Perplexity.ai drafts a similar response based on the SWR article, explicitly naming Microsoft Copilot as the AI system.

New submitter ElimGarak000 shares a report from CyberScoop: The Texas-based voice service provider that sent AI-generated robocalls of President Joe Biden to New Hampshire voters ahead of its Democratic presidential primary has agreed to pay a $1 million fine and implement enhanced verification protocols designed to prevent robocalls and phone number spoofing in a settlement with the Federal Communications Commission. The fine represents half the amount the FCC was originally seeking in an enforcement action proposed against Lingo Telecom in May. Despite that, agency leaders characterized the settlement (PDF) as a successful effort to defend U.S. telecommunications networks and election infrastructure from nascent AI and deepfake technologies. [...]

In addition to the fine, the settlement requires Lingo Telecom to follow regulatory protocols that were put in place in 2020 to ensure telecommunications carriers authenticate caller identities using their networks. The protocols, known as STIR/SHAKEN, require carriers like Lingo to digitally verify and formally attest to the FCC that callers are legitimate and own the phone number they display on Caller ID. In the New Hampshire robocall case, Kramer and Life Corporation spoofed the phone number of Kathy Sullivan, a former state Democratic party official who was running a write-in campaign for Biden.

The FCC cited Lingo's inability to properly implement and enforce STIR/SHAKEN as a key failure in a February cease-and-desist letter, and again in May when the agency proposed a $2 million enforcement action. The company was also named in a civil lawsuit filed by the League of Women Voters and New Hampshire residents, seeking damages over the incident. Per terms of the settlement, Lingo Telecom must hire a senior manager knowledgeable in STIR/SHAKEN protocols and develop a compliance plan, new operating procedures and training programs. They must also report any incidents of non-compliance with STIR/SHAKEN within 15 days of discovery. "Every one of us deserves to know that the voice on the line is exactly who they claim to be," FCC Chairwoman Jessica Rosenworcel said in a statement. "If AI is being used, that should be made clear to any consumer, citizen, and voter who encounters it. The FCC will act when trust in our communications networks is on the line."

An anonymous reader quotes a report from NBC News: The former CEO of a small Kansas bank was sentenced to more than 24 years in prison for looting the bank of $47 million -- which he sent to cryptocurrency wallets controlled by scammers who had duped him in a "pig butchering" scheme that appealed to his greed, federal prosecutors said. The massive embezzlement by ex-CEO Shan Hanes in a series of wire transfers over just eight weeks last year led to the collapse and FDIC takeover of Heartland Tri-State Bank in Elkhart, one of only five U.S. banks that failed in 2023. Hanes, 53, also swindled funds from a local church and investment club -- and a daughter's college savings account -- to transfer money, purportedly to buy cryptocurrency as the scammers insisted they needed more funds to unlock the supposed returns on his investments, according to records from U.S. District Court in Wichita, Kansas. But Hanes never realized any profit and lost all of the money he stole as a result of the scam. Judge John Broomes on Monday sentenced Hanes to 293 months in prison -- 29 months more than what prosecutors requested after he pleaded guilty in May to a single count of embezzlement by a bank officer. [...]

[P]rosecutors and bank regulators said that Hanes, who has three daughters with his school teacher wife, began stealing after being targeted in a pig-butchering scheme in late 2022. That scheme was described in a court filing as "a scammer convincing a victim (a pig) to invest in supposedly legitimate virtual currency investment opportunities and then steals the victim's money -- butchering the pig." Hanes, who had served on the board of the American Bankers Association, and been chairman of the Kansas Bankers Association, in December 2022 began making transactions to buy cryptocurrency, which "appeared to be precipitated by communication with an unidentified co-conspirator on the electronic messaging app 'WhatsApp,'" prosecutors wrote in a court filing. "To date, the true identity of the co-conspirator, or conspirators, remain unknown," the filing notes. Hanes initially used personal funds to buy crypto, but in early 2023 he stole $40,000 from Elkhart Church of Christ and $10,000 from the Santa Fe Investment Club, according to prosecutors and a defense filing. He also used $60,000 taken from a daughter's college fund, and nearly $1 million in stock from the Elkhart Financial Corporation, his lawyer said in a filing.

In May 2023, he began to make wire transfers from Heartland Tri-State Bank to accounts controlled by scammers, at first with a $5,000 transfer. Two weeks later, on May 30, Hanes wired $1.5 million and a day after that, he sent another transfer of the same amount the following day, filings show. Three days later he directed two wire transfers totaling $6.7 million to be sent by the bank to the crypto wallet, and a whopping $10 million less than two weeks later, and another $3.3 million days afterward. Hanes told bank employees to execute the wire transfers, and "made many misrepresentations to various people" to get access to the funds so they could be transferred, prosecutors wrote. Heartland Tri-State employees circumvented the bank's own wire policy and daily limits to approve Hanes' wire transfers, according to a report by the Office of the Inspector General of the Board of Governors of the Federal Reserve System.