Google has filed a lawsuit to dismantle the sprawling Badbox 2.0 botnet, which infected over 10 million Android devices with pre-installed malware. Badbox 2.0 "is already the largest known botnet of internet-connected TV devices, and it grows each day. It has harmed millions of victims in the United States and around the world and threatens many more," Google said in its complaint. SecurityWeek reports: The internet giant cautions that, while it has been used mainly for fraud, the botnet could be used for more harmful types of cybercrime, such as ransomware or distributed denial-of-service (DDoS) attacks. In addition to pre-installing the malware on devices, Badbox 2.0's operators also tricked users into installing infected applications that provided them with further access to their personal devices, Google says. As part of their operation, the individuals behind Badbox 2.0 sold access to the infected devices to be used as residential proxies, and conducted ad fraud schemes by abusing these devices to create fake ad views or to exploit pay-per-click compensation models, the company continues. The internet giant also points out that this is the second global botnet the perpetrators have built, after the initial Badbox botnet was disrupted by German law enforcement in 2023.

According to Google, Badbox 2.0 is operated by multiple cybercrime groups from China, each having a different role in maintaining the botnet, such as establishing infrastructure, developing and pre-installing the malware on devices, and conducting fraud. "The BadBox 2.0 Enterprise includes several connected threat actor groups that design and implement complex criminal schemes targeting internet-connected devices both before and after the consumer receives the device," Google says. "While each member of the Enterprise plays a distinct role, they all collaborate to execute the BadBox 2.0 Scheme. All of the threat actor groups are connected to one another through the BadBox 2.0 shared C2 infrastructure and historical and current business ties," the company continues.

An anonymous reader quotes a report from TechCrunch: Privacy-focused browser DuckDuckGo is rolling out a new setting that lets users filter out AI images in search results. The company says it's launching the feature in response to feedback from users who said AI images can get in the way of finding what they're looking for.

Users can access the new setting by conducting a search on DuckDuckGo and heading to the Images tab. From there, they will see a new dropdown menu titled "AI images." Users can then choose whether or not they want to see AI content by selecting "show" or "hide." Users can also turn on the filter in their search settings by tapping the "Hide AI-Generated Images" option. "The filter relies on manually curated open-source blocklists, including the 'nuclear' list, provided by uBlockOrigin and uBlacklist Huge AI Blocklist," DuckDuckGo said in a post on X. "While it won't catch 100% of AI-generated results, it will greatly reduce the number of AI-generated images you see." DuckDuckGo says it has plans to add other similar filters in the future.

Brandon Vigliarolo writes via The Register: A tech executive's alleged affair exposed on a stadium jumbotron is ripe fodder for the gossip rags, but it exhibits something else: proof that we need not wait for an AI-fueled dystopian surveillance state to descend on us -- we're perfectly able and willing to surveil ourselves. The embracing couple caught at a Coldplay concert this week as the jumbotron camera panned around the audience would have been another unremarkable clip, if not for the pair panicking and rushing to hide, triggering attendees to publish the memorable moment on social media. "Either they're having an affair or they're very shy," Coldplay singer Chris Martin said of the pair's reaction.

As is always the case when viral moments of unknown people get uploaded to the internet, they didn't remain anonymous for long, with the internet quickly identifying them as the CEO of data infrastructure outfit Astronomer, Andy Byron, and its Chief People Officer, Kristin Cabot. We're not going to weigh in on Byron's, who internet sleuths have determined is married (for now), or Cabot's behavior - making someone pay for the moral transgression of an alleged extramarital affair may be enough reason for the internet to go on a witch hunt, but that's not our concern here.

What's worrying is what this moment says - yet again - about us as a society: We have cameras everywhere, our personal data has become one of the most valuable commodities in the world, and we're all perpetually ready to use that tech to make those we feel have violated the social contract pay publicly for their transgressions. This is hardly a new phenomenon. [...] There's really no reason to set up an expensive and oppressive surveillance state when we all have location tracking, internet-connected shaming machines in our pockets. Big tech gave us the tools of our own surveillance, and as "ColdplayGate" shows yet again, we'll keep using those tools if they'll make us feel better about ourselves - especially if someone else gets knocked down a peg in the process.

Dictionary.com abruptly deleted all user accounts and saved word lists from its premium apps without notice or refunds, leaving long-time logophiles "devastated." "The company deleted all accounts, as well as the only ways to use Dictionary.com without seeing ads -- even if you previously paid for an ad-free experience," reports Ars Technica. From the report: Dictionary.com offers a free dictionary through its website and free Android and iOS apps. It used to offer paid-for mobile apps, called Dictionary.com Pro, that let users set up accounts, use the app without ads, and enabled other features (like grammar tips and science and rhyming dictionaries) that are gone now. Dictionary.com's premium apps also let people download an offline dictionary (its free apps used to let you buy a downloadable dictionary as a one-time purchase), but offline the dictionaries aren't available anymore.

About a year ago, claims of Dictionary.com's apps being buggy surfaced online. We also found at least one person claiming that they were unable to buy an ad-free upgrade at that time. Reports of Dictionary.com accounts being deleted and the apps not working as expected, and with much of its content removed, started appearing online about two months ago. Users reported being unable to log in and access premium features, like saved words. Soon after, Dictionary.com's premium apps were removed from Google Play and Apple's App Store. The premium version was available for download for $6 as recently as March 23, per the Internet Archive's Wayback Machine.

Russian lawmakers passed sweeping new legislation allowing authorities to fine individuals simply for searching and accessing content labeled "extremist" via VPNs. The Washington Post reports: Russia defines "extremist materials" as content officially added by a court to a government-maintained registry, a running list of about 5,500 entries, or content produced by "extremist organizations" ranging from "the LGBT movement" to al-Qaeda. The new law also covers materials that promote alleged Nazi ideology or incite extremist actions. Until now, Russian law stopped short of punishing individuals for seeking information online; only creating or sharing such content is prohibited. The new amendments follow remarks by high-ranking officials that censorship is justified in wartime. Adoption of the measures would mark a significant tightening of Russia's already restrictive digital laws.

The fine for searching for banned content in Russia would be about a $65, while the penalty for advertising circumvention tools such as VPN services would be steeper -- $2,500 for individuals and up to $12,800 for companies. Previously, the most significant expansion of Russia's restrictions on internet use and freedom of speech occurred shortly after the February 2022 full-scale invasion of Ukraine, when sweeping laws criminalized the spread of "fake news" and "discrediting" the Russian military. The new amendment was introduced Tuesday and attached to a mundane bill on regulating freight companies, according to documents published by Russia's lower house of parliament, the State Duma.

The Verge's Emma Roth reports: The News/Media Alliance, a trade association behind major news publishers, announced that it has "successfully secured" the removal of 12ft.io, a website that helped users bypass paywalls online. The trade association says 12ft.io's webhost took down the site on July 14th "following the News/Media Alliance's efforts." 12ft.io -- or 12 Foot Ladder -- also allowed users to view webpages without ads, trackers, or pop-ups by disguising a user's browser as a web crawler, giving them unfettered access to a webpage's contents. Software engineer Thomas Millar says he created the site when he realized "8 of the top 10 links on Google were paywalled" when doing research during the pandemic. [...]

In its announcement, News/Media Alliance says 12ft.io "offered illegal circumvention technology" that allowed users to access copyrighted content without paying for it. The organization adds that it will take "similar actions" against other sites that let users get around paywalls. The News Media Alliance recently called Google's AI Mode "theft." (Like many chatbots, Google's AI Mode eliminates the need to visit a website, starving publishers of the pageviews they need to be compensated for their work.) "Publishers commit significant resources to creating the best and most informative content for consumers, and illegal tools like 12ft.io undermine their ability to financially support that work through subscriptions and ad revenue," News/Media Alliance president and CEO Danielle Coffey said in the press release. "Taking down paywall bypassers is an essential part of ensuring we have a healthy and sustainable information ecosystem."

alternative_right shares a report from Phys.org: Monitoring changes in water temperature and pressure at the seafloor can improve understanding of ocean circulation, climate, and natural hazards such as tsunamis. In recent years, scientists have begun gathering submarine measurements via an existing infrastructure network that spans millions of kilometers around the planet: the undersea fiber-optic telecommunications cables that provide us with amenities like Internet and phone service. Without interfering with their original purpose, the cables can be used as sensors to measure small variations in the light signals that run through them so that scientists can learn more about the sea. Meichen Liu and colleagues recently developed a new instrument, consisting of a receiver and a microwave intensity modulator placed at a shore station, that facilitates the approach. Their work is published in Geophysical Research Letters.

Transcontinental fiber-optic cables are divided into subsections by repeaters, instruments positioned every 50 to 100 kilometers that boost information-carrying light signals so that they remain strong on the journey to their destination. At each repeater, an instrument called a fiber Bragg grating reflects a small amount of light back to the previous repeater to monitor the integrity of the cable. By observing and timing these reflections, the new instrument measures the changes in the time it takes for the light to travel between repeaters. These changes convey information about how the surrounding water changes the shape of the cable, and the researchers used that information to infer properties such as daily and weekly water temperature and tide patterns.

Steam has begun banning games that violate the payment rules of banks and card networks, targeting adult content in particular -- especially titles with extreme or controversial themes. Engadget reports: The new clause states that "content that may violate the rules and standards set forth by Steam's payment processors and related card networks and banks, or internet network providers" is not allowed and could result in removal from the platform. In other words, if credit card companies get mad about something, they could actually have the power to ban a game. The clause goes on to say that this will affect "certain kinds of adult-only content."

This has likely already resulted in many games being pulled off the platform. SteamDB doesn't give a reason for these removals, but the timing does match up.

Reddit has begun verifying users' ages in the UK to restrict access to "certain mature content" for minors, complying with the UK's Online Safety Act. The BBC reports: Reddit, known for its online communities and discussions, said that while it does not want to know who its audience is: "It would be helpful for our safety efforts to be able to confirm whether you are a child or an adult." Ofcom, the UK regulator, said: "We expect other companies to follow suit, or face enforcement if they fail to act." Reddit said that from 14 July, an outside firm called Persona will perform age verification for the social media platform either through an uploaded selfie or "a photo of your government ID," such as a passport. It said Reddit will not have access to the photo and will only retain a user's verification status and date of birth so people do not have to re-enter it each time they try to access restricted content. Reddit added that Persona "promises not to retain the picture for longer than seven days" and will not have access to a user's data on the site. The new rules in the UK come into force on 25 July. [...]

Companies that fail to meet the rules face fines of up to 18 million pounds or 10% of worldwide revenue, "whichever is greater." [Ofcom] added that in the most serious cases, it can seek a court order for "business disruption measures," such as requiring payment providers or advertisers to withdraw their services from a platform, or requiring Internet Service Providers to block access to a site in the UK."

An anonymous reader quotes a report from TorrentFreak: Internet service providers BT, Virgin Media, Sky, TalkTalk, EE, and Plusnet account for the majority of the UK's residential internet market and as a result, blocking injunctions previously obtained at the High Court often list these companies as respondents. These so-called "no fault' injunctions stopped being adversarial a long time ago; ISPs indicate in advance they won't contest a blocking order against various pirate sites, and typically that's good enough for the Court to issue an order with which they subsequently comply. For more than 15 years, this has led to blocking being carried out as close to users as possible, with ISPs' individual blocking measures doing the heavy lifting. A new wave of blocking targeting around 200 pirate site domains came into force yesterday but with the unexpected involvement of a significant new player.

In the latest wave of blocking that seems to have come into force yesterday, close to 200 pirate domains requested by the Motion Picture Association were added to one of the longest pirate site blocking lists in the world. The big change is the unexpected involvement of Cloudflare, which for some users attempting to access the domains added yesterday, displays the [Error 451 -- Unavailable for Legal Reasons] notice ... As stated in the notice, Error 451 is returned when a domain is blocked for legal reasons, in this case reasons specific to the UK. [...] In this case there's no indication of who requested the blocking order, or the authority that issued it. However, from experience we know that the request was made by the studios of the Motion Picture Association and for the same reason the High Court in London was the issuing authority. [...] The issue lies with dynamic injunctions; while a list of domains will appear in the original order (which may or may not be made available), when the MPA concludes that other domains that appear subsequently are linked to the same order, those can be blocked too, but the details are only rarely made public.

From information obtained independently, one candidate is an original order obtained in December 2022 which requested blocking of domains with well known pirate brands including 123movies, fmovies, soap2day, hurawatch, sflix, and onionplay. This leads directly to another unusual issue. The notice linked from Cloudflare doesn't directly concern Cloudflare. The studios sent the notice to Google after Google agreed to voluntarily remove those domains from its search indexes, if it was provided with a copy of relevant court orders. Notices like these were supplied and the domains were deindexed, and the practice has continued ever since. That raises questions about the nature of Cloudflare's involvement here and why it links to the order sent to Google; notices sent to Cloudflare are usually submitted to Lumen by Cloudflare itself. That doesn't appear to be the case here. "Domains blocked by Sky, BPI and others, don't appear to be affected," notes TorrentFreak. "All relate to sites targeted by the MPA, and the majority if not all trigger malware warnings of a very serious kind, either immediately upon visiting the sites, or shortly after."

"At least in the short term, if Cloudflare is blocking a domain in the UK, moving on is strongly advised."

Many trains in the U.S. are vulnerable to a hack that can remotely lock a train's brakes, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who discovered the vulnerability. From a report:The railroad industry has known about the vulnerability for more than a decade but only recently began to fix it. Independent researcher Neil Smith first discovered the vulnerability, which can be exploited over radio frequencies, in 2012.

"All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you," Smith told 404 Media. "The physical aspect really only means that you could not exploit this over the internet from another country, you would need to be some physical distance from the train [so] that your signal is still received."

Perplexity CEO Aravind Srinivas warned young entrepreneurs that tech giants will "copy anything that's good" during a talk at Y Combinator's AI Startup School, telling founders they must "live with that fear." Srinivas said that companies raising tens of billions need to justify capital expenditures and search for new revenue streams.

Perplexity pioneered web-crawling chatbots when it launched its answer engine in December 2022, but Google's Bard added internet-crawling three months later, followed by ChatGPT in May 2023 and Anthropic's Claude in March 2025. The competition has extended to browsers, with Perplexity launching its Comet browser on July 9 and Reuters reporting that OpenAI is developing a web browser to challenge Google Chrome. Perplexity's communications head Jesse Dwyer said larger companies will "drown your voice."

A team of Japanese researchers has set a new world record for internet speed, transmitting data at 125,000 gigabytes per second over 1,120 miles using a new type of 19-core optical fiber. "That's about 4 million times the average internet speed in the U.S. and would allow you to download the entire Internet Archive in less than four minutes," notes Live Science. It's also "more than twice the previous world record of 50,250 Gbps, previously set by a different team of scientists in 2024." From the report: To achieve this new speed -- which has not been independently verified -- the team developed a new form of optical fiber to send information at groundbreaking speeds over roughly the distance between New York and Florida. Details about this achievement were presented April 3 at the 48th Optical Fiber Communication Conference in San Francisco, according to a statement from Japan's National Institute of Information and Communications Technology.

The new type of optical fiber is equivalent to 19 standard optical fibers in its data transmission capacity. The new optical fiber is better suited to long-haul transmission than existing cables because the centers of all 19 fibers interact with light in the same way, so they encounter less light fluctuation, which results in less data loss. The new cable squeezes 19 separate fibers into a diameter of five-thousandths of an inch (0.127 millimeters), which is the same thickness as most existing single-fiber cables already in use. This effort means the new cable can transmit more data using existing infrastructure. [...] For this demonstration, the data ran through a transmission system 21 times, finally reaching a data receiver after traveling the equivalent of 1,120 miles.

An anonymous reader quotes a report from Ars Technica: Samuel Herman and Alexander Baciu never liked using Comcast's cable broadband. Now, the residents of Saline, Michigan, operate a fiber Internet service provider that competes against Comcast in their neighborhoods and has ambitions to expand. "All throughout my life pretty much, I've had to deal with Xfinity's bullcrap, them not being able to handle the speeds that we need," Herman told Ars. "I lived in a house of 10. I have seven other brothers and sisters, and there's 10 of us in total with my parents." With all those kids using the Internet for school and other needs, "it just doesn't work out," he said. Herman was particularly frustrated with Comcast upload speeds, which are much slower than the cable service's download speeds. "Many times we would have to call Comcast and let them know our bandwidth was slowing down... then they would say, 'OK, we'll refresh the system.' So then it would work again for a week to two weeks, and then again we'd have the same issues," he said. Herman, now 25, got married in 2021 and started building his own house, and he tried to find another ISP to serve the property. He was familiar with local Internet service providers because he worked in construction for his father's company, which contracts with ISPs to build their networks. But no fiber ISP was looking to compete directly against Comcast where he lived, though Metronet and 123NET offer fiber elsewhere in the city, Herman said. He ended up paying Comcast $120 a month for gigabit download service with slower upload speeds. Baciu, who lives about a mile away from Herman, was also stuck with Comcast and was paying about the same amount for gigabit download speeds.

Herman said he was the chief operating officer of his father's construction company and that he shifted the business "from doing just directional drilling to be a turnkey contractor for ISPs." Baciu, Herman's brother-in-law (having married Herman's oldest sister), was the chief construction officer. Fueled by their knowledge of the business and their dislike of Comcast, they founded a fiber ISP called Prime-One. Now, Herman is paying $80 a month to his own company for symmetrical gigabit service. Prime-One also offers 500Mbps for $75, 2Gbps for $95, and 5Gbps for $110. The first 30 days are free, and all plans have unlimited data and no contracts. "We are 100 percent fiber optic," Baciu told Ars. "Everything that we're doing is all underground. We're not doing aerial because we really want to protect the infrastructure and make sure we're having a reliable connection." Each customer's Optical Network Terminal (ONT) and other equipment is included in the service plan. Prime-One provides a modem and the ONT, plus a Wi-Fi router if the customer prefers not to use their own router. They don't charge equipment or installation fees, Herman and Baciu said.

Prime-One began serving customers in January 2025, and Baciu said the network has been built to about 1,500 homes in Saline with about 75 miles of fiber installed. Prime-One intends to serve nearby towns as well, with the founders saying the plan is to serve 4,000 homes with the initial build and then expand further. [...] A bit more than 100 residents have bought service so far, they said. Herman said the company is looking to sign up about 30 percent of the homes in its network area to make a profit. "I feel fairly confident," Herman said, noting the number of customers who signed up with the initial construction not even halfway finished.

A small fraction of hyperactive social media users generates the vast majority of toxic online content, according to research by New York University psychology professor Jay Van Bavel and colleagues Claire Robertson and Kareena del Rosario. The study found that 10% of users produce roughly 97% of political tweets, while just 0.1% of users share 80% of fake news.

Twelve accounts known as the "disinformation dozen" created most vaccine misinformation on Facebook during the pandemic, the research found. In experiments, researchers paid participants to unfollow divisive political accounts on X. After one month, participants reported 23% less animosity toward other political groups. Nearly half declined to refollow hostile accounts after the study ended, and those maintaining healthier newsfeeds reported reduced animosity 11 months later. The research describes social media as a "funhouse mirror" that amplifies extreme voices while muting moderate perspectives.

The advocacy group Free Press on Friday blasted America's Federal Communications Commission chief "for an order that rips net neutrality rules off the books, without any time for public comment, following an unfavorable court ruling," reports the nonprofit progressive news site Common Dreams: A panel from the U.S. Court of Appeals for the 6th Circuit ruled in January that broadband is an "information service" instead of a "telecommunications service" under federal law, and the FCC did not have the authority to prohibit internet service providers (ISPs) from creating online "fast lanes" and blocking or throttling web content... FCC Chair Brendan Carr said in a Friday statement that as part of his "Delete, Delete, Delete" initiative, "we're continuing to clean house at the FCC, working to identify and eliminate rules that no longer serve a purpose, have been on our books for decades, and have no place in the current Code of Federal Regulations...."

Responding in a lengthy statement, Free Press vice president of policy and general counsel Matt Wood said that "the FCC's so-called deletion today is little more than political grandstanding. It's true that the rules in question were first stayed by the 6th Circuit and then struck down by that appellate court — in a poorly reasoned opinion. So today's bookkeeping maneuver changes very little in reality... There's no need to delete currently inoperative rules, much less to announce it in a summer Friday order. The only reason to do that is to score points with broadband monopolies and their lobbyists, who've fought against essential and popular safeguards for the past two decades straight...."

Wood noted that "the appeals process for this case has not even concluded yet, as Free Press and allies sought and got more time to consider our options at the Supreme Court. Today's FCC order doesn't impact either our ability to press the case there or our strategic considerations about whether to do so," he added. "It's little more than a premature housekeeping step..."

Major space industry players -- including SpaceX, Boeing, and Blue Origin -- are urging Congress to maintain funding for the TraCSS space traffic coordination program, warning that eliminating it would endanger satellite safety and potentially drive companies abroad. Under the proposed FY 2026 budget, the Office of Space Commerce's funding would be cut from $65 million to just $10 million. "That $55M cut is accomplished by eliminating the Traffic Coordination System for Space (TraCSS) program," reports The Register. From the report: "One of OSC's most important functions is to provide space traffic coordination support to US satellite operators, similar to the Federal Aviation Administration's role in air traffic control," stated letters from space companies including SpaceX, Boeing, Blue Origin, and others. The letters argue that safe space operations "in an increasingly congested space domain" are critical for modern services like broadband satellite internet and weather forecasting, but that's not all. "Likewise, a safe space operating environment is vital for continuity of national security space missions such as early warning of missile attacks on deployed US military forces," the letters added.

Industry trade groups sent the letters to the Democratic and Republican leadership of the House and Senate budget subcommittees for Commerce, Justice, Science, and Related Agencies, claiming to represent more than 450 US companies in the space, satellite, and defense sectors. The letters argue for the retention of the OSC's FY 2025 budget of $65 million, as well as keeping control of space traffic coordination within the purview of the Department of Commerce, under which the OSC is nested, and not the Department of Defense, where it was previously managed. "Successive administrations have recognized on a bipartisan basis that space traffic coordination is a global, commercial-facing function best managed by a civilian agency," the companies explained. "Keeping space traffic coordination within the Department of Commerce preserves military resources for core defense missions and prevents the conflation of space safety with military control."

In the budget request document, the government explained the Commerce Department was unable to complete "a government owned and operated public-facing database and traffic coordination system" in a timely manner. The private sector, meanwhile, "has proven they have the capability and the business model to provide civil operators" with the necessary space tracking data. But according to the OSC, TraCSS would have been ready for operations by January 2026, raising the question of why the government would kill the program so late in the game.

An anonymous reader quotes a report from TechCrunch: On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver "secure" and "private" messaging without a centralized infrastructure. The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey's white paper detailing the app's protocols and privacy mechanisms, Bitchat's system design "prioritizes" security.

But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all -- by Dorsey's own admission. Since launching, Dorsey has added a warning to Bitchat's GitHub page: "This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed." This warning now also appears on Bitchat's main GitHub project page but was not there at the time the app debuted.

As of Wednesday, Dorsey added: "Work in progress," next to the warning on GitHub. This latest disclaimer came after security researcher Alex Radocea found that it's possible to impersonate someone else and trick a person's contacts into thinking they are talking to the legitimate contact, as the researcher explained in a blog post. Radocea wrote that Bitchat has a "broken identity authentication/verification" system that allows an attacker to intercept someone's "identity key" and "peer id pair" -- essentially a digital handshake that is supposed to establish a trusted connection between two people using the app. Bitchat calls these "Favorite" contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact, knowing that they are talking to the same person they talked to before.

Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports: Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies.

Tuckner said in an email Wednesday that the most recent status of the affected extensions is:

- Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library.
- Of 129 Edge extensions incorporating the library, eight are now inactive.
- Of 71 affected Firefox extensions, two are now inactive.

Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.

The UK has transformed its broadband infrastructure in five years -- with full-fiber coverage jumping from 12% of properties in January 2020 to more than 78% by 2025, according to communications regulator Ofcom and ThinkBroadband data. Northern Ireland leads with 96% of premises in postcodes served with full-fiber connections.

The rollout accelerated after Ofcom's May 2021 regulatory framework gave other providers access to BT's Openreach ducts and poles while promising the company regulatory certainty through a "fair bet" approach that avoided price caps. The framework sparked investment from alternative networks, or "altnets," which increased homes passed from 8.2 million in 2022 to 16.4 million by 2025.