Technology

An anonymous reader quotes a report from the Washington Post: Federal regulators have for the first time banned a digital platform from serving users under 18 (Warning: source may be paywalled; alternative source), accusing the app -- known as NGL -- of exaggerating its ability to use artificial intelligence to curb cyberbullying in a groundbreaking settlement. Anapp popular among children and teens, NGL aggressively marketed to young users despite risks of bullying on the anonymous messaging site, the Federal Trade Commission and the Los Angeles District Attorney's Office alleged in a complaint unveiled Tuesday. The complaint alleged that NGL tricked users into paying for subscriptions by sending them computer-generated messages appearing to be from real people and offering a service for as much as $9.99 a week to find out their real identity. People who signed up received only "hints" of those identities, whether they were real or not, enforcers said. After users complained about the "bait-and switch tactic," executives at the company "laughed off" their concerns, referring to them as "suckers," the FTC said in an announcement. NGL, internet shorthand for "not gonna lie," agreed to pay $5 million and stop marketing to kids and teens to settle the lawsuit, which also alleged that the company violated children's privacy laws by collecting data from youths under 13 without parental consent. The settlement marks a major milestone in the federal government's efforts to tackle concerns that tech platforms are exposing children to noxious material and profiting from it. And it's one of the most significant actions by the FTC under Chair Lina Khan, who has dialed up scrutiny of the tech sector at the agency since taking over in 2021. "We will keep cracking down on businesses that unlawfully exploit kids for profit," Khan (D) said in a statement. NGL co-founder Joao Figueiredo said in a statement Tuesday that the company cooperated with the FTC's investigation for nearly two years and viewed the "resolution as an opportunity to make NGL better than ever." "While we believe many of the allegations around the youth of our user base are factually incorrect, we anticipate that the agreed upon age-gating and other procedures will now provide direction for others in our space, and hopefully improve policies generally."

Read more of this story at Slashdot.

OpenAI CEO Sam Altman and businesswoman Arianna Huffington have announced they're working on an "AI health coach" via Thrive AI Health. According to a Time magazine op-ed, the two executives said that the bot will be trained on "the best peer-reviewed science" alongside "the personal biometric, lab, and other medical data you've chosen to share with it." The Verge reports: The company tapped DeCarlos Love, a former Google executive who previously worked on Fitbit and other wearables, to be CEO. Thrive AI Health also established research partnerships with several academic institutions and medical centers like Stanford Medicine, the Rockefeller Neuroscience Institute at West Virginia University, and the Alice L. Walton School of Medicine. (The Alice L. Walton Foundation is also a strategic investor in Thrive AI Health.) Thrive AI Health's goal is to provide powerful insights to those who otherwise wouldn't have access -- like a single mother looking for quick meal ideas for her gluten-free child or an immunocompromised person in need of instant advice in between doctor's appointments. [...] The bot is still in its early stages, adopting an Atomic Habits approach. Its goal is to gently encourage small changes in five key areas of your life: sleep, nutrition, fitness, stress management, and social connection. By making minor adjustments, such as suggesting a 10-minute walk after picking up your child from school, Thrive AI Health aims to positively impact people with chronic conditions like heart disease. It doesn't claim to be ready to provide real diagnosis like a doctor would but instead aims to guide users into a healthier lifestyle. "AI is already greatly accelerating the rate of scientific progress in medicine -- offering breakthroughs in drug development, diagnoses, and increasing the rate of scientific progress around diseases like cancer," the op-ed read.

Read more of this story at Slashdot.

wiredmikey shares a report from SecurityWeek: Security vendor InkBridge Networks on Tuesday called urgent attention to the discovery of a thirty-year-old design flaw in the RADIUS protocol and warned that advanced attackers can launch exploits to authenticate anyone to a local network, bypassing any multi-factor-authentication (MFA) protections. The company published a technical description of what is being called the BlastRADIUS attack and warned that corporate networks such as internal enterprise networks, ISPs, and telcos are exposed to major risk. The vulnerability is being tracked as CVE-2024-3596 and VU#456537. "The root cause of the attack is that in the RADIUS protocol, some Access-Request packets are not authenticated and lack integrity checks. An attacker can modify these packets in a way which allows them to control who gets onto the network," the research team explained (PDF). The RADIUS protocol, first standardized in the late 1990s, is used to control network access via authentication, authorization, and accounting and is still used widely today in switches, routers, access points and VPN products. "All of those devices are likely vulnerable to this attack," the researchers warned. "The key to the attack is that in many cases, Access-Request packets have no authentication or integrity checks. An attacker can then perform a chosen prefix attack, which allows modifying the Access-Request in order to replace a valid response with one chosen by the attacker. Even though the response is authenticated and integrity checked, the chosen prefix vulnerability allows the attacker to modify the response packet, almost at will," according to the InkBridge Networks documentation. The researchers say that every single RADIUS server must be upgraded in order to protect against this vulnerability. "It is not sufficient to upgrade only RADIUS clients, as doing so will allow the network to remain vulnerable."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: A court in south-west Spain has sentenced 15 schoolchildren to a year's probation for creating and spreading AI-generated images of their female peers in a case that prompted a debate on the harmful and abusive uses of deepfake technology. Police began investigating the matter last year after parents in the Extremaduran town of Almendralejo reported that faked naked pictures of their daughters were being circulated on WhatsApp groups. The mother of one of the victims said the dissemination of the pictures on WhatsApp had been going on since July. "Many girls were completely terrified and had tremendous anxiety attacks because they were suffering this in silence," she told Reuters at the time. "They felt bad and were afraid to tell and be blamed for it." On Tuesday, a youth court in the city of Badajoz said it had convicted the minors of 20 counts of creating child abuse images and 20 counts of offenses against their victims' moral integrity. Each of the defendants was handed a year's probation and ordered to attend classes on gender and equality awareness, and on the "responsible use of technology." [...] Police identified several teenagers aged between 13 and 15 as being responsible for generating and sharing the images. Under Spanish law minors under 14 cannot be charged but their cases are sent to child protection services, which can force them to take part in rehabilitation courses. Further reading: First-Known TikTok Mob Attack Led By Middle Schoolers Tormenting Teachers

Read more of this story at Slashdot.

The Federal Communications Commission said it is preparing to block a phone company that carried illegal robocalls pushing fake programs that promised to wipe out consumers' tax debt. From a report: Veriwave Telco "has not complied with FCC call blocking rules for providers suspected of carrying illegal traffic" and now has two weeks to contest an order that would require all downstream voice providers to block all of the telco's call traffic, the FCC announced yesterday. Robocalls sent in the months before tax filing season "purported to provide information about a 'National Tax Relief Program' and, in some instances, also discussed a 'Tax Dismissal Program,'" the FCC order said. "The [Enforcement] Bureau has found no evidence of the existence of either program. Many of the messages further appealed to recipients with the offer to 'rapidly clear' their tax debt." Call recipients who listened to the prerecorded message and chose to speak to an operator were then asked to provide private information. Nearly 16 million calls were sent, though it's unclear how many went through Veriwave.

Read more of this story at Slashdot.

A U.S. government agency tasked with supporting the nation's nuclear deterrence capability has bought access to a data tool that claims to cover more than 90 percent of the world's internet traffic, and can in some cases let users trace activity through virtual private networks, according to documents obtained by 404 Media. From the report: The documents provide more insight into the use cases and customers of so-called netflow data, which can show which server communicated with another, information that is ordinarily only available to the server's owner, or the internet service provider (ISP) handling the traffic. Other agencies that have purchased the data include the U.S. Army, NCIS, FBI, IRS, with some government clients saying it would take too long to get data from the NSA, so they bought this tool instead. In this case, the Defense Threat Reduction Agency (DTRA) says it is using the data to perform vulnerability assessments of U.S. and allied systems. A document written by the DTRA and obtained by 404 Media says the agency "has a requirement to support ongoing assessments of the vulnerability of critical U.S. and allied national/theater mission systems, networks, architectures, infrastructures, and assets." The tool "is capable of following communications between servers, even private servers," which allows the agency to identify infrastructure used by malicious actors, the document continues. That contract was for $490,000 in 2023, according to the document. 404 Media obtained the document and others under a Freedom of Information Act (FOIA) request.

Read more of this story at Slashdot.

williamyf writes: Mozilla has released version 128 of the Firefox web browser. Some noteworthy features include: "Firefox can now translate selections of text and hyperlinked text to other languages from the context menu. [...] Firefox now has a simpler and more unified dialog for clearing user data. In addition to streamlining data categories, the new dialog also provides insights into the site data size corresponding to the selected time range. [...] On macOS, microphone capture through getUserMedia will now use system-provided voice processing when applicable, improving audio quality." More info in the release notes here. But the most important feature of 128 is that it is the newest ESR. Why is this important? Glad you asked: * Firefox ESR is the browser of choice for many Linux distros (including Debian), so this is important for the Linux community at large.* Many downstream projects (like Thunderbird or KAiOS) use Firefox ESR as their base, so whatever is included in 128 will determine the capabilities of those projects for the next year.* Many ISVs (software makers), both big and small, test/certify their software only against the ESR version of Firefox. For users of such software, the new ESR is very important.* Many companies and individuals value stability of the UI/Workflow over new bells and whistles, for them, ESR is important.* When an OS is discontinued, Mozilla lets the ESR be the last browser on the platform, exceeding the support window of the likes of Alphabeth, Apple or Microsoft, so for people on older OSs, ESR is important. Link to download (the ESR) here.

Read more of this story at Slashdot.

An anonymous reader shares a report: Cars have been able to figure out when they're speeding for a while, thanks to GPS as well as traffic sign recognition, and they've also been able to pump the brakes automatically when needed. Having a computer automatically slow down a car in response to posted speed limits, therefore, was not really a question of technical feasibility for some time -- but mandating it has been a question of political will. That political will has materialized in the European Union, and starting July 7 all new cars sold in the EU will feature intelligent speed assistance (ISA) systems. The systems themselves have been working their way into newly introduced models of cars starting in 2022, so quite a few new cars on the road already feature them. The July 2024 regulation extends that mandate to all new vehicles being manufactured for sale in the EU. The objective is to protect Europeans against traffic accidents, poor air quality and climate change, empower them with new mobility solutions that match their changing needs, and defend the competitiveness of European industry," the European Commission said in a statement. The systems themselves operate through traffic sign recognition, as well as navigation systems. There will be four ways in which ISA systems will work to slow the vehicle down, and it will be up to the manufacturers to pick which one they want to use. The EU regulations permit a system that can use a cascaded acoustic warning, a cascaded vibrating warning, an accelerator pedal with haptic feedback, or a speed control function in which the speed of the vehicle will be gradually reduced.

Read more of this story at Slashdot.

Australia's government cybersecurity agency on Tuesday accused a China-backed hacker group of stealing passwords and usernames from two unnamed Australian networks in 2022, adding that the group remained a threat. From a report: A joint report led by the Australian Cyber Security Centre said the hackers, named APT40, had conducted malicious cyber operations for China's Ministry of State Security, the main agency overlooking foreign intelligence. "The activity and techniques overlap with the groups tracked as Advanced Persistent Threat (APT) 40," said the report, which included inputs from lead cyber security agencies for the United States, Britain, Canada, New Zealand, Japan, South Korea and Germany. U.S. and British officials in March had accused Beijing of a sweeping cyberespionage campaign that allegedly hit millions of people including lawmakers, academics and journalists, and companies including defense contractors. They said China-backed "APT31" was responsible for the network intrusion.

Read more of this story at Slashdot.

Google will extend its Dark Web monitoring service to all account holders starting late July 2024, following the closure of its VPN offering last month. The feature, which scans for personal data compromised in breaches, was previously exclusive to Google One subscribers in dozens of countries.

Read more of this story at Slashdot.

Starting this fall, most students at Johns Hopkins' medical school will attend tuition-free thanks to a $1 billion donation from billionaire Mike Bloomberg. From a report: The generous gift is intended to address "twin challenges of declining levels of health and education," Bloomberg said in a letter Monday. The donation will cover the full cost of tuition for medical students from families earning less than $300,000, Bloomberg Industries announced Monday. It will also cover living expenses and other fees for students from families earning up to $175,000. Currently, nearly two-thirds of medical students at the school qualify for financial aid. Johns Hopkins' medical students graduate with an average student loan debt of about $104,000. The donation will also increase financial aid at some of the university's other graduate schools, including the schools of nursing and public health.

Read more of this story at Slashdot.

A controversial organ retrieval technique is gaining traction across the U.S., promising to alleviate chronic organ shortages but also sparking intense ethical debates, NPR reports. Normothermic regional perfusion, now used by half of the nation's organ procurement organizations, restores blood flow to organs after cardiac death. Proponents argue it increases viable organ supply and improves transplant outcomes. Critics, however, question whether the procedure blurs the definition of death.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: As deep-pocketed companies like Amazon, Google and Walmart invest in and experiment with drone delivery, a phenomenon reflective of this modern era has emerged. Drones, carrying snacks and other sundries, are being shot out of the sky. Incidents are still rare. However, a recent arrest in Florida, in which a man allegedly shot down a Walmart drone, raises questions of what the legal ramifications are and whether those consequences could escalate if these events become more common. [...] While consumer drones have been proliferating for well over a decade, the question of legal ramifications hasn't been wholly clear. The Federal Aviation Administration (FAA) gave us a partial answer following a 2016 drone shooting in Arkansas. At the time, the FAA pointed interested parties to 18 U.S.C. 32. The law, titled "Aircraft Sabotage," is focused on the wanton destruction of "any aircraft in the special aircraft jurisdiction of the United States or any civil aircraft used, operated or employed in interstate, overseas, or foreign air commerce." At first glance, the law appears primarily focused on manned aircraft, including a provision that "makes it a Federal offense to commit an act of violence against any person on the aircraft, not simply crew members, if the act is likely to endanger the safety of the aircraft." In responding to the Arkansas drone shooting, however, the FAA asserts that such protections can be interpreted to also include UAVs (unmanned aerial vehicles). The language does, indeed, appear broad enough to cover drones. That means, in turn, that the penalties are potentially as stiff. The subject was revived after a 2020 incident in Minnesota. In that case, the suspect was hit with felony charges relating to criminal damage and discharging a weapon within city limits. Those would likely also be the charges in most scenarios involving property, rather than bodily damage, drone or not. Even with these examples, there is not a rigid rule that predicts if or when prosecutors might also introduce a federal charge like 18 U.S.C. 32. As the legal blog Above the Law notes, in most cases, the federal government has deferred to state law for enforcement. Meanwhile, in most cases where 18 U.S.C. 32 has been applied, if a human crew/passengers are involved, there could be other potential charges like murder. It certainly can be argued that shooting a large piece of hardware out of the sky in a heavily populated area invites its own potential for bodily harm, though it may not be prosecuted in the same manner. As drone delivery increases in the U.S., however, we may soon have an answer to the role federal legislation like 18 U.S.C. 32 will play in UAV shootings. Adding that into the picture brings penalties, including fines and up to 20 years in prison, potentially compounding those consequences. What is clear, though, is that the consequences can be severe, whether it is invoked.

Read more of this story at Slashdot.

Anna's Archive, a meta-search engine for pirated books and other sources, faces monetary damages and a permanent injunction at a U.S. court. According to TorrentFreak, the operators of the site "failed to respond to a lawsuit filed by [Online Computer Library Center (OCLC)], after its WorldCat database was scraped and published online." From the report: The site launched in the fall of 2022, just days after Z-Library was targeted in a U.S. criminal crackdown, to ensure continued availability of 'free' books and articles to the broader public. Late last year, Anna's Archive expanded its offering by making information from OCLC's proprietary WorldCat database available online. The site's operators took more than a year to scrape several terabytes of data and published roughly 700 million unique records online, for free. This 'metadata' heist was a massive breakthrough in the site's quest to archive as much published content as possible. However, OCLC wasn't pleased and responded with a lawsuit (PDF) at an Ohio federal court, accusing the site and its operators of hacking and demanding damages. The non-profit says that it spent more than a million dollars responding to Anna's Archive's alleged hacking efforts. Even then, it couldn't prevent the data from being released through a torrent. "Defendants, through the Anna's Archive domains, have made, and continue to make, all 2.2 TB of WorldCat data available for public download through its torrents," OCLC wrote in the complaint it filed in an Ohio federal court. In the months that passed since then, the operators of Anna's Archive didn't respond in court. The only named defendant flat-out denied all connections to the site, and OCLC didn't receive any response from any of the official Anna's Archive email addresses that were served. Meanwhile, the pirate library continues to offer the WorldCat data, which is a major problem for the organization. Without the prospect of a two-sided legal battle, OCLC has now moved for a default judgment. [...] In addition to monetary damages, the non-profit also seeks injunctive relief. The motion doesn't specify the requested measures, but the original complaint sought an order that prevents Anna's Archive from scraping WorldCat data going forward. In addition, all previously scraped data should no longer be distributed. Instead, it should be destroyed in full, including all the torrents that are currently being offered.

Read more of this story at Slashdot.

Alberta's last coal plant went offline on June 16, marking the end of coal-fired electricity in the province. "So, for the first time in 150 years, coal is no longer part of Alberta's electricity mix," writes Chris Severson-Baker in an opinion piece for The Globe and Mail. "It is important to celebrate and reflect on these milestones, while recognizing there is no time to rest before redoubling our efforts and looking to what's next." From the report: Many organizations contributed to this successful campaign through advocacy and research. The Canadian Association of Physicians for the Environment, the Lung Association and the Asthma Society of Canada were instrumental in highlighting the health impacts associated with air pollution from coal-fired electricity. The Pembina Institute, an Alberta-based clean-energy think tank, first intervened in a coal plant regulatory process in the late 1990s and, in 2009, published the first major proposal that showed the province could move to an unabated coal-free grid by 2030. Our research was ahead of its time and criticized as idealistic. Coal accounted for 80 per cent of Alberta's electricity grid in the early 2000s and it still amounted to 60 per cent just 10 years ago. When phasing out coal was just an idea being batted around, many said it couldn't be done. This is not dissimilar to the rhetoric today around decarbonizing the grid. But Alberta's experience phasing out coal shows environmental progress of this magnitude is possible. [...] Phasing out coal in Alberta was supported by good policy design driven by carbon pricing and regulations with clear targets that offered necessary certainty to the industry and stakeholders. Rapidly growing, low-cost renewable energy further supported the phase-out, along with companies investing in gas-fired electricity. All these actions accelerated the transition away from coal at a faster rate than anticipated. Chris Severson-Baker is the executive director of the Pembina Institute, a Canadian non-profit think tank focused on advancing clean energy solutions and sustainable environmental practices through research, advocacy, and collaboration. Further reading: Air Pollution Can Decrease Odds of Live Birth After IVF By 38%, Study Finds

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Air pollution exposure can significantly decrease the chance of a live birth after IVF treatment, according to research that deepens concern about the health impacts of toxic air on fertility. Pollutant exposure has previously been linked to increased miscarriage rates and preterm births, and microscopic soot particles have been shown to travel through the bloodstream into the ovaries and the placenta. The latest work suggests that the impact of pollution begins before conception by disrupting the development of eggs. "We observed that the odds of having a baby after a frozen embryo transfer were more than a third lower for women who were exposed to the highest levels of particulate matter air pollution prior to egg collection, compared with those exposed to the lowest levels," said Dr Sebastian Leathersich, a fertility specialist and gynaecologist from Perth who is due to present the findings on Monday at the European Society of Human Reproduction and Embryology annual meeting in Amsterdam. [...] The study analyzed fertility treatments in Perth over an eight-year period, including 3,659 frozen embryo transfers from 1,836 patients, and tracked whether outcomes were linked to the levels of fine particulate matter, known as PM10. The overall live birthrate was about 28% per transfer. However, the success rates varied in line with exposure to pollutants in the two weeks leading up to egg collection. The odds of a live birth decreased by 38% when comparing the highest quartile of exposure to the lowest quartile. "These findings suggest that pollution negatively affects the quality of the eggs, not just the early stages of pregnancy, which is a distinction that has not been previously reported," Leathersich said. The team now plan to study cells directly to understand why pollutants have a negative effect. Previous work has shown that the microscopic particles can damage DNA and cause inflammation in tissues. The report notes that the link between air pollution and live birth "was apparent despite excellent overall air quality during the study period, with PM10 and PM2.5 levels exceeding WHO guidelines on just 0.4% and 4.5% of the study days." It adds: "Australia is one of just seven countries that met the WHO's guidelines in 2023, and this study is the latest to show evidence of harm even at relatively low levels of pollution." The study has been published in the journal Human Reproduction.

Read more of this story at Slashdot.

After teasing support for the fediverse earlier this year, the newsletter platform and Substack rival Ghost has finally delivered. "Over the past few days, Ghost says it has achieved two major milestones in its move to become a federated service," reports TechCrunch. "Of note, it has federated its own newsletter, making it the first federated Ghost instance on the internet." From the report: Users can follow the newsletter through their preferred federated app at @index@activitypub.ghost.org, though the company warns there will be bugs and issues as it continues to work on the platform's integration with ActivityPub, the protocol that powers Mastodon and other federated apps. "Having multiple Ghost instances in production successfully running ActivityPub is a huge milestone for us because it means that for the first time, we're interacting with the wider fediverse. Not just theoretical local implementations and tests, but the real world wide social web," the company shared in its announcement of the news. In addition, Ghost's ActivityPub GitHub repository is now fully open source. That means those interested in tracking Ghost's progress toward federation can follow its code changes in real time, and anyone else can learn from, modify, distribute or contribute to its work. Developers who want to collaborate with Ghost are also being invited to get involved following this move. By offering a federated version of the newsletter, readers will have more choices on how they want to subscribe. That is, instead of only being able to follow the newsletter via email or the web, they also can track it using RSS or ActivityPub-powered apps, like Mastodon and others. Ghost said it will also develop a way for sites with paid subscribers to manage access via ActivityPub, but that functionality hasn't yet rolled out with this initial test.

Read more of this story at Slashdot.

Serif, the design software developer behind Affinity, has introduced a six-month free trial for its creative suite, offering Affinity Photo, Designer, and Publisher on Mac, Windows PC, and iPad. This move, along with a 50% discount on perpetual licenses, aims to attract Adobe users and reassure them of Affinity's commitment to its one-time purchase pricing model despite its recent acquisition by Canva. The Verge reports: Affinity uses a one-time purchase pricing model that has earned it a loyal fanbase among creatives who are sick of paying for recurring subscriptions. Prices start at $69.99 for Affinity's individual desktop apps or $164.99 for the entire suite, with a separate deal currently offering customers 50 percent off all perpetual licenses. This discount, alongside the six-month free trial, is potentially geared at soothing concerns that Affinity would change its pricing model after being acquired by Canva earlier this year. "We're saying 'try everything and pay nothing' because we understand making a change can be a big step, particularly for busy professionals," said Affinity CEO Ashley Hewson. "Anyone who takes the trial is under absolutely no obligation to buy."

Read more of this story at Slashdot.

After two rejections, Apple has approved the Epic Games Store for iOS in the European Union. "This paves the way for Epic CEO Tim Sweeney to realize his long-stated goal of launching an alternative game store on Apple's closed platform -- at least in Europe," reports Ars Technica. From the report: Apple announced plans to allow third-party app stores on iOS in the region earlier this year, complying with the letter of the law (though some say not the spirit) as required by the Digital Markets Act (DMA), which was enacted in hopes of making platforms more open and competitive. Apple's new policies allow for alternative app marketplaces but with some big caveats regarding the deal that app developers agree to. The change followed years of contentious PR campaigns and court battles around the world between Epic and Apple, with Sweeney proclaiming that Apple's app approval processes are anti-competitive and that its 30 percent cut of app revenues is unfair. Even after the shift, Apple is said to have rejected the Epic Games Store app twice. The rejections were over specific rules about the copy and shape of buttons within the app, though not about its primary function. [...] Apple went ahead and approved the app despite the disagreement over the copy and button designs. However, AppleInsider reported that Apple will still require Epic to change the copy and buttons later.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Fortune: On February 1st last year, Montana residents gawked upwards at a large white object hovering in the sky that looked to be another moon. The airborne object was in fact a Chinese spy balloon loaded with cameras, sensors, and other high-tech surveillance equipment, and it set off a nationwide panic as it drifted across the midwestern and southern United States. How much information the balloon gathered -- if any -- remains unknown, but the threat was deemed serious enough that an F-22 U.S. Air Force jet fired a Sidewinder missile at the unmanned balloon on a February afternoon, blasting it to pieces a few miles off the coast of South Carolina. At the same time that the eyes of Americans were fixed on the Chinese intruder in the sky, around 30 cars owned by Chinese companies and equipped with cameras and geospatial mapping technology were navigating the streets of greater Los Angeles, San Francisco, and San Jose. They collected detailed videos, audio recordings, and location data on their surroundings to chart out California's roads and develop their autonomous driving algorithms. Since 2017, self-driving cars owned by Chinese companies have traversed 1.8 million miles of California alone, according to a Fortune analysis of the state's Department of Motor Vehicles data. As part of their basic functionality, these cars capture video of their surroundings and map the state's roads to within two centimeters of precision. Companies transfer that information from the cars to data centers, where they use it to train their self-driving systems. The cars are part of a state program that allows companies developing self-driving technology -- including Google-spinoff Waymo and Amazon-owned Zoox -- to test autonomous vehicles on public roads. Among the 35 companies approved to test by the California DMV, seven are wholly or partly China-based. Five of them drove on California roads last year: WeRide, Apollo, AutoX, Pony.ai, and DiDi Research America. Some Chinese companies are approved to test in Arizona and Texas as well. Fitted with cameras, microphones, and sophisticated sensors, self-driving cars have long raised flags among privacy advocates. Matthew Guariglia, a policy analyst at the digital rights nonprofit Electronic Frontier Foundation, called self-driving cars "rolling surveillance devices" that passively collect massive amounts of information on Americans in plain sight. In the context of national security however, the data-hungry Chinese cars have received surprisingly little scrutiny. Some experts have compared them to Chinese-owned social media site TikTok, which has been subjected to a forced divestiture or ban on U.S. soil due to fears around its data collection practices threatening national security. The years-long condemnation of TikTok at the highest levels of the U.S. government has heightened the sense of distrust between the U.S. and China. Some Chinese self-driving car companies appear to store U.S. data in China, according to privacy policies reviewed byFortune -- a situation that experts said effectively leaves the data accessible to the Chinese government. Depending on the type of information collected by the cars, the level of precision, and the frequency at which it's collected, the data could provide a foreign adversary with a treasure trove of intelligence that could be used for everything from mass surveillance to war planning, according to security experts who spoke withFortune. And yet, despite the sensitivity of the data, officials at the state and federal agencies overseeing the self-driving car testing acknowledge that they do not currently monitor, or have any process for checking, exactly what data the Chinese vehicles are collecting and what happens to the data after it is collected. Nor do they have any additional rules or policies in place for oversight of Chinese self-driving cars versus the cars in the program operated by American or European companies. "It is literally the wild, Wild West here," said Craig Singleton, director of the China program at the Foundation for Defense of Democracies, a conservative-leaning national security think tank. "There's no one in charge."

Read more of this story at Slashdot.