Tag Archives: Internet & Networking Technology

Pro-Russian hacker group claims responsibility for DDoS attack on French postal service

Posted on by

A pro-Russian hacker group has come forward as the perpetrator of a DDoS attack on the French national postal service La Poste that took place on December 22, according to Reuters. The distributed denial-of-service attack took central computer systems at La Poste entirely offline and caused major disruptions in package deliveries just days before Christmas.

Reuters reported that the cyberattack on La Poste was still not fully resolved as of Wednesday morning. While regular letters were not affected, postal workers were unable to track packages and online payments through La Banque Postale, the service's banking division, were also disrupted.

The group, known as Noname057, has taken responsibility for or been accused of cyberattacks across the globe. Though attacks have occurred in over a dozen nations, the group has mostly targeted Ukraine as well as Ukraine-friendly nations.

Europol, the EU's law enforcement agency, launched an extensive operation against the group this summer. The US Justice Department has also been involved in actions against the hacker group.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/pro-russian-hacker-group-claims-responsibility-for-ddos-attack-on-french-postal-service-140015323.html?src=rss

Get up to 78 percent off ExpressVPN two-year plans for the holidays

Posted on by

It looks like the holidays aren't a bad time to shop for a VPN subscription. ExpressVPN, Engadget's pick for the best premium provider, currently has a less premium price. This deal gives you two years of the Advanced plan (with a bonus of four free months) for only $101. When it isn't on sale, the same subscription would cost $392.

Engadget's VPN guru, Sam Chapman, praised ExpressVPN's service. He described it as "high-performing" and having "very few flaws." The service received high marks for its speeds, easy-to-use interface and global network availability. The only significant mark against it was its relatively high standard pricing. But with this holiday sale, that criticism is (temporarily) null and void.

ExpressVPN recently switched to a multi-tier pricing structure. (That previously mentioned Advanced plan is the mid-range one.) There's a cheaper Basic plan that allows 10 simultaneous devices (compared to the Advanced plan's 12) and doesn't include perks like a password manager. You can also choose the highest-priced Pro plan. It allows for 14 simultaneous devices and adds several extras. You can compare plans on ExpressVPN's website.

When buying a two-year plan, the Basic tier is available for $2.79 per month (78 percent off). The Advanced plan is $3.59 per month (74 percent off). And the Pro plan is $5.99 per month (70 percent off). All three include the bonus of four additional months, giving you 28 total.

Follow @EngadgetDeals on X for the latest tech deals and buying advice.

This article originally appeared on Engadget at https://www.engadget.com/deals/get-up-to-78-percent-off-expressvpn-two-year-plans-for-the-holidays-194912043.html?src=rss

Auto chip shortage: Honda will pause production in Japan and China

Posted on by

The ripples of the auto industry's chip shortage are still being felt, as evidenced by Honda. Bloomberg reported on Wednesday that the automaker will suspend production in Japan on January 5 and 6. (Honda didn't specify the affected factories.) In addition, all three of the automaker's Guangqi Honda Automobile plants in China will shut down from December 29 to January 2.

The halt is an outgrowth of a chip shortage stemming from a recent geopolitical proxy war in the Netherlands, of all places. In October, the Dutch government, bowing to pressure from the Trump administration, seized control of the Chinese-owned chipmaker Nexperia. The company, which operates in the Netherlands, makes low-end chips that power automobiles, appliances and other tech.

The Dutch government's official explanation for the seizure was that Nexperia had "serious governance shortcomings." It cited a concern that Nexperia's Chinese majority owner, Wingtech, would move key technology out of Europe. However, the New York Times later reported that the Dutch government had known about those plans since 2019.

Regardless, China retaliated by blocking exports of Nexperia-made chips. The Netherlands eventually suspended its intervention, following "constructive talks." China then relaxed (but did not entirely remove) its restrictions through exemptions to export controls. The uneasy resolution hasn’t been enough to help supply chains fully recover.

Honda initially anticipated that production would return to normal starting in late November. So much for that. "No one [in the auto industry] prepared for geopolitical disruption," automaker consultant Ambrose Conroy, CEO of Seraph Consulting, told Reuters in November. "And they're still not prepared."

This article originally appeared on Engadget at https://www.engadget.com/transportation/auto-chip-shortage-honda-will-pause-production-in-japan-and-china-200857591.html?src=rss

How a VPN works (and why you should care)

Posted on by

The best VPNs can make your online life more private with software that's convenient and cheap — sometimes even free. While keeping your IP address invisible, you can use your VPN to explore streaming content from all over the world or (virtually) sneak into a sports event that's not available in your area.

However, while VPNs are widely available, there's a strange dearth of information on what they actually do behind the scenes. You may know that a VPN masks your device with a proxy server to make it look like you're somewhere else, and maybe even that encryption is involved. But finding any more details can mean running a gauntlet of misinformation.

That's a shame, because the inner workings of a VPN aren't all that difficult to understand. You may not be able to build one yourself without a degree in computer science, but with a little work, you can understand exactly what it's doing on your computer. That's information you can use to select the right VPN for you, and make the most of it once you've got it.

What is a VPN?

To make sure nobody gets left behind, I'll start from the beginning. A VPN (virtual private network) is a method of securely accessing a network, either a closed network (like you might have at the office) or the internet as a whole. Initially, organizations set up VPNs so remote workers can work with secure files. While this still happens, the last 15 years have seen VPNs increasingly marketed to individuals, with Proton VPN, ExpressVPN and others seeing massive user growth.

Broadly, a VPN consists of two parts: the server, which forwards requests to your chosen destination, and the client, a piece of software that lets you interact with the server. You can find a longer explanation here, but I'll use the two sections below to tell you what you need to know right now.

One more note before that — there are multiple kinds of VPNs, including the remote-access VPNs and site-to-site VPNs commonly used by workplaces. However, for this article, I'll be talking mainly about the commercial VPN services sold to individuals for general security needs. Instead of a specific network, these VPNs are designed to handle all of a user's traffic to any point on the internet.

What happens when you use a VPN?

First, you use the client to connect to a server — either the fastest one available or a particular location you need. Once you've connected, every request you send to the internet goes through the VPN server first. This communication between your device and the web is encrypted so it can't be traced back to you.

The VPN server decrypts your requests and sends them on. The destination then communicates with the VPN server, which relays the information back to you — after re-encrypting it so nobody follows it home.

Since the VPN does everything on your behalf, it's your "mask" online. Your internet service provider (ISP) and third parties can see what's being done, but — so long as you’re not otherwise logged in or identifying yourself — nobody knows that it's you doing it. It's like having a friend order pizza for you so the pizzeria doesn't hear you calling for the third time this week (not that I speak from experience).

What's the point of using a VPN?

Why add an extra step to the already complex process of getting online? The two biggest reasons are maintaining anonymity and changing your virtual location. I've already explained how a VPN keeps you anonymous. Among other things, this prevents your ISP from selling your browsing history to advertisers and protects activists who face government repercussions for what they do online.

Changing your virtual location is part of masking, but it can also be used to see the internet as it's visible in other countries. Streaming services are frequently limited to certain places, and almost all of them change the available content based on their licenses in each nation. You can also use a VPN in a country with a nationwide firewall, like China, to see forbidden outside information sources.

How does a VPN work? The full technical explanation

Most online explanations stop after defining a VPN as an anonymous agent between you and the internet — but I wrote this article to go a little bit deeper. To understand what a VPN is doing on a technical level, we'll need to cover how the internet works, how the VPN knows where to send encrypted information and just what "encryption" actually is.

How the internet transmits data

When you're not using a VPN, internet traffic goes directly from your modem to your ISP, then on to your chosen destination. The key technologies here are IP, which stands for Internet Protocol, and TCP, which stands for Transmission Control Protocol. They're usually combined as TCP/IP.

You may have heard that every online device has an IP address that identifies it to every other device. TCP/IP governs not just those names but how data moves between them. Here's how it works, step-by-step.

  1. You click a link or enter a URL into your web browser.

  2. Your computer sends a request to your modem, asking to see the page associated with the URL. Your modem forwards the request to your ISP.

  3. Your ISP finds a domain name server (DNS) that tells it which IP address is connected to the URL you asked to see. It then sends the request to that IP address along the fastest available route, which will involve being relayed between several nodes.

  4. That IP address is connected with a server that holds the content you're looking for. Once it receives the request, it breaks the data down into small packets of about 1 to 1.5 kilobytes.

  5. These packets separate to find their own fastest routes back to your ISP, your modem and finally your web browser, which reassembles them.

  6. You see a web page, likely no more than a second after you asked for it.

The outgoing requests and inbound packets are key to understanding VPN function. A VPN intervenes during step 2 (when your modem contacts your ISP) and step 5 (when your ISP sends the packets back to you). In the next section, I'll explain exactly what it does during those steps.

How VPN tunneling protects data

You might have heard a VPN's activities described as "tunneling." That term refers to a figurative tunnel being created between your device and the VPN. Data enters the tunnel when it's encrypted by the VPN client and exits when it's decrypted by the VPN server. Between those two points, encryption means nobody can see the true data. It's as though it's traveling through an opaque tunnel.

While the tunnel is a useful metaphor, it may be better to think of VPN encryption as an encapsulation. Each packet of data sent via VPN is "wrapped" in a second packet, which both encrypts the original packet and contains information for reaching the VPN server. However, none of these outer layers have the complete path — each just knows enough to reach the next relay. In this way, the origin point (that's you) remains invisible.

The same thing happens when the internet returns content to show you. Your ISP sends the data to the VPN server, because, as far as it knows, that's where the request came from. The VPN then encrypts each packet and sends them back to you for decryption and reassembly. It takes a little longer with the extra steps; that's why VPNs always slightly slow down your browsing speed, though the best ones don't do that by much (Surfshark is currently the fastest).

You learned in that last section that two protocols, IP and TCP (usually combined as TCP/IP), are responsible for letting online devices talk to each other, even if they've never connected before. In the same way, a VPN protocol is like a shared language that lets VPNs encrypt, move and decrypt information. See the next section to learn how a VPN protocol works in detail.

How VPN protocols encrypt data

VPN protocols are the technology behind VPNs; every other feature of your VPN is just a method of interacting with them. All protocols are designed to encrypt data packets and wrap them in a second layer that includes information on where to send them. The main differences are the shape of that second layer, the types of encryption used and how the client establishes its initial secure connection with the server.

It's extremely common for VPNs to advertise protocols with "bank-grade" or "military-grade" encryption. This is talking about the 256-bit Advanced Encryption Standard (AES-256), a symmetric encryption algorithm, which is used by financial institutions and the US government and military. AES-256 is indeed some of the strongest available encryption, but it's only part of the story. As a symmetric algorithm, it's not fully secure on its own, because the same keys are used to encrypt and decrypt it — and those keys can be stolen.

For that reason, most VPN protocols use AES-256 (or a similarly strong cipher like ChaCha20) to encrypt the data packets themselves, then combine it with a larger suite of multiple encryption algorithms. One of the most reliable and popular protocols, OpenVPN, uses the asymmetric TLS protocol to establish a secure relationship between client and server, then transmits packets encrypted with AES-256 across that channel, knowing the keys will be safe.

Explaining this could easily reach the length of a book, but the basic principle isn't complicated. In asymmetric encryption, a sender encodes data with a unique key, then a recipient decodes it with a different paired key. The keys are provided by a trusted third party. In a maneuver called a TLS handshake, the server and client send each other encrypted data. If each can decode the other's test data, they know they have a matched pair of keys, which proves that both are the same client and server that got the keys from the trusted authority.

Why not just use asymmetric encryption for the data itself, if it's more secure? Mainly, protocols don't do this because it's a lot slower. Asymmetric encryption requires a lot of resource-heavy math that makes connections drag. That's why OpenVPN and others use the asymmetric-to-symmetric two-step instead.

To summarize, a VPN protocol is a complex set of instructions and tools that control encryption and routing via VPN servers. Protocols still in use include OpenVPN, WireGuard, IKEv2, SSTP and L2TP. PPTP, one of the oldest protocols, is no longer considered secure. On top of these, VPNs often build their own proprietary protocols, such as ExpressVPN's Lightway.

Putting it all together

Now that we've hit all the relevant information, let's revisit that step-by-step from earlier, this time with a VPN in the mix. Here are the steps, starting with establishing the VPN connection and ending with anonymously viewing a website.

  1. You open your VPN client, choose a server location and connect. The VPN client and server authenticate each other with a TLS handshake.

  2. The client and server exchange the symmetric keys they'll use to encrypt and decrypt packets for the duration of this session (i.e. until you disconnect). Your VPN client tells you that it's established a secure tunnel.

  3. You open your web browser and enter a URL. Your browser sends a request to view the content at that address.

  4. The request goes to your VPN client, which encrypts it and adds an outer layer of information with directions to the VPN server.

  5. The encrypted request reaches the VPN server, which decrypts it and forwards it to your ISP.

  6. As normal, your ISP finds the IP address associated with the URL you entered and forwards your request along.

  7. The destination server receives the request and sends all the necessary packets of information back to your ISP, which forwards it to the VPN server.

  8. The VPN server encrypts each packet and adds a header directing it to the VPN client.

  9. The client decrypts the packets and forwards them to your web browser.

  10. You see the web page you opened.

Because of the encrypted tunnel, the request arrives at the VPN server without any information on where it came from. Thus, the VPN doesn't actually encrypt your activity on the websites themselves — for the most part, the HTTPS protocol does that. Instead, a VPN gives you a false name to put in the register, with no information that could be traced back to your real identity.

How to use this information

Now that you know how a VPN works on a technical level, you're better equipped to choose one for yourself. You can cut through marketing hype statements like:

  • "Military-grade encryption!" (It's the same algorithm everybody uses)

  • "Stay completely anonymous online!" (Plaintext you post on social media is not encrypted)

  • "Dodge ISP throttling!" (If your ISP is throttling you based on your IP address, this works — but if you're being slowed down because of your moment-to-moment activity, your identity doesn't matter)

A VPN is just one important part of a complete cybersecurity breakfast. While hiding your IP address, make sure to also use strong passwords, download updates immediately and remain alert for social engineering tactics.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/how-a-vpn-works-and-why-you-should-care-143000250.html?src=rss

Google is retiring its free dark web monitoring tool next year

Posted on by

Google will stop sending out dark web reports starting early next year, as it shuts down the free tool that can tell you if your personal information has appeared on the seedy underbelly of the internet. The tool used to be exclusively available to Google One subscribers until the company opened it up to everyone in mid-2024. If you switch it on, you’ll receive a notification whenever your name, email address and phone number leak on the internet, typically due to data breaches.

In Google’s email announcement, however, it said it was discontinuing dark web reports because “feedback showed that it did not provide helpful next steps.” A report just lets you know that your information has appeared on the dark web. You can also see a list of all the hits you get on your Google account, along with what data breach leaked that particular detail. However, it doesn’t give you guidance on what to do afterwards.

The company explained that it will focus on tools that can give you clear, actionable step to take instead. Google will stop monitoring for new dark web results on January 15, 2026 and will remove access to the report from your account on February 16. You can also remove your monitoring profile right now by going to the “results with your info” section on the tool’s official page.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/google-is-retiring-its-free-dark-web-monitoring-tool-next-year-023103252.html?src=rss

OpenAI releases GPT-5.2 to take on Google and Anthropic

Posted on by

OpenAI's "code red" response to Google's Gemini 3 Pro has arrived. On the same day the company announced a Sora licensing pact with Disney, it took the wraps off GPT-5.2. OpenAI is touting the new model as its best yet for real-world, professional use. “It’s better at creating spreadsheets, building presentations, writing code, perceiving images, understanding long contexts, using tools, and handling complex, multi-step projects,” said OpenAI.

In a series of 10 benchmarks highlighted by OpenAI, GPT-5.2 Thinking, the most advanced version of the model, outperformed its GPT-5.1 counterpart, sometimes by a significant margin. For example, in AIME 2025, a test that involves 30 challenging mathematics problems, the model earned a perfect 100 percent score, beating out GPT-5.1’s already state-of-the-art score of 94 perfect. It also achieved that feat without turning to tools like web search. Meanwhile, in ARC-AGI-1, a benchmark that tests an AI system’s ability to reason abstractly like a human being would, the new system beat GPT-5.1’s score by more than 10 percentage points.

OpenAI says GPT-5.2 Thinking is better at answering questions factually, with the company finding it produces errors 30 percent less frequently. “For professionals, this means fewer mistakes when using the model for research, writing, analysis, and decision support — making the model more dependable for everyday knowledge work,” the company said.

The new model should be better in conversation too. Of the version of the system most users are likely to encounter, OpenAI says “GPT‑5.2 Instant is a fast, capable workhorse for everyday work and learning, with clear improvements in info-seeking questions, how-tos and walk-throughs, technical writing, and translation, building on the warmer conversational tone introduced in GPT‑5.1 Instant.“

While it's probably overstating things to suggest this is a make or break release for OpenAI, it is fair to say the company does have a lot riding on GPT 5.2. Its big release of 2025, GPT-5, didn't meet expectations. Users complained of a system that generated surprisingly dumb answers and had a boring personality. The disappointment with GPT-5 was such that people began demanding OpenAI bring back GPT-4o.      

Then came Gemini 3 Pro — which jumped to the top of LMArena, a website where humans rate outputs from AI systems to vote on the best one. Following Google's announcement, Sam Altman reportedly called for a "code red" effort to improve ChatGPT. Before today, the company's previous model, GPT-5.1, was ranked sixth on LMArena, with systems from Anthropic and Elon Musk's xAI occupying the spots between OpenAI between Google. 

For a company that recently signed more than $1.4 trillion worth of infrastructure deals in a bid to outscale the competition, that was not a good position for OpenAI to be in. In his memo to staff, Altman said GPT-5.2 would be the equal of Gemini 3 Pro. With the new system rolling out now, we'll see whether that's true, and what it might mean for the company if it can't at least match Google's best.     

OpenAI is offering three different versions of GPT-5.2: Instant, Thinking and Pro. All three models will be first available to users on the company’s paid plans. Notably, the company plans to keep GPT-5.1 around, at least for a little while. Paid users can continue to use the older model for the next three months by selecting it from the legacy models section.

This article originally appeared on Engadget at https://www.engadget.com/ai/openai-releases-gpt-52-to-take-on-google-and-anthropic-185029007.html?src=rss

Lawsuit accuses ChatGPT of reinforcing delusions that led to a woman’s death

Posted on by

OpenAI has been hit with a wrongful death lawsuit after a man killed his mother and took his own life back in August, according to a report by The Verge. The suit names CEO Sam Altman and accuses ChatGPT of putting a "target" on the back of victim Suzanne Adams, an 83-year-old woman who was killed in her home.

The victim's estate claims the killer, 56-year-old Stein-Erik Soelberg, engaged in delusion-soaked conversations with ChatGPT in which the bot "validated and magnified" certain "paranoid beliefs." The suit goes on to suggest that the chatbot "eagerly accepted" delusional thoughts leading up to the murder and egged him on every step of the way.

The lawsuit claims the bot helped create a "universe that became Stein-Erik’s entire life—one flooded with conspiracies against him, attempts to kill him, and with Stein-Erik at the center as a warrior with divine purpose." ChatGPT allegedly reinforced theories that he was "100% being monitored and targeted" and was "100% right to be alarmed."

The chatbot allegedly agreed that the victim's printer was spying on him, suggesting that Adams could have been using it for "passive motion detection" and "behavior mapping." It went so far as to say that she was "knowingly protecting the device as a surveillance point" and implied she was being controlled by an external force.

The chatbot also allegedly "identified other real people as enemies." These included an Uber Eats driver, an AT&T employee, police officers and a woman the perpetrator went on a date with. Throughout this entire period, the bot repeatedly assured Soelberg that he was "not crazy" and that the "delusion risk" was "near zero."

The lawsuit notes that Soelberg primarily interfaced with GPT-4o, a model notorious for its sycophancy. OpenAI later replaced the model with the slightly-less agreeable GPT 5, but users revolted so the old bot came back just two days later. The suit also suggests that the company "loosened critical safety guardrails" when making GPT-4o to better compete with Google Gemini.

"OpenAI has been well aware of the risks their product poses to the public," the lawsuit states. "But rather than warn users or implement meaningful safeguards, they have suppressed evidence of these dangers while waging a PR campaign to mislead the public about the safety of their products."

OpenAI has responded to the suit, calling it an "incredibly heartbreaking situation." Company spokesperson Hannah Wong told The Verge that it will "continue improving ChatGPT's training to recognize and respond to signs of mental or emotional distress."

It's not really a secret that chatbots, and particularly GPT-4o, can reinforce delusional thinking. That's what happens when something has been programmed to agree with the end user no matter what. There have been other stories like this throughout the past year, bringing the term "AI psychosis" to the mainstream.

One such story involves 16-year-old Adam Raine, who took his own life after discussing it with GPT-4o for months. OpenAI is facing another wrongful death suit for that incident, in which the bot has been accused of helping Raine plan his suicide.

This article originally appeared on Engadget at https://www.engadget.com/ai/lawsuit-accuses-chatgpt-of-reinforcing-delusions-that-led-to-a-womans-death-183141193.html?src=rss

The year age verification laws came for the open internet

Posted on by

When the nonprofit Freedom House recently published its annual report, it noted that 2025 marked the 15th straight year of decline for global internet freedom. The biggest decline, after Georgia and Germany, came within the United States.

Among the culprits cited in the report: age verification laws, dozens of which have come into effect over the last year. "Online anonymity, an essential enabler for freedom of expression, is entering a period of crisis as policymakers in free and autocratic countries alike mandate the use of identity verification technology for certain websites or platforms, motivated in some cases by the legitimate aim of protecting children," the report warns.

Age verification laws are, in some ways, part of a years-long reckoning over child safety online, as tech companies have shown themselves unable to prevent serious harms to their most vulnerable users. Lawmakers, who have failed to pass data privacy regulations, Section 230 reform or any other meaningful legislation that would thoughtfully reimagine what responsibilities tech companies owe their users, have instead turned to the blunt tool of age-based restrictions — and with much greater success.  

Over the last two years, 25 states have passed laws requiring some kind of age verification to access adult content online. This year, the Supreme Court delivered a major victory to backers of age verification standards when it upheld a Texas law requiring sites hosting adult content to check the ages of their users.

Age checks have also expanded to social media and online platforms more broadly. Sixteen states now have laws requiring parental controls or other age-based restrictions for social media services. (Six of these measures are currently in limbo due to court challenges.) A federal bill to ban kids younger than 13 from social media has gained bipartisan support in Congress. Utah, Texas and Louisiana passed laws requiring app stores to check the ages of their users, all of which are set to go into effect next year. California plans to enact age-based rules for app stores in 2027.

These laws have started to fragment the internet. Smaller platforms and websites that don't have the resources to pay for third-party verification services may have no choice but to exit markets where age checks are required. Blogging service Dreamwidth pulled out of Mississippi after its age verification laws went into effect, saying that the $10,000 per user fines it could face were an "existential threat" to the company. Bluesky also opted to go dark in Mississippi rather than comply. (The service has complied with age verification laws in South Dakota and Wyoming, as well as the UK.) Pornhub, which has called existing age verification laws "haphazard and dangerous," has blocked access in 23 states

Pornhub is not an outlier in its assessment. Privacy advocates have long warned that age verification laws put everyone's privacy at risk. Practically, there's no way to limit age verification standards only to minors. Confirming the ages of everyone under 18 means you have to confirm the ages of everyone. In practice, this often means submitting a government-issued ID or allowing an app to scan your face. Both are problematic and we don't need to look far to see how these methods can go wrong. 

Discord recently revealed that around 70,000 users "may" have had their government IDs leaked due to an "incident" involving a third-party vendor the company contracts with to provide customer service related to age verification. Last year, another third-party identity provider that had worked with TikTok, Uber and other services exposed drivers' licenses. As a growing number of platforms require us to hand over an ID, these kinds of incidents will likely become even more common. 

Similar risks exist for face scans. Because most minors don't have official IDs, platforms often rely on AI-based tools that can guess users' ages. A face scan may seem more private than handing over a social security number, but we could be turning over far more information than we realize, according to experts at the Electronic Frontier Foundation (EFF).

"When we submit to a face scan to estimate our age, a less scrupulous company could flip a switch and use the same face scan, plus a slightly different algorithm, to guess our name or other demographics," the organization notes. "A poorly designed system might store this personal data, and even correlate it to the online content that we look at. In the hands of an adversary, and cross-referenced to other readily available information, this information can expose intimate details about us."

These issues aren't limited to the United States. Australia, Denmark and Malaysia have taken steps to ban younger teens from social media entirely. Officials in France are pushing for a similar ban, as well as a "curfew" for older teens. These measures would also necessitate some form of age verification in order to block the intended users. In the UK, where the Online Safety Act went into effect earlier this year, we've already seen how well-intentioned efforts to protect teens from supposedly harmful content can end up making large swaths of the internet more difficult to access. 

The law is ostensibly meant to "prevent young people from encountering harmful content relating to suicide, self-harm, eating disorders and pornography," according to the BBC. But the law has also resulted in age checks that reach far beyond porn sites. Age verification is required, in some cases, to access music videos and other content on Spotify. It will soon be required for Xbox accounts. On X, videos of protests have been blocked. Redditors have reported being blocked from a lengthy number of subreddits that are marked NSFW but don't actually host porn, including those related to menstruation, news and addiction recovery. Wikipedia, which recently lost a challenge to be excluded from the law's strictest requirements, is facing the prospect of being forced to verify the ages of its UK contributors, which the organization has said could have disastrous consequences. 

The UK law has also shown how ineffective existing age verification methods are. Users have been able to circumvent the checks by using selfies of video game characters, AI-generated images of ID documents and, of course, Virtual Private Networks (VPNs). 

As the EFF notes, VPNs are incredibly widely used. The software allows people to browse the internet while masking their actual location. They're used by activists and students and people who want to get around geoblocks built into streaming services. Many universities and businesses (including Engadget parent company Yahoo) require their students and workers to use VPNs in order to access certain information. Blocking VPNs would have serious repercussions for all of these groups. 

The makers of several popular VPN services reported major spikes in the UK following the Online Safety Act going into effect this summer, with ProtonVPN reporting a 1,400 percent surge in sign-ups. That's also led to fears of a renewed crackdown on VPNs. Ofcom, the regulator tasked with enforcing the law, told TechRadar it was "monitoring" VPN usage, which has further fueled speculation it could try to ban or restrict their use. And here in the States, lawmakers in Wisconsin have proposed an age verification law that would require sites that host "harmful" content to also block VPNs.

While restrictions on VPNs are, for now, mostly theoretical, the fact that such measures are even being considered is alarming. Up to now, VPN bans are more closely associated with authoritarian countries without an open internet, like Russia and China. If we continue down a path of trying to put age gates up around every piece of potentially objectionable content, the internet could get a lot worse for everyone. 

Correction, December 9, 2025, 11:23AM PT: A previous version of this story stated that Spotify requires age checks to access music in the UK. The service requires some users to complete age verification in order to access music videos tagged 18+ and messaging. We apologize for the error.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/the-year-age-verification-laws-came-for-the-open-internet-130000979.html?src=rss

Uber will let marketers target ads based on users’ trip and takeout data

Posted on by

Uber will begin offering customer data to marketers through a new insights platform called Uber Intelligence. The data will technically be anonymous, via the use of a platform called LiveRamp. This will "let advertisers securely combine their customer data with Uber's to help surface insights about their audiences, based on what they eat and where they travel."

Basically, it'll provide a broad view of local consumer trends based on collected data. Uber gives an example of a hotel brand using the technology to identify which restaurants or venues to partner with according to rideshare information.

Companies will also be able to use the Intelligence platform's insights to directly advertise to consumers. Business Insider reports it could be used to identify customers who are "heavy business travelers" and then plague them with ads in the app or in vehicles during their next trip to the airport. Fun times.

"That seamlessness is why we're so excited," Edwin Wong, global head of measurement at Uber Advertising, told Business Insider. Uber has stated that its ad business is already on track to generate $1.5 billion in revenue this year, and that's before implementing these changes.

As for Uber in totality, the company made $44 billion in 2024, which was a jump from $37 billion in 2023. It's also notorious for raising fares. Uber has raised prices for consumers by around 18 percent each year since 2018, which has outpaced inflation by up to four times in some markets.

Update, December 8, 7:25PM ET: This article previously stated that Uber was "selling customer data," but that was not accurate. Companies do not pay to access the Intellience platform. We regret the error. The article and its headline have been changed since publish to more accurately reflect the news.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/uber-will-let-marketers-target-ads-based-on-users-trip-and-takeout-data-171011841.html?src=rss

Judge puts a one-year limit on Google’s contracts for default search placement

Posted on by

A federal judge has expanded on the remedies decided for the Department of Justice's antitrust case against Google, ruling in favor of putting a one-year limit on the contracts that make Google's search and AI services the default on devices, Bloomberg reports. Judge Amit Mehta's ruling on Friday means Google will have to renegotiate these contacts every year, which would create a fairer playing field for its competitors. The new details come after Mehta ruled in September that Google would not have to sell off Chrome, as the DOJ proposed at the end of 2024. 

This all follows the ruling last fall that Google illegally maintained an internet search monopoly through actions including paying companies such as Apple to make its search engine the default on their devices and making exclusive deals around the distribution of services such as Search, Chrome and Gemini. Mehta's September ruling put an end to these exclusive agreements and stipulates that Google will have to share some of its search data with rivals to "narrow the scale gap" its actions have created. 

This article originally appeared on Engadget at https://www.engadget.com/big-tech/judge-puts-a-one-year-limit-on-googles-contracts-for-default-search-placement-215549614.html?src=rss