America's federal government "is a veritable cosmos of information, made up of constellations of databases," warns the Atlantic. The FBI "has a facial-recognition apparatus capable of matching people against more than 640 million photos — a database made up of driver's license and passport photos, as well as mug shots. The Homeland Security department holds data "about the movements of every person who travels by air commercially". America's Drug Enforcement Administration "tracks license plates scanned on American roads." And there's also every taxpayer's finance and employment history..." Government agencies including the IRS, the FBI, DHS, and the Department of Defense have all purchased cellphone-location data, and possibly collected them too, via secretive groups such as the National Geospatial-Intelligence Agency. That means the government has at least some ability to map or re-create the past everyday movements of some American citizens. But now the information at individual agencies "is being pooled together. The question is Why? And what does the administration intend to do with it?" A White House spokesperson confirmed to the Atlantic that data collected by different agencies is now being combined. (They said that "Through data sharing between agencies, departments are collaborating to identify fraud and prevent criminals from exploiting hardworking American taxpayers.") But a March executive explicitly stated an aim "to eliminate the data silos that keep everything separate." The article accuses the administration officials of "not just undoing decades of privacy measures. They appear to be ignoring that they were ever written." The Atlantic spoke with former government officials "who have spent time in these systems," reporting that "to a person, these experts are alarmed about the possibilities for harm, graft, and abuse... Collecting and then assembling data in the industrial way — just to have them in case they might be useful — would represent a huge and disturbing shift for the government..." "A fragile combination of decades-old laws, norms, and jungly bureaucracy has so far prevented repositories such as these from assembling into a centralized American surveillance state. But that appears to be changing... DOGE has systematically gained access to sensitive data across the federal government "in ways that people in several agencies have described to us as both dangerous and disturbing."

Read more of this story at Slashdot.

Threads has now grown to over 350 million monthly active users, reports TechCrunch, citing Mark Zuckerberg's comments on a company earnings call. That means Threads grew by 9.4% in roughly 90 days: That's an increase of 30 million users since the prior quarter, where Meta reported that Threads had 320 million users. The new figure represents increased growth, as Threads added 30 million in the first quarter of this year, compared with 20 million in Q4 2024. It's also worth noting that in a single quarter, Threads added nearly the same number of users to its network as one of its newer competitors, Bluesky. The latter, a decentralized social app, today has roughly 35 million users. Zuckerberg also said there's been a 35% increase in time spent on Threads, according to the article, as a result of improvements to its recommendations systems.

Read more of this story at Slashdot.

May is Maintainer Month: Celebrating those who secure Open Source @@@@@@@@@@@@@@@@@@@@@@@@@@@@ The Open Source Initiative is joining "a global community of contributors" for GitHub's annual event "honoring the individuals who steward and sustain Open Source projects." And the theme of the 4th Annual "Maintainer Month" will be: securing Open Source: Throughout the month, OSI and our affiliates will be highlighting maintainers who prioritize security in their projects, sharing their stories, and providing a platform for collaboration and learning... Maintainer Month is a time to gather, share knowledge, and express appreciation for the people who keep Open Source projects running. These maintainers not only review issues and merge pull requests — they also navigate community dynamics, mentor new contributors, and increasingly, adopt security best practices to protect their code and users.... - OSI will publish a series of articles on Opensource.net highlighting maintainers whose work centers around security... - As part of our programming for May, OSI will host a virtual Town Hall [May 21st] with our affiliate organizations and invite the broader Open Source community to join.... - Maintainer Month is also a time to tell the stories of those who often work behind the scenes. OSI will be amplifying voices from across our affiliate network and encouraging communities to recognize the people whose efforts are often invisible, yet essential. "These efforts are not just celebrations — they are opportunities to recognize the essential role maintainers play in safeguarding the Open Source infrastructure that underpins so much of our digital world," according to the OSI's announcement. And this year they're focusing on three key areas of open source security: Adopting security best practices in projects and communities Recognizing contributors who improve project security Collaborating to strengthen the ecosystem as a whole

Read more of this story at Slashdot.

An anonymous reader shared this report from the Washington Post: Facebook's loosening of its content moderation standards early this year got lots of attention and criticism. But a new study suggests that it might matter less what is taken down than when. The research finds that Facebook posts removed for violating standards or other reasons have already been seen by at least three-quarters of the people who would be predicted to ever see them. "Content takedowns on Facebook just don't matter all that much, because of how long they take to happen," said Laura Edelson, an assistant professor of computer science at Northeastern University and the lead author of the paper in the Journal of Online Trust and Safety. Social media platforms generally measure how many bad posts they have taken down as an indication of their efforts to suppress harmful or illegal material. The researchers advocate a new metric: How many people were prevented from seeing a bad post by Facebook taking it down...? "Removed content we saw was mostly garden-variety spam — ads for financial scams, [multilevel marketing] schemes, that kind of thing," Edelson said... The new research is a reminder that platforms inadvertently host lots of posts that everyone agrees are bad.

Read more of this story at Slashdot.

Slashdot reader sciencehabit shares this excerpt from a new article in Science magazine: At first, astronomers knew of only one cosmic scenario that fit the bill for the violent formation of "jewelry shop" elements [gold and sliver]: the collision of two ultra-dense stellar corpses called neutron stars. Now, a second has stepped onto the scene. As they report this week in The Astrophysical Journal Letters, researchers have discovered signatures of this heavy element formation — called the r-process — in a giant flare first detected from a highly magnetic neutron star in 2004. The flare, which released more energy than our Sun does in a million years as it spewed electrically charged material, has remained shrouded in mystery since its discovery 20 years ago. Researchers quickly traced the outburst to a nearby magnetar, a special breed of neutron star whose magnetic fields are trillions times stronger than Earth's. But ten minutes after the massive flare, a second, fainter signal inexplicably came from the same star. More r-process sources may still be looming in the dark. The new study accounts for about 10% of the Milky Way's heavy elements, suggesting that astronomers will have to scour the cosmos for even more places where the r-process is hiding. One potential spot is a rare type of supernova that births rapidly rotating neutron stars, says says Anirudh Patel, the new study's lead author and an astronomer at Columbia University. He hopes that with more observations, astronomers will be able to sharpen that picture.... "It's humbling to realize that these were made in such extreme astrophysical environments."

Read more of this story at Slashdot.

Remember when U.S. National Security Adviser Mike Waltz mistakenly included a journalist in an encrypted chatroom to discuss looming U.S. military action against Yemen's Houthis? A recent photo of a high-level cabinet meeting caught Waltz using a "less-secure Signal app knockoff," reports the Guardian: The chat app Waltz was using appears to be a modified version of Signal called TM SGNL, made by a company that copies messaging apps but adds an ability to retain messages and archive them. The White House officials may be using the modified Signal in order to comply with the legal requirement that presidential records be preserved... That function suggests the end-to-end encryption that makes Signal trusted for sharing private communications is possibly "not maintained, because the messages can be later retrieved after being stored somewhere else", according to 404 Media. Thursday the national security adviser was removed from his position, the article points out. He was instead named America's ambassador to the United Nations.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: Google plans to roll out its Gemini artificial intelligence chatbot next week for children under 13 (source paywalled; alternative source) who have parent-managed Google accounts, as tech companies vie to attract young users with A.I. products. "Gemini Apps will soon be available for your child," the company said in an email this week to the parent of an 8-year-old. "That means your child will be able to use Gemini" to ask questions, get homework help and make up stories. The chatbot will be available to children whose parents useFamily Link, a Google service that enables families to set up Gmail and opt into services like YouTube for their child. To sign up for a child account, parents provide the tech company with personal data like their child's name and birth date. Gemini has specific guardrails for younger users to hinder the chatbot from producing certain unsafe content, said Karl Ryan, a Google spokesman. When a child with a Family Link account uses Gemini, he added, the company will not use that data to train its A.I. Introducing Gemini for children could accelerate the use of chatbots among a vulnerable population as schools, colleges, companies and others grapple with the effects of popular generative A.I. technologies. Trained on huge amounts of data, these systems can produce humanlike text and realistic-looking images and videos. [...] Google acknowledged some risks in its email to families this week, alerting parents that "Gemini can make mistakes" and suggesting they "help your child think critically" about the chatbot. The email also recommended parents teach their child how to fact-check Gemini's answers. And the company suggested parents remind their child that "Gemini isn't human" and "not to enter sensitive or personal info in Gemini." Despite the company's efforts to filter inappropriate material, the email added, children "may encounter content you don't want them to see."

Read more of this story at Slashdot.

A 25-year-old from Santa Clarita has pleaded guilty to hacking a Disney employee's computer using malware disguised as an AI art tool, stealing over 1 terabyte of confidential Disney data and threatening to leak it under the guise of a fake Russian hacktivist group. Variety reports: Santa Clarita resident Ryan Mitchell Kramer, 25, pleaded guilty to two felony charges, including one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison. According to the plea agreement, in early 2024 Kramer posted a computer program on various online platforms that appeared to be used to create AI-generated art, when it really contained a malicious file to gain access to victims' computers. Between April and May 2024, a Disney employee downloaded the program, and Kramer gained access to the victim's personal and work accounts, including a non-public Disney Slack channel. Kramer dowloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels. In July, Kramer contacted the victim by pretending to be a member of a fake Russian hacktivist group called "Nullbulge" and threatened to leak their personal information and Disney Slack data. On July 12, Kramer publicly released the data, including the victim's bank, medical, and personal information on multiple online platforms.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNN: Driverless trucks are officially running their first regular long-haul routes, making roundtrips between Dallas and Houston. On Thursday, autonomous trucking firm Aurora announced it launched commercial service in Texas under its first customers, Uber Freight and Hirschbach Motor Lines, which delivers time- and temperature-sensitive freight. Both companies conducted test runs with Aurora, including safety drivers to monitor the self-driving technology dubbed "Aurora Driver." Aurora's new commercial service will no longer have safety drivers. "We founded Aurora to deliver the benefits of self-driving technology safely, quickly, and broadly, said Chris Urmson, CEO and co-founder of Aurora, in a release on Thursday. "Now, we are the first company to successfully and safely operate a commercial driverless trucking service on public roads." The trucks are equipped with computers and sensors that can see the length of over four football fields. In four years of practice hauls the trucks' technology has delivered over 10,000 customer loads. As of Thursday, the company's self-driving tech has completed over 1,200 miles without a human in the truck. Aurora is starting with a single self-driving truck and plans to add more by the end of 2025.

Read more of this story at Slashdot.

Microsoft has appointed a Deputy CISO for Europe to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment. "The move also highlights strong fears from European IT execs and government officials that the Trump administration may exert significant influence on cybersecurity companies," reports CSO Online. From the report: Who that Deputy CISO will ultimately be is unclear. Wednesday's statement simply said that Microsoft CISO Igor Tsyganskiy is "appointing a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council," but the phrasing made it unclear when that would happen. However, Tsyganskiy made a separate announcement on LinkedIn that he has given the role to current Deputy CISO Ann Johnson. But he then said that Johnson, who is based at Microsoft's head office in Redmond, Washington, will hold that post "temporarily." In his LinkedIn post, Tsyganskiy explained that the Cybersecurity Governance Council, which was created in 2024, consists of "our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company's cyber risks, defenses, and compliance across regions and domains." "The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA)," Tsyganskiy wrote. "These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead." Microsoft said in Wednesday's statement: "the appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company's commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft's CISO." Michela Menting, France-based digital security research director at ABI Research, said when she heard on Wednesday that Microsoft was creating such a role, "I was mostly surprised that they don't already have one." "GDPR has been in place for quite some time now and the fact they are only now putting in a European deputy CISO is concerning," Menting added. "They are playing catch up."

Read more of this story at Slashdot.