Online-education company Chegg said it is conducting a business review and exploring alternatives such as selling the company or taking it private as it continues to lose subscribers to artificial-intelligence-enabled rivals. From a report: Chegg and other virtual-learning companies have ceded ground to generative-AI companies such as ChatGPT, which provides free alternatives to the homework help that Chegg charges $19.95 for to its subscribers. Although Chegg built its own AI products, the company has faced scores of canceled subscriptions. The business review comes as the company swung to a loss in the fourth quarter, with revenue falling 24%, and guided for lower-than-expected revenue for the first quarter. In November, Chegg said it would cut its workforce by an additional 21%. Chegg's shares have fallen 99% since its peak in 2021.

All 50 U.S. states have now introduced some form of right to repair legislation, marking a significant milestone that "shows the power of the grassroots political movement," reports 404 Media. From the report: Thursday, Wisconsin became the final state in the country to introduce a right to repair bill. So far, right to repair laws have been passed in Massachusetts, New York, Minnesota, Colorado, California, and Oregon. Another 20 states are formally considering right to repair bills during this current legislative session. The rest have previously introduced bills that have not passed; so far we have seen that many states take several years to move a given right to repair bill through the legislative process. iFixit's Kyle Wiens said covering the entire map is a "tipping point" for the movement: "We've gone from a handful of passionate advocates to a nationwide call for repair autonomy. People are fed up with disposable products and locked-down devices. Repair is the future, and this moment proves it."

An anonymous reader quotes a report from TorrentFreak: In France, rightsholders have taken legal action to compel large VPN providers to support their pirate site blocking program. The aim is to reinforce existing blocking measures, but VPN providers see this as a dangerous move, leading to potential security issues and overblocking. As a result, some are considering leaving France altogether if push comes to shove. [...] Earlier this month, sports rightsholders Canal+ and LFP requested blocking injunctions that would require popular VPNs to start blocking pirate sites and services. The full requests are not public, but the details available show that Cyberghost, ExpressVPN, NordVPN, ProtonVPN, and Surfshark are listed as respondents. [...]

The blocking request has yet to be approved and several of the targeted VPN providers have reserved detailed commentary, for now. That said, the VPN Trust Initiative (VTI), which includes ExpressVPN, NordVPN and Surfshark as members, has been vocal in its opposition. VTI is part of the i2Coalition and while it doesn't speak directly for any of the members, the coalition's Executive Director Christian Dawson has been in regular discussions with VPN providers. From this, it became clear that VPN providers face difficult decisions. If VPN providers are ordered to block pirate sites, some are considering whether to follow in the footsteps of Cisco, which discontinued its OpenDNS service in the country, to avoid meddling with its DNS resolver.

Speaking with TorrentFreak, VTI's Dawson says that VPNs have previously left markets like India and Pakistan in response to restrictive requirements. This typically happens when privacy or security principles are at risk, or if the technical implementation of blocking measures is infeasible. VTI does not rule out that some members may choose to exit France for similar reasons, if required to comply with blocking measures. "We've seen this before in markets like India and Pakistan, where regulatory requirements forced some VPN services to withdraw rather than compromise on encryption standards or log-keeping policies," Dawson says. "France's potential move to force VPN providers to block content could put companies in a similar position -- where they either comply with measures that contradict their purpose or leave the market altogether." "This case in France is part of a broader global trend of regulatory overreach, where governments attempt to control encrypted services under the guise of content regulation. We've already seen how China, Russia, Myanmar, and Iran have imposed VPN restrictions as part of broader censorship efforts."

"The best path forward is for policymakers to focus on targeted enforcement measures that don't undermine Internet security or create a precedent for global Internet fragmentation," concludes Dawson. "As seen in other cases, blanket blocking measures do not effectively combat piracy but instead create far-reaching consequences that disrupt the open Internet."

Chegg has filed a lawsuit against Google, accusing the tech giant of using AI-generated overviews to undermine publishers by reducing site traffic and eroding financial incentives for original content. Chegg claims this practice violates antitrust laws and threatens the integrity of the online information ecosystem. Reuters reports: This will eventually lead to a "hollowed-out information ecosystem of little use and unworthy of trust," the company said. The Santa Clara, California-based company has said Google's AI overviews have caused a drop in visitors and subscribers. Chegg was trading at around $1.63 on Monday, down more than 98% from its peak price in 2021.

The company announced it would lay off 21% of its staff in November. Nathan Schultz, CEO of Chegg, said on Monday that Google is profiting off the company's content for free. "Our lawsuit is about more than Chegg -- it's about the digital publishing industry, the future of internet search, and about students losing access to quality, step-by-step learning in favor of low-quality, unverified AI summaries," he said.

Publishers allow Google to crawl their websites to generate search results, which Google monetizes through advertising. In exchange, the publishers receive search traffic to their sites when users click on the results, Chegg said. But Google has started coercing publishers to let it use the information for AI overviews and other features that result in fewer site visitors, the company said. Chegg argued the conduct violates a law against conditioning the sale of one product on the customer selling or giving its supplier another product.

An anonymous reader shared this report from the Telegraph: Workers with an axe to grind against their employer are using AI to bombard businesses with costly and inaccurate lawsuits, experts have warned.

Frustration is growing among employment lawyers who say they are seeing a trend of litigants using AI to help them run their claims, which they say is generating "inconsistent, lengthy, and often incorrect arguments" and causing a spike in legal fees... Ailie Murray, an employment partner at law firm Travers Smith, said AI submissions are produced so rapidly that they are "often excessively lengthy and full of inconsistencies", but employers must then spend vast amounts of money responding to them. She added: "In many cases, the AI-generated output is inaccurate, leading to claimants pleading invalid claims or arguments.

"It is not an option for an employer to simply ignore such submissions. This leads to a cycle of continuous and costly correspondence. Such dynamics could overburden already stretched tribunals with unfounded and poorly pleaded claims."
There's definitely been a "significant increase" in the number of clients using AI, James Hockin, an employment partner at Withers, told the Telegraph. The danger? "There is a risk that we see unrepresented individuals pursuing the wrong claims in the UK employment tribunal off the back of a duff result from an AI tool."

An anonymous reader shared this report from the Washington Post's "Tech Brief": Last fall, reports that Kroger was considering bringing facial recognition technology into its stores sparked outcry from lawmakers and customers. They worried personalized data could be used to charge different prices for different customers based on their shopping habits, financial circumstances or appearance. Kroger, the country's largest supermarket chain, had already been using digital price tags in its stores.

Kroger told lawmakers that it doesn't use facial recognition to help it set prices, a stance the company reiterated to the Tech Brief on Thursday. Still, the uproar helped to spark a push by consumer advocates who warn that the threat of invasive, personalized pricing schemes is real. Now, Democratic lawmakers in several states are working to ban so-called "surveillance pricing" — when businesses charge customers more or less for the same item based on their personal information.
Besides a bill in California, three more bill were introduced this month in Colorado, Georgia, and Illinois that also ban "surveillance wages," which the article defines as employers adjusting wages based on how much data an employee collects. "Both surveillance pricing and surveillance wages really disrupt fundamental ideals of fairness," University of California, Irvine law professor Veena Dubal tells the Washington Post.

Dubal is one of the consumer advocates behind a new report which notes information released last month by America's consumer-protecting FTC that "suggests that surveillance pricing tools are being actively developed and marketed across a range of industries, including consumer-facing businesses like 'grocery stores, apparel retailers, health and beauty retailers, home goods and furnishing stores, convenience stores, building and hardware stores, and general merchandise retailers such as department or discount stores." The consumer advocates (which include the Electronic Privacy Information Center) put it this way.

"Imagine walking into a grocery store and seeing a price for milk that's higher than what the next shopper pays because an algorithm calculated that you're willing to spend more..."

California sued to fine a data-harvesting company, reports the Washington Post, calling it "a rare step to put muscle behind one of the strongest online privacy laws in the United States." Even when states have tried to restrict data brokers, it has been tough to make those laws stick. That has generally been a problem for the 19 states that have passed broad laws to protect personal information, said Matt Schwartz, a policy analyst for Consumer Reports. He said there has been only 15 or so public enforcement actions by regulators overseeing all those laws. Partly because companies aren't held accountable, they're empowered to ignore the privacy standards. "Noncompliance is fairly widespread," Schwartz said. "It's a major problem."

That's why California is unusual with a data broker law that seems to have teeth. To make sure state residents can order all data brokers operating in the state to delete their personal records [with a single request], California is now requiring brokers to register with the state or face a fine of $200 a day. The state's privacy watchdog said Thursday that it filed litigation to force one data broker, National Public Data, to pay $46,000 for failing to comply with that initial phase of the data broker law. NPD declined to comment through an attorney... This first lawsuit for noncompliance, Schwartz said, shows that California is serious about making companies live up to their privacy obligations... "If they can successfully build it and show it works, it will create a blueprint for other states interested in this idea," he said.
Last summer NPD "spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online," according to the blog Krebs on Security, adding that another NPD data broker sharing access to the same consumer records "inadvertently published the passwords to its back-end database in a file that was freely available from its homepage..."

California's attempt to regulate the industry inspired the nonprofit Consumer Reports to create an app called Permission Slip that reveals what data companies collect and, for people in U.S. states, will "work with you to file a request, telling companies to stop selling your personal information."

Other data-protecting options suggested by The Washington Post:

• Use Firefox, Brave or DuckDuckGo, "which can automatically tell websites not to sell or share your data. Those demands from the web browsers are legally binding or will be soon in at least nine states."

• Use Privacy Badger, an EFF browser extension which the EFF says "automatically tells websites not to sell or share your data including where it's required by state law."

WinRAR 7.10 now lets users remove potentially sensitive metadata from downloaded files while preserving core Windows security features. The file compression tool's latest release introduces a "Zone value only" setting that strips download locations and IP addresses from Windows' Mark-of-the-Web security flags during file extraction.

The new privacy control, enabled by default, maintains only the basic security zone identifier that triggers Windows' safety prompts for downloaded files. This change prevents recipients of shared archives from accessing metadata that could reveal where files originated. The update from win.rar GmbH, whose compression software claims 500 million users worldwide, also adds performance improvements through larger memory page support and introduces a dark mode interface.

California is considering officially recognizing Bigfoot as its state cryptid through Assembly Bill 666, introduced last week by North Coast Assemblymember Chris Rogers. "Rogers' district spans Del Norte, Humboldt, Mendocino, Sonoma and Trinity counties, a region known as the epicenter of Bigfoot lore," reports SFGATE. From the report: Assemblyman Rogers' Assembly Bill 666 is still in its early stages. According to the California Legislative Information website, the bill's title has been read aloud in the state Assembly and is now being printed and distributed to committee members for review. If it clears committee, it must then pass the Assembly and Senate before reaching the governor's desk to be signed into law.

[Matt Moneymaker, a longtime Bigfoot researcher and former star of the Animal Planet series 'Finding Bigfoot], is eager to witness history. "If there's going to be a date, an occasion when they're voting on whether or not to make it the official cryptid, I would love to be up there in Sacramento," he said. "I would gladly pay my way to be there when that happens." "Mankind has always had a fascination with monsters, and mythologies from around the world include stories of strange and terrifying creatures," writes Slashdot reader Pickens in a story published in 2008. "Examples include the half-bull, half-human Minotaur of Greek myths, the living clay Golem of Jewish traditions, British elves and Chinese dragons..." What's your favorite monster?

An anonymous reader quotes a report from Ars Technica: Just because Meta admitted to torrenting a dataset of pirated books for AI training purposes, that doesn't necessarily mean that Meta seeded the file after downloading it, the social media company claimed in a court filing (PDF) this week. Evidence instead shows that Meta "took precautions not to 'seed' any downloaded files," Meta's filing said. Seeding refers to sharing a torrented file after the download completes, and because there's allegedly no proof of such "seeding," Meta insisted that authors cannot prove Meta shared the pirated books with anyone during the torrenting process.

[...] Meta ... is hoping to convince the court that torrenting is not in and of itself illegal, but is, rather, a "widely-used protocol to download large files." According to Meta, the decision to download the pirated books dataset from pirate libraries like LibGen and Z-Library was simply a move to access "data from a 'well-known online repository' that was publicly available via torrents." To defend its torrenting, Meta has basically scrubbed the word "pirate" from the characterization of its activity. The company alleges that authors can't claim that Meta gained unauthorized access to their data under CDAFA. Instead, all they can claim is that "Meta allegedly accessed and downloaded datasets that Plaintiffs did not create, containing the text of published books that anyone can read in a public library, from public websites Plaintiffs do not operate or own."

While Meta may claim there's no evidence of seeding, there is some testimony that might be compelling to the court. Previously, a Meta executive in charge of project management, Michael Clark, had testified (PDF) that Meta allegedly modified torrenting settings "so that the smallest amount of seeding possible could occur," which seems to support authors' claims that some seeding occurred. And an internal message (PDF) from Meta researcher Frank Zhang appeared to show that Meta allegedly tried to conceal the seeding by not using Facebook servers while downloading the dataset to "avoid" the "risk" of anyone "tracing back the seeder/downloader" from Facebook servers. Once this information came to light, authors asked the court for a chance to depose Meta executives again, alleging that new facts "contradict prior deposition testimony." "Meta has been 'silent so far on claims about sharing data while 'leeching' (downloading) but told the court it plans to fight the seeding claims at summary judgement," notes Ars.

An anonymous reader quotes a report from TorrentFreak: Altice, parent company of Internet provider Optimum, must disclose the personal details of a hundred alleged music pirates. The request comes from a group of prominent record labels and is part of an ongoing copyright infringement liability lawsuit (PDF). Altice, meanwhile, will receive anti-piracy information, including that related to a letter the RIAA previously sent to BitTorrent Inc., the owner of popular torrent client uTorrent. [...] Details are scarce, but the group will likely consist of subscribers who were repeatedly warned over alleged piracy activity. The music labels could use this information to gather further evidence to support their allegations. For example, subscriber testimony could help to strengthen the argument that the ISP failed to take effective measures against repeat infringers.

There's nothing to suggest that these people will be approached with any claims directly. The names, emails, and addresses of the subscribers are marked as "highly confidential" and can only be viewed by attorneys acting for the music companies. The subscribers will be informed about the forthcoming disclosure of their personal details and any objections will be heard by the court. [...] Subscriber details are just a fraction of the information requested by the parties during discovery. Altice, for example, will also gain access to some non-privileged documents and communications between the music companies and their anti-piracy partners, including the RIAA, OpSec, and Audible Magic.

This includes information regarding a letter (PDF) the RIAA sent to the company behind the uTorrent and BitTorrent clients in 2015. [...] The nature of information sought by Altice isn't clear. The company previously said that if music labels are concerned about piracy, they are free to go after developers of 'piracy' software. While neutral torrent clients don't fall into that category, the ISP will be interested in any related legal considerations that took place behind the scenes.

The U.S. Federal Trade Commission has launched an inquiry into potential "censorship" by technology platforms ranging from Meta to Uber, marking an escalation in scrutiny of content moderation practices. FTC Chair Andrew Ferguson called for public comment on what he termed "Big Tech censorship," describing it as "un-American" and "potentially illegal."

The broad probe could examine social media, video sharing, ride-sharing and event planning services. The announcement follows long-standing Republican claims that conservative viewpoints face discrimination on social media platforms.

Murena has launched the Murena Pixel Tablet, a de-Googled version of the Pixel Tablet that removes Google's apps and services to enhance user privacy. Priced at $549, it offers /e/OS, an alternative app store, and privacy-focused productivity tools, but lacks Google's speaker dock and direct access to the Play Store. The Verge reports: First announced last December, the Murena Pixel Tablet is available now through the company's online store for $549. That's a steep premium given Google currently sells the same 128GB version of the Pixel Tablet for $399, or $479 as part of a bundle with the charging speaker dock that Murena isn't including. Part of Murena's de-Googling of the Pixel Tablet includes the removal of the Google Play Store. You can still download apps through /e/OS' App Lounge which acts as a front-end for the Play Store allowing you to browse and get free apps anonymously without Google knowing who you are. However, downloading paid apps requires a login to a Google account. Google's various productivity apps aren't included, but the Murena Pixel Tablet comes with privacy-minded alternatives for messaging, email, maps, browsing the web, calendar, contacts, notes, and even voice recordings. In 2022, Murena launched its first smartphone with no Google apps, Google Play Services, or even the Google Assistant.

A recently patched Palo Alto Networks vulnerability (CVE-2025-0108) is being actively exploited alongside two older flaws (CVE-2024-9474 and CVE-2025-0111), allowing attackers to gain root access to unpatched firewalls. The Register reports: This story starts with CVE-2024-9474, a 6.9-rated privilege escalation vulnerability in Palo Alto Networks PAN-OS software that allowed an OS administrator with access to the management web interface to perform actions on the firewall with root privileges. The company patched it in November 2024. Dark web intelligence services vendor Searchlight Cyber's Assetnote team investigated the patch for CVE-2024-9474 and found another authentication bypass.

Palo Alto (PAN) last week fixed that problem, CVE-2025-0108, and rated it a highest urgency patch as the 8.8/10 flaw addressed an access control issue in PAN-OS's web management interface that allowed an unauthenticated attacker with network access to the management web interface to bypass authentication "and invoke certain PHP scripts." Those scripts could "negatively impact integrity and confidentiality of PAN-OS."

The third flaw is CVE-2025-0111 a 7.1-rated mess also patched last week to stop authenticated attackers with network access to PAN-OS machines using their web interface to read files accessible to the "nobody" user. On Tuesday, US time, Palo A lot updated its advisory for CVE-2025-0108 with news that it's observed exploit attempts chaining CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces. The vendor's not explained how the three flaws are chained but we understand doing so allows an attacker to gain more powerful privileges and gain full root access to the firewall. PAN is urging users to upgrade their PAN-OS operating systems to versions 10.1, 10.2, 11.0, 11.1, and 11.2. A general hotfix is expected by Thursday or sooner, notes the Register.

An anonymous reader shares a report: U.S. personal injury law firm Morgan & Morgan sent an urgent email this month to its more than 1,000 lawyers: Artificial intelligence can invent fake case law, and using made-up information in a court filing could get you fired. A federal judge in Wyoming had just threatened to sanction two lawyers at the firm who included fictitious case citations in a lawsuit against Walmart. One of the lawyers admitted in court filings last week that he used an AI program that "hallucinated" the cases and apologized for what he called an inadvertent mistake.

AI's penchant for generating legal fiction in case filings has led courts around the country to question or discipline lawyers in at least seven cases over the last two years, and created a new high-tech headache for litigants and judges, Reuters found. The Walmart case stands out because it involves a well-known law firm and a big corporate defendant. But examples like it have cropped up in all kinds of lawsuits since chatbots like ChatGPT ushered in the AI era, highlighting a new litigation risk.