New York Times Calls Telegram ‘A Playground for Criminals, Extremists and Terrorists’

The New York Times analyzed over 3.2 million Telegram messages from 16,220 channels. Their conclusion? Telegram “offers features that enable criminals, terrorists and grifters to organize at scale and to sidestep scrutiny from the authorities” — and that Telegram “has looked the other way as illegal and extremist activities have flourished openly on the app.”

Or, more succinctly: “Telegram has become a global sewer of criminal activity, disinformation, child sexual abuse material, terrorism and racist incitement, according to a four-month investigation.”

Look deeper, and a dark underbelly emerges. Uncut lumps of cocaine and shards of crystal meth are for sale on the app. Handguns and stolen checks are widely available. White nationalists use the platform to coordinate fight clubs and plan rallies. Hamas broadcast its Oct. 7 attack on Israel on the site… The Times investigation found 1,500 channels operated by white supremacists who coordinate activities among almost 1 million people around the world. At least two dozen channels sold weapons. In at least 22 channels with more than 70,000 followers, MDMA, cocaine, heroin and other drugs were advertised for delivery to more than 20 countries.

Hamas, the Islamic State and other militant groups have thrived on Telegram, often amassing large audiences across dozens of channels. The Times analyzed more than 40 channels associated with Hamas, which showed that average viewership surged up to 10 times after the Oct. 7 attacks, garnering more than 400 million views in October. Telegram is “the most popular place for ill-intentioned, violent actors to congregate,” said Rebecca Weiner, the deputy commissioner for intelligence and counterterrorism at the New York Police Department. “If you’re a bad guy, that’s where you will land….” [Telegram] steadfastly ignores most requests for assistance from law enforcement agencies. An email inbox used for inquiries from government agencies is rarely checked, former employees said…

“It is easy to search and find channels selling guns, illicit narcotics, prescription drugs and fraudulent ATM cards, called clone cards…” according to the article. The Times “found at least 50 channels openly selling contraband, including guns, drugs and fraudulent debit cards.”
In December 2022, Hayden Espinosa began serving a 33-month sentence in federal prison in Louisiana for buying and selling illegal firearms and weapon parts he made with 3D printers. That did not stop his business. Using cellphones that had been smuggled into prison, Espinosa continued his illicit trade on a Telegram channel… Espinosa’s gun market on Telegram might never have been uncovered except that one of its members was Payton Gendron, who massacred 10 people at a supermarket in Buffalo, New York, in 2022. Investigators scouring his life online for motives for the shooting discovered the channel, which also featured racist and extremist views he had shared.

“Operating like a stateless organization, Telegram has long behaved as if it were above the law,” the article concludes — though it adds that “In many democratic countries, patience with the app is wearing thin.

“The European Union is exploring new oversight of Telegram under the Digital Services Act, a law that forces large online platforms to police their services more aggressively, two people familiar with the plans said.”

Read more of this story at Slashdot.

How Should the FOSS Movement Respond to Proprietary Software?

Long-time FOSS-watcher Bruce Byfield writes that while people “still dream of a completely free alternative, increasingly the emphasis in FOSS seems to be on accepting coexistence with proprietary software.”
Many, too, have always preferred the permissive BSD licenses, which permits combining FOSS and proprietary software. From some perspectives, Debian’s newest [non-free firmware] repository or Nobara’s popularity [a Fedora-based distro but with proprietary drivers and gaming applications] is simply an admission of the true state of affairs…

On the other hand, the FOSS philosophy may be weakened because it no longer has a strong advocate. Sixteen years ago, the FSF reached a peak of authority in the discussions of 2006-2007 about the structure of GPLv3 — then immediately lost that authority by not reaching a consensus. That was followed by the cancellation of Richard Stallman in 2017, which, deserved or not, had the side effect of silencing free software’s most influential representative. Today the FSF that Stallman led continues to function, with Stallman returned to the board of directors, but its actions go unreported, and it seems to speak to a much smaller group of loyalists. The Linux Foundation, with its corporate emphasis, is not an adequate substitution. In these circumstances, there is reason to wonder whether FOSS has lost its way.

While the issue has yet to reach the mainstream, Bruce Perens, one of the coiners of the term “open source” in 1998, is already trying to describe what he calls the Post-Open Source era. Not only does Perens believe that FOSS licenses no longer fulfill their original purpose, but they no longer inform or benefit the average user. According to Perens,

“Open Source has completely failed to serve the common person. For the most part, if they use us at all they do so through a proprietary software company’s systems, like Apple iOS or Google Android, both of which use Open Source for infrastructure but the apps are mostly proprietary. The common person doesn’t know about Open Source, they don’t know about the freedoms we promote which are increasingly in their interest. Indeed, Open Source is used today to surveil and even oppress them.”

As a remedy, Perens proposes that licenses should be replaced by contracts. He envisions that companies pay for the benefits they receive from using FOSS. Compliance for each contract would be checked, renewed, and paid for yearly, and the payments would go towards funding FOSS development. Individuals and nonprofits would continue to use FOSS for free. In March 2024, Perens posted a draft Post-Open license. The draft includes a description of the contract-related files to be shipped with FOSS software, a description of the status of derivative works, how revenue is collected, and conditions of termination. The draft has yet to be reviewed by a lawyer, but what is immediately noticeable is how it draws on both contract language and FOSS licenses to produce something different.

Byfield concludes that “free licenses are straining to respond to loopholes, and a discussion needs to be had about whether they are adequate to modern pressures.”

Read more of this story at Slashdot.

Podcasters Ditch Short Episodes in Favor of Four-Hour Conversations

In a newsletter for Bloomberg, Ashley Carman discusses the rising trend of long podcasts and their surprising popularity among listeners. “By today’s standards of interminable podcast discussions, a nearly three-hour recording isn’t even particularly notable,” she writes, highlighting recent episodes from Joe Rogan (2 hours; 16 minutes with Adam Sandler), Lex Fridman (8 hours; 37 minutes with Elon Musk), and the Acquired podcast (3 hours; 38 minutes with Lockheed Martin). “Increasingly, podcasters are pushing the outer limits of episode length while stress testing the endurance of their audiences. Popular podcast gabfests can now run on for half a workday or longer.” From the report: One might assume such marathon episodes must be the result of a hands-off approach to editing. But this is not the case, said Ben Gilbert, co-host of the Acquired podcast. Every month, he and his co-host David Rosenthal release a three- to four-hour podcast, detailing the story of a specific company. The in-depth histories, he said, are the result of nine-hour recording sessions and a month of research.

“It’s not important to ship every good minute,” Gilbert said. “It’s important to ship only great minutes. If you’re actually intellectually honest with yourself, that’s how to release a really good product.” Even with the longer runtimes, he said, their audience listens to the vast majority of each episode. Consider their deep dive on Lockheed Martin, which runs for three hours and 38 minutes. On Apple Podcasts, the average listener consumed 70% of the show, he said. An episode on Nike, which clocks in at upwards of four hours, had an average consumption rate of 68%. “Every time we made something longer… people only seemed to love it more,” he said. On the show’s website, the hosts describe the episodes as “conversational audiobooks.” […]

[Jack Sylvester, executive director at Flight Studio, the Bartlett-founded podcast company behind Diary of a CEO] said the team can view data around how much of the audience consumes episodes on YouTube’s TV app versus on a phone, tablet or computer. TV usage, he said, is ticking up. To give viewers a reason to keep the show on as their primary viewing experience, they’re now making sure the videos have a top-quality polish. Still, in a world in which people scoff at the prospect of a three-hour movie — and short-form video is the dominant consumption trend in entertainment — these podcasters are eagerly meandering in the opposite direction. “The short-form obsession ended up creating white space for us,” said Gilbert of Acquired. “Whenever you have a trend, that means there’s people who feel left behind and want to flock to something new. This sets us apart.”

Read more of this story at Slashdot.

ChromeOS 128 Adds Snap Layouts For Apps, OCR Text Extraction, and Improved Settings

SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images

SpyAgent is a new Android malware that uses optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from screenshots stored on mobile devices, allowing attackers to hijack wallets and steal funds. The malware primarily targets South Korea but poses a growing threat as it expands to other regions and possibly iOS. BleepingComputer reports: A malware operation discovered by McAfee was traced back to at least 280 APKs distributed outside of Google Play using SMS or malicious social media posts. This malware can use OCR to recover cryptocurrency recovery phrases from images stored on an Android device, making it a significant threat. […] Once it infects a new device, SpyAgent begins sending the following sensitive information to its command and control (C2) server:

– Victim’s contact list, likely for distributing the malware via SMS originating from trusted contacts.
– Incoming SMS messages, including those containing one-time passwords (OTPs).
– Images stored on the device to use for OCR scanning.
– Generic device information, likely for optimizing the attacks.

SpyAgent can also receive commands from the C2 to change the sound settings or send SMS messages, likely used to send phishing texts to distribute the malware. McAfee found that the operators of the SpyAgent campaign did not follow proper security practices in configuring their servers, allowing the researchers to gain access to them. Admin panel pages, as well as files and data stolen from victims, were easily accessible, allowing McAfee to confirm that the malware had claimed multiple victims. The stolen images are processed and OCR-scanned on the server side and then organized on the admin panel accordingly to allow easy management and immediate utilization in wallet hijack attacks.

Read more of this story at Slashdot.

US, UK, EU Sign ‘Legally Binding’ AI Treaty

The United States, United Kingdom and European Union have signed the first “legally binding” international AI treaty on Thursday, the Council of Europe human rights organization said. Called the AI Convention, the treaty promotes responsible innovation and addresses the risks AI may pose. Reuters reports: The AI Convention mainly focuses on the protection of human rights of people affected by AI systems and is separate from the EU AI Act, which entered into force last month. The EU’s AI Act entails comprehensive regulations on the development, deployment, and use of AI systems within the EU internal market. The Council of Europe, founded in 1949, is an international organization distinct from the EU with a mandate to safeguard human rights; 46 countries are members, including all the 27 EU member states. An ad hoc committee in 2019 started examining the feasibility of an AI framework convention and a Committee on Artificial Intelligence was formed in 2022 which drafted and negotiated the text. The signatories can choose to adopt or maintain legislative, administrative or other measures to give effect to the provisions.

Francesca Fanucci, a legal expert at ECNL (European Center for Not-for-Profit Law Stichting) who contributed to the treaty’s drafting process alongside other civil society groups, told Reuters the agreement had been “watered down” into a broad set of principles.
“The formulation of principles and obligations in this convention is so overbroad and fraught with caveats that it raises serious questions about their legal certainty and effective enforceability,” she said. Fanucci highlighted exemptions on AI systems used for national security purposes, and limited scrutiny of private companies versus the public sector, as flaws. “This double standard is disappointing,” she added.

Read more of this story at Slashdot.