Category: internet

The spate of chat groups, linked to individual schools and universities across the country, were discovered on the social media app Telegram over the past week. Users, mainly teenage students, would upload photos of people they knew — both classmates and teachers — and other users would then turn them into sexually explicit deepfake images. The discoveries follow the arrest of the Russian-born founder of Telegram, Pavel Durov, on Saturday, after it was alleged that child pornography, drug trafficking and fraud were taking place on the encrypted messaging app. South Korean President Yoon Suk Yeol on Tuesday instructed authorities to “thoroughly investigate and address these digital sex crimes to eradicate them.”

“Recently, deepfake videos targeting an unspecified number of people have been circulating rapidly on social media,” President Yoon said at a cabinet meeting. “The victims are often minors and the perpetrators are mostly teenagers.” To build a “healthy media culture,” President Yoon said young men needed to be better educated. “Although it is often dismissed as ‘just a prank,’ it is clearly a criminal act that exploits technology to hide behind the shield of anonymity,” he said.

The Guardian notes that making sexually explicit deepfakes with the intention of distributing them is punishable by five years in prison or a fine of $37,500.

Further reading: 1 in 10 Minors Say Their Friends Use AI to Generate Nudes of Other Kids, Survey Finds (Source: 404 Media)

There are, of course, understandable reasons why those centralized systems have been successful, such as by providing a more user-friendly experience on the front-end. But there was a price to pay: losing user autonomy, privacy and the benefits of decentralization (not to mention losing a highly dynamic, competitive internet). The internet need not be so limited, and over the years I’ve tried to encourage people and companies to make different choices to return to the original promise and benefits of openness. With Bluesky, we now have one company who is trying. “Mike’s work has been an inspiration to us from the start,” says Jay Graber, CEO of Bluesky. “Having him join our board feels like a natural progression of our shared vision for a more open internet. His perspective will help ensure we’re building something that truly serves users as we continue to evolve Bluesky and the AT Protocol.”

The researchers estimate that in the three data sets — called C4, RefinedWeb and Dolma — 5 percent of all data, and 25 percent of data from the highest-quality sources, has been restricted. Those restrictions are set up through the Robots Exclusion Protocol, a decades-old method for website owners to prevent automated bots from crawling their pages using a file called robots.txt. The study also found that as much as 45 percent of the data in one set, C4, had been restricted by websites’ terms of service. “We’re seeing a rapid decline in consent to use data across the web that will have ramifications not just for A.I. companies, but for researchers, academics and noncommercial entities,” said Shayne Longpre, the study’s lead author, in an interview.

The report also highlights the increased importance of application programming interface (API) security. With 60% of dynamic web traffic now API-related, these interfaces are a prime target for attackers. API traffic is growing twice as fast as traditional web traffic. What’s worrying is that many organizations appear not to be even aware of a quarter of their API endpoints. Organizations that don’t have a tight grip on their internet services or website APIs can’t possibly protect themselves from attackers. Evidence suggests the average enterprise application now uses 47 third-party scripts and connects to nearly 50 third-party destinations. Do you know and trust these scripts and connections? You should — each script of connection is a potential security risk. For instance, the recent Polyfill.io JavaScript incident affected over 380,000 sites.

Finally, about 38% of all HTTP requests processed by Cloudflare are classified as automated bot traffic. Some bots are good and perform a needed service, such as customer service chatbots, or are authorized search engine crawlers. However, as many as 93% of bots are potentially bad.

In addition, Ghost’s ActivityPub GitHub repository is now fully open source. That means those interested in tracking Ghost’s progress toward federation can follow its code changes in real time, and anyone else can learn from, modify, distribute or contribute to its work. Developers who want to collaborate with Ghost are also being invited to get involved following this move. By offering a federated version of the newsletter, readers will have more choices on how they want to subscribe. That is, instead of only being able to follow the newsletter via email or the web, they also can track it using RSS or ActivityPub-powered apps, like Mastodon and others. Ghost said it will also develop a way for sites with paid subscribers to manage access via ActivityPub, but that functionality hasn’t yet rolled out with this initial test.

The now-unavailable content includes decades of music journalism comprising thousands of articles and interviews with countless major artists, dating back to the site’s launch in 1996. Perhaps the most significant loss is MTV News’ vast hip-hop-related archives, particularly its weekly “Mixtape Monday” column, which ran for nearly a decade in the 2000s and 2010s and featured interviews, reviews and more with many artists, producers and others early in their careers. “So, mtvnews.com no longer exists. Eight years of my life are gone without a trace,” Patrick Hosken, former music editor for MTV News, wrote on X. “All because it didn’t fit some executives’ bottom lines. Infuriating is too small a word.”

“sickening (derogatory) to see the entire @mtvnews archive wiped from the internet,” Crystal Bell, culture editor at Mashable and one-time entertainment director of MTV News, posted on X.”decades of music history gone… including some very early k-pop stories.”

“This is disgraceful. They’ve completely wiped the MTV News archive,” longtime Rolling Stone senior writer Brian Hiatt commented. “Decades of pop culture history research material gone, and why?”

The report notes that some MTV News articles may be available via internet archiving services like the Wayback Machine. However, older articles aren’t available.

The internet was an immediate sensation. “It changed the routine so much that it was detrimental,” [admitted one Marubo leader, Enoque Marubo]. “In the village, if you don’t hunt, fish and plant, you don’t eat.” Leaders realized they needed limits. The internet would be switched on for only two hours in the morning, five hours in the evening, and all day Sunday. During those windows, many Marubo are crouched over or reclined in hammocks on their phones. They spend lots of time on WhatsApp. There, leaders coordinate between villages and alert the authorities to health issues and environmental destruction. Marubo teachers share lessons with students in different villages. And everyone is in much closer contact with faraway family and friends. To Enoque, the biggest benefit has been in emergencies. A venomous snake bite can require swift rescue by helicopter. Before the internet, the Marubo used amateur radio, relaying a message between several villages to reach the authorities. The internet made such calls instantaneous. “It’s already saved lives,” he said.

In April, seven months after Starlink’s arrival, more than 200 Marubo gathered in a village for meetings. Enoque brought a projector to show a video about bringing Starlink to the villages. As proceedings began, some leaders in the back of the audience spoke up. The internet should be turned off for the meetings, they said. “I don’t want people posting in the groups, taking my words out of context,” another said. During the meetings, teenagers swiped through Kwai, a Chinese-owned social network. Young boys watched videos of the Brazilian soccer star Neymar Jr. And two 15-year-old girls said they chatted with strangers on Instagram. One said she now dreamed of traveling the world, while the other wants to be a dentist in Sao Paulo. This new window to the outside world had left many in the tribe feeling torn. “Some young people maintain our traditions,” said TamaSay Marubo, 42, the tribe’s first woman leader. “Others just want to spend the whole afternoon on their phones.”

The event featured talks on the origins of the internet from 80-year-old “father of the internet” Vint Cerf, along with John Shoch (who helped develop the Ethernet and internetwork protocols at Xerox PARC), Judith Estrin (who worked with Cerf on the TCP project), and Robert Kahn (who with Cerf first proposed the IP and TCP protocols). Ethernet co-inventor Bob Metcalfe also spoke at the end of the event.

Long-time Slashdot reader repett0 was an onsite volunteer, and shares that “it was incredible to meet and greet such a wonderful mix of people making technology happen… [T]he event celebrated many key technologies and innovators from the past 50 years and considerations of what is to come in the next 50 years.”

Video streams are available and more are coming online (including interviews with key innovators, society leadership, and more). If you could not make this event event, follow-on activities continue, including the People-Centered Internet Imagine Workshop where a mix of society is working together to consider how to improve humanity’s intersection with ever-expanding abilities thanks to technology.

They add that the event was made possible “through the collaboration of many professional computing societies” including the IEEE, People-Centered Internet, Google, Internet Society, IEEE Computer Society, GIANT Protocol, IEEE Foundation — and volunteers from the SF Bay Area ACM and Internet Society.

The attack can most effectively be carried out by a person who has administrative control over the network the target is connecting to. In that scenario, the attacker configures the DHCP server to use option 121. It’s also possible for people who can connect to the network as an unprivileged user to perform the attack by setting up their own rogue DHCP server. The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that’s diverted away from this tunnel will not be encrypted by the VPN and the Internet IP address viewable by the remote user will belong to the network the VPN user is connected to, rather than one designated by the VPN app.

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn’t implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn’t in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device. You can learn more about the research here.

All internet service providers (ISPs) give IP addresses to their users, but Cogent was among the first to lease those addresses independently of internet access. (Internet access customers normally require a unique address as part of their service.) Sources are hard to find, but prevailing wisdom is that they have over 10M addresses leased for about $0.30 per month, or $36M per year in revenue.
The notes are expected to be repaid in five years.

Thanks to long-time Slashdot reader penciling_in for sharing the article.