CircleID reports that Multinational internet service provider Cogent recently announced that it was offering $206 million in secured notes (a corporate bond backed by assets). "The unusual part is what it's using as security: some of its IPv4 addresses and the leases on those IPv4 addresses." All internet service providers (ISPs) give IP addresses to their users, but Cogent was among the first to lease those addresses independently of internet access. (Internet access customers normally require a unique address as part of their service.) Sources are hard to find, but prevailing wisdom is that they have over 10M addresses leased for about $0.30 per month, or $36M per year in revenue.

The notes are expected to be repaid in five years.

Thanks to long-time Slashdot reader penciling_in for sharing the article.

An anonymous reader quotes a report from Wired: Join your localMilitia or III% Patriot Group," a post urged the more than 650 members of a Facebook group called the Free American Army. Accompanied by the logo for the Three Percenters militia network and an image of a man in tactical gear holding a long rifle, the post continues: "Now more than ever. Support the American militia page." Other content and messaging in the group is similar. And despite the fact that Facebook bans paramilitary organizing and deemed the Three Percenters an "armed militia group" on its 2021 Dangerous Individuals and Organizations List, the post and group remained up until WIRED contacted Meta for comment about its existence.

Free American Army is just one of around 200 similar Facebook groups and profiles, most of which are still live, that anti-government and far-right extremists are using to coordinate local militia activity around the country. After lying low for several years in the aftermath of the US Capitol riot on January 6, militia extremists have been quietly reorganizing, ramping up recruitment and rhetoric on Facebook -- with apparently little concern that Meta will enforce its ban against them, according to new research by the Tech Transparency Project, shared exclusively with WIRED.

Individuals across the US with long-standing ties to militia groups are creating networks of Facebook pages, urging others to recruit "active patriots" and attend meetups, and openly associating themselves with known militia-related sub-ideologies like that of the anti-government Three Percenter movement. They're also advertising combat training and telling their followers to be "prepared" for whatever lies ahead. These groups are trying to facilitate local organizing, state by state and county by county. Their goals are vague, but many of their posts convey a general sense of urgency about the need to prepare for "war" or to "stand up" against many supposed enemies, including drag queens, immigrants, pro-Palestine college students, communists -- and the US government. These groups are also rebuilding at a moment when anti-government rhetoric has continued to surge in mainstream political discourse ahead of a contentious, high-stakes presidential election. And by doing all of this on Facebook, they're hoping to reach a broader pool of prospective recruits than they would on a comparatively fringe platform like Telegram. "Many of these groups are no longer fractured sets of localized militia but coalitions formed between multiple militia groups, many with Three Percenters at the helm," said Katie Paul, director of the Tech Transparency Project. "Facebook remains the largest gathering place for extremists and militia movements to cast a wide net and funnel users to more private chats, including on the platform, where they can plan and coordinate with impunity."

Paul has been monitoring "hundreds" of these groups and profiles since 2021 and found that they have been growing "increasingly emboldened with more serious and coordinated organizing" in the past year.

An anonymous reader quotes a report from The Independent, published last month: Humans now share the web equally with bots, according to a major new report -- as some fear that the internet is dying. In recent months, the so-called "dead internet theory" has gained new popularity. It suggests that much of the content online is in fact automatically generated, and that the number of humans on the web is dwindling in comparison with bot accounts. Now a new report from cyber security company Imperva suggests that it is increasingly becoming true. Nearly half, 49.6 per cent, of all internet traffic came from bots last year, its "Bad Bot Report" indicates. That is up 2 percent in comparison with last year, and is the highest number ever seen since the report began in 2013. In some countries, the picture is worse. In Ireland, 71 per cent of internet traffic is automated, it said.

Some of that rise is the result of the adoption of generative artificial intelligence and large language models. Companies that build those systems use bots scrape the internet and gather data that can then be used to train them. Some of those bots are becoming increasingly sophisticated, Imperva warned. More and more of them come from residential internet connections, which makes them look more legitimate. "Automated bots will soon surpass the proportion of internet traffic coming from humans, changing the way that organizations approach building and protecting their websites and applications," said Nanhi Singh, general manager for application security at Imperva. "As more AI-enabled tools are introduced, bots will become omnipresent."

An anonymous reader shares a report: A software engineer has been keeping nearly 7,500 Firefox tabs open on her Mac computer for over two years -- and doesn't plan on closing them anytime soon. The Firefox power user, who goes by the pseudonym "Hazel" online, posted a screenshot showing 7,470 tabs open earlier this week after finding the browser initially unable to restore all the tabs. Hazel was able to bring the tabs back to life via a Firefox profile cache, however, and tells PCMag that reloading the full session took "no more than a minute."

"I feel like a part of me is restored," Hazel wrote on X once the Firefox tabs had returned. The Firefox fan tells PCMag in a message that she keeps so many tabs open for nostalgia reasons. "I like to scroll back and see clusters of tabs from months ago -- it's like a trip down memory lane on whatever I was doing/learning about/thinking about," she says. Surprisingly, all those tabs haven't impacted the computer's performance. "Firefox is quite memory efficient and isn't actually loading the websites unless I click on the tab -- so it's not very resource intensive," Hazel says.

Plumpaquatsch writes: Investigators teamed up with colleagues from the Balkans and Lebanon in raids set up by months of intense surveillance. Authorities say the operation thwarted over 10 million euro in damages and led to 21 arrests.

Dubbed 'Operation Pandora,' the sting began in Germany in December 2023, after a suspicious bank teller contacted police when a 76-year-old customer from Freiburg sought to hurriedly withdraw 120,000 euro ($128,232) from her savings account to hand over to a fake police officer. When real police investigators tracked the internet-based telephone number that had been used to lure the woman, they discovered a veritable goldmine.

Rather than shutting down the number, authorities instead went on the offensive, setting up their own call center in which hundreds of officers from Baden-Wurttemberg, Bavaria, Berlin and Saxony worked around the clock monitoring some 1.3 million calls in real time, as the number from the initial scam was tied to an entire network of fraud call centers. Police were able to trace and record data from the calls, as well as warn potential victims of what was in fact happening, in turn winning valuable time to put together the April 18 sting.

Police say their efforts allowed them to thwart some 10 million euro in damages in roughly 6,000 cases of attempted fraud.

When given the choice, pet parrots prefer to video-call each other instead of watch pre-recorded videos of other birds. Those are the findings from a new paper (PDF) set to appear next week at a conference on Human Factors in Computing Systems in Hawaii. Phys.Org reports: The study, led by animal-computer interaction specialists at the University of Glasgow, gave tablet devices to nine parrots and their owners to explore the potential of the video chats to expand the birds' social lives. Their results suggest that the clever birds, who often suffer from loneliness in captivity, may be able to tell the difference between live and pre-recorded content on digital devices, and strongly prefer interacting with other birds in real time.

Over the course of the six-month study, the parrots chose to initiate calls to other birds significantly more often than they opted to watch pre-recorded footage. They also seemed more engaged in the live chats, spending much longer on calls with other birds than they did watching videos from a library of options. The findings could help steer the future course of the emerging "animal internet," which uses digital technology to empower animals to interact with humans and each other in new ways.

Dan Goodin reports via Ars Technica: A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under active exploitation, federal government officials warned as data showed that thousands of users had yet to install a patch released in January. A change GitLab implemented in May 2023 made it possible for users to initiate password changes through links sent to secondary email addresses. The move was designed to permit resets when users didn't have access to the email address used to establish the account. In January, GitLab disclosed that the feature allowed attackers to send reset emails to accounts they controlled and from there click on the embedded link and take over the account.

While exploits required no user interaction, hijackings worked only against accounts that weren't configured to use multi-factor authentication. Even with MFA, accounts remained vulnerable to password resets. The vulnerability, tracked as CVE-2023-7028, carries a severity rating of 10 out of a possible 10. The vulnerability, classified as an improper access control flaw, could pose a grave threat. GitLab software typically has access to multiple development environments belonging to users. With the ability to access them and surreptitiously introduce changes, attackers could sabotage projects or plant backdoors that could infect anyone using software built in the compromised environment. An example of a similar supply chain attack is the one that hit SolarWinds in 2021, infecting more than 18,000 of its customers. Other recent examples of supply chain attacks are here, here, and here. These sorts of attacks are powerful. By hacking a single, carefully selected target, attackers gain the means to infect thousands of downstream users, often without requiring them to take any action at all. According to Internet scans performed by security organization Shadowserver, more than 2,100 IP addresses showed they were hosting one or more vulnerable GitLab instances. In order to protect your system, you should enable MFA and install the latest patch. "GitLab users should also remember that patching does nothing to secure systems that have already been breached through exploits," notes Goodin.

Ecobee, the company that pioneered smart thermostats with its Ecobee Smart in 2008, has announced it will end online support for the device and its commercial counterpart, the Ecobee Energy Management System, on July 31, 2024. The move will disable internet-dependent features such as web portal control, smart integrations, and weather-related functionality, while basic HVAC control and scheduling will remain operational.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission chair today made a final plea to Congress, asking for money to continue a broadband-affordability program that gave out its last round of $30 discounts to people with low incomes in April. The Affordable Connectivity Program (ACP) has lowered monthly Internet bills for people who qualify for benefits, but Congress allowed funding to run out. People may receive up to $14 in May if their ISP opted into offering a partial discount during the program's final month. After that there will be no financial help for the 23 million households enrolled in the program.

"Additional funding from Congress is the only near-term solution for keeping the ACP going," FCC Chairwoman Jessica Rosenworcel wrote in a letter to members of Congress today. "If additional funding is not promptly appropriated, the one in six households nationwide that rely on this program will face rising bills and increasing disconnection. In fact, according to our survey of ACP beneficiaries, 77 percent of participating households report that losing this benefit would disrupt their service by making them change their plan or lead to them dropping Internet service entirely." The ACP started with $14.2 billion allocated by Congress in late 2021. The $30 monthly ACP benefit replaced the previous $50 monthly subsidy from the Emergency Broadband Benefit Program.

Satellite operator SES plans to buy fellow satellite operator Intelsat, in a $3.1 billion deal that's expected to close next year. According to Space Magazine, the combined company could help it "compete with SpaceX's huge Starlink broadband network." From the report: SES and Intelsat both operate communications satellites in geostationary orbit, which lies 22,236 miles (35,785 kilometers) above Earth. SES also runs a constellation called O3b in medium Earth orbit, at an altitude of about 5,000 miles (8,000 km). As [SES CEO Adel Al-Saleh] noted, there is increasingly fierce competition for the services provided by these satellites -- for example, from SpaceX's Starlink megaconstellation in low Earth orbit. And other LEO megaconstellations are in the works as well. For instance, Amazon launched the first two prototypes for its planned 3,200-satellite Project Kuiper network this past October.

"By combining our financial strength and world-class team with that of SES, we create a more competitive, growth-oriented solutions provider in an industry going through disruptive change," Intelsat CEO David Wajsgras said in the same statement. "The combined company will be positioned to meet customers' needs around the world and exceed their expectations," he added.

An anonymous reader shares that IPv6rs has debuted a new one-click self hosting system: Everyone seemed like they were talking about self hosting, but we didn't understand why it wasn't more prolific. Thus, we conducted a survey to hear reasons. It turned out the two most common reasons were:

1. Lack of an external IP address 2. Too difficult to setup and maintain

Our service already solves the first issue. We set out with a self-hostathon to figure out what the blockers were in setting up and running a self-hosted server. ... writes IPv6rs on their blog. We needed to make things easier, so we created Cloud Seeder, a one click installer that instantly launches a fully encapsulated server appliance that is externally reachable.

At the time of launching, the current version of Cloud Seeder supports 20+ different appliances - from Mastodon which federates with Meta's Threads to Nextcloud which provides an enterprise-level, self-hosted alternative to the big-name collaboration suites.

It also automatically handles updates/maintenance.

We hope this will bring a new era to self hosting and, in turn, will bring the decentralized internet forest back. Is the self hosting era making its return?

The Supreme Court on Tuesday refused to block on free speech grounds a provision of Texas law aimed at preventing minors from accessing pornographic content online. From a report: The justices turned away a request made by the Free Speech Coalition, a pornography industry trade group, as well as several companies. The challengers said the 2023 law violates the Constitution's First Amendment by requiring anyone using the platforms in question, including adults, to submit personal information.

One provision of the law, known as H.B. 1181, mandates that platforms verify users' ages by requiring them to submit information about their identities. Although the law is aimed at limiting children's access to sexually explicit content, the lawsuit focuses on how those measures also affect adults. "Specifically, the act requires adults to comply with intrusive age verification measures that mandate the submission of personally identifying information over the internet in order to access websites containing sensitive and intimate content," the challengers wrote in court papers.

Richard Speed reports via The Register: NASA's optical communications demonstration has hit 25 Mbps in a test transmitting engineering data back to Earth from 140 million miles (226 million kilometers) away. The payload is riding aboard the Psyche probe, which is headed for an asteroid of the same name. On December 11, when the spacecraft was 19 million miles (30 million kilometers) away, it reached 267 Mbps, which NASA described as "comparable to broadband internet download speeds."

However, as Psyche has continued on its trajectory, the distances have become greater, and the rate at which data can be transmitted and received has tumbled. At 140 million miles, the project's goal was to reach a lofty 1 Mbps. Instead, engineers managed to get 25 Mbps out of the demonstration. Earlier demonstrations tested the technology using preloaded data, such as a cat video. The latest experiment used a copy of engineering data also sent via Psyche's radio transmitter.

"We downlinked about 10 minutes of duplicated spacecraft data during a pass on April 8," said Meera Srinivasan, the project's operations lead at NASA's Jet Propulsion Laboratory (JPL) in Southern California. "Until then, we'd been sending test and diagnostic data in our downlinks from Psyche. This represents a significant milestone for the project by showing how optical communications can interface with a spacecraft's radio frequency comms system." The demonstrator is only along for the ride -- Psyche uses conventional radio technology for its mission. However, the demonstration does point to the potential for higher-bandwidth communications in future projects.

Jules Roscoe reports via 404 Media: Russia has replaced Wikipedia with a state-sponsored encyclopedia that is a clone of the original Russian Wikipedia but which conveniently has been edited to omit things that could cast the Russian government in poor light. Real Russian Wikipedia editors used to refer to the real Wikipedia as Ruwiki; the new one is called Ruviki, has "ruwiki" in its url, and has copied all Russian-language Wikipedia articles and strictly edited them to comply with Russian laws. The new articles exclude mentions of "foreign agents," the Russian government's designation for any person or entity which expresses opinions about the government and is supported, financially or otherwise, by an outside nation. [...]

Wikimedia RU, the Russian-language chapter of the non-profit that runs Wikipedia, was forced to shut down in late 2023 amid political pressure due to the Ukraine war. Vladimir Medeyko, the former head of the chapter who now runs Ruviki, told Novaya Gazeta Europe in July that he believed Wikipedia had problems with "reliability and neutrality." Medeyko first announced the project to copy and censor the 1.9 million Russian-language Wikipedia articles in June. The goal, he said at the time, was to edit them so that the information would be "trustworthy" as a source for all Russian users. Independent outlet Bumaga reported in August that around 110 articles about the war in Ukraine were missing in full, while others were severely edited. Ruviki also excludes articles about reports of torture in prisons and scandals of Russian government representatives. [...]

Graphic designer Constantine Konovalov calculated the number of characters changed between Wikipedia RU and Ruviki articles on the same topics, and found that there were 205,000 changes in articles about freedom of speech; 158,000 changes in articles about human rights; 96,000 changes in articles about political prisoners; and 71,000 changes in articles about censorship in Russia. He wrote in a post on X that the censorship was "straight out of a 1984 novel." Interestingly, the Ruviki article about George Orwell's 1984 entirely omits the Ministry of Truth, which is the novel's main propaganda outlet concerned with governing "truth" in the country.

The United Kingdom has become the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. From a report: The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

Manufacturing and design practices mean many IoT products introduce additional risks to the home and business networks they're connected to. In one often-cited case described by cybersecurity company Darktrace, hackers were allegedly able to steal data from a casino's otherwise well-protected computer network after breaking in through an internet-connected temperature sensor in a fish tank. Under the PSTI, weak or easily guessable default passwords such as "admin" or "12345" are explicitly banned, and manufacturers are also required to publish contact details so users can report bugs.

The U.S. Court of Appeals for the 2nd Circuit overturned a prior district court decision, lifting the injunction that blocked New York's law mandating that ISPs offer $15 broadband plans to low-income families. Ars Technica reports: The ruling (PDF) is a loss for six trade groups that represent ISPs, although it isn't clear right now whether the law will be enforced. For consumers who qualify for means-tested government benefits, the state law requires ISPs to offer "broadband at no more than $15 per month for service of 25Mbps, or $20 per month for high-speed service of 200Mbps," the ruling noted. The law allows for price increases every few years and makes exemptions available to ISPs with fewer than 20,000 customers.

"First, the ABA is not field-preempted by the Communications Act of 1934 (as amended by the Telecommunications Act of 1996), because the Act does not establish a framework of rate regulation that is sufficiently comprehensive to imply that Congress intended to exclude the states from entering the field," a panel of appeals court judges stated in a 2-1 opinion. Trade groups claimed the state law is preempted by former Federal Communications Commission Chairman Ajit Pai's repeal of net neutrality rules. Pai's repeal placed ISPs under the more forgiving Title I regulatory framework instead of the common-carrier framework in Title II of the Communications Act.

2nd Circuit judges did not find this argument convincing: "Second, the ABA is not conflict-preempted by the Federal Communications Commission's 2018 order classifying broadband as an information service. That order stripped the agency of its authority to regulate the rates charged for broadband Internet, and a federal agency cannot exclude states from regulating in an area where the agency itself lacks regulatory authority. Accordingly, we REVERSE the judgment of the district court and VACATE the permanent injunction."

An anonymous reader quotes a report from the New York Times: The Federal Communications Commission voted on Thursday to restore regulations that expand government oversight of broadband providersand aim to protect consumer access to the internet, a move that will reignite a long-running battle over the open internet. Known as net neutrality, the regulations were first put in place nearly a decade ago under the Obama administration and are aimed at preventing internet service providers like Verizon or Comcast from blocking or degrading the delivery of services from competitors like Netflix and YouTube. The rules were repealed under President Donald J. Trump, and have proved to be a contentious partisan issue over the years while pitting tech giants against broadband providers.

In a 3-to-2 vote along party lines, the five-member commission appointed by President Biden revived the rules that declare broadband a utility-like service regulated like phones and water. The rules also give the F.C.C. the ability to demand broadband providers report and respond to outages, as well as expand the agency's oversight of the providers' security issues. Broadband providers are expected to sue to try to overturn the reinstated rules.

The core purpose of the regulations is to prevent internet service providers from controlling the quality of consumers' experience when they visit websites and use services online. When the rules were established, Google, Netflix and other online services warned that broadband providers had the incentive to slow down or block access to their services. Consumer and free speech groups supported this view. There have been few examples of blocking or slowing of sites, which proponents of net neutrality say is largely because of fear that the companies would invite scrutiny if they did so. And opponents say the rules could lead to more and unnecessary government oversight of the industry.

The Federal Communications Commission is set to vote to restore net neutrality on Thursday in the latest volley of a yearslong game of political ping-pong. From a report: The commission is expected to reclassify internet service providers (ISPs) -- e.g., broadband companies like AT&T and Comcast -- as common carriers under Title II of the Communications Act. That classification would open ISPs up to greater oversight by the FCC. The vote is widely expected to go in favor of reinstating net neutrality since FCC Chair Jessica Rosenworcel, a Democrat, controls the agency's agenda. Rosenworcel moved forward with the measure after a fifth commissioner was sworn in, restoring a Democratic majority on the panel. Net neutrality proponents say that oversight can help ensure fair access to an open internet by upholding principles like no blocking or throttling of internet traffic. Opponents, including industry players, fear it could halt innovation and subject ISPs to onerous price regulations. Update FCC Votes To Restore Net Neutrality.

An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.

Samantha Cole reports via 404 Media: A Japan-based online art platform is banning kink content for users based in the US and UK, as laws in these countries continue to tighten around sites that allow erotic content. Pixiv is an image gallery site where artists primarily share illustrations, manga, and novels. The site announced on April 22 that starting April 25, users whose account region is set to the US or UK will be subject to Pixiv's new terms of use, "Restrictions for Healthy Expression in Specific Countries and Regions."

The restrictions include several kinds of content that are illegal in the US, including sexualized depictions of minors and bestiality, as well as non-consensual depictions and deepfakes. But it also includes "content that appeals to the prurient interest, is patently offensive in light of community standards where you are located or where such content may be accessed or distributed, lacks serious literary, artistic, political, or scientific value, or otherwise violates any applicable obscenity laws, rules or regulations." This is an invocation of the Miller test, which determines non-constitutionally protected obscenity. "I'd never say this a few years ago, but it's my personal fear that the next step is most major internet hosting services implementing these policies on an infrastructure level," said an artist who goes by kradeelav. "My colleagues are certainly planning for it by specifically looking for kink-friendly hosts, to actually making homebrew servers themselves in worst-case scenarios."