Apple iOS privacy clampdown 'did little' to reduce tracking

American lawmakers held a hearing on Tuesday to discuss a proposed federal information privacy bill that many want yet few believe will be approved in its current form.

The hearing, dubbed "Protecting America's Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security," was overseen by the House Subcommittee on Consumer Protection and Commerce of the Committee on Energy and Commerce.

Therein, legislators and various concerned parties opined on the American Data Privacy and Protection Act (ADPPA) [PDF], proposed by Senator Roger Wicker (R-MS) and Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA).

Brave CEO Brendan Eich took aim at rival DuckDuckGo on Wednesday by challenging the web search engine's efforts to brush off revelations that its Android, iOS, and macOS browsers gave, to a degree, Microsoft Bing and LinkedIn trackers a pass versus other trackers.

Eich drew attention to one of DuckDuckGo's defenses for exempting Microsoft's Bing and LinkedIn domains, a condition of its search contract with Microsoft: that its browsers blocked third-party cookies anyway.

"For non-search tracker blocking (e.g. in our browser), we block most third-party trackers," explained DuckDuckGo CEO Gabriel Weinberg last month. "Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon."

Apple's Intelligent Tracking Protection (ITP) in Safari has implemented privacy through forgetfulness, and the result is that users of Twitter may have to remind Safari of their preferences.

Apple's privacy technology has been designed to block third-party cookies in its Safari browser. But according to software developer Jeff Johnson, it keeps such a tight lid on browser-based storage that if the user hasn't visited Twitter for a week, ITP will delete user set preferences.

So instead of seeing "Latest Tweets" – a chronological timeline – Safari users returning to Twitter after seven days can expect to see Twitter's algorithmically curated tweets under its "Home" setting.

The latest version of OpenSSL v3, a widely used open-source library for secure networking using the Transport Layer Security (TLS) protocol, contains a memory corruption vulnerability that imperils x64 systems with Intel's Advanced Vector Extensions 512 (AVX512).

OpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability (CVE-2022-2068) that was not fully addressed with a previous patch (CVE-2022-1292).

But this release itself needs further fixing. OpenSSL 3.0.4 "is susceptible to remote memory corruption which can be triggered trivially by an attacker," according to security researcher Guido Vranken. We're imagining two devices establishing a secure connection between themselves using OpenSSL and this flaw being exploited to run arbitrary malicious code on one of them.

Period- and fertility-tracking apps have become weapons in Friday's post-Roe America.

These seemingly innocuous trackers contain tons of data about sexual history, menstruation and pregnancy dates, all of which could now be used to prosecute women seeking abortions — or incite digital witch hunts in states that offer abortion bounties.

Under a law passed last year in Texas, any citizen who successfully sues an abortion provider, a health center worker, or anyone who helps someone access an abortion after six weeks can claim at least $10,000, and other US states are following that example.

Broadcom has made its first public comment in weeks about its plans for VMware, should the surprise $61 billion acquisition proceed as planned, and has prioritized retaining VMware's engineers to preserve the virtualization giant's innovation capabilities.

The outline of Broadcom's plans appeared in a Wednesday blog post by Broadcom Software president Tom Krause.

Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong.

The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.

"Our secure bridges offer cross-chain transfers with Ethereum, Binance and three other chains," the cryptocurrency entity explained on its website. Not so, it seems.

Oracle has been sued by Plexada System Integrators in Nigeria for alleged breach of contract and failure to pay millions of dollars said to be owed for assisting with a Lagos State Government IT contract.

Plexada is seeking almost $56 million in denied revenue, damages, and legal costs for work that occurred from 2015 through 2020.

A partner at Plexada, filed a statement with the Lagos State High Court describing the dispute. The document, provided to The Register, accuses Oracle of retaliating against Plexada and trying to ruin the firm's business for seeking to be paid.

Qualcomm knows that if it wants developers to build and optimize AI applications across its portfolio of silicon, the Snapdragon giant needs to make the experience simpler and, ideally, better than what its rivals have been cooking up in the software stack department.

That's why on Wednesday the fabless chip designer introduced what it's calling the Qualcomm AI Stack, which aims to, among other things, let developers take AI models they've developed for one device type, let's say smartphones, and easily adapt them for another, like PCs. This stack is only for devices powered by Qualcomm's system-on-chips, be they in laptops, cellphones, car entertainment, or something else.

While Qualcomm is best known for its mobile Arm-based Snapdragon chips that power many Android phones, the chip house is hoping to grow into other markets, such as personal computers, the Internet of Things, and automotive. This expansion means Qualcomm is competing with the likes of Apple, Intel, Nvidia, AMD, and others, on a much larger battlefield.

A decentralized autonomous organization (DAO) called Inverse Finance has been robbed of cryptocurrency somehow exchangeable for $1.2 million, just two months after being taken for $15.6 million.

"Inverse Finance’s Frontier money market was subject to an oracle price manipulation incident that resulted in a net loss of $5.83 million in DOLA with the attacker earning a total of $1.2 million," the organization said on Thursday in a post attributed to its Head of Growth "Patb."

And Inverse Finance would like its funds back. Enumerating the steps the DAO intends to take in response to the incident, Patb said, "First, we encourage the person(s) behind this incident to return the funds to the Inverse Finance DAO in return for a generous bounty."