WELCOME BACK TO DIGITAL POLITICS. I'm Mark Scott, and have partnered with YouGov and Microsoft for a dinner in Brussels on Dec 10 to recap the digital policymaking highlights of 2025 and to look ahead to what is in store for next year.

If you would like to attend, please let me know here. The event will include exclusive insight from YouGov on Europeans' attitudes toward technology. Spaces are limited, so let me know asap.

— November will again show how much the European Union is split over the bloc's strategy toward technology.

— The annual climate change talks begin in Brazil on Nov 10. The tech industry's impact has gone from bad to worse.

— Big Tech firms have massively increased their spending on tech lobbying within the EU institutions. Here are the stats.

Let's get started:

IT'S THE EU, AND IT'S HERE TO HELP

IT'S GOING TO BE A BUSY MONTH. On Nov 18, France and Germany will gather officials, industry executives and (just a few) civil society groups in Berlin for the so-called "Summit on European Digital Sovereignty." The one-day conference (as well as a series of side events) is aimed at figuring out what the European Union's position on the topic should be — despite more than five years since the concept of digital sovereignty started during the rounds in Brussels.

Then, on Nov 19, the European Commission is expected to announce its so-called "Digital Omnibus," or Continent-wide effort to simplify the bloc's tech rules, primarily focused around the Artificial Intelligence Act, General Data Protection Regulation, Cybersecurity Act and the ePrivacy Directive. It's a response to the competitiveness report written by Mario Draghi, the former Italian prime minister, which suggested (without much evidence) that Europe's complex digital rulebook was a major reason why the Continent had failed to compete with the likes of China and the United States.

The one-two punch of the Digital Sovereignty summit and the Digital Omnibus represent the two countervailing strategies toward technology that are battling for supremacy in Brussels and other EU member capitals.

There's a long history about why France and Germany still don't see eye-to-eye on digital sovereignty. Paris would prefer to create national (read: French) tech champions that can then compete globally. Berlin would prefer to work with allies on tech issues, though the newly-installed government is starting to change its tune.

Thanks for reading the free monthly version of Digital Politics. Paid subscribers receive at least one newsletter a week. If that sounds like your jam, please sign up here.

Here's what paid subscribers read in October:
— How social media failed to respond to the highest level of global conflict since WWII; The fight over semiconductors between China and the US is worsening the "splinternet;" DeepSeek's vaunted success may not what it first appears. More here.
— The European Union's AI strategy is re-living mistakes of previous shifts in global technology; Domestic US politics overshadow the global attacks on online safety laws; The consequences of Big Tech's pullback on political ad transparency is a hit to free speech. More here.
— Social media is no longer 'social.' That requires a rethink about how these platforms are overseen; How US tech companies are balancing domestic and international pledges on 'digital sovereignty;' Most governments don't have a plan to combat disinformation. More here.
— Get ready for the rise of a 'digital age of minority;' AI-powered deepfakes are getting harder detect — even if they have yet to affect democratic elections; The global "AI Stack" is quickly consolidating around select few firms. More here.
— The case for why everyone should double down on social media oversight despite the growing hype around artificial intelligence. More here.

Yet at its core, both countries are seeking to take a more hands-on approach to digital policymaking that focuses on digital public infrastructure, incentives tied to public tenders for technology contracts and greater government support for domestic companies to compete on the global stage. That could include nudging ministries to use local alternatives to American cloud providers like AWS or Google. It may involve government support for startups to hire the best talent and access new European (and global) markets. It could see officials actively embedding themselves in industrial policy decisions so that more high-end technology is built in Europe — as part of growing public support to wean the bloc off a perceived reliance on US Big Tech giants.

There's still uncertainty about what the communiqué that will arise from the Nov 18 event will say. US officials have been doing the rounds in EU capitals (and not just in Berlin and Paris) to warn national officials of promoting an "anti-American" slant to whatever Europe decides to do with its digital sovereignty ambitions. But, at its core, the summit will be dedicated to placing the government and policymakers at the center of digital policymaking changes to jumpstart the bloc's economy.

Contrast that to what the European Commission is slated to announce a day later on Nov 19 (though that date has yet to be officially confirmed.) As part of the Digital Omnibus, expect a slate of announcements to pare back Europe's digital rulebook in the name of economic growth.

There are rumors that parts of the AI Act will be shelved. I don't think that will happen. Instead, my bet is on a more protracted roll-out of the world's only comprehensive legislation for the emerging technology aimed at giving European firms more time to figure out their AI strategies. I would argue that few of these firms will be affected by the most stringent parts of the AI Act. But Henna Virkkunen, the European Commission's vice-president for technology sovereignty, security and democracy, has made it clear her priority when it comes to AI is about generating growth, not cumbersome regulation.

In other parts of the upcoming Digital Omnibus we'll also likely see other retrenchment from Europe's flaunted world-class digital regulation. This will be framed as unleashing the bloc's economic potential by making it easier for small- and medium-sized enterprises to sell their wares globally without falling afoul of the perceived excesses of digital regulation. Europe's privacy rules, in particular, will likely come under scrutiny because of the misunderstanding that such rules have made it harder for small firms to compete. When it comes to European bigger firms, that is certainly true. But I have seen little evidence to suggest that tough data protection rules, when implemented correctly, lead to burdensome oversight for smaller companies, almost all of which do not have to comply with the most stringent of oversight.

EU policymakers argue the dual events this month go hand-in-hand. That you can have a more top-down industrial policy directed by national leaders and an effort to reduce the digital regulatory burden to unleash the Continent's economic potential.

I don't buy that.

First, Europe needs to define what it wants out of its digital sovereignty agenda that remains divided between EU member countries' diverging interests and an inability to craft a coherent policymaking agenda when global competitors like the US and China are quickly moving ahead. Yes, the bloc is not a country, and such decisions are inherently slow. But Brussels has had more than five years to conjure up a digital sovereignty ethos, and it has failed to do so.

Second, the perception driven home by Draghi's competitiveness report that all digital regulation is harmful to the economy fundamentally misunderstands how Europe's digital economy works. It's not GDPR or the soon-to-be slow-rolled AI Act that is holding back Portugal or Sweden. It's the endemic failure of generations of EU policymakers to create a functioning digital single market that can allow European companies to leverage Continent-wide talent and financial resources.

Reining back digital rules may play into the politics of late 2025 when national leaders all want to <<checks talking points>> unleash the potential of AI onto society. But the Digital Omnibus will fail to grapple with the EU's underlying structural challenges that remain the main driver for why the bloc is third in the three-person race with China and the US on technology.

Until national leaders and policymakers clearly link their digital sovereignty ambitions with a well-thought-out strategy toward digital rulemaking, Europe's also-ran status is unlikely to change.

The two events later this month represent a missed opportunity to bring the dueling strategies — one pushing for greater government intervention, the other calling for less regulatory oversight — into one coherent message. That could have included finally articulating what a forward-looking digital sovereignty agenda would look like that focused on competitiveness, social cohesion and the promotion of Europe's fundamental values, at home and abroad.

Instead, the Nov 18 summit and the Nov 19 announcement will likely stand in contrast to one another as a sign that, again, the EU has failed to meet the opportunity presented by the US (the world's largest democratic power) pulling back from the global stage.

Chart of the week

LOBBYING IN BRUSSELS HAS NEVER BEEN at the same scale as what happens in Washington. In part, that's because the EU is not as transparent in forcing companies to disclose what they spend annually to nudge lawmakers in one way or another.

Still, tech companies have increased their collective lobbying spend by roughly one-third, to $174 million, in the latest 12 month period compared to 2023, according to figures collected by Corporate Europe Observatory and LobbyControl, two advocacy groups.

Below is the breakdown of the top spenders within the digital industry. It's not surprising that many on the list continue to face significant regulatory headwinds despite Brussels calming down on its appetite for more tech rules.
Source: Corporate Europe Observatory; LobbyControlSource; EU Transparency Register

TECH INDUSTRY AND CLIMATE CHANGE

THE UNITED NATIONS ANNUAL CLIMATE CHANGE CONFERENCE will take place in Belén, Brazil from Nov 10-Nov 21. The outlook does not look good. As a lapsed climate change reporter, it's hard not to look at the current data and weep. The ten warmest years on record have all occurred between 2015-2024, according to data from the US NOAA National Centers for Environmental Information. Last year was the warmest year since global records began in 1850.

Yikes.

The tech industry, especially those firms powering the datacenter boom, must take responsibility for some of the current climate crisis.

Electricity consumption associated with datacenters, for instance, is expected to more than double by 2030, based on estimates from the International Energy Agency. By the end of the decade, that means these facilities, whose expansion is directly related to the AI boom currently engulfing the world, will need as much electricity, as a sector, as what Japan currently consumes in 2025. That's the same amount of electricity as the world's fourth largest economy.

Again, yikes.

Some of this datacenter boom will be powered by renewable energy like geothermal power. But in countries from Ireland to Chile, local residents are protesting the building of these facilities because of fears — and realities — that the new construction will either lead to rolling electricity blackouts or hikes in energy bills that will disproportionately harm lower income families.

The climate change risks are not just limited to electricity generation.

On everything from lithium battery production for electric vehicles to the waste produced by consumer electronic devices, the tech industry's effect on the wider environment can not be overstated. Yes, there are larger emitters, especially those associated with heavy industry and transport. But for a sector known for generating record profits (and now representing roughly a third of the overall market capitalization of the S&P 500 Index), the tech industry has significant cash stockpiles to address its climate change impact.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Some firms have started to do so. Many of the world's largest tech companies have best-in-class carbon offsetting programs and have invested billions in the reduction of so-called e-waste created by their consumer products. Still, it's not enough.

As national leaders and policymakers gather in Brazil for what is likely to be a damp squib of a climate conference, it's a reminder of the growing disconnect between the tech industry's climate change footprint and its ability to play a major role in averting the most harmful environmental impact — especially when 2024 was the first calendar year when the average global temperature exceeded 1.5°C above its pre-industrial levels.

Expect many of the companies to send representatives to Belén. It's a potentially good news story for some already investing in greener versions of tech infrastructure. But with total investment in data centers, alone, expected to hit almost $600 billion this year, it's hard to reconcile the growing carbon footprint of just one part of the tech industry and the stated green ambitions of the firms behind the current tech boom.

What I'm reading:

— Ahead of the upcoming social media ban for minors in Australia, the government conducted a feasibility study into whether it could implement so-called "age assurance" across the country. The results are here.

— The US Senate held another hearing into unproven claims that Big Tech companies worked with the federal government to censor mostly right-wing voices. Here's the transcript.

— The European Commission published its work plan for 2026, including major tech regulatory pushes like the Digital Fairness Act. More here.

— More than 70 countries signed the United Nations Cybercrime Convention on Oct 25 that had been criticized for failing to uphold basic fundamental rights. You can read the treaty here.

— Academics from Oxford University outlined a potential pathway forward in how the ways countries oversee artificial intelligence can be brought together. More here.

digitalpolitics.co/newsletter0…

For most of us, the days of having to insert a disc to play our media are increasingly behind us. But if you’d like to provide your kids with the experience, you could use CardFlix.

For the electronics, [Udi] used the readily available ESP8266 D1 Mini module connected via I2C to a PN532 NFC reader. To trigger the different movies, there are over 50 cards, each with not only its unique NFC tag but also small posters that [Udi] printed showing the show and then laminated, ensuring they will survive plenty of use. The D1 Mini and NFC reader are housed in a 3D printed case, which ends up being almost smaller than the 5V DC adapter powering it, allowing it to be mounted above an outlet out of the way. The deck of movie cards is also housed in a pair of printed boxes: the larger one for the whole collection and a small one for the most often used shows. Should you want to print your own, all the design files are provided in the write-up.

The D1 Mini was programmed using ESPHome. This firmware allows it to easily connect back to Home Assistant, which does most of the heavy lifting for this project. When a card is scanned, Home Assistant can tell which TV the scanner was near, allowing this system to be used in more than one location. It also knows which card was scanned so it can play the right movie. Home Assistant also handles ensuring the TV in question is powered on, as well as figuring out what service should be called for that particular movie to be shown.

Be sure to check out some of the other projects we’ve featured that use ESPHome to automate tasks.

youtube.com/embed/_sqxoAX3GW0?…

hackaday.com/2025/11/05/cardfl…

Gli aggressori stanno utilizzando una tecnica avanzata che implica il caricamento laterale di DLL tramite l’applicazione Microsoft OneDrive. In questo modo riescono ad eseguire codice malevolo senza essere rilevati dai meccanismi di sicurezza.

L’attacco informatico utilizza una libreria dll modificata come strumento per deviare i processi legittimi di Windows e assicurare la persistenza sui sistemi infetti. Questo metodo si dimostra particolarmente efficace perché evita le modifiche persistenti al codice che i sistemi di rilevamento basati sulle firme solitamente identificano.

Secondo l’avviso di sicurezza di Kas-sec, gli aggressori hanno inserito un file version.dll contraffatto nella stessa directory di OneDrive.exe, sfruttando l’ordine di ricerca delle dipendenze dell’applicazione.

La tecnica prende di mira specificamente version.dll perché molte applicazioni Windows, tra cui OneDrive, si basano su questa libreria per recuperare informazioni sulla versione dei file. Quando OneDrive.exe viene avviato, carica la DLL dannosa dalla sua directory locale prima di cercare nelle directory di sistema.

Gli aggressori, posizionando in modo strategico la DLL malevola, sono in grado di eseguire codice all’interno del contesto fidato di un’applicazione Microsoft dotata di firma digitale, superando di fatto i controlli di sicurezza volti a monitorare i processi anomali. Al fine di salvaguardare la clandestinità e scongiurare interruzioni anomale delle applicazioni, gli aggressori utilizzano metodologie di proxy delle DLL.

La versione dannosa della dll esporta le stesse funzioni della libreria legittima, inoltrando chiamate di funzioni legittime alla versione System32 originale di Windows mentre esegue operazioni in background.

Questa doppia funzionalità garantisce che OneDrive.exe continui a funzionare normalmente, riducendo la probabilità di essere rilevato da utenti o software di sicurezza. L’attacco impiega una tecnica di hooking avanzata che sfrutta la gestione delle eccezioni e il flag di protezione della memoria PAGE_GUARD.

Invece dei tradizionali metodi di hooking inline facilmente rilevabili dagli strumenti di sicurezza, questo approccio attiva intenzionalmente eccezioni di memoria per intercettare le chiamate API. Quando OneDrive.exe tenta di chiamare funzioni specifiche come CreateWindowExW, il codice dannoso cattura il flusso di esecuzione tramite gestori di eccezioni e lo reindirizza alle funzioni controllate dall’aggressore.

L’hook si riarma dopo ogni intercettazione utilizzando eccezioni in un unico passaggio, mantenendo un controllo continuo sulle funzioni API mirate.

L'articolo Pericolo per gli utenti OneDrive: le DLL infette si nascondono nei file condivisi proviene da Red Hot Cyber.

noblogo.org/transit/mamdani-a-…

Transit

2025-11-05 14:29:46

Mamdani a New York: vittoria simbolo, sfida per la sinistra italiana.

(177)

Nota: non voglio, e non ne ho facoltà, minimizzare la vittoria di Mamdani, nè pormi in contrasto con chi ne gioisce. Diciamo che non amo molto che le vittorie della sinistra all'estero siano prese come esempio in questo paese, che deve, comunque, fare i conti con la sua, di politica.

#ZohranMamdani, eletto sindaco di New York a soli 34 anni, rappresenta una svolta storica per la politica americana. Primo sindaco musulmano della città, Mamdani ha sconfitto l’ex governatore Andrew Cuomo con il 50,4% dei voti, conquistando consenso soprattutto tra giovani, immigrati e lavoratori grazie a una piattaforma basata su trasporti pubblici gratuiti, edilizia popolare e giustizia sociale.

Già nel suo discorso di vittoria, Mamdani ha lanciato una sfida diretta a #DonaldTrump, definendolo un “despota” e affermando che “...la città che lo ha creato può anche sconfiggerlo”.​ Da parte sua, Trump ha risposto con sarcasmo, minimizzando la sconfitta: «Io non ero sulla scheda elettorale» e accusando le tensioni a Washington di aver danneggiato il movimento repubblicano. A Mamdani ha rivolto l’epiteto di “Comunista” e ha minacciato tagli ai fondi federali: “Se vince un comunista, pronti a tagliare miliardi a New York”. Questa contrapposizione incarna uno scontro tra due visioni opposte, ma con un comune uso di retorica fortemente polarizzante.​

Le vittorie parallele di Abigail Spanberger in Virginia e Mikie Sherrill nel New Jersey consolidano il successo dei democratici in territori chiave, ponendo un ulteriore freno alla spinta trumpiana e segnando un chiaro avvertimento verso la leadership repubblicana.​

In Italia, il successo di Mamdani è stato accolto con entusiasmo da settori della sinistra, ma la realtà politica appare ben diversa rispetto a quella statunitense. Qui la sinistra è dilaniata da una cronica divisione tra anime moderata e radicale, che impedisce la costruzione di un progetto unitario e coerente. L’assenza di una leadership convincente che sappia parlare ai bisogni concreti della società limita molto la capacità di mobilitazione e di creare un’alternativa credibile al governo Meloni.

L’opposizione italiana tende spesso a rifugiarsi in tentativi di emulazione di modelli esteri senza riuscire a tradurli nel contesto nazionale, rimanendo così frammentata e marginale. Manca, inoltre, un dialogo autentico con le nuove generazioni e con i settori più vulnerabili, fattori che in America invece hanno fatto la differenza per Mamdani.

Solo un’analisi critica e profonda di queste difficoltà interne potrà avviare un processo di rinnovamento e rilancio della sinistra in Italia, partendo dalla concretezza e non dall’astrazione.​

Mamdani e i successi democratici statunitensi mostrano dunque un modello efficace di politica progressista da cui trarre ispirazione, ma la sinistra italiana deve affrontare le proprie contraddizioni interne per poter davvero sognare una rinascita simile.

#Blog #USA #Mamdani #Trump #Politica #Italia #Sinistra #Opinioni

Mastodon: @alda7069@mastodon.unoTelegram: t.me/transitblogFriendica: @danmatt@poliverso.orgBio Site (tutto in un posto solo, diamine): bio.site/danielemattioli

Gli scritti sono tutelati da “Creative Commons” (qui)

Tutte le opinioni qui riportate sono da considerarsi personali. Per eventuali problemi riscontrati con i testi, si prega di scrivere a: corubomatt@gmail.com

Transit

Il blog di Alessandra Corubolo & Daniele Mattioli. On line -in varie forme- dal 2005.

^Telegram