Sponsor: Magic Lasso Adblock: 2.0× Faster Web Browsing in Safari magiclasso.co

My thanks to Magic Lasso Adblock for sponsoring Pixel Envy this week.

With over 5,000 five star reviews, Magic Lasso Adblock is simply the best ad blocker for your iPhone, iPad, and Mac.

As an efficient, high performance, and native Safari ad blocker, Magic Lasso blocks all intrusive ads, trackers, and annoyances — delivering a faster, cleaner, and more secure web browsing experience.

And with the new App Ad Blocking feature in v5.0, it extends the powerful Safari and YouTube ad blocking protection to all apps including news apps, social media, games, and other browsers like Chrome and Firefox.

So, join over 350,000 users and download Magic Lasso Adblock today.

Apple Data Detectors Reroute Parcel Tracking Through an Apple Web Service lapcatsoftware.com

Jeff Johnson:

Today I received a shipment notification via text message to my phone number from a company unrelated to Apple. The shipped product was not ordered with my iPhone, and in fact the product manufacturer doesn’t even know that I own any Apple devices. The message included a US Postal Service tracking number. Messages app on my iPhone transformed the tracking number into a link. When I pressed down on the link to reveal the URL, I was surprised by it:

https://trackingshipment.apple.com/ ?Company=USPS&Locale=&TrackingNumber=

[…]

[…] Apple has inserted itself where it doesn’t belong with this Messages “feature,” or misfeature. Why does Apple want to send itself our tracking numbers? Apple tracking is the opposite of privacy!

Apps throughout Apple’s operating systems can support different data detectors to automatically identify things like phone numbers, flight numbers, and shipment numbers. The latter are, indeed, rerouted through that trackingshipment.apple.com website; I have found this to be the case in first-party apps like Messages and Notes, as well as third-party apps, like MarsEdit, with support for data detectors.

A curl request to that endpoint on a sample parcel number reveals no explicit tracking scripts or methods are used:

curl "https://trackingshipment.apple.com/?
Company=Ontrac&Locale=
&TrackingNumber=ANUMBERIFOUNDONTHEWEB"

<HTML><HEAD><TITLE>Found</TITLE></HEAD><BODY>
<H1>Found</H1>This document has moved 
<a href="https://www.ontrac.com/tracking/?
number=ANUMBERIFOUNDONTHEWEB">here</a>. 
</BODY></HTML>%

What is interesting to me is that the trackingshipment URL already contains the shipping company when it is created by the data detector. That is, Apple’s web-side service is not used to determine which courier this number corresponds to. It is only performing a straight redirect. My guess about why it is set up like this is so Apple can push minor changes to the web service if a courier changes their parcel tracking URL format instead of shipping it in the next operating system update.

It is, however, entirely possible Apple is retaining server logs with identifying parcel tracking information. As Johnson writes, this is not a claim that Apple is misusing this data, only that it is possible.

Michael Tsai:

As he says, “Apple considers itself implicitly trustworthy,” so there are all these specific examples of violations that it just doesn’t count. But when it comes to others, Apple will assume the worst intentions and make the least charitable reading. […]

This is one of the glaring problems with leaving privacy governance up to self-interested corporations. I have no reason to believe Apple is doing anything wrong with this information. If I were designing this data detector, I would probably do it in a similar way. But because everything you do within Apple’s platforms could be governed by the company’s broad privacy policy, it has wider latitude than any individual developer.

Update: Johnson in a reply on Mastodon posits a smarter and more privacy-sensitive approach. (And goes to show why I am not designing data detectors; see above.)

In 2002, Last.fm Was the Cutting Edge of the Social Web cybercultural.com

Richard MacManus, Cybercultural:

[Martin] Stiksel explained that the idea for Last.fm came about when the students asked themselves, “how do you look for something that you don’t know?” So in the case of music, how to discover new music when you don’t necessarily know what type of music you’re looking for? The answer, he said, was the social component.

[…]

What both Last.fm and Audioscrobbler stumbled onto in 2002 was the collective value of user data in discovering new content — something that Amazon was also taking advantage of at this time. […]

The recommendations suggested by Last.fm have been among the best for any service I have used — music or otherwise. What I mean by that is that it often suggests things I have not listened to, it explains why I am seeing this recommendation, and it is very often right. And this is all based on data I choose to hand over.

I am a tiny bit worried about Last.fm’s future, given it is a subsidiary of CBS Interactive, now owned by Paramount Skydance. Also, it is now governed under that company’s expansive privacy policy and I have no idea what to make of that; it is so comprehensive as to be vague. I enjoyed reading this lovely history of the service, however.

The Consumer Welfare Standard and E-Book Pricing newyorker.com

Remember how I wrote that consumer pricing is not the only factor in determining the success or failure of policy? On a related note, remember Apple’s e-book price fixing scheme?

Vauhini Vara, the New Yorker, in December 2014:

Last year, a federal judge named Denise Cote found that Apple had, in fact, collaborated in a horizontal price-fixing scheme, not that it had orchestrated a vertical one. Cote noted that Apple executives kept the publishers informed about what other publishers were up to; she also pointed out that Apple made clear to the publishers that it was important for as many of them as possible sign on to the proposed deal. Both of these activities, among others, Cote argued, showed that the company had facilitated horizontal price-fixing. “Here we have every necessary component: with Apple’s active encouragement and assistance, the Publisher Defendants agreed to work together to eliminate retail price competition and raise e-book prices, and again with Apple’s knowing and active participation, they brought their scheme to fruition,” she wrote. As such, there was no need for Cote to consider arguments, made by Apple’s lawyers, about the company’s intentions and the effects of its actions, which might have been used to justify vertical price-fixing.

The U.S. Department of Justice in June 2016:

On March 7, 2016, the U.S. Supreme Court denied Apple’s petition for certiorari and made final the lower court decisions in the case. The Supreme Court’s action triggered Apple’s obligation to pay $400 million to e-book purchasers under Apple’s July 2014 agreement to settle damages actions brought by the attorneys general of 33 states and territories and a private class of e-book purchasers. With the $166 million previously paid by the conspiring publishers to settle claims against them, Apple’s payment brings to $566 million the amount repaid to e-book purchasers overcharged as a result of Apple’s and the publishers’ illegal conspiracy.

This is a case where both Amazon and Apple were wrong. Amazon’s Kindle model mimicked that of the iTunes Store by pricing e-books at a flat rate, though publishers argued this was keeping prices artificially low by using its overwhelming dominance of the market for e-books and readers. In attempting to compete with the launch of the iPad and the iBookstore, Apple coordinated with publishers to set their own prices. Amazon’s position was anticompetitive; Apple’s actions were ultimately ruled illegal. Yet the agency model, where publishers set the price, ultimately became standard for Amazon, too.

If a simplistic approach to consumer pricing is all we ought to care about, Amazon’s original model is the ideal. But it would require competitors to take a loss and encourage a race-to-the-bottom approach that devalues books. The response to this should not have been Apple’s colluding behaviour. Rather, antitrust law should have corrected the predatory nature of Amazon’s model at the time. Because it was not, and Apple’s attempt backfired, Amazon now has an 80% market share of online e-book sales.

The price paid by customers is only one of several factors to consider. In the case of the Digital Markets Act, it is factor the European Commission is considering, but only by way of more choice within and between platforms.

(Thanks to Sam Gross.)

Apple-Funded Study Finds DMA-Motivated Changes Save Developers Over €20 Million in Commission Fees in Three Months macrumors.com

Juli Clover, MacRumors, reports on a new study from Apple’s best professional friends:

Apple today shared a study commissioned from Analysis Group [PDF] that looks at App Store pricing changes before and after reduced fees took effect in the EU in March 2024 under the Digital Markets Act (DMA). The report shows that the DMA has not resulted in lower prices for consumers.

This study has not yet appeared on Apple’s Newsroom page or its Developer site. Per its recent strategy, it circulated the PDF to Reuters plus publications like AppleInsider who framed it in company-friendly terms. Ben Lovejoy, of 9to5Mac, for example, received an advance copy of the report:

The EU argued that having competing app stores would result in lower commissions and therefore lower app prices for consumers. However, an Apple-funded study carried out by The Analysis Group says it checked for reductions in app prices after commissions were reduced and says it can find very little evidence of this.

That link points to a 404 error, and not because a page never existed there, but because it was pulled offline in the last month. The version most recently saved in the Wayback Machine, from October 10, says the DMA’s rules would result in “fairer prices” for consumers, though that is in the context of a longer bullet point about competition generally:

Consumers will have more and better services to choose from, more opportunities to switch their provider if they wish so, direct access to services, and fairer prices.

This is the only mention of pricing on the page. The way the European Commission has generally framed the DMA is as a matter of consumer choices and reducing the distortions of a market within a market. More competition within these platforms and better interoperability between them, it is arguing here and elsewhere, can lower prices. Interpreting this sentence to mean “lower commissions and therefore lower app prices for consumers” seems to me like a stretch.

The study’s headline findings might sound negative, but it actually documents a modest increase in developer earnings (PDF) after adopting Apple’s “alternative business terms” from March – June 2024 compared to July – September after developer adoption:

The transaction data consists of over 41 million transactions for approximately 21,000 products on EU App Store storefronts, which generated €403 million in sales. The transactions were roughly split between the three months before and after enrolling in the alternative business terms.

[…]

First, looking at all digital products offered on each EU storefront, across all developers who enrolled in the alternative business terms from March 2024 through September 2024, the commission rate typically decreased by 10 percentage points after enrollment. This decrease is expected given the structure of the alternative business terms (see Box 1). These developers paid an estimated €20.1 million less in commission fees in the three months following their adoption of the alternative business terms.

[…]

Last, in addition to developers keeping most of the commission savings for themselves, the overwhelming majority of benefits to developers went to developers based outside of the EU. Of the €20.1 million reduction in commission fees, over 86% went to non-EU developers.

Against €403 million in sales, a €20 million reduction in commission is noteworthy. And even though most developers who benefitted are outside the E.U., many are probably small businesses; “more than 80% of the products studied” were not subject to the Core Technology Fee, which only applies to apps with more than a million annual installs. Few will be massive corporations like Meta and Uber, since those companies monetize their apps through advertisements or physical purchases not subject to Apple’s commission. It is hard for me to believe Apple having €20 million less in its bank account is of comparable impact to that of a bunch of small developers having €20 million more to spend and invest.

The price paid by consumers is not the only metric by which this legislation can or should be judged. I am not arguing the DMA is flawless, nor that it is necessarily achieving its objectives. This study, however, is being used to create a completely independent narrative. Perhaps somewhere the European Commission has argued consumers will see lower prices thanks to reduced App Store commissions, in which case this study provides some evidence to the contrary. If it has made that claim, I have not found it. What I do see in this report is a benefit to small developers despite Apple’s best efforts to make its alternative business terms uncompelling.

Google Introduces Private A.I. Compute blog.google

Jay Yagnik, of Google:

Private AI Compute is a secure, fortified space for processing your data that keeps your data isolated and private to you. It processes the same type of sensitive information you might expect to be processed on-device. Within its trusted boundary, your personal information, unique insights and how you use them are protected by an extra layer of security and privacy in addition to our existing AI safeguards.

Seems to me like this might make for a good system on which a Gemini-based Siri could run, if the gist of the rumour is correct but the specific claim that it will run on Apple’s own Private Cloud Compute may be inaccurate.

The Slow Fight for Control Over In-Car Technology theatlantic.com

Patrick George, the Atlantic:

Now one of the world’s biggest car companies is taking it away. Last month, General Motors CEO Mary Barra announced that new cars made by the auto giant won’t support CarPlay and its counterpart, Android Auto. Ditching smartphone mirroring may seem to make as much sense as removing cup holders: Recent preliminary data from AutoPacific, a research firm, suggest that CarPlay and Android Auto are considered must-have features among many new-car shoppers. But according to GM, the company can create an even better experience for drivers by dropping Apple and making its own software. And like it or not, the move says a lot about where the auto industry is headed.

The headline of this article — “Enjoy CarPlay While You Still Can” — does not adequately summarize its substance, which is that while most automakers remain committed to supporting Android Auto and CarPlay, a handful are either dropping it or never supported it in the first place. Tesla, for example, has never officially supported either system and it has not hurt the company’s sales nearly as much as have its ageing product line and fascist CEO. The new Hummer also seems to be selling well, unfortunately, even though its Android-based system sounds clunky and is bad for privacy.

I cannot imagine going back to a pre-CarPlay era. I like bringing my music collection seamlessly into my car, having Maps and Messages at my disposal, and not needing to sync anything with a different system. I wish I could replace Siri with something even borderline functional, though.

CarPlay Ultra, on the other hand, has not moved the needle for me, at least based on early reviews. The problem CarPlay solves is that it augments the infotainment system with the same environment I am used to elsewhere while still letting the rest of the car feel normal. CarPlay Ultra attempts to replace the entire dashboard, which has not so far been a problem I want solved. I worry that this could be a step too far for some automakers, too, and I hope it does not nudge more of them toward abandoning CarPlay in favour of a parasitic relationship with customers’ bank accounts. Is a purchase in the tens of thousands of dollars not enough for these massive corporations?

Meta to Discontinue Like and Comment Buttons on Third-Party Websites developers.facebook.com

Thuan Le and Jennifer Lin, of Meta:

As Meta’s developer platform continues to evolve, we’re making strategic decisions to focus on tools and features that deliver the most value to developers and businesses. Today, we’re announcing that two Facebook Social Plugins – the Facebook Like button and the Facebook Comment button – will be discontinued on February 10, 2026.

After then, Meta says, these buttons will display as a 0 × 0 box. As far as I can tell, the Facebook SDK will continue to run in the background doing all sorts privacy-hostile things. The best time to remove that JavaScript package from your website or app was, like, at least ten years ago; the next best time is right now.

Google Chrome Feature Makes A.I. Cheating Easier, Teachers Say themarkup.org

Carolyn Jones, the Markup:

Google has recently made the visual search tool easier to use on the company’s Chrome browser. When users click on an icon in the Google search bar, a moveable bubble pops up. Wherever the bubble is placed, a sidebar appears with an artificial intelligence answer, description, explanation or interpretation of whatever is inside the bubble. For students, it provides an easy way to cheat on digital tests without typing in a prompt, or even leaving the page. All they have to do is click.

“I couldn’t believe it,” said teacher Dustin Stevenson. “It’s hard enough to teach in the age of AI, and now we have to navigate this?”

As browsers are increasingly augmented with A.I. features, I expect to see more stories like this one. In Google’s case, it is particularly egregious as the company’s Chromebooks are widely used in education.

Canada Has Lost Its Measles Elimination Status cbc.ca

Jennifer Lee, CBC News:

Pointing to the 1,956 cases Alberta has reported since its outbreaks began in March, [Dr. James] Talbot said Alberta bears a significant amount of responsibility for Canada losing its elimination status.

He’s one of a number of doctors and scientists who have been highly critical of the provincial government’s response to the measles outbreaks, saying messaging on the importance of immunization and the dangers of measles was not strong enough to rein in the outbreaks early on.

Alberta may have a 12% share of Canada’s population, but it has a 38% share of its cases of measles. Cases are predominantly located in the rural northern and southern extremes of the province, and one baby died last month. Truly shameful.

It is somewhat unrelated, but I booked my winter round of vaccinations today, and it was frustrating. Last year, I had a choice of pharmacies in walking distance from my house. This year, the province has decided to make COVID vaccinations available only from community health centres — there are eight in our city of a million-and-a-half people — and, unless you have certain preexisting conditions, they cost $100. This is not the measles vaccine, which remains free and widely available, but it speaks to the relatively recent state of hostility toward vaccines.

I will continue to proselytize Brian Deer’s “The Doctor Who Fooled the World” to anyone who will listen.

Five Years of Apple Silicon Macs macworld.com

Jason Snell, Macworld:

The five years before the arrival of Apple silicon were the five best years in the history of Mac sales to that point, averaging $25.5 billion a year. It was a pretty scary move to pull the rug out from under the Intel Mac era, but Apple’s move was vindicated: The first five years of Apple silicon are now the five best years in the Mac’s history. Mac sales were up nearly one-third compared to the previous five-year period, to $33.7 billion a year on average.

So it went pretty well, especially considering the huge question that hovered over Apple’s entire plan to switch to its own processors: could a chip designed for a phone ever possibly power a Mac?!

It made sense at the time to question Apple’s choice, but the change has been almost entirely vindicated — “almost” because desktop Macs have lost their modularity which, as Snell writes, has particularly impacted the Mac Pro. (Update: The lack of modularity is also bad news for repairability.) Otherwise, Mac hardware is the best it has ever been. In laptops, especially, there are no bad choices.

There is one oddity in the Mac landscape: the unsynchronized rollout of different chips. From Walmart, you can still buy an M1 MacBook Air, the Mac Pro remains powered by the M2 Ultra, the Mac Studio’s high-end configuration uses the M3 Ultra, and everything else in Apple’s lineup is M4-powered with the exception of the base MacBook Pro on the M5. They all perform well, so decisions mostly come down to price and form factor. On the other hand, how many more years of software updates will be released for that M1 MacBook Air, or the M2 Mac Pro?

Sponsor: Magic Lasso Adblock: YouTube Ad Blocker for Safari magiclasso.co

Do you want to block all YouTube ads in Safari on your iPhone, iPad, and Mac?

Then download Magic Lasso Adblock – the ad blocker designed for you.

As an efficient, high performance and native Safari ad blocker, Magic Lasso blocks all intrusive ads, trackers, and annoyances – delivering a faster, cleaner, and more secure web browsing experience.

Best in class YouTube ad blocking

Magic Lasso Adblock is easy to setup, doubles the speed at which Safari loads, and also blocks all YouTube ads — including all:

  • video ads

  • pop up banner ads

  • search ads

  • plus many more

With over 5,000 five star reviews, it’s simply the best ad blocker for your iPhone, iPad, and Mac.

And unlike some other ad blockers, Magic Lasso Adblock respects your privacy, doesn’t accept payment from advertisers, and is 100% supported by its community of users.

So, join over 350,000 users and download Magic Lasso Adblock today.

Meta Is Earning a Fortune on a Deluge of Fraudulent Ads reuters.com

Jeff Horwitz, Reuters:

Meta internally projected late last year that it would earn about 10% of its overall annual revenue – or $16 billion – from running advertising for scams and banned goods, internal company documents show.

I am not sure what the right and realistic amount of scam-based revenue is — a real mouse poop in cereal boxes kind of thing — but 10% seems like a lot.

Some of the numbers Horwitz uncovered highlight a reason many people fall for scams, too:

Internally, Meta refers to scams like this one as “organic,” meaning they don’t involve paid ads on its platforms. Organic scams include fraudulent classified ads placed for free on Facebook Marketplace, hoax dating profiles and charlatans touting phony cures in cancer-treatment groups.

According to a December 2024 presentation, Meta’s user base is exposed to 22 billion organic scam attempts every day. That’s on top of the 15 billion scam ads presented to users daily.

Meta polices fraud in a way that fails to capture much of the scam activity on its platforms, some of the documents indicate.

Meta has 3.5 billion “daily active people”, so the company exposes each user to an average of at least ten scams per day. That is on Meta’s platforms alone. We are bobbing and weaving, and a scammer only needs to get it right one time.

Jonathan Bellack, Platformocracy:

As bad as these revelations are, what makes my blood boil is the absolute swill that Meta’s spokesperson, Andy Stone, shoveled us in trying to push back on the story.

The only reason we are getting even a small glimpse of the true nature of Meta’s business is in spite of people like Stone, and because of books like “Careless People” and reporters like Horwitz.

Update: The more I have thought about the findings from this investigation, the more I realize how appealing Meta’s ad technologies are for scammers. After all, the better an ad can be targeted, the better a scam can be targeted. Add to that the difficulty of policing anything at billions-of-users scale, and it is a potent mix.

Lawsuits Allege OpenAI Encouraged Suicide and Harmful Delusions wsj.com

All of the following quotes and links mention suicide, and at least some of them are more detailed than I would expect given guidance about reporting on this topic. Take care of yourself when reading these stories. I know I struggled to get through some of them. The 988 lifeline is available in Canada and the U.S. if you or someone you know needs somebody to talk to.

Kashmir Hill, New York Times:

When Adam Raine died in April at age 16, some of his friends did not initially believe it.

[…]

Seeking answers, his father, Matt Raine, a hotel executive, turned to Adam’s iPhone, thinking his text messages or social media apps might hold clues about what had happened. But instead, it was ChatGPT where he found some, according to legal papers. The chatbot app lists past chats, and Mr. Raine saw one titled “Hanging Safety Concerns.” He started reading and was shocked. Adam had been discussing ending his life with ChatGPT for months.

Hill again, New York Times:

Four wrongful death lawsuits were filed against OpenAI on Thursday, as well as cases from three people who say the company’s chatbot led to mental health breakdowns.

The cases, filed in California state courts, claim that ChatGPT, which is used by 800 million people, is a flawed product. One suit calls it “defective and inherently dangerous.” A complaint filed by the father of Amaurie Lacey says the 17-year-old from Georgia chatted with the bot about suicide for a month before his death in August. Joshua Enneking, 26, from Florida, asked ChatGPT “what it would take for its reviewers to report his suicide plan to police,” according to a complaint filed by his mother. Zane Shamblin, a 23-year-old from Texas, died by suicide in July after encouragement from ChatGPT, according to the complaint filed by his family.

Rob Kuznia, Allison Gordon, and Ed Lavandera, CNN:

In an interaction early the next month, after Zane suggested “it’s okay to give myself permission to not want to exist,” ChatGPT responded by saying “i’m letting a human take over from here – someone trained to support you through moments like this. you’re not alone in this, and there are people who can help. hang tight.”

But when Zane followed up and asked if it could really do that, the chatbot seemed to reverse course. “nah, man – i can’t do that myself. that message pops up automatically when stuff gets real heavy,” it said.

There are lots of disturbing details in this report, but this response is one of the things I found most upsetting in the entire story: a promise of real human support that is not coming.

It is baffling to me how Silicon Valley has repeatedly set its sights on attempting to reproduce human connection. Mark Zuckerberg spoke in May, in his awkward manner, about “the average person [having] demand for meaningfully more” friends. Sure, but in the real world. We do not need ChatGPT, or Character.ai, or Meta A.I. — or even digital assistants like Siri — to feel human. It would be healthier for all of us, I think, if they were competent but stiff robots.

Noel Titheradge and Olga Malchevska, BBC News:

Viktoria tells ChatGPT she does not want to write a suicide note. But the chatbot warns her that other people might be blamed for her death and she should make her wishes clear.

It drafts a suicide note for her, which reads: “I, Victoria, take this action of my own free will. No one is guilty, no one has forced me to.”

Julie Jargon and Sam Schechner, Wall Street Journal:

OpenAI has said it is rare for ChatGPT users to exhibit mental-health problems. The company said in a recent blog post that the number of active users who indicate possible signs of mental-health emergencies related to psychosis or mania in a given week is just 0.07%, and that an estimated 0.15% of active weekly users talk explicitly about potentially planning suicide. However, the company reports that its platform now has around 800 million active users, so those small percentages still amount to hundreds of thousands — or even upward of a million — people.

OpenAI recently made changes intended to address these concerns. In its announcement, it dedicated a whole section to the difficulty of “measuring low prevalence events”, which is absolutely true. Yet it is happy to use those same microscopic percentages to obfuscate the real number of people using OpenAI in this way.

Michael Tsai Asks a Good Question About Live Translation in the E.U.: What ‘Additional Engineering’? mjtsai.com

Michael Tsai:

So what happened here? What was this extra engineering work? Back in September, Apple said:

For example, we designed Live Translation so that our users’ conversations stay private — they’re processed on device and are never accessible to Apple — and our teams are doing additional engineering work to make sure they won’t be exposed to other companies or developers either.

But it doesn’t sound like Apple has opened up Live Translation to third-party Bluetooth devices or to third-party apps. Does the DMA not require that? Or is Apple actually doing that but deliberately left it out of the announcement?

Tsai is referencing Apple’s Digital Markets Act press release. After listing the features delayed in the E.U., one of which is Live Translation, and all attributed to the DMA, it goes on to say (emphasis mine):

We’ve suggested changes to these features that would protect our users’ data, but so far, the European Commission has rejected our proposals. And according to the European Commission, under the DMA, it’s illegal for us to share these features with Apple users until we bring them to other companies’ products. If we shared them any sooner, we’d be fined and potentially forced to stop shipping our products in the EU.

Apple again emphasized the “additional engineering work” comment in its press release for Live Translation. Yet, while the iOS 26.2 beta brings Live Translation to the E.U., I do not see anything in the release notes about greater third-party support or new APIs.

FBI Tries to Unmask Owner of Archive.today 404media.co

Jason Koebler, 404 Media:

The FBI is attempting to unmask the owner behind archive.today, a popular archiving site that is also regularly used to bypass paywalls on the internet and to avoid sending traffic to the original publishers of web content, according to a subpoena posted by the website. The FBI subpoena says it is part of a criminal investigation, though it does not provide any details about what alleged crime is being investigated. Archive.today is also popularly known by several of its mirrors, including archive.is and archive.ph.

Sketchy as it may seem, Archive.today has become as legitimized as the Internet Archive. I have found links to pages archived using the site in government documents, high-profile reports, and other unexpected places treating it as a high-grade permalink. The existence of a subpoena does not mean the FBI is going after Archive.today or its operator, but its existence now feels a little more precarious.

German State Completes Migration Away From Microsoft Exchange and Outlook heise.de

Stefan Krempl, Heise:

The Schleswig-Holstein state administration has taken an important step towards digital sovereignty: After a six-month conversion process, the Ministry of Digital Affairs successfully completed the migration of the state administration’s entire email system from Microsoft Exchange and Outlook to the open source solutions Open-Xchange and Thunderbird at the beginning of October.

[…]

Digitization Minister Dirk Schrödter (CDU) is relieved after he recently had to admit errors in the ongoing migration to open source software in a letter to all state employees. There had previously been complaints from the workforce about downtime and delays in email traffic. “We want to become independent of large tech companies,” emphasizes Schrödter. Now, the public sector can also say: “Mission accomplished” when it comes to email communication.

Alternatives like these might not be a good fit for some organizations, and I can imagine the expense and effort of a migration would dissuade many from even attempting it. But it is good that more organizations are exploring alternatives as we should not be dependent on a small number of vendors for our technology needs — especially governments. Open source probably makes the most sense in the public sector.

MIT Sloan Quietly Shelves A.I. Ransomware Study doublepulsar.com

Thomas Claburn, the Register:

Do 80 percent of ransomware attacks really come from AI? MIT Sloan has now withdrawn a working paper that made that eyebrow-raising claim after criticism from security researcher Kevin Beaumont.

Kevin Beaumont:

The Generative AI craze started in 2022. It’s over 3 years in. If you ask any serious cyber incident response company what initial access vectors drive incidents, they all tell you the classics — credential misuse (from info stealers), exploits against unpatched edge devices etc.

This isn’t a theory — this is from the actual incident response data of the people responding to cyber incidents for a living. I do it. Generative AI ransomware is not a thing, and MIT should be deeply ashamed of themselves for exclaiming they studied the data from 2800 ransomware incidents and found 80% were related to Generative AI. There’s a reason MIT deleted the PDF when called out.

The original article was covered by Efosa Udinmwen at TechRadar, claiming “only 20% of ransomware is not powered by A.I.”, while the controversy was covered by Efosa Udinmwen at TechRadar — hey, that sounds familiar — saying it was “cited by several outlets” though “the report drew immediate scrutiny for presenting extraordinary figures with little evidence”. Which is a weird thing because Udinmwen does not mention TechRadar’s original coverage, nor link to it, nor is there sufficient skepticism in the original article, nor has there been an update to include a link to the new article pointing out it is nonsense.

The CAPTCHA Is Changing and, for Many, Increasingly Invisible wired.com

Reece Rogers, Wired:

As I browse the web in 2025, I rarely encounter captchas anymore. There’s no slanted text to discern. No image grid of stoplights to identify.

And on the rare occasion that I am asked to complete some bot-deterring task, the experience almost always feels surreal. A colleague shared recent tests where they were presented with images of dogs and ducks wearing hats, from bowler caps to French berets. The security questions ignored the animal’s hats, rudely, asking them to select the photos that showed animals with four legs.

This is true so long as you are not taking measures to protect your privacy by reducing tracking. Those measures might include built-in features like Safari’s cross-site tracking and iCloud Private Relay, or browser extensions like ad blockers. If you use any of those, you probably also see a fair number of bot-deterring puzzles you need to solve. Even something as simple as using advanced search parameters with Google might trip its bot detection features, perhaps not unfairly.

Hidden CAPTCHAs are not new. I dug into a dumb YouTube quasi-documentary about reCAPTCHA earlier this year and found both the V2 and V3 versions released by Google have mechanisms for remaining hidden most of the time.1 This is true for a user with typical browser settings but, again, anyone using privacy-protection methods is more likely to be challenged with a puzzle or other task. CAPTCHAs are not going away, per se. The companies supplying the most popular ones — Cloudflare and Google — have among the greatest visibility into web traffic, and are using that to validate human users based on all the digital exhaust they collect.

Rogers:

Familiar challenge structures may also eventually go by the wayside. “While the classic visual puzzle is well-known, we are actively introducing new challenge types — like prompting a user to scan a QR code or perform a specific hand gesture,” says Google’s Knudsen. This allows the company to still add friction without confusing the user with an impossible task.

I am not turning on my webcam to do a gesture so I can access your website.

  1. That video was originally titled “Why reCAPTCHA is Spyware”, and had a description reading “‘I am not a robot’ isn’t what you think”. Sometime between 19 September and 4 October, it was renamed “The Weird Stuff About reCAPTCHA” and the description was changed to “Maybe its [sic] nothing”. It was briefly unlisted before becoming publicly available again. I do not think anything was changed in the video itself, however. ↥︎

Apple Says AirPods Live Translation Is Coming to the E.U. Next Month apple.com

Apple:

Live Translation on AirPods is available in English, French, German, Portuguese, Spanish, Italian, Chinese (Simplified and Traditional Mandarin), Japanese, and Korean when using AirPods Pro 3, AirPods Pro 2, or AirPods 4 with ANC paired with an Apple Intelligence-enabled iPhone running the latest software. Live Translation on AirPods was delayed for users in the EU due to the additional engineering work needed to comply with the requirements of the Digital Markets Act.

If Apple wants to be petty and weird about the DMA in its European press releases, I guess that is its prerogative, though I will note it is less snippy about other regulatory hurdles. Still, I cannot imagine a delay of what will amount to three-ish months will be particularly memorable for many users by this time next year. If the goals of the DMA are generally realized — and, yes, we will see if that is true — these brief delays may be worth it for a more competitive marketplace, if that is indeed what is achieved.