New trends in phishing and scams: how AI and social media are changing the game
Introduction
Phishing and scams are dynamic types of online fraud that primarily target individuals, with cybercriminals constantly adapting their tactics to deceive people. Scammers invent new methods and improve old ones, adjusting them to fit current news, trends, and major world events: anything to lure in their next victim.
Since our last publication on phishing tactics, there has been a significant leap in the evolution of these threats. While many of the tools we previously described are still relevant, new techniques have emerged, and the goals and methods of these attacks have shifted.
In this article, we will explore:
- The impact of AI on phishing and scams
- How the tools used by cybercriminals have changed
- The role of messaging apps in spreading threats
- Types of data that are now a priority for scammers
AI tools leveraged to create scam content
Text
Traditional phishing emails, instant messages, and fake websites often contain grammatical and factual errors, incorrect names and addresses, and formatting issues. Now, however, cybercriminals are increasingly turning to neural networks for help.
They use these tools to create highly convincing messages that closely resemble legitimate ones. Victims are more likely to trust these messages, and therefore, more inclined to click a phishing link, open a malicious attachment, or download an infected file.
Example of a phishing email created with DeepSeek
The same is true for personal messages. Social networks are full of AI bots that can maintain conversations just like real people. While these bots can be created for legitimate purposes, they are often used by scammers who impersonate human users. In particular, phishing and scam bots are common in the online dating world. Scammers can run many conversations at once, maintaining the illusion of sincere interest and emotional connection. Their primary goal is to extract money from victims by persuading them to pursue “viable investment opportunities” that often involve cryptocurrency. This scam is known as pig butchering. AI bots are not limited to text communication, either; to be more convincing, they also generate plausible audio messages and visual imagery during video calls.
Deepfakes and AI-generated voices
As mentioned above, attackers are actively using AI capabilities like voice cloning and realistic video generation to create convincing audiovisual content that can deceive victims.
Beyond targeted attacks that mimic the voices and images of friends or colleagues, deepfake technology is now being used in more classic, large-scale scams, such as fake giveaways from celebrities. For example, YouTube users have encountered Shorts where famous actors, influencers, or public figures seemingly promise expensive prizes like MacBooks, iPhones, or large sums of money.
Deepfake YouTube Short
The advancement of AI technology for creating deepfakes is blurring the lines between reality and deception. Voice and visual forgeries can be nearly indistinguishable from authentic messages, as traditional cues used to spot fraud disappear.
Recently, automated calls have become widespread. Scammers use AI-generated voices and number spoofing to impersonate bank security services. During these calls, they claim there has been an unauthorized attempt to access the victim’s bank account. Under the guise of “protecting funds”, they demand a one-time SMS code. This is actually a 2FA code for logging into the victim’s account or authorizing a fraudulent transaction.
media.kasperskycontenthub.com/…Example of an OTP (one-time password) bot call
Data harvesting and analysis
Large language models like ChatGPT are well-known for their ability to not only write grammatically correct text in various languages but also to quickly analyze open-source data from media outlets, corporate websites, and social media. Threat actors are actively using specialized AI-powered OSINT tools to collect and process this information.
The data so harvested enables them to launch phishing attacks that are highly tailored to a specific victim or a group of victims – for example, members of a particular social media community. Common scenarios include:
- Personalized emails or instant messages from what appear to be HR staff or company leadership. These communications contain specific details about internal organizational processes.
- Spoofed calls, including video chats, from close contacts. The calls leverage personal information that the victim would assume could not be known to an outsider.
This level of personalization dramatically increases the effectiveness of social engineering, making it difficult for even tech-savvy users to spot these targeted scams.
Phishing websites
Phishers are now using AI to generate fake websites too. Cybercriminals have weaponized AI-powered website builders that can automatically copy the design of legitimate websites, generate responsive interfaces, and create sign-in forms.
Some of these sites are well-made clones nearly indistinguishable from the real ones. Others are generic templates used in large-scale campaigns, without much effort to mimic the original.
Phishing pages mimicking travel and tourism websites
Often, these generic sites collect any data a user enters and are not even checked by a human before being used in an attack. The following are examples of sites with sign-in forms that do not match the original interfaces at all. These are not even “clones” in the traditional sense, as some of the brands being targeted do not offer sign-in pages.
These types of attacks lower the barrier to entry for cybercriminals and make large-scale phishing campaigns even more widespread.
Login forms on fraudulent websites
Telegram scams
With its massive popularity, open API, and support for crypto payments, Telegram has become a go-to platform for cybercriminals. This messaging app is now both a breeding ground for spreading threats and a target in itself. Once they get their hands on a Telegram account, scammers can either leverage it to launch attacks on other users or sell it on the dark web.
Malicious bots
Scammers are increasingly using Telegram bots, not just for creating phishing websites but also as an alternative or complement to these. For example, a website might be used to redirect a victim to a bot, which then collects the data the scammers need. Here are some common schemes that use bots:
- Crypto investment scams: fake token airdrops that require a mandatory deposit for KYC verification
Telegram bot seemingly giving away SHIBARMY tokens
- Phishing and data collection: scammers impersonate official postal service to get a user’s details under the pretense of arranging delivery for a business package.
Phishing site redirects the user to an “official” bot.
- Easy money scams: users are offered money to watch short videos.
Phishing site promises easy earnings through a Telegram bot.
Unlike a phishing website that the user can simply close and forget about when faced with a request for too much data or a commission payment, a malicious bot can be much more persistent. If the victim has interacted with a bot and has not blocked it, the bot can continue to send various messages. These might include suspicious links leading to fraudulent or advertising pages, or requests to be granted admin access to groups or channels. The latter is often framed as being necessary to “activate advanced features”. If the user gives the bot these permissions, it can then spam all the members of these groups or channels.
Account theft
When it comes to stealing Telegram user accounts, social engineering is the most common tactic. Attackers use various tricks and ploys, often tailored to the current season, events, trends, or the age of their target demographic. The goal is always the same: to trick victims into clicking a link and entering the verification code.
Links to phishing pages can be sent in private messages or posted to group chats or compromised channels. Given the scale of these attacks and users’ growing awareness of scams within the messaging app, attackers now often disguise these phishing links using Telegram’s message-editing tools.
This link in this phishing message does not lead to the URL shown
New ways to evade detection
Integrating with legitimate services
Scammers are actively abusing trusted platforms to keep their phishing resources under the radar for as long as possible.
- Telegraph is a Telegram-operated service that lets anyone publish long-form content without prior registration. Cybercriminals take advantage of this feature to redirect users to phishing pages.
Phishing page on the telegra.ph domain
- Google Translate is a machine translation tool from Google that can translate entire web pages and generate links like https://site-to-translate-com.translate.goog/… Attackers exploit it to hide their assets from security vendors. They create phishing pages, translate them, and then send out the links to the localized pages. This allows them to both avoid blocking and use a subdomain at the beginning of the link that mimics a legitimate organization’s domain name, which can trick users.
Localized phishing page
- CAPTCHA protects websites from bots. Lately, attackers have been increasingly adding CAPTCHAs to their fraudulent sites to avoid being flagged by anti-phishing solutions and evade blocking. Since many legitimate websites also use various types of CAPTCHAs, phishing sites cannot be identified by their use of CAPTCHA technology alone.
CAPTCHA on a phishing site
Blob URL
Blob URLs (blob:example.com/…) are temporary links generated by browsers to access binary data, such as images and HTML code, locally. They are limited to the current session. While this technology was originally created for legitimate purposes, such as previewing files a user is uploading to a site, cybercriminals are actively using it to hide phishing attacks.
Blob URLs are created with JavaScript. The links start with “blob:” and contain the domain of the website that hosts the script. The data is stored locally in the victim’s browser, not on the attacker’s server.
Blob URL generation script inside a phishing kit
Hunting for new data
Cybercriminals are shifting their focus from stealing usernames and passwords to obtaining irrevocable or immutable identity data, such as biometrics, digital signatures, handwritten signatures, and voiceprints.
For example, a phishing site that asks for camera access supposedly to verify an account on an online classifieds service allows scammers to collect your biometric data.
Phishing for biometrics
For corporate targets, e-signatures are a major focus for attackers. Losing control of these can cause significant reputational and financial damage to a company. This is why services like DocuSign have become a prime target for spear-phishing attacks.
Phishers targeting DocuSign accounts
Even old-school handwritten signatures are still a hot commodity for modern cybercriminals, as they remain critical for legal and financial transactions.
Phishing for handwritten signatures
These types of attacks often go hand-in-hand with attempts to gain access to e-government, banking and corporate accounts that use this data for authentication.
These accounts are typically protected by two-factor authentication, with a one-time password (OTP) sent in a text message or a push notification. The most common way to get an OTP is by tricking users into entering it on a fake sign-in page or by asking for it over the phone.
Attackers know users are now more aware of phishing threats, so they have started to offer “protection” or “help for victims” as a new social engineering technique. For example, a scammer might send a victim a fake text message with a meaningless code. Then, using a believable pretext – like a delivery person dropping off flowers or a package – they trick the victim into sharing that code. Since the message sender indeed looks like a delivery service or a florist, the story may sound convincing. Then a second attacker, posing as a government official, calls the victim with an urgent message, telling them they have just been targeted by a tricky phishing attack. They use threats and intimidation to coerce the victim into revealing a real, legitimate OTP from the service the cybercriminals are actually after.
Fake delivery codes
Takeaways
Phishing and scams are evolving at a rapid pace, fueled by AI and other new technology. As users grow increasingly aware of traditional scams, cybercriminals change their tactics and develop more sophisticated schemes. Whereas they once relied on fake emails and websites, today, scammers use deepfakes, voice cloning and multi-stage tactics to steal biometric data and personal information.
Here are the key trends we are seeing:
- Personalized attacks: AI analyzes social media and corporate data to stage highly convincing phishing attempts.
- Usage of legitimate services: scammers are misusing trusted platforms like Google Translate and Telegraph to bypass security filters.
- Theft of immutable data: biometrics, signatures, and voiceprints are becoming highly sought-after targets.
- More sophisticated methods of circumventing 2FA: cybercriminals are using complex, multi-stage social engineering attacks.
How do you protect yourself?
- Critically evaluate any unexpected calls, emails, or messages. Avoid clicking links in these communications, even if they appear legitimate. If you do plan to open a link, verify its destination by hovering over it on a desktop or long-pressing on a mobile device.
- Verify sources of data requests. Never share OTPs with anyone, regardless of who they claim to be, even if they say they are a bank employee.
- Analyze content for fakery. To spot deepfakes, look for unnatural lip movements or shadows in videos. You should also be suspicious of any videos featuring celebrities who are offering overly generous giveaways.
- Limit your digital footprint. Do not post photos of documents or sensitive work-related information, such as department names or your boss’s name, on social media.
Running Guitar Effects on a PlayStation Portable
If your guitar needs more distortion, lower audio fidelity, or another musical effect, you can always shell out some money to get a dedicated piece of hardware. For a less conventional route, though, you could follow [Brek Martin]’s example and reprogram a handheld game console as a digital effects processor.
[Brek] started with a Sony PSP 3000 handheld, with which he had some prior programming experience, having previously written a GPS maps program and an audio recorder for it. The PSP has a microphone input as part of the connector for a headset and remote, though [Brek] found that a Sony remote’s PCB had to be plugged in before the PSP would recognize the microphone. To make things a bit easier to work with, he made a circuit board that connected the remote’s hardware to a microphone jack and an output plug.
[Brek] implemented three effects: a flanger, bitcrusher, and crossover distortion. Crossover distortion distorts the signal as it crosses zero, the bitcrusher reduces sample rate to make the signal choppier, and the flanger mixes the current signal with its variably-delayed copy. [Brek] would have liked to implement more effects, but the program’s lag would have made it impractical. He notes that the program could run more quickly if there were a way to reduce the sample chunk size from 1024 samples, but if there is a way to do so, he has yet to find it.
If you’d like a more dedicated digital audio processor, you can also build one, perhaps using some techniques to reduce lag.
youtube.com/embed/MlPtfeSyyak?…
Aggiornamento Critico per Google Chrome: Patch per varie Vulnerabilità
Un aggiornamento critico di sicurezza è stato rilasciato da Google Chrome, il quale risolve sei vulnerabilità di sicurezza che potrebbero essere sfruttate per eseguire codice arbitrario sui sistemi coinvolti. È stato quindi distribuito un aggiornamento di sicurezza in emergenza.
L’aggiornamento alla versione stabile 139.0.7258.127/.128 per Windows e Mac e 139.0.7258.127 per Linux contiene patch per diverse falle di sicurezza di elevata gravità che pongono rischi significativi per i dati degli utenti e l’integrità del sistema.
L’aggiornamento di sicurezza prende di mira tre vulnerabilità di elevata gravità che potrebbero causare l’esecuzione di codice arbitrario. Il CVE-2025-8879 rappresenta una vulnerabilità di heap buffer overflow nella libreria libaom, che gestisce le operazioni di codifica e decodifica video.
Questo tipo di vulnerabilità consente agli aggressori di scrivere dati oltre i limiti di memoria allocati, sovrascrivendo potenzialmente informazioni critiche del sistema. Invece il CVE-2025-8880 risolve una condizione di competizione nel motore JavaScript V8 di Google, segnalata dal ricercatore di sicurezza Seunghyun Lee.
Le condizioni di competizione si verificano quando più processi tentano di accedere simultaneamente a risorse condivise, creando un comportamento imprevedibile che gli aggressori possono sfruttare.
La terza falla di gravità elevata, CVE-2025-8901, riguarda una vulnerabilità di scrittura fuori dai limiti in ANGLE (Almost Native Graphics Layer Engine), che traduce le chiamate API OpenGL ES in API supportate dall’hardware.
Il team di sicurezza di Chrome ha utilizzato diverse metodologie di rilevamento avanzate per identificare queste vulnerabilità, tra cui AddressSanitizer per rilevare bug di danneggiamento della memoria, MemorySanitizer per letture di memoria non inizializzate e UndefinedBehaviorSanitizer per rilevare comportamenti indefiniti nel codice C/C++.
L’aggiornamento incorpora anche i meccanismi di integrità del flusso di controllo e i risultati dei framework di test libFuzzer e AFL (American Fuzzy Lop).
L'articolo Aggiornamento Critico per Google Chrome: Patch per varie Vulnerabilità proviene da il blog della sicurezza informatica.
Verso un ferragosto col botto! 36 RCE per il Microsoft Patch Tuesday di Agosto
Agosto Patch Tuesday: Microsoft rilascia aggiornamenti sicurezza che fixano 107 vulnerabilità nei prodotti del suo ecosistema. L’aggiornamento include correzioni per 90 vulnerabilità, classificate come segue: 13 sono critiche, 76 sono importanti, una è moderata e una è bassa.
In particolare, nessuna di queste vulnerabilità è elencata come vulnerabilità zero-day attivamente sfruttata, il che offre un certo sollievo agli amministratori IT. Le vulnerabilità rientrano in diverse categorie, tra cui Esecuzione di codice remoto (RCE), Elevazione dei privilegi (EoP), Divulgazione di informazioni, Spoofing, Denial of Service (DoS) e Manomissione.
Il 12 agosto 2025, Microsoft ha rilasciato i suoi aggiornamenti di sicurezza mensili Patch Tuesday, risolvendo un numero significativo di vulnerabilità nel suo ecosistema di prodotti.
Le vulnerabilità di esecuzione di codice remoto dominano il Patch Tuesday di questo mese, con 36 vulnerabilità corrette, 10 delle quali classificate come Critiche. Queste falle potrebbero consentire agli aggressori di eseguire codice arbitrario, compromettendo potenzialmente interi sistemi.
Le principali vulnerabilità di esecuzione di codice remoto includono:
- DirectX Graphics Kernel (CVE-2025-50176 , critico) : un difetto di type confusion nel Graphics Kernel consente l’esecuzione di codice locale da parte di un aggressore autorizzato.
- Microsoft Office ( CVE-2025-53731 , CVE-2025-53740 , Critico) : molteplici vulnerabilità di tipo use-after-free in Microsoft Office consentono ad aggressori non autorizzati di eseguire codice localmente.
- Componente grafico di Windows ( CVE-2025-50165 , critico) : un dereferenziamento di puntatore non attendibile nel componente grafico di Microsoft consente ad aggressori non autorizzati di eseguire codice su una rete.
- Microsoft Word ( CVE-2025-53733 , CVE-2025-53784 , Critico) : difetti in Microsoft Word, tra cui la conversione errata del tipo numerico e problemi di tipo use-after-free, consentono l’esecuzione di codice locale.
- Windows Hyper-V (CVE-2025-48807, Critico) : una restrizione impropria dei canali di comunicazione in Hyper-V consente l’esecuzione di codice locale.
- Microsoft Message Queuing (MSMQ) (CVE-2025-50177, Critico; CVE-2025-53143, CVE-2025-53144, CVE-2025-53145, Importante) : diverse vulnerabilità, tra cui difetti di tipo use-after-free e di confusione dei tipi, interessano MSMQ, consentendo l’esecuzione di codice basato sulla rete.
- GDI+ ( CVE-2025-53766 , Critico) : un heap buffer overflow in Windows GDI+ consente l’esecuzione di codice basato sulla rete.
- Servizio Routing e Accesso Remoto di Windows (RRAS) (CVE-2025-49757, CVE-2025-50160, CVE-2025-50162, CVE-2025-50163, CVE-2025-50164, CVE-2025-53720, Importante) : heap buffer overflow basati su heap in RRAS consentono l’esecuzione di codice basato sulla rete.
- Microsoft Excel (CVE-2025-53741, CVE-2025-53759, CVE-2025-53737, CVE-2025-53739, Importante) : heap buffer overflow e i problemi di tipo use-after-free in Excel consentono l’esecuzione di codice locale.
L'articolo Verso un ferragosto col botto! 36 RCE per il Microsoft Patch Tuesday di Agosto proviene da il blog della sicurezza informatica.
Leone XIV: udienza, “quando vede il male Dio non si vendica, si addolora, e continua a spezzare il pane anche con chi lo tradirà” - AgenSIR
“Noi siamo abituati a giudicare. Dio, invece, accetta di soffrire. Quando vede il male, non si vendica, ma si addolora”.Giovanna Pasqualin Traversa (AgenSIR)
L’informazione, il genocidio e una pessima Rai
@Giornalismo e disordine informativo
articolo21.org/2025/08/gaza-ge…
La mattanza del popolo palestinese è senza dubbio un genocidio ed è risibile il tentativo di edulcorare le parole. È amaro dirlo, ma le cose vanno chiamate con il loro nome. E una componente dell’orribile mattanza è il killeraggio seriale di giornaliste e
Perché OpenAI ha dovuto risuscitare il suo vecchio modello Gpt-4o?
L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
A volte il vecchio è meglio del nuovo. O almeno, sembrerebbe così nel caso dell'ultimo modello di OpenAI. Dopo nemmeno 24 ore dal lancio di Gpt-5 gli utenti hanno rivoluto indietro il suo predecessore
freezonemagazine.com/articoli/…
È difficile racchiudere in una definizione sintetica una figura di alto livello e versatile come quella di Ivan Pozzoni, ma bisogna comunque partire da un punto inequivocabile: siamo di fronte ad un grande poeta e soprattutto uno dei più originali, innovativi, degli anni 2000 della poesia italiana, versante sul quale la nostra poesia contemporanea, non […]
L'articolo Ivan Pozzoni.
LA CINA HA CREATO IL PRIMO REATTORE NUCLEARE AL MONDO CHE NON PUÒ FONDERSI… DAVVERO?
@Informatica (Italy e non Italy 😁)
La notizia non ha avuto molta eco, però merita un approfondimento: “La Cina ha testato con successo un reattore nucleare rivoluzionario..
L'articolo LA CINA HA CREATO IL PRIMO REATTORE NUCLEARE AL MONDO CHE NON PUÒ FONDERSI… DAVVERO?
Carlo Bencini =/\= reshared this.
Dopo più di 30 anni Aol disconnette la connessione Internet dial-up
L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
Protagonista indiscusso dell'era di Internet 1.0, Aol ha scontato diversi errori strategici ed è stato zavorrato dall'evidente incapacità di innovare, finendo presto relegata ai margini della Rete.
Difesa, la capacità produttiva europea è triplicata rispetto al 2021
@Notizie dall'Italia e dal mondo
L’industria della difesa europea sta attraversando la più ampia fase di espansione dalla fine della Guerra fredda. Secondo un report del Financial Times, i cantieri legati alla produzione di armamenti si moltiplicano a un ritmo tre volte superiore rispetto ai tempi pre-invasione dell’Ucraina, con oltre
Vulnerabilità RCE critica in Microsoft Teams: aggiornamento urgente necessario
Nell’ambito degli aggiornamenti di sicurezza di agosto 2025 del tipo Patch Tuesday, è stata aggiornata una vulnerabilità critica di Remote Code Execution (RCE) nel software di collaborazione Teams prodotto da Microsoft.
La falla critica, monitorata come CVE-2025-53783, potrebbe consentire a un aggressore non autorizzato di leggere, scrivere e persino eliminare messaggi e dati degli utenti eseguendo codice su una rete. Un aggressore potrebbe sfruttare questa falla per sovrascrivere dati critici o eseguire codice dannoso nel contesto dell’applicazione Teams.
Microsoft sostiene che un exploit funzionante per questo bug potrebbe comportare conseguenze significative per la segretezza, l’integrità e l’accessibilità dei dati di un utente, consentendo all’attaccante di acquisire i diritti di lettura, scrittura e cancellazione dei dati.
La vulnerabilità è un heap buffer overflow, un tipo di debolezza di corruzione della memoria in cui un’applicazione può essere costretta a memorizzare dati oltre lo spazio di memoria allocato.
L’azienda sottolinea che lo sfruttamento di questa falla presenta un elevato grado di complessità (AC: H), che richiede all’aggressore di raccogliere informazioni specifiche sull’ambiente di destinazione.
Inoltre, per un attacco riuscito è necessaria l’interazione dell’utente, il che significa che il bersaglio dovrebbe probabilmente cliccare su un collegamento dannoso o aprire un file creato appositamente.
All’atto della dichiarazione, la falla di sicurezza non era stata resa pubblica né sfruttata in modo attivo. Secondo la stima di Microsoft sulla possibilità di sfruttamento, quest’ultimo è considerato “Meno plausibile”.
L’azienda ha già rilasciato una correzione ufficiale e invita utenti e amministratori ad applicare gli ultimi aggiornamenti di sicurezza per mitigare il rischio.
Questa vulnerabilità di Teams è stata una delle 107 falle risolte nella versione Patch Tuesday di questo mese , che includeva anche una correzione per una vulnerabilità zero-day divulgata pubblicamente in Windows Kerberos.
L'articolo Vulnerabilità RCE critica in Microsoft Teams: aggiornamento urgente necessario proviene da il blog della sicurezza informatica.
Guerra d’Ucraina, come si è arrivati al bilaterale Trump-Putin dopo tre anni di conflitto
@Notizie dall'Italia e dal mondo
Il prossimo 15 agosto, Donald Trump e Vladimir Putin si incontreranno in Alaska per “discutere della fine della guerra in Ucraina”. Sarà il primo incontro tra gli inquilini di Cremlino e Casa Bianca dall’inizio dell’invasione russa di quasi
Today is the day to stop killing games!
We would like to share the amazing news that the European Citizen initiative created by the Stop killing games community has reached the required threshold of 1 million signatures across Europe! And you can still add your signature until the end of the month!
At the European Pirate Party, defending digital rights is at the heart of our mission. We believe that when people purchase a videogame, they should be guaranteed the right to use it – not left at the mercy of arbitrary shutdowns by publishers. Consumers should not be treated as renters of entertainment they’ve paid for. That’s why we decided to endorse the Initiative after it launched.
As we noted before, this campaign calls for clear legal obligations: once a game is sold, it must remain in a playable state, even if the publisher steps away. No one should wake up to find their purchased game disabled by a remote switch. We find this unacceptable. We’re encouraged by the grassroots energy behind this effort. From independent developers to influential streamers like Ross Scott, who spearheaded the push, to public figures like PewDiePie, who has previously expressed support for Pirate Party values – this is a powerful coalition of gamers, creators, and digital freedom advocates.
While it seemed unclear for months if the initiative would gather enough signatures before the deadline, it suddenly gathered a huge wave of support in the last week, and today it reached the target of 1 million signatures! At this point it is clear that the European Union will have to address the initiative, and the more signatures we get above the required threshold the bigger the chance that they will decide to actually address the problem with games being killed by the publishers. You can easily see the current numbers of signatures with this tracker.
Let’s further ensure that the voices of European gamers and citizens are heard loud and clear in Brussels! Let’s protect digital ownership! Let’s defend access! Let’s stop the silent destruction of the digital heritage!
Sign the European citizens inititative here: https://eci.ec.europa.eu/045/public/#/screen/home
If you are a UK citizen there’s a separate petition there: https://petition.parliament.uk/petitions/702074/
If you want to join the Stop killing games community for the end stretch of the campaign, they have a lovely discord server that you can check out.
Endorsed! Timothy Grady for Ohio!
During last Sunday’s Pirate National Committee meeting, members voted to endorse the campaign of Timothy Grady, independent candidate for Governor of Ohio in his 2026 gubernatorial race.
Having joined out meeting, which you can catch the recap of here, Mr. Grady gave us his best pitch for not only why we should endorse his campaign, but also an opportunity for Ohio voters to hear from the independent candidate.
After a long meeting and opportunity to ask questions, the decision was unanimous: the US Pirate Party will support the Grady campaign!
You can see the official announcement from Timothy Grady’s page here.
It should be noted that Tim Grady is not running as a proxy of the Ohio Pirate Party (which is active but unofficial), nor is the Grady campaign strictly a Pirate campaign. The United States Pirate Party values honest campaigns, person-first agendas and anyone who fights for free and open.
The 2026 election cycle will feature explicitly Pirate candidates, running as independents, DINOS/RINOS and explicitly as Pirates. While Timothy Grady is not one of those Pirate candidates, we are happy to throw our support towards a candidate who shares our values.
Ohio, you have a chance to say “Enough is enough”.
Timothy Grady, Victory is Arrrs
Qualcosa di strano galleggia nei nostri oceani da anni e gli scienziati hanno finalmente capito di cosa si tratta
Gli scienziati hanno scoperto 27 milioni di tonnellate di materiale invisibile nell'Atlantico, il che suggerisce danni profondi e potenzialmente irrevLee Bell (Meteored Italia)
As Britain experiences one of its worst droughts in decades, its leaders suggest people get rid of old data to reduce stress on data centers.#News #UK
UK Asks People to Delete Emails In Order to Save Water During Drought
It’s a brutally hot August across the world, but especially in Europe where high temperatures have caused wildfires and droughts. In the UK, the water shortage is so bad that the government is urging citizens to help save water by deleting old emails. It really helps lighten the load on water hungry datacenters, you see.The suggestion came in a press release posted on the British government’s website Tuesday after a meeting of its National Drought Group. The release gave an update on the status of the drought, which is bad. The Wye and Ely Ouse rivers are at their lowest ever recorded height and “five areas are officially in drought, with six more experiencing prolonged dry weather following the driest six months to July since 1976,” according to the release. It also listed a few tips to help people save on water.
playlist.megaphone.fm?p=TBIEA2…
The tips included installing a rain butt to collect rainwater for gardening, fixing leaks the moment they happen, taking shorter showers, and getting rid of old data. “Delete old emails and pictures as data centres require vast amounts of water to cool their systems,” the press release suggested.Datacenters suck up an incredible amount of water to keep their delicate equipment cool. The hotter it is, the more water it uses and a heatwave spikes the costs of doing business. But old emails lingering in cloud servers are a drop in the bucket for a data center compared to processing generative AI requests.
A U.S. A Government Accountability Office report from earlier this year estimated that 60 queries of an AI system consumed about a liter of water, or roughly 1.67 Olympic sized swimming pools for the 250,000,000 queries generated in the U.S. every day. The World Economic Forum has estimated that AI datacenters will consume up to 1.7 trillion gallons of water every year by 2027. OpenAI CEO Sam Altman has disputed these estimates, saying that an average ChatGPT query uses “roughly one fifteenth of a teaspoon” of water.
Downing Street announced plans in January to “turbocharge AI” in the U.K. The plan includes billions of pounds earmarked for the construction of massive water-hungry datacenters, including a series of centers in Wales that will cost about $16 billion. The announcement about the AI push said it will create tens of thousands of jobs. It doesn’t say anything about where the water will come from.
In America, people are learning that living next to these massive AI data centers is a nightmare that can destroy their air and water quality. People who live next to massive Meta-owned datacenters in Georgia have complained of a lack of water pressure and diminished quality since the data centers moved in. In Colorado, local government and activists are fighting tech companies attempting to build massive data centers in a state that struggled with drought before the water-hungry machines moved in.
Like so many other systemic issues linked to climate change and how people live in the 21st century, small-scale personal solutions like “delete your old emails” won’t solve the problem. The individual water bill for a person’s old photos is nothing compared to the gallons of water required by large corporate clients running massive computers.
“We are grateful to the public for following the restrictions, where in place, to conserve water in these dry conditions,” Helen Wakeham, the UK Environment Agency’s Director of Water, said in the press release. “Simple, everyday choices—such as turning off a tap or deleting old emails—also really helps the collective effort to reduce demand and help preserve the health of our rivers and wildlife.”
Representatives from the UK Government did not immediately return 404 Media’s request for comment.
Could data center boom threaten Colorado's water supply and climate goals?
Two metro Denver construction sites offer a glimpse into the power and water needs of the growing data center industry as it tries to provide capacity for artificial intelligence and our online liv…Elise Schmelzer (The Denver Post)
8/19: Oppose Police Social Media Surveillance
Boston Police (BPD) continue their efforts rollout more surveillance tools. This time on social media.
On August 19th, the Boston Public Safety Committee will hold a hearing on the Boston 2024 Surveillance Technology Report including police usage of three new tools to monitor social media posts. Any tool BPD uses will feed into the Boston Regional Information Center (BRIC) and Federal agencies such as ICE, CBP and the FBI.
If you want to tell the Boston Public Safety committee to oppose this expansion of surveillance, please show up on the 19th virtually. Details are posted, but to sign up to speak, email ccc.ps@boston.gov and they will send you a video conference link. We especially encourage Boston Pirates to attend and speak against this proposal. The Docket # is 1357.
A DEA agent used a local cop's password "for federal investigations in late January 2025 without [the cop's] knowledge of said use."
A DEA agent used a local copx27;s password "for federal investigations in late January 2025 without [the copx27;s] knowledge of said use."#Flock
Feds Used Local Cop's Password to Do Immigration Surveillance With Flock Cameras
A Drug Enforcement Administration agent used a local police officer’s password to the Flock automated license plate reader system to search for someone suspected of an “immigration violation.” That DEA agent did this “without [the local police officer’s] knowledge,” and the password to the Flock account, which belonged to the Palos Heights PD, has since been changed. Using license plate readers for immigration enforcement is illegal in Illinois, and casual password sharing between local police and federal law enforcement for access to surveillance systems is, at the very least, against Flock’s terms of service.The details of the search were first reported by the investigative news outlet Unraveled, which obtained group chats about the search using a public records request. More details about the search were obtained and shared with 404 Media by Shawn, a 404 Media reader who filed a public records request with Palos Heights after attending one of our FOIA Forums.
DEA agent used Illinois cop’s Flock license plate reader password for immigration enforcement searches
A federal Drug Enforcement Administration agent on a Chicago area task force used Palos Heights Detective Todd Hutchinson’s login credentials to perform unauthorized searches this past January. Group chat screenshots obtained via public records request show the detective and the feds discussing the incident.Unraveled Press
Flock makes automated license plate reader (ALPR) cameras, which passively collect the time, plates, and model of cars that drive past them and enter them into a network that can then be searched by police. Our investigation in May showed that federal agents were gaining side-door access into this system by asking local police to perform immigration enforcement searches for them; the new documents show that in some cases, local police have simply given federal agents their passwords.The documents obtained by Unraveled show details of an internal investigation done by the Palos Heights, Illinois police department in response to a series of questions that I asked them for an article we published in May that appeared to show a Todd Hutchinson, a police officer in Palos Heights, performing a series of Flock searches in January as part of their research into an “immigration violation.”
At the time, Palos Heights police chief Mike Yott told me that Hutchinson was a member of a DEA task force “that does not work immigration cases.”
“None of our officers that work with federal agencies have cross designation as immigration officers, and therefore have no immigration authority, and we and our partner agencies are very sensitive to the fact that we and the State of Illinois do not pursue immigration issues,” Yott said. “Based on the limited information on the report, the coding/wording may be poor and the use of Flock may be part of a narcotics investigation or a fugitive status warrant, which does on occasion involve people with various immigration statuses.”
Our reporting set off an internal investigation into what these searches were for, and who did them, according to the documents obtained by Unraveled. According to a July 9 investigation report written by the Palos Heights Police Department, Hutchinson was the only task force member who had access to Flock. Information about what the search was actually for is redacted in the internal investigation, and neither the Palos Heights Police Department nor the DEA has said what it was for.
“Hutchinson advised that it was common that he allowed others to use his login to Flock during the course of their drug investigations. TFO Hutchinson spoke to his group and learned that one of the DEA agents completed these searches and used his login information,” the report says. The DEA agent (whose name is redacted in the report) “did in fact use Hutchinson’s login for federal investigations in late January 2025 without Hutchinson’s knowledge of said use.”
“When I had shared my account with the Special Agent, I believed it would only be used for DEA/narcotics related investigations,” Hutchinson wrote in an email to his bosses explaining why he shared his password. Hutchinson said in a series of text messages to task force officers, which were also obtained by Unraveled, that he had to change the password to lock other members of the task force out of the system.
“What’s the new password?,” a task force member wrote to Hutchinson.
“Sorry man. Keys had to be taken away,” he responded.
The task force member replied with a gif of a sad Chandler Bing from friends sitting in the rain.
“Hey guys I no longer have access to Flock cause Hutch took my access away,” another group text reads. “Apparently someone who has access to his account may have been running plates and may have placed the search bar ‘immigration’.. which maybe have brought undue attention to his account. Effective immediately Defer all flock inquiries to Toss Hutchinstein[sic].”“Dear Todd, I hope you don’t get in trouble cause of my mistake,” the DEA agent joked in the group chat. “U were so helpful in giving the group access but now that is gone, gone like dust,…..in the wind … Trust is broken / I don’t know if bridges can be mended … one day we might be back to normal but until then I will just have to sit by this window and pray things will return … Best Regards. Ps, can u flock a plate for me”
“Only time will tell my fate, I suppose,” Hutchinson responded. “What’s the plate? And confirming it is NOT for immigration purposes…”
“It was a test …… and u passed ….,” the DEA agent responds.
In response to a separate public records request filed by Shawn, the 404 Media reader, and shared with us, the Palos Heights Police Department said “Our investigation into this matter has revealed that while these inquiries appear to have been run as part of a taskforce assignment, no member of the Palos Heights Police Department ‘ran’ those queries. They were, apparently, run by another, non-Palos Heights, task force member who used a Palos Height's member's sign in and password information without his knowledge.”The Palos Heights Police Department said in its investigation files that “this incident has brought to light the need to review our own protocols of LPR use.” The police department said that it had decided to limit searches of its Flock system only to agencies within the state of Illinois, rather than to police departments around the country. The department also turned on two-factor authentication, which had not been previously enabled.
“Lastly, I believe there is a need to start a monthly review of our own flock searches to ensure our officers are working within standards and compliant with all policies and laws,” the report says.
Palos Heights’ casual sharing of passwords to a powerful surveillance system is a violation of Flock’s terms of service, which states “Authorized End Users shall not share their account username or password information and must protect the security of the username and password.”
More concerningly, it shows, as we have been reporting, that there are very few practical guardrails on how Flock is being used. The DEA does not have a contract with Flock, and police generally do not obtain a warrant to use Flock. We have repeatedly reported on police officers around the country who have offered to either run plates for their colleagues or to give them access to their logins, even when those agencies have not gone through proper acquisition channels.
The Palos Heights police department did not respond to a request for comment from 404 Media. The DEA told 404 Media “we respectfully refer you to the Palos Heights Police Department.” Flock also did not respond to a request for comment. The House Oversight Committee announced last week that it had launched an investigation into how Flock is being used to search for immigration violations.
ICE Taps into Nationwide AI-Enabled Camera Network, Data Shows
Flock's automatic license plate reader (ALPR) cameras are in more than 5,000 communities around the U.S. Local police are doing lookups in the nationwide system for ICE.Jason Koebler (404 Media)
Come celebrate with us and catch a LIVE recording of the 404 Media podcast.#party
You're Invited: 404 Media's Second Anniversary Party and LIVE PODCAST!
We've survived and thrived for two years and are ready to celebrate with you, the ones who made it possible!Come have a cocktail or locally-brewed beer on us at vertical farm and brew lab farm.one. We'll also record a live podcast with the whole 404 crew, for the first time in person together since... well, two years ago!
Doors open at 6, programming begins at 6:45, good hangs to continue after. Open bar (tip your bartenders), and pizza will be available for purchase on-site if you're hungry.
Free admission for 404 Media subscribers at the supporter level. Sign up or check your subscription here. Once you're a supporter, scroll to the bottom of this post for the code to enter at checkout on the Luma page. Or buy tix for yourself or a friend to make sure you have a spot on the list.
We'll also have some merch on hand that'll be discounted for IRL purchases.
If getting into the coolest party of the summer isn't enticing enough, you'll be supporting the impact of our journalism, which so far this year has included:
- Nvidia was sued after we revealed the company scraped YouTube and other sites en masse to build its own AI systems.
- GeoSpy, an AI tool that let anyone geolocate photos in seconds and whose users could include stalkers, dramatically restricted access after 404 Media published an investigation into it.
- Congress repeatedly grilled Apple and Meta over their association with nonconsensual nudify and deepfake apps after we exposed the connections.
- A public library ebook service said it was going to cull AI slop after we found low quality books were flooding libraries.
- Congress just launched an investigation into automatic license plate reader company Flock; After 404 Media’s investigations this year, Flock removed a number of states from its national lookup tool. In July, Senator Ron Wyden of Oregon announced an agreement by Flock to block any out-of-state police searches related to abortion or immigration.
Our earlier work has shut down surveillance companies and triggered hundreds of millions of dollars worth of fines too. Our paying subscribers are the engine that powers this impactful journalism. Every subscription, monthly or annual, makes a real difference and makes it possible to do our work.
Thank you to our friends at DeleteMe for making this celebration possible.
Fine print: Tickets are required for entry, including for subscribers. 21+ only. Seating for the podcast is open but limited and includes standing room; a ticket doesn't guarantee a seat but let staff onsite know if you require one. Photos will be taken at the event. Venue reserves the right to refuse entry. Good vibes only, see you soon!
Code for subscribers is below the images.
Scenes from our panel at SXSW 2025, our DIY hackerspace party in LA on July 30, and our first anniversary party last year.
Upgrade to continue reading
Become a paid member to get access to all premium content
Upgrade
Bravo Donald: sono gli americani a pagare l'86% dei rincari innescati dai dazi
Secondo un rapporto di Goldman Sachs gli esportatori stranieri hanno sopportato solo il 14% degli aumenti innescati dalle tariffe americane. Il resto le impres…Claudio Paudice (HuffPost Italia)
reshared this
A Gaza il “giornalisticidio” prosegue indisturbato
@Giornalismo e disordine informativo
articolo21.org/2025/08/a-gaza-…
Prosegue a Gaza il giornalisticidio, parte del genocidio in atto a Gaza. Sono ormai oltre 230 i cronisti assassinati, compresi i sei eliminati ieri. Contro di loro ê ripartita l’ennesima campagna “erano solo
Lezioni di conversazione in italiano
Uso spesso podcast e video di persone di madrelingua inglese per migliorare la conoscenza della lingua.
Mi piacerebbe restituire il favore.
Ho pensato che magari da qualche parte sul pianeta c'è qualcuno che studia italiano a cui potrebbe fare altrettanto comodo avere uno sparring partner, quindi non podcast e video ma vere conversazioni on-line (gratuite).
Non so da che parte partire per far arrivare la notizia a chi potrebbe essere interessato, voi come fareste?
like this
reshared this
«Non c’è nessun caro ombrellone»
ci vuole coraggio a definire i prezzi in italia non esosi e non un'emergenza... pazzesca la ghigna che ha la gente. fosse per me renderei obbligatoria una spiaggia libera accanto a ogni stabilimento a pagamento.
Public consultation on ”retention of data by service providers for criminal proceedings”. Answering guide for civil society organisations and individuals.
The European Commission has launched a public consultation to gather your views about the impact of data retention rules in view of adoption of legislative and non-legislative measures at EU level. Here's EDRi's guide on how to answer the tricky consultation.
The post Public consultation on ”retention of data by service providers for criminal proceedings”. Answering guide for civil society organisations and individuals. appeared first on European Digital Rights (EDRi).
L’Italia investe nelle startup tecnologiche israeliane
@Notizie dall'Italia e dal mondo
La Cassa Depositi e Prestiti destina decine di milioni di euro a imprese israeliane di intelligenza artificiale e calcolo quantistico. L’obiettivo è attrarre in Italia competenze e innovazione, dimenticando la distruzione di Gaza
L'articolo L’Italia investe nelle startup tecnologiche israeliane
Le fatiche di Eva: la strada ancora lunga verso la parità
@Giornalismo e disordine informativo
articolo21.org/2025/08/le-fati…
Unendo esperienza personale e dati di accreditati studi nazionali e internazionali, Paola Mascaro, manager e già presidente di Valore D, propone una lettura sul difficile cammino verso una parità di
Se il capitalismo perde il suo «spirito»*
@Giornalismo e disordine informativo
articolo21.org/2025/08/se-il-c…
Da qualche tempo quotidiani e libri si soffermano, più o meno approfonditamente, sul tema della transizione globale in atto. Si riflette sulla inusitata fase di “riproduzione del sistema” che sta avvolgendo il pianeta, con l’unica costante, rispetto al
CDN, la mossa Agcom riaccende lo spettro del fair share?
L'articolo proviene da #StartMag e viene ricondiviso sulla comunità Lemmy @Informatica (Italy e non Italy 😁)
L’Autorità sulle CDN ribadisce che non introdurrà network fee né interverrà sul mercato dell’interconnessione. Il quadro giuridico startmag.it/innovazione/cdn-la…
Arrestato in Colombia il narcotrafficante Federico Starnone, anche grazie alla rete anti-'Ndrangheta I-CAN di Interpol
Si tratta di un latitante 44enne, ricercato dalle autorità italiane per i reati di associazione a delinquere finalizzata al traffico internazionale di sostanze stupefacenti con le aggravanti connesse a due distinti tentativi di importazione di ingenti quantitativi di cocaina dal Sudamerica.
E' ritenuto legato alla 'Ndrangheta. E' stato catturato in un appartamento nel quartiere residenziale di Cali.
A carico di Starnone è stata già emessa una sentenza di condanna a 5 anni e mezzo per reati di droga. L'uomo è stato catturato dalla polizia colombiana mentre si trovava in un appartamento nel quartiere residenziale nel capoluogo del dipartimento Valle del Cauca.
Essenziale l'apporto del progetto INTERPOL Cooperation Against ‘Ndrangheta (I-CAN).
Si tratta di un'iniziativa lanciata dall'Italia e dall'INTERPOL nel gennaio 2020 per contrastare la minaccia globale rappresentata dalla ‘Ndrangheta, come noto un'organizzazione criminale transnazionale altamente organizzata e potente.
Finanziato dal Dipartimento della Pubblica Sicurezza italiano, il progetto mira a rafforzare la cooperazione internazionale tra forze di polizia sfruttando le capacità dell'INTERPOL di condividere intelligence, competenze e best practice, trasformando così le informazioni in arresti e smantellando le reti criminali.
Avviato a Reggio Calabria l'obiettivo principale del progetto è stato - da subito - quello di istituire un sistema globale di allerta precoce contro questo "nemico invisibile". I-CAN opera attraverso una rete di paesi pilota, che inizialmente includevano Australia, Argentina, Brasile, Canada, Colombia, Francia, Germania, Italia, Svizzera, Stati Uniti e Uruguay, che si è espanso a 13, tra cui Austria, Belgio e Spagna.
Il progetto facilita operazioni coordinate transfrontaliere, come dimostrato dall'operazione globale del 2020 che ha portato all'arresto di sei latitanti legati alla 'Ndrangheta in Albania, Argentina e Costa Rica, con conseguente sequestro di 400 kg di cocaina e smantellamento del clan Bellocco. Le operazioni successive hanno continuato a dare risultati, tra cui l'arresto nel 2023 di un latitante di 16 anni, Edgardo Greco, in Francia, con il supporto di I-CAN.
Il progetto si è evoluto oltre la sua fase iniziale, con iniziative in corso tra cui la Conferenza I-CAN del 2022 a Roma, che ha riunito le forze dell'ordine di 14 paesi per definire una strategia unitaria contro la 'Ndrangheta, oggi considerata un'entità criminale "silenziosa e pervasiva" che si infiltra nelle economie legittime attraverso la corruzione e il riciclaggio di denaro.
Il successo del progetto si basa su una combinazione di condivisione di intelligence, coordinamento internazionale e utilizzo di strumenti analitici avanzati per esplorare dati provenienti da diverse fonti, consentendo indagini transnazionali. Il suo quadro continua a sostenere gli sforzi in corso, tra cui il progetto I-FORCE, incentrato sulla cooperazione regionale nell'Europa orientale e sudorientale.
#ndrangheta #ican #interpol #iforce
reshared this
alephoto85
in reply to Max 🇪🇺🇮🇹 • • •ricordo app, forse "Hello Talk" e "Tandem", che potrebbero essere utili in questo caso ma non mi viene in mente nessuna alternativa open.
Se invece ti va bene anche offline, al mio circolo arci di fiducia, organizzano lezioni di italiano per stranierз, giusto per fare un esempio.
Magari prova a vedere se nella tua zona ci sono progetti simili. Credo ci sia sempre bisogno di volontarз.
Max 🇪🇺🇮🇹
in reply to alephoto85 • •@alephoto85
Sì in effetti è una buona idea, non ci avevo pensato. Grazie.
Anche se a me piacerebbe di più farlo con gente che sta dall'altra parte del mondo, così potrei approfittarne per farmi raccontare qualcosa di come vivono laggiù 😀
alephoto85
in reply to Max 🇪🇺🇮🇹 • • •capisco! Ci sta effettivamente! Sono sicuro però che anche chi arriva qui da lontano avrà qualcosa da raccontare in merito.
Se trovo altre cose online ti scrivo ma adesso mi vengono in mente solo quelle 😅