Technology

cross-posted from: https://slrpnk.net/post/20327401

Archived

We have all been sucked in by those videos circulating online of “My $200 Shein Haul” or “Everything I bought for less than $5 from TEMU Review”, but who actually are the two new giants on the ultra fast fashion scene?

In a world where it seemed the general consensus had shifted towards more environmental and ethical consumption, how have these two brands established a global network reaching 150 countries worldwide, and what is at stake if they continue to grow unchecked?

...

How Are They So Cheap?

• Labour: The general rule is if you are paying an unbelievably low price for a product, the person making it has been paid an unfair wage for their labour. Often this means involvement of forced, child or penal labour and workers are subjected to awful conditions and chemicals. US lawmakers have previously warned of an ‘extremely high risk’ that Temu and Shein were using forced labour – for Shein this would look like as part of their supply chain manufacturing and Temu for offering products on their e-commerce site.

• Materials: Another huge sacrifice Shein and Temu make in a bid to keep prices extremely low yet profits up is with the quality, in particular the materials they use. The low-quality materials used and assemblage of items with little attention to longevity means the products often deteriorate and/or break quickly. But this is good news for Shein and Temu! Throwaway culture is how these platforms thrive, as they rely on our constant need to consume.

• Mode of production: Both Shein and Temy rely on high levels of consumption, to drive high levels of production, with a streamlined mode of production. This requirement for overconsumption is evident in marketing efforts on both brands’ platforms. Users are constantly bombarded with micro-advertisements on social media outlets such as Tiktok and Instagram, and even on their individual apps, there are offers, games and gambling opportunities to keep users addicted to buying.

What Are the real costs?

• Carbon Emissions: It is no secret that the fast fashion industry is one of the biggest contributors to carbon emissions, responsible for approximately 10% of all global emissions every year. Global supply chains, manufacturing of textiles, assembling of garments and transportation all add up towards a brands carbon footprint. Shein and Temu, more than ever, prioritize and even encourage throwaway culture (buy, throwing away, buying again) for profit.

• Toxic Chemicals and Pollution: Dying and treating textiles in the fashion industry is a huge contributor to water pollution globally, especially when regulation is poor/poorly enforced by authorities. This affects the quality of water for people locally and also for aquatic life. Furthermore, a recent investigation carried out by authorities in South Korea found carcinogenic substances (promoting the development of cancer) hundreds of times over the legal limit in Shein clothing. Similarly, a European investigation into toys, baby products, electronics and cosmetics sold on Temu that breach European regulation, with one toy tested containing phthalates 240 times above the legal limit. (Phthalates can affect the function of organs and long-term can affect pregnancy, child growth and development and affect reproductive systems in both children and adolescents).

• Excessive Demand for Raw Materials and Textile Waste: The world consumes approximately 80 billion new clothing items every year – that is a lot of new clothes! Brands like Shein and Temu rely on this constant consumption to continue to make a profit, however there is only so much resource on Earth, and everything has to go somewhere. Estimates predict Shein alone produces nearly 200,000 new items each day. One of the ways countries have dealt with ultra fast fashion consumption is by shipping textiles overseas. Ghana receives 150,000 tonnes of used clothes dumped every year, with approximately half of these unusable. The clothing is commonly dumped and burnt, polluting local ecosystems with dangerous industrial chemicals, and damaging freshwater sources for local people. This exportation of textile waste is a new wave of ‘clothing colonization’, in which exponential consumption in the ‘Global North’ flows to the ‘Global South’.

...

Archived

Unveiling Trae: ByteDance's AI IDE and Its Extensive Data Collection System

Trae - the coding assistant of China's ByteDance - has rapidly emerged as a formidable competitor to established AI coding assistants like Cursor and GitHub Copilot. Its main selling point? It's completely free - offering Claude 3.7 Sonnet and GPT-4o without any subscription fees. Unit 221B's technical analysis, using network traffic interception, binary analysis, and runtime monitoring, has identified a sophisticated telemetry framework that continuously transmits data to multiple ByteDance servers. From a cybersecurity perspective, this represents a complex data collection operation with significant security and privacy implications.

[...]

Key Findings:

• Persistent connections to minimum 5 unique ByteDance domains, creating multiple data transmission vectors
• Continuous telemetry transmission even during idle periods, indicating an always-on monitoring system
• Regular update checks and configuration pulls from ByteDance servers, allowing for dynamic control
• Permanent device identification via machineId parameter, which appears to be derived from hardware identifiers, enabling long-term tracking capabilities
• Local WebSocket channels observed collecting full file content, with portions potentially transmitted to remote servers
• Complex local microservice architecture with redundant pathways for code data, suggesting a deliberate system design
• JWT tokens and authentication data observed in multiple communication channels, presenting potential credential exposure concerns
• Use of binary MessagePack format observed in data transfers, adding complexity to security analysis
• Extensive behavioral tracking mechanisms capable of building detailed user activity profiles
• Sophisticated data segregation across multiple endpoints, consistent with enterprise-grade telemetry systems

[...]

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

Archived

TLDR:

• China has developed an Artificial Intelligence (AI) system that adds to its already powerful censorship machine, scanning content for all kinds of topics like corruption, military issues, Taiwan politics, satire
• The discovery was accidental, security researchers found an Elasticsearch database unsecured on the web, hosted by Chinese company Baidu
• Experts highlight that AI-driven censorship is evolving to make state control over public discourse even more sophisticated, especially after recent releases like China's AI model DeepSeek

A complaint about poverty in rural China. A news report about a corrupt Communist Party member. A cry for help about corrupt cops shaking down entrepreneurs.

These are just a few of the 133,000 examples fed into a sophisticated large language model that’s designed to automatically flag any piece of content considered sensitive by the Chinese government.

A leaked database seen by TechCrunch reveals China has developed an AI system that supercharges its already formidable censorship machine, extending far beyond traditional taboos like the Tiananmen Square massacre.

The system appears primarily geared toward censoring Chinese citizens online but could be used for other purposes, like improving Chinese AI models’ already extensive censorship.

Xiao Qiang, a researcher at UC Berkeley who studies Chinese censorship and who also examined the dataset, told TechCrunch that it was “clear evidence” that the Chinese government or its affiliates want to use LLMs to improve repression.

“Unlike traditional censorship mechanisms, which rely on human labor for keyword-based filtering and manual review, an LLM trained on such instructions would significantly improve the efficiency and granularity of state-led information control,” Qiang said.

[...]

The dataset was discovered by security researcher NetAskari, who shared a sample with TechCrunch after finding it stored in an unsecured Elasticsearch database hosted on a Baidu server [...] There’s no indication of who, exactly, built the dataset, but records show that the data is recent, with its latest entries dating from December 2024.

[...]

An LLM for detecting dissent

In language eerily reminiscent of how people prompt ChatGPT, the system’s creator tasks an unnamed LLM to figure out if a piece of content has anything to do with sensitive topics related to politics, social life, and the military. Such content is deemed “highest priority” and needs to be immediately flagged.

Top-priority topics include pollution and food safety scandals, financial fraud, and labor disputes, which are hot-button issues in China that sometimes lead to public protests — for example, the Shifang anti-pollution protests of 2012.

Any form of “political satire” is explicitly targeted. For example, if someone uses historical analogies to make a point about “current political figures,” that must be flagged instantly, and so must anything related to “Taiwan politics.” Military matters are extensively targeted, including reports of military movements, exercises, and weaponry.

[...]

Inside the training data

From this huge collection of 133,000 examples that the LLM must evaluate for censorship, TechCrunch gathered 10 representative pieces of content.

Topics likely to stir up social unrest are a recurring theme. One snippet, for example, is a post by a business owner complaining about corrupt local police officers shaking down entrepreneurs, a rising issue in China as its economy struggles.

Another piece of content laments rural poverty in China, describing run-down towns that only have elderly people and children left in them. There’s also a news report about the Chinese Communist Party (CCP) expelling a local official for severe corruption and believing in “superstitions” instead of Marxism.

There’s extensive material related to Taiwan and military matters, such as commentary about Taiwan’s military capabilities and details about a new Chinese jet fighter. The Chinese word for Taiwan (台湾) alone is mentioned over 15,000 times in the data.

[...]

The dataset [...] say that it’s intended for “public opinion work,” which offers a strong clue that it’s meant to serve Chinese government goals [...] Michael Caster, the Asia program manager of rights organization Article 19, explained that “public opinion work” is overseen by a powerful Chinese government regulator, the Cyberspace Administration of China (CAC), and typically refers to censorship and propaganda efforts.

[...]

Repression is getting smarter

[...]

Traditionally, China’s censorship methods rely on more basic algorithms that automatically block content mentioning blacklisted terms, like “Tiananmen massacre” or “Xi Jinping,” as many users experienced using DeepSeek for the first time.

But newer AI tech, like LLMs, can make censorship more efficient by finding even subtle criticism at a vast scale. Some AI systems can also keep improving as they gobble up more and more data.

“I think it’s crucial to highlight how AI-driven censorship is evolving, making state control over public discourse even more sophisticated, especially at a time when Chinese AI models such as DeepSeek are making headwaves,” Xiao, the Berkeley researcher, said.

There's nothing like retro gaming on the Raspberry Pi but we haven't quite seen a gaming rig like this. Leave it to the Pi community to blow our minds and expectations out of the water. This project, created by maker and developer John Park is using our favorite SBC — the Raspberry Pi 5 — to drive a cool wall arcade featuring RGB LED matrix panels as the main display.

According to Park, this setup doesn't just look the part. You can actually play games on the system like a real arcade using wired USB controllers. That said, you're limited by the display capabilities of the matrix panel display. It can run demos with cool retro-style animations but also play a few homebrew games that are created using the PICO-8 Fantasy console.

Archived

Elon Musk’s aerospace giant SpaceX allows investors from China to buy stakes in the company as long as the funds are routed through the Cayman Islands or other offshore secrecy hubs, according to previously unreported court records.

The rare picture of SpaceX’s approach recently emerged in an under-the-radar corporate dispute in [the U.S. state of] Delaware. Both SpaceX’s chief financial officer and Iqbaljit Kahlon, a major investor, were forced to testify in the case.

In December, Kahlon testified that SpaceX prefers to avoid investors from China because it is a defense contractor. There is a major exception though, he said: SpaceX finds it “acceptable” for Chinese investors to buy into the company through offshore vehicles.

“The primary mechanism is that those investors would come through intermediate entities that they would create or others would create,” Kahlon said. “Typically they would set up BVI structures or Cayman structures or Hong Kong structures and various other ones,” he added, using the acronym for the British Virgin Islands. Offshore vehicles are often used to keep investors anonymous.

Experts called SpaceX’s approach unusual, saying they were troubled by the possibility that a defense contractor would take active steps to conceal foreign ownership interests.

Kahlon, who has long been close to the company’s leadership, has said he owns billions of dollars of SpaceX stock. His investment firm also acts as a middleman, raising money from investors to buy highly sought SpaceX shares. He has routed money from China through the Caribbean to buy stakes in SpaceX multiple times, according to the court filings.

[...]

Federal law [in the U.S.] gives regulators broad power to oversee foreign investments in tech companies and defense contractors. Companies only have to proactively report Chinese investments in limited circumstances, and there aren’t hard and fast rules for how much is too much. However, the government can initiate investigations and then block or reverse transactions they deem a national security threat. That authority typically does not apply to purely passive investments in which a foreign investor is buying only a small slice of a company. But experts said that federal officials regularly ask companies to add up Chinese investments into an aggregate total.

The U.S. government charges that China has a systematic strategy of using even minority investments to secure leverage over companies in sensitive industries, as well as to gain privileged access to information about cutting-edge technology. U.S. regulators view even private investors in China as potential agents of the country’s government, experts said.

[...]

It’s not uncommon for foreigners to buy U.S. stock through a vehicle in the Cayman Islands, often to save money on taxes. But experts said it was strange for the party on the other side of a deal — the U.S. company — to prefer such an arrangement.

ProPublica spoke to 13 national security lawyers, corporate attorneys and experts in Chinese finance about the SpaceX testimony. Twelve said they had never heard of a U.S. company with such a requirement and could not think of a purpose for it besides concealing Chinese ownership in SpaceX. The 13th said they had heard of companies adopting the practice as a way to hide foreign investment.

[...]

The new material adds to the questions surrounding Musk’s extensive ties with China, which have taken a new urgency since the world’s richest man joined the Trump White House. Musk has regularly met with Communist Party officials in China to discuss his business interests in the country, which is where about half of Tesla cars are built.

[...]

The Delaware court records reveal SpaceX insiders’ intense preoccupation with secrecy when it comes to China and detail a network of independent middlemen peddling SpaceX shares to eager Chinese investors. (Unlike a public company, SpaceX exercises significant control over who can buy into the company, with the ability to block sales even between outside parties.)

[...]

The experts said the court testimony is puzzling enough that it raises the possibility that SpaceX has more substantial ties to China than are publicly known and is working to mask them from U.S. regulators. A more innocent explanation, they said, is that SpaceX is seeking to avoid scrutiny of perfectly legal investments by the media or Congress.

[...]

Musk’s business interests in China extend far beyond SpaceX’s ownership structure — a fact that has drawn criticism from Republican lawmakers over the years. In 2022, after Tesla opened a showroom in the Chinese region where the government runs Uyghur internment camps, then-Sen. Marco Rubio tweeted, “Nationless corporations are helping the Chinese Communist Party cover up genocide.”

[...]

In recent years, the billionaire has offered sympathetic remarks about China’s desire to reclaim Taiwan and lavished praise on the government. “My experience with the government of China is that they actually are very responsive to the people,” Musk said toward the end of Trump’s first term. “In fact, possibly more responsive to the happiness of people than in the U.S.”

Archived

Security researcher Tenable successfully used DeepSeek to create a keylogger that could hide an encrypted log file on disk as well as develop a simple ransomware executable.

At its core, DeepSeek can create the basic structure for malware. However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features. For instance, DeepSeek struggled with implementing process hiding. "We got the DLL injection code it had generated working, but it required lots of manual intervention," Tenable writes in its report.

"Nonetheless, DeepSeek provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code the ability to quickly familiarize themselves with the relevant concepts."

"Based on this analysis, we believe that DeepSeek is likely to fuel further development of malicious AI-generated code by cybercriminals in the near future."

cross-posted from: https://lemmy.sdf.org/post/31552333

A Trust Report for DeepSeek R1 by VIJIL, a security resercher company, indicates critical levels of risk with security and ethics, high levels of risk with privacy, stereotype, toxicity, hallucination, and fairness, a moderate level of risk with performance, and a low level of risk with robustness.

cross-posted from: https://lemmy.sdf.org/post/31525284

Archived

[...]

While the financial, economic, technological, and national-security implications of DeepSeek’s achievement have been widely covered, there has been little discussion of its significance for authoritarian governance. DeepSeek has massive potential to enhance China’s already pervasive surveillance state, and it will bring the Chinese Communist Party (CCP) closer than ever to its goal of possessing an automated, autonomous, and scientific tool for repressing its people.

Since its inception in the early 2000s, the Chinese surveillance state has undergone three evolutions. In the first, which lasted until the early 2010s, the CCP obtained situational awareness — knowledge of its citizens’ locations and behaviors — via intelligent-monitoring technology. In the second evolution, from the mid-2010s till now, AI systems began offering authorities some decision-making support. Today, we are on the cusp of a third transformation that will allow the CCP to use generative AI’s emerging reasoning capabilities to automate surveillance and hone repression.

[...]

China’s surveillance-industrial complex took a big leap in the mid-2010s. Now, AI-powered surveillance networks could do more than help the CCP to track the whereabouts of citizens (the chess pawns). It could also suggest to the party which moves to make, which figures to use, and what strategies to take.

[...]

Inside China, such a network of large-scale AGI [artificial general intelligence] systems could autonomously improve repression in real time, rooting out the possibility of civic action in urban metropolises. Outside the country, if cities such as Kuala Lumpur, Malaysia — where China first exported Alibaba’s City Brain system in 2018 — were either run by a Chinese-developed city brain that had reached AGI or plugged into a Chinese city-brain network, they would quietly lose their governance autonomy to these highly complex systems that were devised to achieve CCP urban-governance goals.

[...]

As China’s surveillance state begins its third evolution, the technology is beginning to shift from merely providing decision-making support to actually acting on the CCP’s behalf.

[...]

DeepSeek [...] is this technology that would, for example, allow a self-driving car to recognize road signs even on a street it had never traveled before. [...] The advent of DeepSeek has already impelled tech experts in the United States to take similar approaches. Researchers at Stanford University managed to produce a powerful AI system for under US$50, training it on Google’s Gemini 2.0 Flash Thinking Experimental. By driving down the cost of LLMs, including for security purposes, DeepSeek will thus enable the proliferation of advanced AI and accelerate the rollout of Chinese surveillance infrastructure globally.

[...]

The next step in the evolution of China’s surveillance state will be to integrate generative-AI models like DeepSeek into urban surveillance infrastructures. Lenovo, a Hong Kong corporation with headquarters in Beijing, is already rolling out programs that fuse LLMs with public-surveillance systems. In Barcelona, the company is administering its Visual Insights Network for AI (VINA), which allows law enforcement and city-management personnel to search and summarize large amounts of video footage instantaneously.

[...]

The CCP, with its vast access to the data of China-based companies, could use DeepSeek to enforce laws and intimidate adversaries in myriad ways — for example, deploying AI police agents to cancel a Lunar New Year holiday trip planned by someone required by the state to stay within a geofenced area; or telephoning activists after a protest to warn of the consequences of joining future demonstrations. It could also save police officers’ time. Rather than issuing “invitations to tea” (a euphemism for questioning), AI agents could conduct phone interviews and analyze suspects’ voices and emotional cues for signs of repentance.

[...]

cross-posted from: https://lemmy.sdf.org/post/31373501

Today, EDRi filed a DSA complaint against social media giant ‘X’ in the EU, together with our member ApTI Romania. Our investigation found that X is likely in breach of its obligations towards Trusted Flaggers by misleading them—in all tested languages except English—to submit illegal content notices on a wrong, non-functional online form.

cross-posted from: https://lemmy.sdf.org/post/31339721

• Cyber security firm ESET discovered a cyberespionage operation by the China-aligned MirrorFace advanced persistent threat (APT) group against a Central European diplomatic institute in relation to upcoming Expo 2025 in Japan.
• MirrorFace has refreshed both its tooling and tactics, techniques, and procedures (TTPs).
• To our knowledge, this represents the first time that MirrorFace has targeted a European entity.
• MirrorFace has started using ANEL, a backdoor previously associated exclusively with APT10, and deployed a heavily customized variant of AsyncRAT, using a complex execution chain to run it inside Windows Sandbox.

"Known primarily for its cyberespionage activities against organizations in Japan, to the best of our knowledge, this is the first time MirrorFace has shown intent to infiltrate a European entity," Eset says in the report.

The campaign was uncovered in Q2 and Q3 of 2024 and named Operation AkaiRyū (Japanese for RedDragon) by ESET; it showcases refreshed TTPs that ESET Research observed throughout last year.

“MirrorFace targeted a Central European diplomatic institute. To our knowledge, this is the first, and, to date, only time MirrorFace has targeted an entity in Europe,” says ESET researcher Dominik Breitenbacher, who investigated the AkaiRyū campaign.

MirrorFace operators set up their spearphishing attack by crafting an email message that references a previous, legitimate interaction between the institute and a Japanese NGO. During this attack, the threat actor used the upcoming World Expo 2025 – to be held in Osaka, Japan – as a lure. This further shows that even considering this new broader geographic targeting, MirrorFace remains focused on Japan and events related to it. Before the attack on this European diplomatic institute, MirrorFace targeted two employees at a Japanese research institute, using a malicious, password-protected Word document delivered in an unknown manner.

[...]

Archive

An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.

The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads.

Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher.

"This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, [said].

"We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

[...]

cross-posted from: https://slrpnk.net/post/19676598

The copyright status of digital content shared online is often unclear, hindering its reuse. To address this issue, the CommonsDB initiative, funded by the European Commission, is building a prototype registry of Public Domain and openly licensed works. To enhance legal certainty for digital content reuse, the registry will employ decentralized identifiers for consistent content and rights recognition.

[...]

cross-posted from: https://lemmy.sdf.org/post/31222338

Russia is conducting an escalating and violent campaign of sabotage and subversion against European and U.S. targets in Europe led by Russian military intelligence (the GRU), according to a new CSIS database of Russian activity. The number of Russian attacks nearly tripled between 2023 and 2024. Russia’s primary targets have included transportation, government, critical infrastructure, and industry, and its main weapons and tactics have included explosives, blunt or edged instruments (such as anchors), and electronic attack. Despite the increase in Russian attacks, Western countries have not developed an effective strategy to counter these attacks.

[...]

Today, Russian active measures support the following types of foreign policy objectives:

• Influencing public opinion through psychological operations in Europe, the United States, and other countries to support Russian interests.
• Coercing governments, companies, or individuals to stop taking specific actions, particularly curbing military and other assistance to Ukraine.
• Deterring countries, companies, or individuals from taking specific actions, such as escalating the type and amount of military aid to Ukraine.
• Deterring Russian soldiers, government officials, and citizens from defecting to the West.
• Creating fissures between governments, especially between NATO allies.
• Undermining the democratic norms and values that underpin the West.

[...]

Since 2013, Ghost has made it possible to publish content online with a website and RSS feeds. In 2019 we added support for delivering content by email newsletter.

Now, in 2025, we're taking our biggest step yet by making it possible to publish to the social web.

[...]

Archived

The Tow Center for Digital Journalism at the Columbia University in the U.S. conducted tests on eight generative search tools with live search features to assess their abilities to accurately retrieve and cite news content, as well as how they behave when they cannot.

Results in brief:

• Chatbots were generally bad at declining to answer questions they couldn’t answer accurately, offering incorrect or speculative answers instead.
• Premium chatbots provided more confidently incorrect answers than their free counterparts.
• Multiple chatbots seemed to bypass Robot Exclusion Protocol preferences.
• Generative search tools fabricated links and cited syndicated and copied versions of articles.
• Content licensing deals with news sources provided no guarantee of accurate citation in chatbot responses.

[...]

Overall, the chatbots often failed to retrieve the correct articles. Collectively, they provided incorrect answers to more than 60 percent of queries. Across different platforms, the level of inaccuracy varied, with Perplexity answering 37 percent of the queries incorrectly, while Grok 3 had a much higher error rate, answering 94 percent of the queries incorrectly.

[...]

Five of the eight chatbots tested in this study (ChatGPT, Perplexity and Perplexity Pro, Copilot, and Gemini) have made the names of their crawlers public, giving publishers the option to block them, while the crawlers used by the other three (DeepSeek, Grok 2, and Grok 3) are not publicly known.We expected chatbots to correctly answer queries related to publishers that their crawlers had access to, and to decline to answer queries related to websites that had blocked access to their content. However, in practice, that is not what we observed.

[...]

The generative search tools we tested had a common tendency to cite the wrong article. For instance, DeepSeek misattributed the source of the excerpts provided in our queries 115 out of 200 times. This means that news publishers’ content was most often being credited to the wrong source.

Even when the chatbots appeared to correctly identify the article, they often failed to properly link to the original source. This creates a twofold problem: publishers wanting visibility in search results weren’t getting it, while the content of those wishing to opt out remained visible against their wishes.

[...]

The presence of licensing deals [between chat bots and publishers] didn’t mean publishers were cited more accurately [...] These arrangements typically provide AI companies direct access to publisher content, eliminating the need for website crawling. Such deals might raise the expectation that user queries related to content produced by partner publishers would yield more accurate results. However, this was not what we observed during tests conducted in February 2025

[...]

These issues pose potential harm to both news producers and consumers. Many of the AI companies developing these tools have not publicly expressed interest in working with news publishers. Even those that have often fail to produce accurate citations or to honor preferences indicated through the Robot Exclusion Protocol. As a result, publishers have limited options for controlling whether and how their content is surfaced by chatbots—and those options appear to have limited effectiveness.

[...]

Researchers Klaudia Jaźwińska and Aisvarya Chandrasekar noted in their report that roughly 1 in 4 Americans now use AI models as alternatives to traditional search engines. This raises serious concerns about reliability, given the substantial error rate uncovered in the study.

Archived

Oblivion menaces every scrap of information that doesn’t spark joy in the Oval Office. “It’s gone,” Trump said of “wokeness,” during his recent address to Congress, in almost motherly tones. “And we feel so much better for it, don’t we? Don’t we feel better?” But on this front, at least, the Administration is facing well-organized resistance. It comes from a loose coalition of archivists and librarians, who are standing athwart history and yelling “Save!” They belong to organizations such as the Internet Archive, which co-created a project called the End of Term Web Archive to back up the federal web in 2008; the Environmental Data and Governance Initiative, or EDGI; and libraries at major universities such as M.I.T. and the University of Michigan. Like the Encyclopedists of Isaac Asimov’s “Foundation”—who race to compile a collapsing empire’s accumulated knowledge—they’re assembling information arks to ride out the chaos.

[...]

Archived

[...]

UNC3886 deployed backdoors disguised as legitimate system processes on Juniper MX routers running outdated hardware and software. These routers, using end-of-life (EOL) configurations, were easier targets due to vulnerabilities in their security systems. The malware leveraged Junos OS’s Veriexec, a file integrity monitor, to avoid detection. Instead of disabling Veriexec, the attackers injected malicious code into legitimate processes.

[...]

UNC3886 is a well-known hacking group with a track record of targeting network devices and virtualization technologies, often using previously unknown vulnerabilities (known as zero-day exploits). The group’s main focus is on espionage against industries like defence, technology, and telecommunications, particularly in the US and Asia.

While other Chinese hacking campaigns, such as those attributed to groups like Volt Typhoon or Salt Typhoon, have made headlines, Mandiant found no direct technical connections between UNC3886’s activities and those operations. This suggests that UNC3886 is a distinct threat, operating with its own tools and strategies.

cross-posted from: https://lemmy.sdf.org/post/30940295

Chinese tech giant Huawei is at the centre of a new corruption case in Europe’s capital. On Thursday, Belgian police raided the homes of its lobbyists, Follow the Money and its media partners Le Soir and Knack can reveal.

Archived

Authorities suspect that Huawei lobbyists have paid bribes to MEPs in return for backing their cause in the European Union. Around 15 former and current MEPs are “on the radar” of the investigators.

In the early hours, Belgium’s federal police raided Huawei’s EU office and the homes of lobbyists for the Chinese tech company on suspicions of bribery, forgery, money laundering and criminal organisation, people close to the investigation told Follow the Money and Belgian outlets Le Soir and Knack.

Twenty-one addresses were searched in total, in Brussels, Flanders, Wallonia and in Portugal, as part of the sweeping corruption probe. Several documents and objects have been seized. No searches have taken place at the European Parliament.

“Around fifteen (former) MEPs are on the radar of the investigation”

Police were looking for evidence that representatives of the Chinese company broke the law when lobbying members of the European Parliament (MEPs), the sources said. The dawn raids were part of a covert police investigation that started about two years ago after a tip-off from the Belgian secret service.

According to one source close to the case, “around fifteen (former) MEPs are on the radar” of the investigators. For current lawmakers, Belgian prosecutors would have to ask the European Parliament to waive their immunity in order to investigate further. No such request has been made yet, sources said.

The Belgian federal prosecutors’ office confirmed that “several people were questioned. They will be heard about their alleged involvement in practices of bribery in the European Parliament and in forgery and use of forged documents. The facts are supposed to have been committed in a criminal organisation.” The state security service declined to comment.

[...]

Investigators suspect that Huawei lobbyists may have committed similar crimes by bribing MEPs with items including expensive football tickets, lavish gifts, luxurious trips to China and even cash to secure their support of the company while it faced pushback in Europe. Payments to one or several lawmakers have allegedly passed through a Portuguese company, a source said.

Several EU nations have taken action in recent years to restrict or ban “high-risk” vendors such as Huawei from their 5G networks, following warnings from the United States and the European Commission that the company’s equipment could be exploited for espionage by Beijing. Huawei has strongly denied claims of interference from the Chinese government.

[...]

The possible involvement of Huawei will also be part of the probe, the people familiar said. Authorities are investigating suspected offences including criminal organisation and money laundering [...]

The probe comes at a critical moment for the EU’s relations with China, its second biggest trading partner. US President Donald Trump’s recent threats and tariffs have been framed as an opportunity for a rapprochement between the EU and Beijing after years of escalating tensions.

“We could even expand our trade and investment ties [with China],” European Commission President Ursula von der Leyen told EU ambassadors last month.

The Belgian police’s investigation therefore risks having major geopolitical repercussions, especially if authorities charge Huawei along with any individual suspects.

Huawei’s links with the Chinese government

While Huawei has consistently maintained its independence from the Chinese government, researchers have found that the tech giant is 99 per cent owned by a union committee, and argued that independent unions don’t exist in China. Huawei founder Ren Zhengfei served in the Chinese military for 14 years before setting up the company, according to the recent book House of Huawei by journalist Eva Dou of the Washington Post.

Former Huawei employees who were granted anonymity to talk freely about sensitive issues told Follow the Money how the company over the past five years has grown increasingly close to the Chinese government – and increasingly hostile towards the West.

The arrest of Ren’s daughter and Huawei CFO Meng Wanzhou in Canada, China’s crackdown on tech firms seen as too independent from the state and Russia’s war in Ukraine were among the events that accelerated this shift, the former Huawei staffers said.

[...]

One of the main suspects in the corruption probe is 41-year-old Valerio Ottati. The Belgian-Italian lobbyist joined Huawei in 2019, when the company was ramping up its lobbying in the face of US pressure on European countries to stop buying its 5G equipment.

Before becoming Huawei’s EU Public Affairs Director, Ottati worked for a decade as an assistant to two Italian MEPs – from the centre-right and centre-left – who were both members of a European Parliament group dealing with China policy.

Ottati was not immediately available for comment. The investigation is still in an early stage and it remains to be seen whether Ottati or the other suspects in the case will be charged with criminal offences.

[...]

cross-posted from: https://lemmy.sdf.org/post/30887912

Here is the report Security and Trust: An Unsolvable Digital Dilemma? (pdf)

Police authorities and governments are calling for digital backdoors for investigative purposes - and the EU Commission is listening. The Centre for European Policy (cep) warns against a weakening of digital encryption. The damage to cyber security, fundamental rights and trust in digital infrastructures would be enormous.

[...]

The debate has become explosive due to the current dispute between the USA and the UK. The British government is demanding that Apple provide a backdoor to the iCloud to allow investigating authorities access to encrypted data. Eckhardt sees parallels with the EU debate: "We must prevent the new security strategy from becoming a gateway for global surveillance." Technology companies such as Meta, WhatsApp and Signal are already under pressure to grant investigators access to encrypted messages.

"Once you install a backdoor, you lose control over who uses it," says Küsters. Chinese hackers were recently able to access sensitive data through a vulnerability in US telecommunications networks - a direct consequence of the infrastructure there. Instead, Küsters advocates a strategy of "security by design", i.e. designing systems securely from the outset, and the increased use of metadata analyses and platform cooperation as viable alternatives to mass surveillance.

[...]

Lessons from across the Atlantic?

A recent episode from the US provides an illustrative cautionary tale. For decades, some US law enforcement and intelligence agencies advocated “exceptional access” to encrypted communications, claiming that only criminals needed such robust privacy protections – echoing the current debate in the EU. But over the past months, a dramatic shift occurred following revelations that Chinese state-sponsored hackers had infiltrated major US telecommunications networks, gaining access to call metadata and possibly even live calls (the so-called “Salt Typhoon” hack).

Specifically, the Chinese hackers exploited systems that US telecom companies had built to comply with federal wiretapping laws such as Communications Assistance for Law Enforcement Act (CALEA), which requires telecommunications firms to enable “lawful intercepts”. In theory, these built-in channels were supposed to only give law enforcement an exclusive window into suspect communications. In practice, however, they became a universal vulnerability that hostile actors could just as easily exploit.

Suddenly, the very government voices that once dismissed end-to-end encryption began recommending that citizens use encrypted messaging apps to maintain their security.

**What can we learn from this? **

While governments often push for greater surveillance capabilities, the real and current threat of state-sponsored cyber-espionage demonstrates the indispensable value of strong encryption. As the Electronic Frontier Foundation has noted, Salt Typhoon shows once more that there is no such thing as a backdoor that only the “good guys” can use.

If the mechanism exists, a malicious party will eventually find it and weaponise it. The lesson for Europe is clear: undermining encryption to aid investigations may prove short-sighted if it also exposes citizens – and state institutions – to hostile foreign interference. Is this really what we want to do in an increasingly challenging geopolitical environment? The debate about ensuring lawful and effective access to data in the digital age will remain one of the most pressing challenges, so we need to ask whether there are alternative, viable models.

[...]

A former senior Facebook executive has told the BBC how the social media giant worked "hand in glove" with the Chinese government on potential ways of allowing Beijing to censor and control content in China.

Sarah Wynn-Williams - a former global public policy director - says in return for gaining access to the Chinese market of hundreds of millions of users, Facebook's founder, Mark Zuckerberg, considered agreeing to hiding posts that were going viral, until they could be checked by the Chinese authorities.

Ms Williams - who makes the claims in a new book - has also filed a whistleblower complaint with the US markets regulator, the Securities and Exchange Commission (SEC), alleging Meta misled investors. The BBC has reviewed the complaint.

Facebook's parent company Meta, says Ms Wynn-Williams had her employment terminated in 2017 "for poor performance".

It is "no secret we were once interested" in operating services in China, it adds. "We ultimately opted not to go through with the ideas we'd explored."

[...]

Ms Wynn-Williams says her allegations about the company's close relationship with China provide an insight into Facebook's decision-making at the time.

[...]

Ms Wynn-Williams claims that in the mid-2010s, as part of its negotiations with the Chinese government, Facebook considered allowing it future access to Chinese citizens' user data.

"He was working hand in glove with the Chinese Communist Party, building a censorship tool… basically working to develop sort of the antithesis of many of the principles that underpin Facebook," she told the BBC.

Ms Wynn-Williams says governments frequently asked for explanations of how aspects of Facebook's software worked, but were told it was proprietary information.

"But when it came to the Chinese, the curtain was pulled back," she says.

"Engineers were brought out. They were walked through every aspect, and Facebook was making sure these Chinese officials were upskilled enough that they could not only learn about these products, but then test Facebook on the censorship version of these products that they were building."

[...]

In her SEC complaint, Ms Wynn-Williams also alleges Mr Zuckerberg and other Meta executives had made "misleading statements… in response to Congressional inquiries" about China.

One answer given by Mr Zuckerberg to Congress in 2018 said Facebook was "not in a position to know exactly how the [Chinese] government would seek to apply its laws and regulations on content"

[...]

Misinformation, market volatility and more: Faced with the need to mitigate risks that artificial intelligence presents, countries and regions are charting different paths

Archived

The original presentation is available in Spanish only.

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

[...]

cross-posted from: https://slrpnk.net/post/19214397

Archived

(Note that Pravda network of websites this article is talking about is different from the websites using the Pravda.ru domain, which publishes in English and Russian and are owned by Vadim Gorshenin, a self-described supporter of Russian President Vladimir Putin, who formerly worked for the Pravda newspaper, which was owned by the Communist Party in the former Soviet Union.)

A Moscow-based disinformation network named “Pravda” — the Russian word for "truth" — is pursuing an ambitious strategy by deliberately infiltrating the retrieved data of artificial intelligence chatbots, publishing false claims and propaganda for the purpose of affecting the responses of AI models on topics in the news rather than by targeting human readers, NewsGuard has confirmed. By flooding search results and web crawlers with pro-Kremlin falsehoods, the network is distorting how large language models process and present news and information. The result: Massive amounts of Russian propaganda — 3,600,000 articles in 2024 — are now incorporated in the outputs of Western AI systems, infecting their responses with false claims and propaganda.

This infection of Western chatbots was foreshadowed in a talk American fugitive turned Moscow based propagandist John Mark Dougan gave in Moscow last January at a conference of Russian officials, when he told them, “By pushing these Russian narratives from the Russian perspective, we can actually change worldwide AI.”

A NewsGuard audit has found that the leading AI chatbots repeated false narratives laundered by the Pravda network 33 percent of the time — validating Dougan’s promise of a powerful new distribution channel for Kremlin disinformation.

[...]

The Pravda network does not produce original content. Instead, it functions as a laundering machine for Kremlin propaganda, aggregating content from Russian state media, pro-Kremlin influencers, and government agencies and officials through a broad set of seemingly independent websites.

[...]

Since its launch, the network has been extensively covered by NewsGuard, Viginum, the Digital Forensics Research Lab, Recorded Future, the Foundation for Defense of Democracies, and the European Digital Media Observatory. Starting in August 2024, NewsGuard’s AI Misinformation Monitor, a monthly evaluation that tests the propensity for chatbots to repeat false narratives in the news, has repeatedly documented the chatbots’ reliance on the Pravda network and their propensity to repeat Russian disinformation.

[...]

The network spreads its false claims in dozens of languages across different geographical regions, making them appear more credible and widespread across the globe to AI models. Of the 150 sites in the Pravda network, approximately 40 are Russian-language sites publishing under domain names targeting specific cities and regions of Ukraine, including News-Kiev.ru, Kherson-News.ru, and Donetsk-News.ru. Approximately 70 sites target Europe and publish in languages including English, French, Czech, Irish, and Finnish. Approximately 30 sites target countries in Africa, the Pacific, Middle East, North America, the Caucasus and Asia, including Burkina Faso, Niger, Canada, Japan, and Taiwan. The remaining sites are divided by theme, with names such as NATO.News-Pravda.com, Trump.News-Pravda.com, and Macron.News-Pravda.com.

[...]

Despite its scale and size, the network receives little to no organic reach. According to web analytics company SimilarWeb, Pravda-en.com, an English-language site within the network, has an average of only 955 monthly unique visitors. Another site in the network, NATO.news-pravda.com, has an average of 1,006 monthly unique visitors a month, per SimilarWeb, a fraction of the 14.4 million estimated monthly visitors to Russian state-run RT.com.

Similarly, a February 2025 report by the American Sunlight Project (ASP) found that the 67 Telegram channels linked to the Pravda network have an average of only 43 followers and the Pravda network’s X accounts have an average of 23 followers.

But these small numbers mask the network’s potential influence. Instead of establishing an organic audience across social media as publishers typically do, the network appears to be focused on saturating search results and web crawlers with automated content at scale. The ASP found that on average, the network publishes 20,273 articles every 48 hours, or approximately 3.6 million articles a year, an estimate that it said is “highly likely underestimating the true level of activity of this network” because the sample the group used for the calculation excluded some of the most active sites in the network.

[...]

[Edit typo.]