Samsung has all but confirmed that its upcoming Galaxy S26 will feature a built-in privacy display, releasing an ad that demonstrates a "Zero-peeking privacy" toggle capable of blacking out on-screen content for anyone peering over the user's shoulder.

The underlying technology is reportedly Samsung Display's Flex Magic Pixel OLED panel, first shown at MWC 2024, which adjusts viewing angles on a pixel-by-pixel basis -- and leaker Ice Universe has shared a video of the feature selectively hiding content in banking and messaging apps using AI. Samsung's Unpacked event is scheduled for February 25th.

Google never asked its users before adding AI Overviews to its search results and AI-generated email summaries to Gmail, notes the New York Times. And Meta didn't ask before making "Meta AI" an unremovable part of its tool in Instagram, WhatsApp and Messenger.

"The insistence on AI everywhere — with little or no option to turn it off — raises an important question about what's in it for the internet companies..." Behind the scenes, the companies are laying the groundwork for a digital advertising economy that could drive the future of the internet. The underlying technology that enables chatbots to write essays and generate pictures for consumers is being used by advertisers to find people to target and automatically tailor ads and discounts to them....

Last month, OpenAI said it would begin showing ads in the free version of ChatGPT based on what people were asking the chatbot and what they had looked for in the past. In response, a Google executive mocked OpenAI, adding that Google had no plans to show ads inside its Gemini chatbot. What he didn't mention, however, was that Google, whose profits are largely derived from online ads, shows advertising on Google.com based on user interactions with the AI chatbot built into its search engine.

For the past six years, as regulators have cracked down on data privacy, the tech giants and online ad industry have moved away from tracking people's activities across mobile apps and websites to determine what ads to show them. Companies including Meta and Google had to come up with methods to target people with relevant ads without sharing users' personal data with third-party marketers. When ChatGPT and other AI chatbots emerged about four years ago, the companies saw an opportunity: The conversational interface of a chatty companion encouraged users to voluntarily share data about themselves, such as their hobbies, health conditions and products they were shopping for.

The strategy already appears to be working. Web search queries are up industrywide, including for Google and Bing, which have been incorporating AI chatbots into their search tools. That's in large part because people prod chatbot-powered search engines with more questions and follow-up requests, revealing their intentions and interests much more explicitly than when they typed a few keywords for a traditional internet search.

Meta plans to add facial recognition technology to its Ray-Ban smart glasses as soon as this year, New York Times reported Friday, five years after the social giant shut down facial recognition on Facebook and promised to find "the right balance" for the controversial technology.

The feature, internally called "Name Tag," would let wearers identify people and retrieve information about them through Meta's AI assistant, the report added. An internal memo from May acknowledged the feature carries "safety and privacy risks" and noted that political tumult in the United States would distract civil society groups that might otherwise criticize the launch. The company is exploring restrictions that would prevent the glasses from functioning as a universal facial recognition tool, potentially limiting identification to people connected on Meta platforms or those with public accounts.

Pinterest has sacked two engineers for tracking which workers lost their jobs in a recent round of layoffs. BBC: The company recently announced job cuts, with chief executive Bill Ready stating in an email he was "doubling down on an AI-forward approach," according to an employee who posted some of the memo on LinkedIn.

Pinterest told investors the move would impact about 15% of the workforce, or roughly 700 roles, without saying which teams or workers were affected. But then "two engineers wrote custom scripts improperly accessing confidential company information to identify the locations and names of all dismissed employees and then shared it more broadly," a company spokesperson told the BBC. "This was a clear violation of Pinterest policy and of their former colleagues' privacy," the spokesperson added.

The script written by the Pinterest engineers was aimed at internal tools used at the company for employees to communicate, according to a person familiar with the firings who asked not to be identified. The person said the script created an alert for which employee names within a tool like the team communication platform Slack were being removed or deactivated, giving some insight into who at the company was impacted by the layoffs.

Microsoft is reevaluating its AI strategy on Windows 11 and plans to scale back or remove Copilot integrations across built-in apps after months of sustained user backlash, according to a Windows Central report citing people familiar with the company's plans.

Copilot features in apps like Notepad and Paint are under review and could be pulled entirely or stripped of their Copilot branding in favor of a more streamlined experience. The company has paused work on adding new Copilot buttons to any other in-box apps. Windows Recall, the screenshot-based search feature delayed by an entire year in 2024 over security and privacy concerns, is separately under review -- Microsoft internally considers the current implementation a failure and is exploring ways to rework or rename the feature rather than scrap it entirely, the report said.

Several security experts have "questioned the lack of technical detail" in that lawsuit alleging WhatsApp has no end-to-end encryption, reports the Washington Post: "It's pretty long on accusations and thin on any sort of evidence," Matthew Green, a cryptography professor at Johns Hopkins University, said over Signal. "WhatsApp has been very consistent about using end-to-end encryption. This lawsuit seems to be a nothingburger." Nicholas Weaver, a security researcher at the International Computer Science Institute, criticized the lawsuit in a post on Bluesky for lacking detail needed to back up its claims. "They don't even do a citation to the actual whistleblowers," he wrote, calling the suit "ludicrous."
And Meta has done more than just deny the allegations: On Wednesday, WhatsApp sent a letter to [law firm] Quinn Emanuel threatening to seek sanctions against the firm's lawyers in court if they do not withdraw the suit, according to a copy reviewed by The Washington Post. "We're pursuing sanctions against Quinn Emanuel for filing a meritless lawsuit that was designed purely to grab headlines," Woog said by WhatsApp message. Woog also suggested the suit against WhatsApp was related to Quinn Emanuel's work on a separate case, between the social network giant and the spyware company NSO Group. The surveillance vendor is appealing a $167 million judgment entered against it in federal court last May, after a jury found that NSO's Pegasus tool exploited a weakness in the WhatsApp app to take over control of the phones of more than 1,000 users. An attorney from Quinn Emanuel joined NSO's legal team on that case on Jan. 22, according to legal filings, and different attorneys from that firm filed the case against WhatsApp on Jan. 23. "We believe a lawsuit like this is an attempt to launder false claims and divert attention from their dangerous spyware," Woog said.
"It's very suspicious timing that this is happening as that appeal is happening," Maria Villegas Bravo, counsel at the Electronic Privacy Information Center, told the site Decrypt, "as NSO Group is trying to lobby to get delisted from sanctions in the U.S. government."

EPIC's counsel also told the site that the complaint appears light on factual detail about WhatsApp's software: "I'm not seeing any factual allegations or any information about the actual software itself," Villegas Bravo said. "I have a lot of questions that I would want answered before I would want this lawsuit to proceed.... I don't think there's any merit in this lawsuit," Villegas Bravo said.

Meta has forcefully rejected the allegations. In a statement shared with Decrypt, a company spokesperson called the claims "categorically false and absurd... WhatsApp has been end-to-end encrypted using the Signal protocol for a decade," the spokesperson said. "This lawsuit is a frivolous work of fiction, and we will pursue sanctions against plaintiffs' counsel."

DuckDuckGo recently asked its users how they felt about AI in search. The answer has come back loud and clear: more than 90% of the 175,354 people who voted said they don't want it.

The privacy-focused search engine has since set up two versions of its tool: noai.duckduckgo.com for the AI-averse and yesai.duckduckgo.com for the curious. Users can also tweak settings on the main site to disable AI summaries, AI-generated images, and the Duck.ai chatbot individually.

An anonymous reader quotes a report from Wired: Earlier this month, Joseph Thacker's neighbor mentioned to him that she'd preordered a couple of stuffed dinosaur toys for her children. She'd chosen the toys, called Bondus, because they offered an AI chat feature that lets children talk to the toy like a kind of machine-learning-enabled imaginary friend. But she knew Thacker, a security researcher, had done work on AI risks for kids, and she was curious about his thoughts.

So Thacker looked into it. With just a few minutes of work, he and a web security researcher friend named Joel Margolis made a startling discovery: Bondu's web-based portal, intended to allow parents to check on their children's conversations and for Bondu's staff to monitor the products' use and performance, also let anyone with a Gmail account access transcripts of virtually every conversation Bondu's child users have ever had with the toy.

Without carrying out any actual hacking, simply by logging in with an arbitrary Google account, the two researchers immediately found themselves looking at children's private conversations, the pet names kids had given their Bondu, the likes and dislikes of the toys' toddler owners, their favorite snacks and dance moves. In total, Margolis and Thacker discovered that the data Bondu left unprotected -- accessible to anyone who logged in to the company's public-facing web console with their Google username -- included children's names, birth dates, family member names, "objectives" for the child chosen by a parent, and most disturbingly, detailed summaries and transcripts of every previous chat between the child and their Bondu, a toy practically designed to elicit intimate one-on-one conversation. More than 50,000 chat transcripts were accessible through the exposed web portal. When the researchers alerted Bondu about the findings, the company acted to take down the console within minutes and relaunched it the next day with proper authentication measures.

"We take user privacy seriously and are committed to protecting user data," Bondu CEO Fateen Anam Rafid said in his statement. "We have communicated with all active users about our security protocols and continue to strengthen our systems with new protections," as well as hiring a security firm to validate its investigation and monitor its systems in the future.

When asked directly whether people actually like Experian, Alex Lintner, the credit bureau's CEO of Software and Technology, offered an unusual defense in an interview: "First of all, we're not Palantir, so we don't do reputation scores." Speaking on The Verge's podcast, Lintner conceded that consumers who have poor credit scores through "life's circumstances" sometimes direct their frustration at Experian, though he argued the company enables vital access to credit for 247 million Americans.

The 10-year company veteran said Experian has built its own large language model and about 200 AI agents for internal use, but consumer data remains entirely walled off from public AI systems. On security, Lintner said Experian hasn't experienced a data breach in a decade -- the last occurred two weeks into his tenure. When competitor Equifax suffered its massive breach, Equifax actually paid Experian to help protect affected consumers' identities.

An anonymous reader quotes a report from Ars Technica: The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by disclosing a user's viewing history to Facebook. The case, Michael Salazar v. Paramount Global, hinges on the law's definition of the word "consumer." Salazar filed a class action against Paramount in 2022, alleging that it "violated the VPPA by disclosing his personally identifiable information to Facebook without consent," Salazar's petition to the Supreme Court said. Salazar had signed up for an online newsletter through 247Sports.com, a site owned by Paramount, and had to provide his email address in the process. Salazar then used 247Sports.com to view videos while logged in to his Facebook account.

"As a result, Paramount disclosed his personally identifiable information -- including his Facebook ID and which videos he watched—to Facebook," the petition (PDF) said. "The disclosures occurred automatically because of the Facebook Pixel Paramount installed on its website. Facebook and Paramount then used this information to create and display targeted advertising, which increased their revenues." The 1988 law (PDF) defines consumer as "any renter, purchaser, or subscriber of goods or services from a video tape service provider." The phrase "video tape service provider" is defined to include providers of "prerecorded video cassette tapes or similar audio visual materials," and thus arguably applies to more than just sellers of tapes.

The legal question for the Supreme Court "is whether the phrase 'goods or services from a video tape service provider,' as used in the VPPA's definition of 'consumer,' refers to all of a video tape service provider's goods or services or only to its audiovisual goods or services," Salazar's petition said. The Supreme Court granted his petition (PDF) to hear the case in a list of orders released yesterday. [...] SCOTUSblog says that "the case will likely be scheduled for oral argument in the court's 2026-27 term," which begins in October 2026.

Longtime Slashdot reader schwit1 shares a report from PCMag: A lawsuit claims that WhatsApp's end-to-end encryption is a sham, and is demanding damages, but the app's parent company, Meta, calls the claims "false and absurd." The lawsuit was filed in a San Francisco US district court on Friday and comes from a group of users based in countries such as Australia, Mexico, and South Africa, according to Bloomberg.

As evidence, the lawsuit cites unnamed "courageous whistleblowers" who allege that WhatsApp and Meta employees can request to view a user's messages through a simple process, thus bypassing the app's end-to-end encryption. "A worker need only send a 'task' (i.e., request via Meta's internal system) to a Meta engineer with an explanation that they need access to WhatsApp messages for their job," the lawsuit claims. "The Meta engineering team will then grant access -- often without any scrutiny at all -- and the worker's workstation will then have a new window or widget available that can pull up any WhatsApp user's messages based on the user's User ID number, which is unique to a user but identical across all Meta products."

"Once the Meta worker has this access, they can read users' messages by opening the widget; no separate decryption step is required," the 51-page complaint adds. "The WhatsApp messages appear in widgets commingled with widgets containing messages from unencrypted sources. Messages appear almost as soon as they are communicated -- essentially, in real-time. Moreover, access is unlimited in temporal scope, with Meta workers able to access messages from the time users first activated their accounts, including those messages users believe they have deleted." The lawsuit does not provide any technical details to back up the rather sensational claims.
See also: "WhatsApp End-to-End Encryption Allegations Questioned By Some Security Experts, Lawyers."

Apple has launched a new AirTag 2 that features improved range, a speaker that's 50% louder, and expanded Apple Watch-based tracking. Pricing stays the same at $29 (or $99 for four). 9to5Mac reports: The new AirTag comes with an upgraded second-generation Ultra Wideband chip for improved range, including when using Precision Finding. From Apple Newsroom: "Apple's second-generation Ultra Wideband chip -- the same chip found in the iPhone 17 lineup, iPhone Air, Apple Watch Ultra 3, and Apple Watch Series 11 -- powers the new AirTag, making it easier to locate than ever before. Using haptic, visual, and audio feedback, Precision Finding guides users to their lost items from up to 50 percent farther away than the previous generation. And an upgraded Bluetooth chip expands the range at which items can be located. For the first time, users can use Precision Finding on Apple Watch Series 9 or later, or Apple Watch Ultra 2 or later, to find their AirTag, bringing a powerful experience to the wrist."

Another key upgrade with the new AirTag is an improved speaker, which should also make the accessory easier to find. Apple says: "With its updated internal design, the new AirTag is 50 percent louder than the previous generation, enabling users to hear their AirTag from up to 2x farther than before." Apple also touts privacy and security improvements with the new AirTag: "Designed exclusively for tracking objects, and not people or pets, the new AirTag incorporates a suite of industry-first protections against unwanted tracking, including cross-platform alerts and unique Bluetooth identifiers that change frequently."

Skylight, an open-source, TikTok-style video app built on the AT Protocol, surged past 380,000 users after last week's shake-up around TikTok's U.S. ownership and privacy concerns. TechCrunch reports: Launched last year and backed by Mark Cuban and other investors, Skylight's mobile app is built on the AT Protocol, the technology that also powers the decentralized X rival Bluesky, which now has north of 42 million users. Skylight, co-founded by CEO Tori White and CTO Reed Harmeyer, offers a built-in video editor; user profiles; support for likes, commenting, and sharing; and the ability for community curators to create custom feeds for others to follow. The app now has over 150,000 videos uploaded directly to the platform. It can also stream videos from Bluesky because of its AT Protocol integration.

Harmeyer said Saturday that 1.4 million videos were played on the app the day before, up 3x over the past 24 hours. The app had also seen sign-ups increase more than 150%. Other noteworthy stats include over a 50% increase in returning users, over 40% rise in video played on average, and over 100% increase in posts created. This surge was likely triggered by concerns over TikTok's change in ownership and its unfortunately timed technical glitches. [...] Over the weekend, Skylight's CEO, Tori White, said the app added around 20,000 new users and is continuing to grow. So far this January, the app has seen around 95,000 monthly active users. "We've seen what happens when one person dictates what's pushed into people's feeds," White told TechCrunch. "Not only does it harm a creator's connection with their followers, but the entire health of the platform. That's why we built Skylight Social on open standards. We wanted creator and user power to be guaranteed by the technology. Not an empty promise, but an irrevocable right."

Nike says it is investigating a potential data breach, after a group known for cyber attacks reportedly claimed to have leaked a trove of data related to its business operations. From a report: "We always take consumer privacy and data security very seriously," Nike said in a statement. "We are investigating a potential cyber security incident and are actively assessing the situation."

The ransomware group World Leaks said on its website that it had published 1.4 terabytes of data from Nike.

Brax Technologies just announced "a privacy-focused alternative to locked-down tablets" called open_slate that can double as a consumer tablet and a Linux-capable workstation on ARM.

Earlier Brax Technologies built the privacy-focused smartphone BraX3, which co-founder Plamen Todorov says proved "a privacy-focused mobile device could be designed, crowdfunded, manufactured, and delivered outside the traditional Big Tech ecosystem." Just as importantly, BraX3 showed us the value of building with the community. The feedback we received — what worked, what didn't, and what people wanted next — played a major role in shaping our direction going forward. Today, we're ready to share the next step in that journey...
They're promising their "2-in-1" open_slate tablet will be built with these guiding principles:

• Modularity beyond repairability". ("In addition to a user-replaceable battery, it supports an M.2 expansion slot, allowing users to customize storage and configurations to better fit their needs.")

• Hardware-level privacy and control, with physical switches allowing users to disable key components like wireless radios, sensors, microphones, and cameras.

• Multi-OS compatibility, supporting "multiple" Android-based operating systems as well as native Linux distributions. ("We're working with partners and the community to ensure proper, long-term OS support rather than one-off ports.")

• Longevity by design — a tablet that's "supported over time"

Brax has already created an open thread with preliminary design specs. "The planned retail price is 599$ for the base version and 799$ for the Pro version," they write. "We will be offering open_slate (both versions) at a discount during our pre-order campaign, starting as low as 399$ for the base version and 529$ for the Pro version for limited quantities only which may sell out in a day or two from launching pre-orders...

"Pre-orders will open in February, via IndieGoGo. Make sure to subscribe for notifications if you don't want to miss the launch date."

Thanks to long-time Slashdot reader walterbyrd for sharing the news.

An anonymous reader quotes a report from Wired: When TikTok users in the U.S. opened the app today, they were greeted with a pop-up asking them to agree to the social media platform's new terms of service and privacy policy before they could resume scrolling. These changes are part of TikTok's transition to new ownership. In order to continue operating in the U.S., TikTok was compelled by the U.S. government to transition from Chinese control to a new, American-majority corporate entity. Called TikTok USDS Joint Venture LLC, the new entity is made up of a group of investors that includes the software company Oracle. It's easy to tap "agree" and keep on scrolling through videos on TikTok, so users might not fully understand the extent of changes they are agreeing to with this pop-up.

Now that it's under U.S.-based ownership, TikTok potentially collects more detailed information about its users, including precise location data. Here are the three biggest changes to TikTok's privacy policy that users should know about. TikTok's change in location tracking is one of the most notable updates in this new privacy policy. Before this update, the app did not collect the precise, GPS-derived location data of U.S. users. Now, if you give TikTok permission to use your phone's location services, then the app may collect granular information about your exact whereabouts. Similar kinds of precise location data is also tracked by other social media apps, like Instagram and X.

[...] Rather than an adjustment, TikTok's policy on AI interactions adds a new topic to the privacy policy document. Now, users' interactions with any of TikTok's AI tools explicitly fall under data that the service may collect and store. This includes any prompts as well as the AI-generated outputs. The metadata attached to your interactions with AI tools may also be automatically logged. [...] This change to TikTok's privacy policy may not be as immediately noticeable to users, but it will likely have an impact on the types of ads you see outside of TikTok. So, rather than just using your collected data to target you while using the app, TikTok may now further leverage that info to serve you more relevant ads wherever you go online. As part of this advertising change, TikTok also now explicitly mentions publishers as one kind of partner the platform works with to get new data.

Marcel Bucher, a professor of plant sciences at the University of Cologne in Germany, lost two years of carefully structured academic work in an instant when he temporarily disabled ChatGPT's "data consent" option in August to test whether the AI tool's functions would still work without providing OpenAI his data. All his chats were permanently deleted and his project folders emptied without any warning or undo option, he wrote in a post on Nature.

Bucher, a ChatGPT Plus subscriber paying $20 per month, had used the platform daily to draft grant applications, prepare teaching materials, revise publication drafts and create exams. He contacted OpenAI support, first receiving responses from an AI agent before a human employee confirmed the data was permanently lost and unrecoverable. OpenAI cited "privacy by design" as the reason, telling Nature it does provide a confirmation prompt before users permanently delete a chat but maintains no backups.

Bucher said he had saved partial copies of some materials, but the underlying prompts, iterations, and project folders -- what he describes as the intellectual scaffolding behind his finished work -- are gone forever.

The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use. From a report: The Communications (Interception and Lawful Access) Bill is being framed as a replacement for the current legislation that governs digital communication interception. The Department of Justice, Home Affairs, and Migration said in an announcement this week the existing Postal Packets and Telecommunications Messages (Regulation) Act 1993 "predates the telecoms revolution of the last 20 years."

As well as updating laws passed more than two decades ago, the government was keen to emphasize that a key ambition for the bill is to empower law enforcement to intercept of all forms of communications. The Bill will bring communications from IoT devices, email services, and electronic messaging platforms into scope, "whether encrypted or not."

In a similar way to how certain other governments want to compel encrypted messaging services to unscramble packets of interest, Ireland's announcement also failed to explain exactly how it plans to do this. However, it promised to implement a robust legal framework, alongside all necessary privacy and security safeguards, if these proposals do ultimately become law. It also vowed to establish structures to ensure "the maximum possible degree of technical cooperation between state agencies and communication service providers."/i

The powerful data privacy watchdog in Italy long known for aggressively policing U.S. and Chinese AI giants is under investigation for possible corruption and embezzlement. Reuters reports: Rome prosecutors are investigating the agency's president, Pasquale Stanzione, and three other board members over alleged excessive spending and possible corruption behind its decisions, Italian news agencies including ANSA as well as the judicial source, who did not wish to be named, said. Stanzione, when asked by reporters to comment on the investigation, said he was "absolutely serene."

The opposition 5-Star Movement said the agency's credibility had been undermined and called for Stanzione to resign. Stanzione declined to answer when asked repeatedly by reporters whether he would step down. The data privacy authority, known in Italy as the Garante, is one of the European Union's most proactive regulators in assessing AI platform compliance with the bloc's data privacy regime. It frequently takes initiatives -- such as requesting information or imposing fines or bans -- on matters affecting high-tech multinationals operating in the country.

Scifi author/tech activist Cory Doctorow has decried the "enshittification" of our technologies to extract more profit. But Saturday he also described what could be "the beginning of the end for enshittification" in a new article for the Guardian — "our chance to make tech good again". There is only one reason the world isn't bursting with wildly profitable products and projects that disenshittify the US's defective products: its (former) trading partners were bullied into passing an "anti-circumvention" law that bans the kind of reverse-engineering that is the necessary prelude to modifying an existing product to make it work better for its users (at the expense of its manufacturer)...

Post-Brexit, the UK is uniquely able to seize this moment. Unlike our European cousins, we needn't wait for the copyright directive to be repealed before we can strike article 6 off our own law books and thereby salvage something good out of Brexit... Until we repeal the anti-circumvention law, we can't reverse-engineer the US's cloud software, whether it's a database, a word processor or a tractor, in order to swap out proprietary, American code for robust, open, auditable alternatives that will safeguard our digital sovereignty. The same goes for any technology tethered to servers operated by any government that might have interests adverse to ours — say, the solar inverters and batteries we buy from China.

This is the state of play at the dawn of 2026. The digital rights movement has two powerful potential coalition partners in the fight to reclaim the right of people to change how their devices work, to claw back privacy and a fair deal from tech: investors and national security hawks. Admittedly, the door is only open a crack, but it's been locked tight since the turn of the century. When it comes to a better technology future, "open a crack" is the most exciting proposition I've heard in decades.
Thanks to Slashdot reader Bruce66423 for sharing the article.