The Linux Foundation's "Open Source Security Foundation" (or OpenSSF) is a cross-industry forum to "secure the development, maintenance, and consumption of the open source software". And now the OpenSSF has launched a new mailing list "which aims to monitor the threat landscape of open-source project vulnerabilities," reports I Programmer, "in order to provide real time alerts to anyone subscribed."

The Record explains its origins: OpenSSF General Manager Omkhar Arasaratnam said that at a recent open source event, members of the community ran a tabletop exercise where they simulated a security incident involving the discovery of a zero-day vulnerability. They worked their way through the open source ecosystem — from cloud providers to maintainers to end users — clearly defining how the discovery of a vulnerability would be dealt with from top to bottom. But one of the places where they found a gap is in the dissemination of information widely.

"What we lack within the open source community is a place in which we can convene to distribute indicators of compromise (IOCs) and threats, tactics and procedures (TTPs) in a way that will allow the community to identify threats when our packages are under attack," Arasaratnam said... "[W]e're going to be standing up a mailing list for which we can share this information throughout the community and there can be discussion of things that are being seen. And that's one of the ways that we're responding to this gap that we saw...." The Siren mailing list will encourage public discussions on security flaws, concepts, and practices in the open source community with individuals who are not typically engaged in traditional upstream communication channels...

Members of the Siren email list will get real-time updates about emerging threats that may be relevant to their projects... OpenSSF has created a signup page for those interested and urged others to share the email list to other open source community members...
OpenSSF ecyosystem strategist Christopher Robinson (also security communications director for Intel) told the site he expects government agencies and security researchers to be involved in the effort. And he issued this joint statement with OpenSSF ecosystem strategist Bennett Pursell: By leveraging the collective knowledge and expertise of the open source community and other security experts, the OpenSSF Siren empowers projects of all sizes to bolster their cybersecurity defenses and increase their overall awareness of malicious activities. Whether you're a developer, maintainer, or security enthusiast, your participation is vital in safeguarding the integrity of open source software.
In less than a month, the mailing list has already grown to over 800 members...

An anonymous reader shared this report from Computer Weekly: Microsoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector.

According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system — the Digital Evidence Sharing Capability (DESC) — will remain in the UK as required by law. While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft's hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because "no one else had asked".

The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data. The recipient of the FOI disclosures, Owen Sayers — an independent security consultant and enterprise architect with over 20 years' experience in delivering national policing systems — concluded it is now clear that UK policing data has been travelling overseas and "the statements from Microsoft make clear that they 100% cannot comply with UK data protection law".

Justine Calma writes via The Verge: A group of young plaintiffs reached a historic climate settlement with the state of Hawaii and Hawaii Department of Transportation in a deal that will push the state to clean up tailpipe pollution. The 13 youth plaintiffs filed suit in 2022 when they were all between the ages of 9 and 18. In the suit, Navahine F. v. Hawaii Department of Transportation (HDOT), they alleged that the state and HDOT had violated their right to "a clean and healthful environment," which is enshrined in Hawaii's constitution.

The settlement (PDF), reached on Thursday, affirms that right and commits the DOT to creating a plan to reach zero greenhouse gas emissions from transportation by 2045. To hit that goal, the state will have to dedicate at least $40 million to building out its EV charging network by the end of the decade and complete new pedestrian, bicycle, and transit networks over the next five years. The settlement also creates a new unit within HDOT tasked with coordinating CO2 emission reductions and a volunteer youth council to advise HDOT.

This is the first settlement agreement in which "government defendants have decided to resolve a constitutional climate case in partnership with youth plaintiffs," according to nonprofit legal groups Our Children's Trust and Earthjustice, which represent the plaintiffs. Back in 2018, Hawaii committed to reaching net-zero carbon dioxide emissions by 2045 -- in line with what climate research determined was necessary to meet the Paris climate accord goal of stopping global warming. But the state wasn't doing enough to reach that goal, the plaintiffs alleged. Transportation makes up the biggest chunk of the state's greenhouse gas pollution. Justine Calma is a senior science reporter covering energy and the environment with more than a decade of experience. She is also the host of Hell or High Water: When Disaster Hits Home, a podcast from Vox Media and Audible Originals.

An anonymous reader quotes a report from Fortune: Ellen Bagley was delighted when she made her first sale on a popular second-hand clothing app, but just a few minutes later, the thrill turned to shock as the 20-year-old from Linkoping in Sweden discovered she'd been robbed. Everything seemed normal when Bagley received a direct message on the platform, which asked her to verify personal details to complete the deal. She clicked the link, which fired up BankID -- the ubiquitous digital authorization system used by nearly all Swedish adults.After receiving a couple of error messages, she started thinking something was wrong, but it was already too late. Over 10,000 Swedish kronor ($1,000) had been siphoned from her account and the thieves disappeared into the digital shadows. "The fraudsters are so skilled at making things look legitimate," said Bagley, who was born after BankID was created. "It's not easy" to identify scams. Although financial crime has garnered fewer headlines than a surge in gang-related gun violence, it's become a growing risk for the country. Beyond its borders, Sweden is an important test case on fighting cashless crime because it's gone further on ditching paper money than almost any other country in Europe.

Online fraud and digital crime in Sweden have surged, with criminals taking 1.2 billion kronor in 2023 through scams like the one Bagley fell for, doubling from 2021. Law-enforcement agencies estimate that the size of Sweden's criminal economy could amount to as high as 2.5% of the country's gross domestic product. To counter the digital crime spree, Swedish authorities have put pressure on banks to tighten security measures and make it harder on tech-savvy criminals, but it's a delicate balancing act. Going too far could slow down the economy, while doing too little erodes trust and damages legitimate businesses in the process.Using complex webs of fake companies and forging documents to gain access to Sweden's welfare system, sophisticated fraudsters have made Sweden a "Silicon Valley for criminal entrepreneurship," said Daniel Larson, a senior economic crime prosecutor. While the shock of armed violence has grabbed public attention -- the nation's gun-homicide rate tripled between 2012 and 2022 -- economic crime underlies gang activity and needs to be tackled as aggressively, he added. "That has been a strategic mistake," Larson said. "This profit-generating crime is what's fueling organized crime and, in some cases, leads to these conflicts."

Sweden's switch to electronic cash started after a surge of armed robberies in the 1990s, and by 2022, only 8% of Swedes said they had used cash for their latest purchase, according to a central bank survey. Along with neighboring Norway, Sweden has Europe's lowest number of ATMs per capita, according to the IMF. The prevalence of BankID play a role in Sweden's vulnerability. The system works like an online signature. If used, it's considered a done deal and the transaction gets executed immediately. It was designed by Sweden's banks to make electronic payments even quicker and easier than handing over a stack of bills. Since it's original rollout in 2001, it's become part of the everyday Swedish life. On average, the service -- which requires a six-digit code, a fingerprint or a face scan for authentication -- is used more than twice a day by every adult Swede and is involved in everything from filing tax returns to paying for bus tickets.Originally intended as a product by banks for their customers, its use exploded in 2005 after Sweden's tax agency adopted the technology as an identification for tax returns, giving it the government's official seal of approval. The launch of BankID on mobile phones in 2010 increased usage even further, along with public perception that associated cash with criminality.The country's central bank has acknowledged that some of those connotations may have gone too far. "We have to be very clear that there are still honest people using cash," Riksbank Governor Erik Thedeen told Bloomberg.

The Ontario Science Center, a world-class science and cultural institution in Toronto, is shutting down immediately due to the risk that the building's roof could collapse, the province announced Friday. CBC News: The abrupt closure, which the province says could last years, comes after the government's controversial announcement in 2023 that the popular landmark and attraction would be moved to the Ontario Place site -- a move it says will save costs. "The actions taken today will protect the health and safety of visitors and staff," said Infrastructure Minister Kinga Surma in a news release. "We are making every effort to avoid disruption to the public and help the Ontario Science Centre continue delivering on its mandate."

An engineering report this week by Rimkus Consulting Group showed each of the centre's three buildings contain roof panels in a "distressed, high-risk" condition, the Ministry of Infrastructure said in a news release. The panels require fixing by Oct. 31, 2024 to "avoid further stress due to potential snow load which could lead to roof panel failure," the release said. Fixing the roof will cost between $22 million and $40 million, the ministry said, requiring the centre be closed for up to two years. "These estimates are incomplete and subject to change," said the ministry, noting the costs make up only a "small portion" of the funding needed to keep the science centre open. The government says the centre needs $478 million to tackle its "failing infrastructure" and sustain programming.

TikTok revealed it offered the U.S. government a "kill switch" in 2022 to address data protection and national security concerns, allowing the government to shut down the platform if it violated certain rules. The disclosure was made as it began its legal fight against legislation that will require ByteDance to divest TikTok's U.S. assets or face a ban. The BBC reports: "This law is a radical departure from this country's tradition of championing an open Internet, and sets a dangerous precedent allowing the political branches to target a disfavored speech platform and force it to sell or be shut down," they argued in their legal submission. They also claimed the US government refused to engage in any serious settlement talks after 2022, and pointed to the "kill switch" offer as evidence of the lengths they had been prepared to go.

TikTok says the mechanism would have allowed the government the "explicit authority to suspend the platform in the United States at the US government's sole discretion" if it did not follow certain rules. A draft "National Security Agreement", proposed by TikTok in August 2022, would have seen the company having to follow rules such as properly funding its data protection units and making sure that ByteDance did not have access to US users' data. The "kill switch" could have been triggered by the government if it broke this agreement, it claimed.

In a letter - first reported by the Washington Post - addressed to the US Department of Justice, TikTok's lawyer alleges that the government "ceased any substantive negotiations" after the proposal of the new rules. The letter, dated 1 April 2024, says the US government ignored requests to meet for further negotiations. It also alleges the government did not respond to TikTok's invitation to "visit and inspect its Dedicated Transparency Center in Maryland." Further reading: TikTok Says US Ban Inevitable Without a Court Order Blocking Law

An anonymous reader quotes a report from CBC News: A device federal public servants call "the little robot" began appearing in Gatineau office buildings in March. It travels through the workplace to collect data using about 20 sensors and a 360-degree camera, according to Yahya Saad, co-founder of GlobalDWS, which created the robot. "Using AI on the robot, the camera takes the picture, analyzes and counts the number of people and then discards the image," he said. Part of a platform known as VirBrix, the robot also gathers information on air quality, light levels, noise, humidity, temperature and even measures CO2, methane and radon gas. The aim is to create a better work environment for humans -- one that isn't too hot, humid or dim. Saad said that means more comfortable and productive employees. The technology can also help reduce heating, cooling and hydro costs, he said. "All these measures are done to save on energy and reduce the carbon footprint," Saad explained. After the pilot program in March, VirBrix is set to return in July and October, and the government hasn't ruled out extending its use. It's paying $39,663 to lease the robot for two years.

Bruce Roy, national president of the Government Services Union, called the robot's presence in federal workplaces "intrusive" and "insulting." "People feel observed all the time," he said in French. "It's a spy. The robot is a spy for management." Roy, whose union represents more than 12,000 federal workers across several departments, said the robot is unnecessary because the employer already has ways of monitoring employee attendance and performance. "We believe that one of the robot's tasks is to monitor who is there and who is not," he said. "Folks say, why is there a robot here? Doesn't my employer trust that I'm here and doing my work properly?" [...] Jean-Yves Duclos, the minister of public services and procurement, said the government is instead using the technology as it looks to cut its office space footprint in half over the coming years. "These robots, as we call them, these sensors observe the utilization of office space and will be able to give us information over the next few years to better provide the kind of workplace employees need to do their job," Duclos said in French. "These are totally anonymous methods that allow us to evaluate which spaces are the most used and which spaces are not used, so we can better arrange them." "In those cases we keep the images, but the whole body, not just the face, the whole body of the person is blurred," said Saad. "These are exceptional cases where we need to keep images and then the images would be handed over to the client."

The data is then stored on a server on Canadian soil, according to GlobalDWS.

sonlas writes: Germany's energy transition plan includes extensive interconnection projects to distribute its intermittent renewable energy production. However, these projects face significant challenges. The latest example is Sweden. One such project, Hansa PowerBridge, announced in 2017, intended to link Germany and Sweden via a 300 km HVDC line through the Baltic Sea. This 700 MW project, estimated at 600 million euro, aimed to stabilize Germany's volatile electricity prices. However, on June 14, 2024, Sweden rejected the project, citing incompatibility between the countries' electricity systems. The connection would link northern Germany to southern Sweden, an area with insufficient infrastructure. Concerns also arose about the volatile German market disrupting Sweden's and increasing local prices. Energy Minister Ebba Busch justified this decision by saying the German market is currently not efficient enough and a connection would risk leading to higher prices and a more unstable electricity market in southern Sweden.

This highlights the difficulty Germany faces with its Energiewende, or energy transition model. This model leads to erratic electricity price behaviors and significant challenges in balancing production capacities. While a possible solution for Germany lies in interconnection with neighboring countries, the examples of Norway (which cancelled the NorGer project too) and Sweden show that from the perspective of these neighbors, it looks more like an "export of German problems" rather than a solution.

An anonymous reader quotes a report from Ars Technica: A 911 vendor's malfunctioning firewall caused a statewide outage in the emergency calling system in Massachusetts on Tuesday afternoon, the state government said. A Massachusetts government press release issued yesterday said the state's 911 vendor, Comtech, "has advised State 911 that they have applied a technical solution to ensure that this does not happen again." "A preliminary investigation conducted by the State 911 Department and Comtech determined that the outage was the result of a firewall, a safety feature that provides protection against cyberattacks and hacking," the announcement said. "The firewall prevented calls from getting to the 911 dispatch centers, also known as Public Safety Answer Points (PSAPs)."

Comtech's initial review "confirmed that the interruption was not the result of a cyberattack or hack," but "the exact reason the firewall stopped calls from reaching dispatch centers remains under review," the state said. A full review is continuing. The 911 outage lasted two hours. Shortly after it began, the State 911 Department alerted local law enforcement and issued a statewide emergency alert to residents advising them to call their local public safety business line directly if they had an emergency. "Although some calls may not have gone through, the system allows dispatch centers to identify the phone number of callers and return those calls. The Department has not received any reports of emergencies impacted during the interruption," the Massachusetts announcement said. State 911 Department Executive Director Frank Pozniak promised that the department "will take all necessary steps to prevent a future occurrence." Massachusetts has 204 Public Safety Answering Points that received an average of 8,800 calls, combined, per day in 2023. In case of a 911 outage, an internet user recommends everyone save their local dispatch number in their contacts. You can also use these methods to reach emergency services:

- Call the non-emergency police line in your area.
- Use alternative numbers to reach first responders, such as the direct line to the local police or county sheriff's office.
- Use a landline, Wi-Fi calling or another cell carrier if a cellular service issue is responsible for the 911 outage.
- Send a text to 911, if the service is available in your area. The Federal Trade Commission (FCC) provides a list of areas currently supporting Text-to-911 on its website.

If calls from landlines to 911 and their non-emergency hotline are not working, police departments can still see the numbers of those who called from cell phones and call them back as soon as possible, notes WTOL.

TikTok and Chinese parent ByteDance on Thursday urged a U.S. court to strike down a law they say will ban the popular short app in the United States on Jan. 19, saying the U.S. government refused to engage in any serious settlement talks after 2022. From a report: Legislation signed in April by President Joe Biden gives ByteDance until Jan. 19 of next year to divest TikTok's U.S. assets or face a ban on the app used by 170 million Americans. ByteDance says a divestiture is "not possible technologically, commercially, or legally."

The U.S. Court of Appeals for the District of Columbia will hold oral arguments on lawsuits filed by TikTok and ByteDance along with TikTok users on Sept. 16. TikTok's future in the United States may rest on the outcome of the case which could impact how the U.S. government uses its new authority to clamp down on foreign-owned apps. "This law is a radical departure from this country's tradition of championing an open Internet, and sets a dangerous precedent allowing the political branches to target a disfavored speech platform and force it to sell or be shut down," ByteDance and TikTok argue in asking the court to strike down the law.

The Biden administration on Thursday will announce plans to bar the sale of Kaspersky Lab's antivirus software in the United States, citing the firm's large U.S. customers including critical infrastructure providers and state and local governments, according to Reuters. From the report: The company's close ties to the Russian government were found to pose a critical risk, the person said, adding that the software's privileged access to a computer's systems could allow it to steal sensitive information from American computers, install malware or withhold critical updates. The sweeping new rule, using broad powers created by the Trump administration, will be coupled with another move to add the company to a trade restriction list, according to two other people familiar with the matter, dealing a blow to the firm's reputation that could hammer its overseas sales.

The plan to add the cybersecurity company to the entity list, which effectively bars a company's U.S. suppliers from selling to it, and the timing and details of the software sales curb, have not been previously reported. Previously, Kaspersky has said that it is a privately managed company with no ties to the Russian government. The moves show the administration is trying to stamp out any risks of Russian cyberattacks stemming from Kaspersky software and keep squeezing Moscow as its war effort in Ukraine has regained momentum and as the United States has run low on fresh sanctions it can impose on Russia.

Britain's university sector, a key contributor to the country's economy and global standing, is facing an unprecedented crisis that threatens its very existence, according to an analysis by Glen O'Hara, a professor of modern and contemporary history at Oxford Brookes University. Despite collectively generating over $61.1 billion in annual income and $28 billion in export earnings, universities across the UK are grappling with declining funding, widespread cuts, and internal divisions. The sector's annual losses stand at $2.55 billion, with one in four universities in the red.

Job cuts have become a daily occurrence, with institutions such as Coventry, Goldsmith's, Kent, and Lincoln slashing staff numbers. The downsizing is primarily occurring through retirements and voluntary severance schemes, but the long-term outlook remains bleak. Experts cited in an analysis by Prospect magazine warn that without fundamental re-engineering and strategic direction, the sector risks a gradual decline, with some universities potentially facing bankruptcy. The government's focus on the "culture wars" has further divided the public from their local campuses, while the real crisis lies in the finance and organization of the sector.

The frozen tuition fees for home students, coupled with unpredictable inflation, have left universities struggling to cover costs. Attempts to offset losses by recruiting more students in cheaper-to-teach subjects and attracting international students have reached their limits, with the latter now in decline. As the next government grapples with this crisis, stopgap measures such as small funding injections, slight fee increases, and encouraging university mergers may provide temporary relief.

AMD said on Tuesday it was looking into claims that company data was stolen in a hack by a cybercriminal organization called "Intelbroker". "The alleged intrusion, which took place in June 2024, reportedly resulted in the theft of a significant amount of sensitive information, spanning across various categories," reports Hackread. From the report: In a recent post on Breach Forums, IntelBroker detailed the extent of the compromised data. The hacker claims to have accessed information related to the following records: ROMs, Firmware, Source code, Property files, Employee databases, Customer databases, Financial information, Future AMD product plans, and Technical specification sheets. The hacker is selling the data exclusively for XMR (Monero) cryptocurrency, accepting a middleman for transactions. He advises interested buyers to message him with their offers.

The reputation of IntelBroker in the cybersecurity community is one of significant concern, given the scale and sensitivity of the targeted entities in previous hacks. The hacker's past exploits include breaches of: Europol, Tech in Asia, Space-Eyes, Home Depot, Facebook Marketplace, U.S. contractor Acuity Inc., Staffing giant Robert Half, Los Angeles International Airport, and Alleged breaches of HSBC and Barclays Bank. Although the hacker's origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the T-Mobile data breaches.

Bipartisan agreement on government internet subsidies seems unlikely as Democrats and Republicans propose conflicting bills to reauthorize the FCC's spectrum auctions. The Democratic bill aims to fund the now-defunct Affordable Connectivity Program, while the Republican version does not. "While some Republicans supported earlier efforts to extend the subsidy program, those efforts did not go through in time to keep it from ending," notes The Verge. From the report: The Senate Commerce Committee canceled a Tuesday morning markup meeting in which it was set to consider the Spectrum and National Security Act, led by committee chair Maria Cantwell (D-WA). When she introduced it in April, Cantwell said the bill would provide $7 billion to continue funding the Affordable Connectivity Program (ACP), the pandemic-era internet subsidy for low-income Americans that officially ran out of money and ended at the end of May. The main purpose of the bill is to reauthorize the Federal Communications Commission's authority to run auctions for spectrum. The proceeds from spectrum auctions are often used to fund other programs. In addition to the ACP, Cantwell's bill would also fund programs including incentives for domestic chip manufacturing and a program that seeks to replace telecommunications systems that have been deemed national security concerns. The markup was already postponed several times before.

Cantwell blamed Sen. Ted Cruz (R-TX), the top Republican on the Senate Commerce Committee, for standing in the way of the legislation. "We had a chance to secure affordable broadband for millions of Americans, but Senator Cruz said 'no,'" Cantwell said in a statement late Monday. "He said 'no' to securing a lifeline for millions of Americans who rely on the Affordable Connectivity Program to speak to their doctors, do their homework, connect to their jobs, and stay in touch with loved ones -- including more than one million Texas families." In remarks on the Senate floor on Tuesday, Cantwell said her Republican colleagues on the committee offered amendments to limit the ACP funding in the bill. She said the ACP shouldn't be a partisan issue and stressed the wide range of Americans who've relied on the program for high-speed connections, including elderly people living on fixed incomes and many military families. "I hope my colleagues will stop with obstructing and get back to negotiating on important legislation that will deliver these national security priorities and help Americans continue to have access to something as essential as affordable broadband," she said.

Cruz has his own spectrum legislation with Sen. John Thune (R-SD) that would reauthorize the FCC's spectrum auction authority, with a focus on expanding commercial access to mid-band spectrum, commonly used for 5G. But it doesn't have the same ACP funding mechanism. Some large telecom industry players prefer Cruz's bill, in part because it allows for exclusive licensing. Wireless communications trade group CTIA's SVP of government affairs, Kelly Cole, told Fierce Network that the Cruz bill "is a better approach because it follows the historical precedent set by prior bipartisan legislation to extend the FCC's auction authority." But other tech groups like the Internet Technology Industry Council (ITI), which represents companies including Amazon, Apple, Google, and Meta, support Cantwell's bill, in part because of the programs it seeks to fund.

An anonymous reader quotes a report from The Guardian: Kilifi County's white sandy beaches have made it one of Kenya's most popular tourist destinations. Hotels and beach bars line the 165 mile-long (265km) coast; fishers supply the district's restaurants with fresh seafood; and visitors spend their days boating, snorkelling around coral reefs or bird watching in dense mangrove forests. Soon, this idyllic coastline will host Kenya's first nuclear plant, as the country, like its east African neighbour Uganda, pushes forward with atomic energy plans. The proposals have sparked fierce opposition in Kilifi. In a building by Mida Creek, a swampy bayou known for its birdlife and mangrove forests, more than a dozen conservation and rights groups meet regularly to discuss the proposed plant.

"Kana nuclear!" Phyllis Omido, an award-winning environmentalist who is leading the protests, tells one such meeting. The Swahili slogan means "reject nuclear", and encompasses the acronym for the Kenya Anti-Nuclear Alliance who say the plant will deepen Kenya's debt and are calling for broader public awareness of the cost. Construction on the power station is expected to start in 2027, with it due to be operational in 2034. "It is the worst economic decision we could make for our country," says Omido, who began her campaign last year. A lawsuit filed in the environmental court by lawyers Collins Sang and Cecilia Ndeti in July 2023 on behalf of Kilifi residents, seeks to stop the plant, arguing that the process has been "rushed" and was "illegal", and that public participation meetings were "clandestine". They argue the Nuclear Power and Energy Agency (Nupea) should not proceed with fixing any site for the plant before laws and adequate safeguards are in place. Nupea said construction would not begin for years, that laws were under discussion and that adequate public participation was being carried out. Hearings are continuing to take place.

In November, people in Kilifi filed a petition with parliament calling for an inquiry. The petition, sponsored by the Centre for Justice Governance and Environmental Action (CJGEA), a non-profit founded by Omido in 2009, also claimed that locals had limited information on the proposed plant and the criteria for selecting preferred sites. It raised concerns over the risks to health, the environment and tourism in the event of a nuclear spill, saying the country was undertaking a "high-risk venture" without proper legal and disaster response measures in place. The petition also flagged concerns over security and the handling of radioactive waste in a nation prone to floods and drought. The senate suspended (PDF) the inquiry until the lawsuit was heard. "If we really have to invest in nuclear, why can't [the government] put it in a place that does not cause so much risk to our ecological assets?" says Omido. "Why don't they choose an area that would not mean that if there was a nuclear leak we would lose so much as a country?" Peter Musila, a marine scientist who monitors the impacts of global heating on coral reefs, fears that a nuclear power station will threaten aquatic life. The coral cover in Watamu marine national reserve, a protected area near Kilifi's coast, has improved over the last decade and Musila fears progress could be reversed by thermal pollution from the plant, whose cooling system would suck large amounts of water from the ocean and return it a few degrees warmer, potentially killing fish and the micro-organisms such as plankton, which are essential for a thriving aquatic ecosystem. "It's terrifying," says Musila, who works with the conservation organisation A Rocha Kenya. "It could wreak havoc." Nupea, for its part, "published an impact assessment report last year that recommended policies be put in place to ensure environmental protections, including detailed plans for the handling of radioactive waste; measures to mitigate environmental harm, such as setting up a nuclear unit in the national environment management authority; and emergency response teams," notes the Guardian. "It also proposed social and economic protections for affected communities, including clear guidelines on compensation for those who lose their livelihoods, or are displaced from their land, when the plant is set up."

"Nupea said a power station could create thousands of jobs for Kenyans and said it had partnered with Kilifi universities to start nuclear training programs that would enable more residents to take up jobs at the plant. Wilfred Baya, assistant director for energy for Kilifi county, says the plant could also bring infrastructural development and greater electricity access to a region which suffers frequent power cuts."

Thomas Claburn reports via The Register: Meta allegedly tried to discredit university researchers in Brazil who had flagged fraudulent adverts on the social network's ad platform. Nucleo, a Brazil-based news organization, said it has obtained government documents showing that attorneys representing Meta questioned the credibility of researchers from NetLab, which is part of the Federal University of Rio de Janeiro (UFRJ). NetLab's research into Meta's ads contributed to Brazil's National Consumer Secretariat (Senacon) decision in 2023 to fine Meta $1.7 million (9.3 million BRL), which is still being appealed. Meta (then Facebook) was separately fined of $1.2 million (6.6 million BRL) related to Cambridge Analytica.

As noted by Nucleo, NetLab's report showed that Facebook, despite being notified about the issues, had failed to remove more than 1,800 scam ads that fraudulently used the name of a government program that was supposed to assist those in debt. In response to the fine, attorneys representing Meta from law firm TozziniFreire allegedly accused the NetLab team of bias and of failing to involve Meta in the research process. Nucleo says that it obtained the administrative filing through freedom of information requests to Senacon. The documents are said to date from December 26 last year and to be part of the ongoing case against Meta. A spokesperson for NetLab, who asked not to be identified by name due to online harassment directed at the organization's members, told The Register that the research group was aware of the Nucleo report. "We were kind of surprised to see the account of our work in this law firm document," the spokesperson said. "We expected to be treated with more fairness for our work. Honestly, it comes at a very bad moment because NetLab particularly, but also Brazilian science in general, is being attacked by far-right groups."

On Thursday, more than 70 civil society groups including NetLab published an open letter decrying Meta's legal tactics. "This is an attack on scientific research work, and attempts at intimidation of researchers and researchers who are performing excellent work in the production of knowledge from empirical analysis that have been fundamental to qualify the public debate on the accountability of social media platforms operating in the country, especially with regard to paid content that causes harm to consumers of these platforms and that threaten the future of our democracy," the letter says. "This kind of attack and intimidation is made even more dangerous by aligning with arguments that, without any evidence, have been used by the far right to discredit the most diverse scientific productions, including NetLab itself." The claim, allegedly made by Meta's attorneys, is that the ad biz was "not given the opportunity to appoint a technical assistant and present questions" in the preparation of the NetLabs report. This is particularly striking given Meta's efforts to limit research into its ad platform. A Meta spokesperson told The Register: "We value input from civil society organizations and academic institutions for the context they provide as we constantly work toward improving our services. Meta's defense filed with the Brazilian Consumer Regulator questioned the use of the NetLab report as legal evidence, since it was produced without giving us prior opportunity to contribute meaningfully, in violation of local legal requirements."

An anonymous reader quotes a report from TorrentFreak: A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers to prevent circumvention of blocking measures, targeting around 117 pirate sports streaming domains. The move is another anti-piracy escalation for broadcaster Canal+, which also has permission to completely deindex the sites from search engine results. [...] Two decisions were handed down by the Paris judicial court last month; one concerning Premier League matches and the other the Champions League. The orders instruct Google, Cloudflare, and Cisco to implement measures similar to those in place at local ISPs. To protect the rights of Canal+, the companies must prevent French internet users from using their services to access around 117 pirate domains.

According to French publication l'Informe, which broke the news, Google attorney Sebastien Proust crunched figures published by government anti-piracy agency Arcom and concluded that the effect on piracy rates, if any, is likely to be minimal. Starting with a pool of all users who use alternative DNS for any reason, users of pirate sites -- especially sites broadcasting the matches in question -- were isolated from the rest. Users of both VPNs and third-party DNS were further excluded from the group since DNS blocking is ineffective against VPNs. Proust found that the number of users likely to be affected by DNS blocking at Google, Cloudflare, and Cisco, amounts to 0.084% of the total population of French Internet users. Citing a recent survey, which found that only 2% of those who face blocks simply give up and don't find other means of circumvention, he reached an interesting conclusion. "2% of 0.084% is 0.00168% of Internet users! In absolute terms, that would represent a small group of around 800 people across France!"

In common with other courts presented with the same arguments, the Paris court said the number of people using alternative DNS to access the sites, and the simplicity of switching DNS, are irrelevant. Canal+ owns the rights to the broadcasts and if it wishes to request a blocking injunction, it has the legal right to do so. The DNS providers' assertion that their services are not covered by the legislation was also waved aside by the court. Google says it intends to comply with the order. As part of the original matter in 2023, it was already required to deindex the domains from search results under the same law. At least in theory, this means that those who circumvented the original blocks using these alternative DNS services, will be back to square one and confronted by blocks all over again. Given that circumventing this set of blocks will be as straightforward as circumventing the originals, that raises the question of what measures Canal+ will demand next, and from whom.

Proton, the secure-minded email and productivity suite, is becoming a nonprofit foundation, but it doesn't want you to think about it in the way you think about other notable privacy and web foundations. From a report: "We believe that if we want to bring about large-scale change, Proton can't be billionaire-subsidized (like Signal), Google-subsidized (like Mozilla), government-subsidized (like Tor), donation-subsidized (like Wikipedia), or even speculation-subsidized (like the plethora of crypto "foundations")," Proton CEO Andy Yen wrote in a blog post announcing the transition. "Instead, Proton must have a profitable and healthy business at its core."

The announcement comes exactly 10 years to the day after a crowdfunding campaign saw 10,000 people give more than $500,000 to launch Proton Mail. To make it happen, Yen, along with co-founder Jason Stockman and first employee Dingchao Lu, endowed the Proton Foundation with some of their shares. The Proton Foundation is now the primary shareholder of the business Proton, which Yen states will "make irrevocable our wish that Proton remains in perpetuity an organization that places people ahead of profits." Among other members of the Foundation's board is Sir Tim Berners-Lee, inventor of HTML, HTTP, and almost everything else about the web.

Of particular importance is where Proton and the Proton Foundation are located: Switzerland. As Yen noted, Swiss foundations do not have shareholders and are instead obligated to act "in accordance with the purpose for which they were established." While the for-profit entity Proton AG can still do things like offer stock options to recruits and even raise its own capital on private markets, the Foundation serves as a backstop against moving too far from Proton's founding mission, Yen wrote.

The U.S. government on Monday sued Adobe, accusing the maker of Photoshop and Acrobat of harming consumers by enrolling them in its most lucrative subscription plans without clearly disclosing important terms. From a report: In a complaint filed in the San Jose, California, federal court, the government said Adobe failed to adequately disclose hefty early termination fees, sometimes reaching hundreds of dollars, when customers sign up for "annual, paid monthly" subscription plans.

The government said Adobe hides important terms in fine print and behind textboxes and hyperlinks, clearly discloses the fees only when subscribers try to cancel, and makes canceling an onerous and complicated process.

"At the height of the COVID-19 pandemic, the U.S. military launched a secret campaign to counter what it perceived as China's growing influence in the Philippines..." reports Reuters.

"It aimed to sow doubt about the safety and efficacy of vaccines and other life-saving aid that was being supplied by China, a Reuters investigation found."

Reuters interviewed "more than two dozen current and former U.S officials, military contractors, social media analysts and academic researchers," and also reviewed posts on social media, technical data and documents about "a set of fake social media accounts used by the U.S. military" — some active for more than five years. Friday they reported the results of their investigation: Through phony internet accounts meant to impersonate Filipinos, the military's propaganda efforts morphed into an anti-vax campaign. Social media posts decried the quality of face masks, test kits and the first vaccine that would become available in the Philippines — China's Sinovac inoculation. Reuters identified at least 300 accounts on X, formerly Twitter, that matched descriptions shared by former U.S. military officials familiar with the Philippines operation. Almost all were created in the summer of 2020 and centered on the slogan #Chinaangvirus — Tagalog for China is the virus.

"COVID came from China and the VACCINE also came from China, don't trust China!" one typical tweet from July 2020 read in Tagalog. The words were next to a photo of a syringe beside a Chinese flag and a soaring chart of infections. Another post read: "From China — PPE, Face Mask, Vaccine: FAKE. But the Coronavirus is real." After Reuters asked X about the accounts, the social media company removed the profiles, determining they were part of a coordinated bot campaign based on activity patterns and internal data.

The U.S. military's anti-vax effort began in the spring of 2020 and expanded beyond Southeast Asia before it was terminated in mid-2021, Reuters determined. Tailoring the propaganda campaign to local audiences across Central Asia and the Middle East, the Pentagon used a combination of fake social media accounts on multiple platforms to spread fear of China's vaccines among Muslims at a time when the virus was killing tens of thousands of people each day. A key part of the strategy: amplify the disputed contention that, because vaccines sometimes contain pork gelatin, China's shots could be considered forbidden under Islamic law...

A senior Defense Department official acknowledged the U.S. military engaged in secret propaganda to disparage China's vaccine in the developing world, but the official declined to provide details. A Pentagon spokeswoman... also noted that China had started a "disinformation campaign to falsely blame the United States for the spread of COVID-19."
A senior U.S. military officer directly involved in the campaign told Reuters that "We didn't do a good job sharing vaccines with partners. So what was left to us was to throw shade on China's."

At least six senior State Department officials for the region objected, according to the article. But in 2019 U.S. Defense Secretary Mark Esper signed "a secret order" that "elevated the Pentagon's competition with China and Russia to the priority of active combat, enabling commanders to sidestep the StateDepartment when conducting psyops against those adversaries."

[A senior defense official] said the Pentagon has rescinded parts of Esper's 2019 order that allowed military commanders to bypass the approval of U.S. ambassadors when waging psychological operations. The rules now mandate that military commanders work closely with U.S. diplomats in the country where they seek to have an impact. The policy also restricts psychological operations aimed at "broad population messaging," such as those used to promote vaccine hesitancy during COVID...

Nevertheless, the Pentagon's clandestine propaganda efforts are set to continue. In an unclassified strategy document last year, top Pentagon generals wrote that the U.S. military could undermine adversaries such as China and Russia using "disinformation spread across social media, false narratives disguised as news, and similar subversive activities [to] weaken societal trust by undermining the foundations of government."

And in February, the contractor that worked on the anti-vax campaign — General Dynamics IT — won a $493 million contract. Its mission: to continue providing clandestine influence services for the military.