If you're surprised Tesla takes and keeps recordings from their cars after seeing the news about the Cybertruck in Vegas, you shouldn't be. This is not something new. Tesla has been taking and storing media for many years, claiming it's used to train their AI capabilities. You can't opt out either.

And Tesla employees do access it, make fun of you, make memes, and share the content internally, without any legitimate reason to access the content.

https://arstechnica.com/tech-policy/2023/04/tesla-workers-shared-images-from-car-cameras-including-scenes-of-intimacy/

While this is about Tesla, this is a growing problem across this and other industries.

#Tesla #Surveillance #Privacy

Popeye and Tintin are now in the public domain https://www.theverge.com/2025/1/1/24330191/popeye-tintin-head-2025-public-domain

An Algol 68 front end for GCC

https://lwn.net/Articles/1003916/ #LWN

It's truly incredible how the #CBC managed to avoid directly mentioning climate change in this piece:

https://www.cbc.ca/news/canada/calgary/warmer-outdoor-ice-rinks-1.7419517?cmp=rss

Someone's afraid of the CP defunding them... #abpoli #cdnpoli #ClimateChange

So, Carter rightly called Israel's oppression of Palestinians apartheid in the 2000s and the Democratic party nearly shit itself when he did, roundly condemning Carter for his accurate assessment.

I'm looking at all of the liberals right now, who were happy to see anti-war campus demonstrators hauled off and brutalized by police this year, praising Carter today and I'm just wondering what they'd be saying today if they remembered this bit of history about the man.

https://mondoweiss.net/2024/12/when-democrats-and-liberals-smeared-jimmy-carter-for-criticizing-israel/

John @tuckner sent me on an interesting wild goose chase. He is investigating the Cyberhaven extension compromise, trying to find out more. And he found something that he considered another campaign compromising browser extensions, related to the sclpfybn[.]com domain: https://secureannex.com/blog/sclpfybn-moneitization-scheme/

Edit: Just to make sure this is clear: so far there is little indication that these two campaigns are somehow related. Both being present in one extension was most likely a coincidence.

One of the extensions that used to contain the code in question was Visual Effects for Google Meet – which brought him to me because I recently covered that extension in my Karma Connection article: https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/

I checked my data but couldn’t find sclpfybn[.]com domain mentioned in any extensions other than the ones @tuckner found already. I then looked for similar code and immediately found it in Urban VPN Proxy.

First thought: Urban VPN Proxy has the legitimate version of a library that was trojanized elsewhere. Taking a look at the communication of Urban VPN Proxy disproved that theory almost immediately – not only was it communicating in exactly the same way, but also to an unknown domain, namely ducunt[.]com. Yet the same endpoint existed on the official urban-vpn[.]com domain as well.

So not only did Urban VPN Proxy contain essentially the same code, it was likely added there by the developers themselves. Further investigation increased the suspicion that all these extensions haven’t been compromised, that this was rather some monetization SDK.

At which point @tuckner found the sales pitch for that SDK, detailing how it would add ad blocking functionality to the extension at the cost of exfiltrating very detailed browsing data (of course anonymized and aggregated before being sold to everyone asking for it, we know the drill). And explanations on how to make sure Google won’t object.

And that explains it all: before the Visual Effects for Google Meet developer sold their extension to Karma, they tried to monetize it with this “ad blocking library.” The sales pitch doesn’t mention who develops the library but everything points to Urban VPN.

According to Urban VPN privacy policy, they are selling the data they collect from their users via BIScience Ltd. Who are most likely the hidden owners of Urban Cyber Security Inc., a company registered to a virtual address in the USA.

Edit: Updated link to Tuckner’s blog post, he split it away from the original investigation.

Journal editors resign to protest AI use, high fees, and more
Board members expressed concerns over high fees, editorial independence, and use of AI in editorial processes.
https://arstechnica.com/science/2024/12/journal-editors-resign-to-protest-ai-use-high-fees-and-more/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Waymo (aka Google) admits that it trains its robotaxis to break the law. When WaPo reporter finds robotaxis fail to stop for pedestrians in marked crosswalk 70% of the time, Waymo says it follows "social norms" rather than laws.
Expert explains: When robotaxis obey law, they don't go fast enough to compete successfully with Uber, so Google execs ordered engineers to ignore laws.
https://wapo.st/3ZZDifm

Whistleblower finds unencrypted location data for 800,000 VW EVs
Der Spiegel and Chaos Computer Club were able to tie data to car owners and their trips.
https://arstechnica.com/cars/2024/12/whistleblower-finds-unencrypted-location-data-for-800000-vw-evs/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Randomly stumbled on jot[1] recently; it's basically a perfect little text editor for all of those times I don't need the full set of features in sam or acme.

Bonus: the arrow keys function like they should in a text editor!

[1] https://shithub.us/aap/jot/HEAD/info.html