Jack Dorsey has launched Bitchat, a decentralized, peer-to-peer messaging app that uses Bluetooth mesh networks for encrypted, ephemeral chats without requiring accounts, servers, or internet access. The beta version is live on TestFlight, with a full white paper available on GitHub. CNBC reports: In a post on X Sunday, Dorsey called it a personal experiment in "bluetooth mesh networks, relays and store and forward models, message encryption models, and a few other things."

Bitchat enables ephemeral, encrypted communication between nearby devices. As users move through physical space, their phones form local Bluetooth clusters and pass messages from device to device, allowing them to reach peers beyond standard range -- even without Wi-Fi or cell service. Certain "bridge" devices connect overlapping clusters, expanding the mesh across greater distances. Messages are stored only on device, disappear by default and never touch centralized infrastructure -- echoing Dorsey's long-running push for privacy-preserving, censorship-resistant communication.

Like the Bluetooth-based apps used during Hong Kong's 2019 protests, Bitchat is designed to keep working even when the internet is blocked, offering a censorship-resistant way to stay connected during outages, shutdowns or surveillance. The app also supports optional group chats, or "rooms," which can be named with hashtags and protected by passwords. It includes store and forward functionality to deliver messages to users who are temporarily offline. A future update will add WiFi Direct to increase speed and range, pushing Dorsey's vision for off-grid, user-owned communication even further.

An anonymous reader quotes a report from TechCrunch: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app's full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their victims. [...] According to a copy of the database from early June, which TechCrunch has seen, Catwatchful had email addresses and passwords on more than 62,000 customers and the phone data from 26,000 victims' devices.

Most of the compromised devices were located in Mexico, Colombia, India, Peru, Argentina, Ecuador, and Bolivia (in order of the number of victims). Some of the records date back to 2018, the data shows. The Catwatchful database also revealed the identity of the spyware operation's administrator, Omar Soca Charcov, a developer based in Uruguay. Charcov opened our emails, but did not respond to our requests for comment sent in both English and Spanish. TechCrunch asked if he was aware of the Catwatchful data breach, and if he plans to disclose the incident to its customers. Without any clear indication that Charcov will disclose the incident, TechCrunch provided a copy of the Catwatchful database to data breach notification service Have I Been Pwned. The stalkerware operation uses a custom API and Google's Firebase to collect and store victims' stolen data, including photos and audio recordings. According to Daigle, the API was left unauthenticated, exposing sensitive user data such as email addresses and passwords.

The hosting provider temporarily suspended the spyware after TechCrunch disclosed this vulnerability but it returned later on HostGator. Despite being notified, Google has yet to take down the Firebase instance but updated Google Play Protect to detect Catwatchful.

While Catwatchful claims it "cannot be uninstalled," you can dial "543210" and press the call button on your Android phone to reveal the hidden app. As for its removal, TechCrunch has a general how-to guide for removing Android spyware that could be helpful.

An anonymous reader quotes a report from Ars Technica: Last week, OpenAI raised objections in court, hoping to overturn a court order requiring the AI company to retain all ChatGPT logs "indefinitely," including deleted and temporary chats. But Sidney Stein, the US district judge reviewing OpenAI's request, immediately denied OpenAI's objections. He was seemingly unmoved by the company's claims that the order forced OpenAI to abandon "long-standing privacy norms" and weaken privacy protections that users expect based on ChatGPT's terms of service. Rather, Stein suggested that OpenAI's user agreement specified that their data could be retained as part of a legal process, which Stein said is exactly what is happening now.

The order was issued by magistrate judge Ona Wang just days after news organizations, led by The New York Times, requested it. The news plaintiffs claimed the order was urgently needed to preserve potential evidence in their copyright case, alleging that ChatGPT users are likely to delete chats where they attempted to use the chatbot to skirt paywalls to access news content. A spokesperson told Ars that OpenAI plans to "keep fighting" the order, but the ChatGPT maker seems to have few options left. They could possibly petition the Second Circuit Court of Appeals for a rarely granted emergency order that could intervene to block Wang's order, but the appeals court would have to consider Wang's order an extraordinary abuse of discretion for OpenAI to win that fight.

In the meantime, OpenAI is negotiating a process that will allow news plaintiffs to search through the retained data. Perhaps the sooner that process begins, the sooner the data will be deleted. And that possibility puts OpenAI in the difficult position of having to choose between either caving to some data collection to stop retaining data as soon as possible or prolonging the fight over the order and potentially putting more users' private conversations at risk of exposure through litigation or, worse, a data breach. [...]

Both sides are negotiating the exact process for searching through the chat logs, with both parties seemingly hoping to minimize the amount of time the chat logs will be preserved. For OpenAI, sharing the logs risks revealing instances of infringing outputs that could further spike damages in the case. The logs could also expose how often outputs attribute misinformation to news plaintiffs. But for news plaintiffs, accessing the logs is not considered key to their case -- perhaps providing additional examples of copying -- but could help news organizations argue that ChatGPT dilutes the market for their content. That could weigh against the fair use argument, as a judge opined in a recent ruling that evidence of market dilution could tip an AI copyright case in favor of plaintiffs.

A California jury has ordered Google to pay $314.6 million to Android smartphone users in the state after finding the company liable for collecting data from idle devices without permission.

The San Jose jury ruled Tuesday that Google sent and received information from phones while idle, creating "mandatory and unavoidable burdens shouldered by Android device users for Google's benefit." The 2019 class action represented an estimated 14 million Californians who argued Google consumed their cellular data for targeted advertising purposes.

China will launch digital IDs for internet use on July 15th, transferring online verification from private companies to government control. Users obtain digital IDs by submitting personal information including facial scans to police via an app. A pilot program launched one year ago enrolled 6 million people.

The system currently remains voluntary, though officials and state media are pushing citizens to register for "information security." Companies will see only anonymized character strings when users log in, while police retain exclusive access to personal details. The program replaces China's existing system requiring citizens to register with companies using real names before posting comments, gaming, or making purchases.

Police say they punished 47,000 people last year for spreading "rumours" online. The digital ID serves a broader government strategy to centralize data control. State planners classify data as a production factor alongside labor and capital, aiming to extract information from private companies for trading through government-operated data exchanges.

An anonymous reader quotes a report from Axios: Tinder is mandating new users in California verify their profiles using facial recognition technology starting Monday, executives exclusively tell Axios. The move aims to reduce impersonation and is part of Tinder parent Match Group's broader effort to improve trust and safety amid ongoing user frustration. The Face Check feature prompts users to take a short video selfie during onboarding. The biometric face scan, powered by FaceTec, then confirms the person is real and present and whether their face matches their profile photos. It also checks if the face is used across multiple accounts. If the criteria are met, the user receives a photo verified badge on their profile. The selfie video is then deleted. Tinder stores a non-reversible, encrypted face map to detect duplicate profiles in the future.

Face Check is separate from Tinder's ID Check, which uses a government-issued ID to verify age and identity. "We see this as one part of a set of identity assurance options that are available to users," Match Group's head of trust and safety Yoel Roth says. "Face Check ... is really meant to be about confirming that this person is a real, live person and not a bot or a spoofed account." "Even if in the short term, it has the effect of potentially reducing some top-line user metrics, we think it's the right thing to do for the business," Rascoff said.

Encrypted communications provider Proton has joined an antitrust lawsuit against Apple, filing a legal complaint that claims the company's App Store practices harm developers, consumers, and privacy. The Switzerland-based firm joined a group of Korean developers who sued Apple in May rather than filing a separate case.

Proton asked the US District Court for Northern California to require Apple to allow alternative app stores, expose those stores through its own App Store, permit developers to disable Apple's in-app payment system, and provide full access to Apple APIs. The company added a privacy-focused argument to typical antitrust complaints, contending that Apple's pricing model particularly penalizes companies that refuse to harvest user data. Developers of free apps typically sell user data to cover costs, while privacy-focused companies like Proton must charge subscriptions for revenue, making Apple's commission cuts more burdensome.

An anonymous reader quotes a report from TechCrunch: The U.S. Department of Justice announced on Monday that it had taken several enforcement actions against North Korea's money-making operations, which rely on undercover remote IT workers inside American tech companies to raise funds for the regime's nuclear weapons program, as well as to steal data and cryptocurrency. As part of the DOJ's multi-state effort, the government announced the arrest and indictment of U.S. national Zhenxing "Danny" Wang, who allegedly ran a years-long fraud scheme from New Jersey to sneak remote North Korean IT workers inside U.S. tech companies. According to the indictment, the scheme generated more than $5 million in revenue for the North Korean regime. [...]

From 2021 until 2024, the co-conspirators allegedly impersonated more than 80 U.S. individuals to get remote jobs at more than 100 American companies, causing $3 million in damages due to legal fees, data breach remediation efforts, and more. The group is said to have run laptop farms inside the United States, which the North Korean IT workers could essentially use as proxies to hide their provenance, according to the DOJ. At times, they used hardware devices known as keyboard-video-mouse (KVM) switches, which allow one person to control multiple computers from a single keyboard and mouse. The group allegedly also ran shell companies inside the U.S. to make it seem like the North Korean IT workers were affiliated with legitimate local companies, and to receive money that would then be transferred abroad, the DOJ said.

The fraudulent scheme allegedly also involved the North Korean workers stealing sensitive data, such as source code, from the companies they were working for, such as from an unnamed California-based defense contractor "that develops artificial intelligence-powered equipment and technologies."

TorrentFreak spotlights VP.net, a brand-new service from Private Internet Access founder Andrew Lee (the guy who gifted Linux Journal to Slashdot) that eliminates the classic "just trust your VPN" problem by locking identity-mapping and traffic-handling inside Intel SGX enclaves. The company promises 'cryptographically verifiable privacy' by using special hardware 'safes' (Intel SGX), so even the provider can't track what its users are up to.

The design goal is that no one, not even the VPN company, can link "User X" to "Website Y."

Lee frames it as enabling agency over one's privacy:

"Our zero trust solution does not require you to trust us - and that's how it should be. Your privacy should be up to your choice - not up to some random VPN provider in some random foreign country."
The team behind VP.net includes CEO Matt Kim as well as arguably the first Bitcoin veterans Roger Ver and Mark Karpeles.

Ask Slashdot: Now that there's a VPN where you don't have to "just trust the provider" - arguably the first real zero-trust VPN - are trust based VPNs obsolete?

The Free Software Foundation is a non-profit — and they're having some fun with it.

They've just announced a summer fundraiser, "and that means the GNU Press Shop is open!" From now until July 28, you can buy your FSF gear at the GNU Press shop. First and foremost, there's the launch of the FSF's fortieth anniversary shirt in a summery yellow. We're taking orders for a limited time for these (until July 28), and then printing them — you should have yours on your shoulders a few weeks after the shop closes.

We've also restocked some favorites in the shop:

- A fresh batch of the popular Ada & Zangemann: A Tale of Software, Skateboards, and Raspberry Ice Cream book by Matthias Kirschner from the Free Software Foundation Europe (FSFE). This tale of software, skateboards, and raspberry ice cream teaches kids how neat and exciting it is having control over your software, a perfect fun summer read!

- Reading is hard in the glaring sun, so shade your eyes with a freshly restocked GNU baseball cap in pitch black with brilliant gold embroidery. These are great for wearing anywhere, especially to free software events.

- For privacy, protect yourself from surveillance with ease and panache with this slick webcam guard.

We also hope you'll consider becoming an FSF associate member, putting yourself at the heart of our commitment to ensuring a world where all software respects our freedom and dignity. Plus, you'll help us reach our summer fundraising goal of 200 new associate members before July 11, and of course you'll also receive a 20% discount at the GNU Press Shop. A note about shipping: the GNU Press shop opens periodically, and we collect all orders during this time and schedule orders to be sent out on specific shipping dates with the help of volunteers. We will be doing the shipping at the end of the FSF's fundraiser, which means there will be a delay between placing your order and receiving it...

If you happen to be in the Boston area in July, and would like to support the FSF's work, we are looking for volunteers to help pack and ship our orders.
Also on sale are the book "Free as in Freedom 2.0" (Richard Stallman's 2010 revision of the 2002 biography by Sam Williams with extensive additional commentary) and "Free Software Free Society: Selected Essays of Richard M. Stallman" (the 3rd edition published in 2015).

And there's also several other books, t-shirts, other FSF-branded gear, and even a sticker that warns people "There is no cloud... just other people's computers."

The Canadian government has ordered Chinese surveillance camera manufacturer Hikvision to cease operations in Canada over national security concerns, Industry Minister Melanie Joly said late on Friday. From a report: Hikvision, also known as Hangzhou Hikvision Digital Technology Co, has faced numerous sanctions and restrictions by Canada's neighbor, the United States, over the past five and a half years for the firm's dealings and the use of its equipment in China's Xinjiang region, where rights groups have documented abuses against the Uyghur population and other Muslim communities.

"The government has determined that Hikvision Canada's continued operations in Canada would be injurious to Canada's national security," Joly said on X, adding that the decision was taken after a multi-step review of information provided by Canada's security and intelligence community."

Steven J. Vaughan-Nichols writes in an opinion piece for The Register: Microsoft, tactically admitting it has failed at talking all the Windows 10 PC users into moving to Windows 11 after all, is -- sort of, kind of -- extending Windows 10 support for another year. For most users, that means they'll need to subscribe to Microsoft 365. This, in turn, means their data and meta-information will be kept in a US-based datacenter. That isn't sitting so well with many European Union (EU) organizations and companies. It doesn't sit that well with me or a lot of other people either.

A few years back, I wrote in these very pages that Microsoft didn't want you so much to buy Windows as subscribe to its cloud services and keep your data on its servers. If you wanted a real desktop operating system, Linux would be almost your only choice. Nothing has changed since then, except that folks are getting a wee bit more concerned about their privacy now that President Donald Trump is in charge of the US. You may have noticed that he and his regime love getting their hands on other people's data.

Privacy isn't the only issue. Can you trust Microsoft to deliver on its service promises under American political pressure? Ask the EU-based International Criminal Court (ICC) which after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu for war crimes, Trump imposed sanctions on the ICC. Soon afterward, ICC's chief prosecutor, Karim Khan, was reportedly locked out of his Microsoft email accounts. Coincidence? Some think not. Microsoft denies they had anything to do with this.

Peter Ganten, chairman of the German-based Open-Source Business Alliance (OSBA), opined that these sanctions ordered by the US which he alleged had been implemented by Microsoft "must be a wake-up call for all those responsible for the secure availability of state and private IT and communication infrastructures." Microsoft chairman and general counsel, Brad Smith, had promised that it would stand behind its EU customers against political pressure. In the aftermath of the ICC reports, Smith declared Microsoft had not been "in any way [involved in] the cessation of services to the ICC." In the meantime, if you want to reach Khan, you'll find him on the privacy-first Swiss email provider, ProtonMail.

In short, besides all the other good reasons for people switching to the Linux desktop - security, Linux is now easy to use, and, thanks to Steam, you can do serious gaming on Linux - privacy has become much more critical. That's why several EU governments have decided that moving to the Linux desktop makes a lot of sense... Besides, all these governments know that switching from Windows 10 to 11 isn't cheap. While finances also play a role, and I always believe in "following the money" when it comes to such software decisions, there's no question that Europe is worried about just how trustworthy America and its companies are these days. Do you blame them? I don't. The shift to the Linux desktop is "nothing new," as Vaughan-Nichols notes. Munich launched its LiMux project back in 2004 and, despite ending it in 2017, reignited its open-source commitment by establishing a dedicated program office in 2024. In France, the gendarmerie now operates over 100,000 computers on a custom Ubuntu-based OS (GendBuntu), while the city of Lyon is transitioning to Linux and PostgreSQL.

More recently, Denmark announced it is dropping Windows and Office in favor of Linux and LibreOffice, citing digital sovereignty. The German state of Schleswig-Holstein is following suit, also moving away from Microsoft software. Meanwhile, a pan-European Linux OS (EU OS) based on Fedora Kinoite is being explored, with Linux Mint and openSUSE among the alternatives under consideration.

Facebook is prompting users to opt into a feature that uploads photos from their camera roll -- even those not shared on the platform -- to Meta's servers for AI-driven suggestions like collages and stylized edits. While Meta claims the content is private and not used for ads, opting in allows the company to analyze facial features and retain personal data under its broad AI terms, raising privacy concerns. TechCrunch reports: The feature is being suggested to Facebook users when they're creating a new Story on the social networking app. Here, a screen pops up and asks if the user will opt into "cloud processing" to allow creative suggestions. As the pop-up message explains, by clicking "Allow," you'll let Facebook generate new ideas from your camera roll, like collages, recaps, AI restylings, or photo themes. To work, Facebook says it will upload media from your camera roll to its cloud (meaning its servers) on an "ongoing basis," based on information like time, location, or themes.

The message also notes that only you can see the suggestions, and the media isn't used for ad targeting. However, by tapping "Allow," you are agreeing to Meta's AI Terms. This allows your media and facial features to be analyzed by AI, it says. The company will additionally use the date and presence of people or objects in your photos to craft its creative ideas. [...] According to Meta's AI Terms around image processing, "once shared, you agree that Meta will analyze those images, including facial features, using AI. This processing allows us to offer innovative new features, including the ability to summarize image contents, modify images, and generate new content based on the image," the text states.

The same AI terms also give Meta's AIs the right to "retain and use" any personal information you've shared in order to personalize its AI outputs. The company notes that it can review your interactions with its AIs, including conversations, and those reviews may be conducted by humans. The terms don't define what Meta considers personal information, beyond saying it includes "information you submit as Prompts, Feedback, or other Content." We have to wonder whether the photos you've shared for "cloud processing" also count here.

Germany's data protection commissioner has urged Apple and Google to remove Chinese AI startup DeepSeek from their app stores due to concerns about data protection. Reuters reports: Commissioner Meike Kamp said in a statement on Friday that she had made the request because DeepSeek illegally transfers users' personal data to China. The two U.S. tech giants must now review the request promptly and decide whether to block the app in Germany, she added, though her office has not set a precise timeframe. According to its own privacy policy, DeepSeek stores numerous pieces of personal data, such as requests to its AI program or uploaded files, on computers in China.

"DeepSeek has not been able to provide my agency with convincing evidence that German users' data is protected in China to a level equivalent to that in the European Union," [Commissioner Meike Kamp] said. "Chinese authorities have far-reaching access rights to personal data within the sphere of influence of Chinese companies," she added. The commissioner said she took the decision after asking DeepSeek in May to meet the requirements for non-EU data transfers or else voluntarily withdraw its app. DeepSeek did not comply with this request, she added.

An anonymous reader quotes a report from SecurityWeek: Hundreds of printer models from Brother and other vendors are impacted by potentially serious vulnerabilities discovered by researchers at Rapid7. The cybersecurity firm revealed on Wednesday that its researchers identified eight vulnerabilities affecting multifunction printers made by Brother. The security holes have been found to impact 689 printer, scanner and label maker models from Brother, and some or all of the flaws also affect 46 Fujifilm Business Innovation, five Ricoh, six Konica Minolta, and two Toshiba printers. Overall, millions of enterprise and home printers are believed to be exposed to hacker attacks due to these vulnerabilities.

The most serious of the flaws, tracked as CVE-2024-51978 and with a severity rating of 'critical', can allow a remote and unauthenticated attacker to bypass authentication by obtaining the device's default administrator password. CVE-2024-51978 can be chained with an information disclosure vulnerability tracked as CVE-2024-51977, which can be exploited to obtain a device's serial number. This serial number is needed to generate the default admin password. "This is due to the discovery of the default password generation procedure used by Brother devices," Rapid7 explained. "This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device's unique serial number, during the manufacturing process."

Having the admin password enables an attacker to reconfigure the device or abuse functionality intended for authenticated users. The remaining vulnerabilities, which have severity ratings of 'medium' and 'high', can be exploited for DoS attacks, forcing the printer to open a TCP connection, obtain the password of a configured external service, trigger a stack overflow, and perform arbitrary HTTP requests. Six of the eight vulnerabilities found by Rapid7 can be exploited without authentication. Brother has patched most of the flaws, but CVE-2024-51978 requires a new manufacturing process to fully resolve, which will apply only to future devices.

An anonymous reader quotes a report from Ars Technica: After sending cease-and-desist letters to VMware users whose support contracts had expired and who subsequently declined to subscribe to one of Broadcom's VMware bundles, Broadcom has started the process of conducting audits on former VMware customers. [...] Ars Technica reviewed a letter that a software provider and VMware user in the Netherlands received that is dated June 20 and informs the firm that it "has been selected for a formal audit of its use of VMware software and support services" [PDF]. The security professional who provided Ars with the letter asked to keep their name and their employers' name anonymous out of privacy concerns.

The anonymous employee told Ars that their company had been a VMware customer for "about" a decade before deciding not to sign up for a new contract with Broadcom's VMware a year ago. The company had been using VMware Cloud Foundation and vSphere. "Our CEO decided to not extend the support contract because of the costs," the employee said. "This already impacts us security-wise because we can no longer get updates (unless the CVSS score is critical)." The letter notes that an auditing firm, Connor Consulting, which is headquartered in San Francisco and has offices around the globe, will perform a review of the company's "VMware deployment and entitlements, which may include fieldwork or remote testing and meetings with members of your accounting, licensing, and management information systems functions." The letter informs its recipient that someone from Connor will reach out and that the VMware user should respond within three business days.

The letter, signed by Aiden Fitzgerald, director of global sales operations at Broadcom, claims that Broadcom will use its time "as efficiently and productively as possible to minimize disruption." Still, the security worker that Ars spoke with is concerned about the implications of the audit and said they "expect a big financial impact" for their employer. They added: "Because we are focusing on saving costs and are on a pretty tight financial budget, this will likely have impact on the salary negotiations or even layoffs of employees. Currently, we have some very stressed IT managers [and] legal department [employees] ..." The employee noted that they are unsure if their employer exceeded its license limits. If the firm did, it could face "big" financial repercussions, the worker noted.

U.S. lawmakers have reintroduced the bipartisan Open App Markets Act, aiming to curb Apple and Google's control over mobile app stores by promoting competition, supporting third-party marketplaces and sideloading, and safeguarding developer rights. AppleInsider reports: The Open App Markets Act seeks to do a number of things, including:
- Protect developers' rights to tell consumers about lower prices and offer competitive pricing;
- Protect sideloading of apps;
- Promote competition by opening the market to third-party app stores, startup apps, and alternative payment systems;
- Make it possible for developers to offer new experiences that take advantage of consumer device features;
- Give consumers greater control over their devices;
- Prevent app stores from disadvantaging developers; and
- Establish safeguards to preserve consumer privacy, security, and safety.

This isn't the first time we've seen this bill, either. In 2021, Senators Blumenthal, Klobuchar, and Blackburn had attempted to put forth the original version of the Open App Markets Act.However, the initial bill never made it to the floor for an office vote. Thanks to last-minute efforts by lobbying groups and appearances from chief executives, the bill eventually stalled out.

While the two bills are largely similar, the revised version introduces several key differences. Notably, the new version includes new carve-outs aimed at protecting intellectual property and addressing potential national security concerns.There's also a new clause that would prohibit punitive actions against developers for enabling remote access to other apps. The clause addition harkens back to the debacle between Apple and most game streaming services -- though in 2024, Apple loosened its App Store guidelines to allow cloud gaming and emulation.

There are a few new platform-protective clauses added, too. For instance, it would significantly lower the burden of proof for either Apple or Google to block platform access to a third-party app.Additionally, it reinforces the fact that companies like Apple or Google will not need to provide support or refunds for third-party apps installed outside of first-party app marketplaces. The full bill can be found here.

Psylo, a new privacy-focused iOS browser by Mysk, aims to defeat digital fingerprinting by isolating each browser tab with its own IP address, unique fingerprinting defenses, and proxy-based encryption. "Psylo stands out as it is the only WebKit-based iOS browser that truly isolates tabs," Tommy Mysk told The Register. "It's not only about separate storage and cookies. Psylo goes beyond that."

"This is why we call tabs 'silos.' It applies unique anti-fingerprinting measures per silo, such as canvas randomization. This way two Psylo tabs opening the same website would appear as though they originated on two different devices to the opened website." From the report: The company claims Psylo therefore offers better privacy than a VPN because the virtual networks mask the user's IP address but generally don't alter the data used for fingerprinting. Psylo, for example, will adjust the browser's time zone and browser language to match the geolocation of each proxy, resulting in more entropy that means fingerprints created by gathering data from silos will appear to be different.

The Mysk devs' post states that some privacy-focused browsers like Brave also implement anti-fingerprinting measures like canvas randomization, but those are more effective on the desktop macOS app due to Apple's iOS restrictions. They claim that they were able to achieve better results on iOS by using a client-side JavaScript solution. Mysk designed Psylo to minimize the information available to its maker. It doesn't log personally identifiable information or browsing data that the curious could use to identify the user, the company claims, noting that it also doesn't have customer payment information, which is handled by Apple. There are no user accounts, only randomized identifiers to indicate active subscriptions. According to Tommy Mysk, the only subscriber data kept is bandwidth usage, which is necessary to prevent abuse.

"We aggregate bandwidth usage based on a randomly generated ID that is created when a subscription is made," Mysk said. "The randomly generated ID is associated with the Apple subscription transaction. Apple doesn't share the identity of users making App Store purchases with developers." Asked whether Apple could identify users, Mysk said, "Theoretically and given a court order, Apple can figure out the randomly generated ID of the user in question. If we were to hand out the data associated with the randomly generated ID, it would only be the bandwidth usage of that user in the current month, and two months in the past. Older data is automatically deleted. "We don't associate any identifiable information with the randomly generated ID. We don't store IP addresses at all in every component of our system. We don't store websites visited by our users at all." The browser is only available on iOS and iPadOS, but Mysk says an Android version could be developed if there's enough interest. It costs $9.99 per month or $99 per year in the U.S.

An anonymous reader quotes a report from Ars Technica: After a court ordered OpenAI to "indefinitely" retain all ChatGPT logs, including deleted chats, of millions of users, two panicked users tried and failed to intervene. The order sought to preserve potential evidence in a copyright infringement lawsuit raised by news organizations. In May, Judge Ona Wang, who drafted the order, rejected the first user's request (PDF) on behalf of his company simply because the company should have hired a lawyer to draft the filing. But more recently, Wang rejected (PDF) a second claim from another ChatGPT user, and that order went into greater detail, revealing how the judge is considering opposition to the order ahead of oral arguments this week, which were urgently requested by OpenAI.

The second request (PDF) to intervene came from a ChatGPT user named Aidan Hunt, who said that he uses ChatGPT "from time to time," occasionally sending OpenAI "highly sensitive personal and commercial information in the course of using the service." In his filing, Hunt alleged that Wang's preservation order created a "nationwide mass surveillance program" affecting and potentially harming "all ChatGPT users," who received no warning that their deleted and anonymous chats were suddenly being retained. He warned that the order limiting retention to just ChatGPT outputs carried the same risks as including user inputs, since outputs "inherently reveal, and often explicitly restate, the input questions or topics input."

Hunt claimed that he only learned that ChatGPT was retaining this information -- despite policies specifying they would not -- by stumbling upon the news in an online forum. Feeling that his Fourth Amendment and due process rights were being infringed, Hunt sought to influence the court's decision and proposed a motion to vacate the order that said Wang's "order effectively requires Defendants to implement a mass surveillance program affecting all ChatGPT users." [...] OpenAI will have a chance to defend panicked users on June 26, when Wang hears oral arguments over the ChatGPT maker's concerns about the preservation order. In his filing, Hunt explained that among his worst fears is that the order will not be blocked and that chat data will be disclosed to news plaintiffs who may be motivated to publicly disseminate the deleted chats. That could happen if news organizations find evidence of deleted chats they say are likely to contain user attempts to generate full news articles.

Wang suggested that there is no risk at this time since no chat data has yet been disclosed to the news organizations. That could mean that ChatGPT users may have better luck intervening after chat data is shared, should OpenAI's fight to block the order this week fail. But that's likely no comfort to users like Hunt, who worry that OpenAI merely retaining the data -- even if it's never shared with news organizations -- could cause severe and irreparable harms. Some users appear to be questioning how hard OpenAI will fight. In particular, Hunt is worried that OpenAI may not prioritize defending users' privacy if other concerns -- like "financial costs of the case, desire for a quick resolution, and avoiding reputational damage" -- are deemed more important, his filing said.

An anonymous reader shares a report: AI firm DeepSeek is aiding China's military and intelligence operations, a senior U.S. official told Reuters, adding that the Chinese tech startup sought to use Southeast Asian shell companies to access high-end semiconductors that cannot be shipped to China under U.S. rules. The U.S. conclusions reflect a growing conviction in Washington that the capabilities behind the rapid rise of one of China's flagship AI enterprises may have been exaggerated and relied heavily on U.S. technology.

[...] "We understand that DeepSeek has willingly provided and will likely continue to provide support to China's military and intelligence operations," a senior State Department official told Reuters in an interview. "This effort goes above and beyond open-source access to DeepSeek's AI models," the official said, speaking on condition of anonymity in order to speak about U.S. government information. Chinese law requires companies operating in China to provide data to the government when requested. But the suggestion that DeepSeek is already doing so is likely to raise privacy and other concerns for the firm's tens of millions of daily global users.