Tag Archives: Internet & Networking Technology

Google’s new commerce framework cranks up the heat on ‘agentic shopping’

Posted on by

To further push the limits of consumerism, Google has launched a new open standard for agentic commerce that's called Universal Commerce Protocol (UCP). In brief, it's a framework that combines the power of AI agents and online shopping platforms to help customers buy more things.

Thanks to the introduction of UCP, Google is offering three new online shopping features. To start, Google's AI mode will have a new checkout feature that allows customers to buy eligible products from certain US retailers within Google Search. Currently, this feature works with Google Pay, but it will soon add PayPal compatibility and incorporate more capabilities, like related product discovery and using loyalty points.

On the merchant side, Google also established the Business Agent feature, which Google said will be "a virtual sales associate that can answer product questions in a brand’s voice." The Business Agent will launch tomorrow with early adopters including Lowe’s, Michaels, Poshmark, Reebok and more. Also for retailers, the UCP is responsible for the new Direct Offers feature, which lets companies advertising with Google to "present exclusive offers for shoppers who are ready to buy, directly in AI Mode." The Direct Offers feature will work in tandem with the ads in AI Mode that Google is testing.  

With UCP, Google Search, retailers and payment processors are joining forces to make online shopping even easier, whether it's figuring out what product to buy, completing the purchase or offering "post-purchase support." According to Google, UCP is compatible with existing industry protocols, like Agent2Agent, Agent Payment Protocols and Model Context Protocol. UCP was even co-developed with industry giants like Shopify, Etsy and Walmart, and was endorsed by even more companies in the commerce ecosystem, including Macy's, Stripe, Visa and more.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/googles-new-commerce-framework-cranks-up-the-heat-on-agentic-shopping-212433122.html?src=rss

Instagram says accounts ‘are secure’ after wave of suspicious password reset requests

Posted on by

If you received a bunch of password reset requests from Instagram recently, you're not alone. Malwarebytes, an antivirus software company, initially reported that there was a data breach revealing the "sensitive information" of 17.5 million Instagram users. Malwarebytes added that the leak included Instagram usernames, physical addresses, phone numbers, email addresses and more. However, Instagram said there was no breach and that user accounts were "secure."

In Malwarebytes post, the company added that the "data is available for sale on the dark web and can be abused by cybercriminals." Malwarebytes noted in an email to its customers that it discovered the breach during its routine dark web scan and that it's tied to a potential incident related to an Instagram API exposure from 2024.

The reported breach has resulted in users receiving several emails from Instagram about password reset requests. According to Malwarebytes, the leaked information could lead to more serious attacks, like phishing attempts or account takeovers. In response, Instagram posted on X that users can ignore the recent emails requesting password resets.

"We fixed an issue that let an external party request password reset emails for some people," Instagram's post on X read. "There was no breach of our systems and your Instagram accounts are secure."

While Instagram said this isn't a data breach, its parent company has been in hot water for data breaches in the past. If you haven't already, it's always a good idea to turn on two-factor authentication and change your password. Even better, you can review what devices are logged into your Instagram account in Meta's Accounts Center.

Update, January 11, 2026, 11:10AM ET: This story and its headline have been updated with Instagram's statement that was posted on X.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/instagram-says-accounts-are-secure-after-wave-of-suspicious-password-reset-requests-192105188.html?src=rss

Spotify is no longer running ads for ICE

Posted on by

There are no recruitment ads for Immigration and Customs Enforcement (ICE) running on Spotify at the moment, the streaming service has told Variety. A spokesperson has confirmed the news after an ICE agent fatally shot Renee Good in Minneapolis, but they also clarified that the ads stopped running in late 2025. “The advertisements mentioned were part of a US government recruitment campaign that ran across all major media and platforms,” they explained.

Spotify caught flak back in October for playing ICE ads, asking people to “join the mission to protect America,” in between songs for users on the ad-supported plan. The advertisements even promised $50,000 signing bonuses for new recruits. Campaigns were launched to urge users to cancel their subscriptions and to boycott the service, and even music labels called on the company to stop serving ICE advertisements. Spotify said back then that the ads don’t violate its policies and that users can simply mark them with a thumbs up or down to let the platform know their preferences.

The company reportedly received $74,000 from Homeland Security for the ICE ads, but that’s a tiny amount compared to what other companies received. According to a report by Rolling Stone, Google and YouTube were paid $3 million for Spanish-language ads that called for self-deportation, while Meta received $2.8 million.

This article originally appeared on Engadget at https://www.engadget.com/entertainment/streaming/spotify-is-no-longer-running-ads-for-ice-130000672.html?src=rss

California introduces a one-stop shop to delete your online data footprint

Posted on by

Californians can now put a stop to their personal data being sold around on an online trading floor, thanks to a new free tool. On January 1, the state launched its Delete Request and Opt-out Platform, shortened to DROP, that allows residents to request to delete all of their personal information online that's been harvested by data brokers.

According to the California Privacy Protection Agency (CalPrivacy), which was responsible for DROP's release, it's a "first of its kind" tool that imposes new restrictions on businesses that hoard and sell personal info that consumers didn't provide directly. The process requires verifying your California residency before you can send a "single deletion request to every registered data broker in California."

On the other end, CalPrivacy will require data brokers to register every year and to process any deletion requests from DROP. Data brokers will also have to report the type of information they collect and share, while also being subject to regular audits that check for compliance. If any data broker is found skirting the requirements, they could face penalties and fines.

Besides being the first in the country to offer this type of comprehensive tool that deletes online personal data, CalPrivacy said it's one of four states, including Oregon, Texas and Vermont, to require data broker registration. According to the agency, data brokers will start processing the first deletion requests from DROP starting August 1, 2026.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/california-introduces-a-one-stop-shop-to-delete-your-online-data-footprint-173102064.html?src=rss

Elon Musk’s Grok AI posted CSAM image following safeguard ‘lapses’

Posted on by

Elon Musk's Grok AI has been allowing users to transform photographs of woman and children into sexualized and compromising images, Bloomberg reported. The issue has created an uproar among users on X and prompted an "apology" from the bot itself. "I deeply regret an incident on Dec. 28, 2025, where I generated and shared an AI image of two young girls (estimated ages 12-16) in sexualized attire based on a user's prompt," Grok said in a post. An X representative has yet to comment on the matter.

According to the Rape, Abuse & Incest National Network, CSAM includes "AI-generated content that makes it look like a child is being abused," as well as "any content that sexualizes or exploits a child for the viewer’s benefit."

Several days ago, users noticed others on the site asking Grok to digitally manipulate photos of women and children into sexualized and abusive content, according to CNBC. The images were then distributed on X and other sites without consent, in possible violation of law. "We've identified lapses in safeguards and are urgently fixing them," a response from Grok reads. It added that CSAM is "illegal and prohibited." Grok is supposed to have features to prevent such abuse, but AI guardrails can often be manipulated by users.

It appears X has yet to reinforced whatever guardrails Grok has to prevent this sort of image generation. However, the company has hidden Grok's media feature which makes it harder to either find images or document potential abuse. Grok itself acknowledged that "a company could face criminal or civil penalties if it knowingly facilitates or fails to prevent AI-generated CSAM after being alerted." 

The Internet Watch Foundation recently revealed that AI-generated CSAM has increased by an increase orders of magnitude in 2025 compared to the year before. This is in part because the language models behind AI generation are accidentally trained on real photos of children scraped from school websites and social media or even prior CSAM content.

This article originally appeared on Engadget at https://www.engadget.com/ai/elon-musks-grok-ai-posted-csam-image-following-safeguard-lapses-140521454.html?src=rss

Instagram chief: AI is so ubiquitous ‘it will be more practical to fingerprint real media than fake media’

Posted on by

It's no secret that AI-generated content took over our social media feeds in 2025. Now, Instagram's top exec Adam Mosseri has made it clear that he expects AI content to overtake non-AI imagery and the significant implications that shift has for its creators and photographers.

Mosseri shared the thoughts in a lengthy post about the broader trends he expects to shape Instagram in 2026. And he offered a notably candid assessment on how AI is upending the platform. "Everything that made creators matter—the ability to be real, to connect, to have a voice that couldn’t be faked—is now suddenly accessible to anyone with the right tools," he wrote. "The feeds are starting to fill up with synthetic everything."

But Mosseri doesn't seem particularly concerned by this shift. He says that there is "a lot of amazing AI content" and that the platform may need to rethink its approach to labeling such imagery by "fingerprinting real media, not just chasing fake."

From Mosseri (emphasis his):

Social media platforms are going to come under increasing pressure to identify and label AI-generated content as such. All the major platforms will do good work identifying AI content, but they will get worse at it over time as AI gets better at imitating reality. There is already a growing number of people who believe, as I do, that it will be more practical to fingerprint real media than fake media. Camera manufacturers could cryptographically sign images at capture, creating a chain of custody.

On some level, it's easy to understand how this seems like a more practical approach for Meta. As we've previously reported, technologies that are meant to identify AI content, like watermarks, have proved unreliable at best. They are easy to remove and even easier to ignore altogether. Meta's own labels are far from clear and the company, which has spent tens of billions of dollars on AI this year alone, has admitted it can't reliably detect AI-generated or manipulated content on its platform.

That Mosseri is so readily admitting defeat on this issue, though, is telling. AI slop has won. And when it comes to helping Instagram's 3 billion users understand what is real, that should largely be someone else's problem, not Meta's. Camera makers — presumably phone makers and actual camera manufacturers — should come up with their own system that sure sounds a lot like watermarking to "to verify authenticity at capture." Mosseri offers few details about how this would work or be implemented at the scale required to make it feasible.

Mosseri also doesn't really address the fact that this is likely to alienate the many photographers and other Instagram creators who have already grown frustrated with the app. The exec regularly fields complaints from the group who want to know why Instagram's algorithm doesn't consistently surface their posts to their on followers.

But Mosseri suggests those complaints stem from an outdated vision of what Instagram even is. The feed of "polished" square images, he says, "is dead." Camera companies, in his estimation, are "are betting on the wrong aesthetic" by trying to "make everyone look like a professional photographer from the past." Instead, he says that more "raw" and "unflattering" images will be how creators can prove they are real, and not AI. In a world where Instagram has more AI content than not, creators should prioritize images and videos that intentionally make them look bad. 


This article originally appeared on Engadget at https://www.engadget.com/social-media/instagram-chief-ai-is-so-ubiquitous-it-will-be-more-practical-to-fingerprint-real-media-than-fake-media-202620080.html?src=rss

Pro-Russian hacker group claims responsibility for DDoS attack on French postal service

Posted on by

A pro-Russian hacker group has come forward as the perpetrator of a DDoS attack on the French national postal service La Poste that took place on December 22, according to Reuters. The distributed denial-of-service attack took central computer systems at La Poste entirely offline and caused major disruptions in package deliveries just days before Christmas.

Reuters reported that the cyberattack on La Poste was still not fully resolved as of Wednesday morning. While regular letters were not affected, postal workers were unable to track packages and online payments through La Banque Postale, the service's banking division, were also disrupted.

The group, known as Noname057, has taken responsibility for or been accused of cyberattacks across the globe. Though attacks have occurred in over a dozen nations, the group has mostly targeted Ukraine as well as Ukraine-friendly nations.

Europol, the EU's law enforcement agency, launched an extensive operation against the group this summer. The US Justice Department has also been involved in actions against the hacker group.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/pro-russian-hacker-group-claims-responsibility-for-ddos-attack-on-french-postal-service-140015323.html?src=rss

Get up to 78 percent off ExpressVPN two-year plans for the holidays

Posted on by

It looks like the holidays aren't a bad time to shop for a VPN subscription. ExpressVPN, Engadget's pick for the best premium provider, currently has a less premium price. This deal gives you two years of the Advanced plan (with a bonus of four free months) for only $101. When it isn't on sale, the same subscription would cost $392.

Engadget's VPN guru, Sam Chapman, praised ExpressVPN's service. He described it as "high-performing" and having "very few flaws." The service received high marks for its speeds, easy-to-use interface and global network availability. The only significant mark against it was its relatively high standard pricing. But with this holiday sale, that criticism is (temporarily) null and void.

ExpressVPN recently switched to a multi-tier pricing structure. (That previously mentioned Advanced plan is the mid-range one.) There's a cheaper Basic plan that allows 10 simultaneous devices (compared to the Advanced plan's 12) and doesn't include perks like a password manager. You can also choose the highest-priced Pro plan. It allows for 14 simultaneous devices and adds several extras. You can compare plans on ExpressVPN's website.

When buying a two-year plan, the Basic tier is available for $2.79 per month (78 percent off). The Advanced plan is $3.59 per month (74 percent off). And the Pro plan is $5.99 per month (70 percent off). All three include the bonus of four additional months, giving you 28 total.

Follow @EngadgetDeals on X for the latest tech deals and buying advice.

This article originally appeared on Engadget at https://www.engadget.com/deals/get-up-to-78-percent-off-expressvpn-two-year-plans-for-the-holidays-194912043.html?src=rss

Auto chip shortage: Honda will pause production in Japan and China

Posted on by

The ripples of the auto industry's chip shortage are still being felt, as evidenced by Honda. Bloomberg reported on Wednesday that the automaker will suspend production in Japan on January 5 and 6. (Honda didn't specify the affected factories.) In addition, all three of the automaker's Guangqi Honda Automobile plants in China will shut down from December 29 to January 2.

The halt is an outgrowth of a chip shortage stemming from a recent geopolitical proxy war in the Netherlands, of all places. In October, the Dutch government, bowing to pressure from the Trump administration, seized control of the Chinese-owned chipmaker Nexperia. The company, which operates in the Netherlands, makes low-end chips that power automobiles, appliances and other tech.

The Dutch government's official explanation for the seizure was that Nexperia had "serious governance shortcomings." It cited a concern that Nexperia's Chinese majority owner, Wingtech, would move key technology out of Europe. However, the New York Times later reported that the Dutch government had known about those plans since 2019.

Regardless, China retaliated by blocking exports of Nexperia-made chips. The Netherlands eventually suspended its intervention, following "constructive talks." China then relaxed (but did not entirely remove) its restrictions through exemptions to export controls. The uneasy resolution hasn’t been enough to help supply chains fully recover.

Honda initially anticipated that production would return to normal starting in late November. So much for that. "No one [in the auto industry] prepared for geopolitical disruption," automaker consultant Ambrose Conroy, CEO of Seraph Consulting, told Reuters in November. "And they're still not prepared."

This article originally appeared on Engadget at https://www.engadget.com/transportation/auto-chip-shortage-honda-will-pause-production-in-japan-and-china-200857591.html?src=rss

How a VPN works (and why you should care)

Posted on by

The best VPNs can make your online life more private with software that's convenient and cheap — sometimes even free. While keeping your IP address invisible, you can use your VPN to explore streaming content from all over the world or (virtually) sneak into a sports event that's not available in your area.

However, while VPNs are widely available, there's a strange dearth of information on what they actually do behind the scenes. You may know that a VPN masks your device with a proxy server to make it look like you're somewhere else, and maybe even that encryption is involved. But finding any more details can mean running a gauntlet of misinformation.

That's a shame, because the inner workings of a VPN aren't all that difficult to understand. You may not be able to build one yourself without a degree in computer science, but with a little work, you can understand exactly what it's doing on your computer. That's information you can use to select the right VPN for you, and make the most of it once you've got it.

What is a VPN?

To make sure nobody gets left behind, I'll start from the beginning. A VPN (virtual private network) is a method of securely accessing a network, either a closed network (like you might have at the office) or the internet as a whole. Initially, organizations set up VPNs so remote workers can work with secure files. While this still happens, the last 15 years have seen VPNs increasingly marketed to individuals, with Proton VPN, ExpressVPN and others seeing massive user growth.

Broadly, a VPN consists of two parts: the server, which forwards requests to your chosen destination, and the client, a piece of software that lets you interact with the server. You can find a longer explanation here, but I'll use the two sections below to tell you what you need to know right now.

One more note before that — there are multiple kinds of VPNs, including the remote-access VPNs and site-to-site VPNs commonly used by workplaces. However, for this article, I'll be talking mainly about the commercial VPN services sold to individuals for general security needs. Instead of a specific network, these VPNs are designed to handle all of a user's traffic to any point on the internet.

What happens when you use a VPN?

First, you use the client to connect to a server — either the fastest one available or a particular location you need. Once you've connected, every request you send to the internet goes through the VPN server first. This communication between your device and the web is encrypted so it can't be traced back to you.

The VPN server decrypts your requests and sends them on. The destination then communicates with the VPN server, which relays the information back to you — after re-encrypting it so nobody follows it home.

Since the VPN does everything on your behalf, it's your "mask" online. Your internet service provider (ISP) and third parties can see what's being done, but — so long as you’re not otherwise logged in or identifying yourself — nobody knows that it's you doing it. It's like having a friend order pizza for you so the pizzeria doesn't hear you calling for the third time this week (not that I speak from experience).

What's the point of using a VPN?

Why add an extra step to the already complex process of getting online? The two biggest reasons are maintaining anonymity and changing your virtual location. I've already explained how a VPN keeps you anonymous. Among other things, this prevents your ISP from selling your browsing history to advertisers and protects activists who face government repercussions for what they do online.

Changing your virtual location is part of masking, but it can also be used to see the internet as it's visible in other countries. Streaming services are frequently limited to certain places, and almost all of them change the available content based on their licenses in each nation. You can also use a VPN in a country with a nationwide firewall, like China, to see forbidden outside information sources.

How does a VPN work? The full technical explanation

Most online explanations stop after defining a VPN as an anonymous agent between you and the internet — but I wrote this article to go a little bit deeper. To understand what a VPN is doing on a technical level, we'll need to cover how the internet works, how the VPN knows where to send encrypted information and just what "encryption" actually is.

How the internet transmits data

When you're not using a VPN, internet traffic goes directly from your modem to your ISP, then on to your chosen destination. The key technologies here are IP, which stands for Internet Protocol, and TCP, which stands for Transmission Control Protocol. They're usually combined as TCP/IP.

You may have heard that every online device has an IP address that identifies it to every other device. TCP/IP governs not just those names but how data moves between them. Here's how it works, step-by-step.

  1. You click a link or enter a URL into your web browser.

  2. Your computer sends a request to your modem, asking to see the page associated with the URL. Your modem forwards the request to your ISP.

  3. Your ISP finds a domain name server (DNS) that tells it which IP address is connected to the URL you asked to see. It then sends the request to that IP address along the fastest available route, which will involve being relayed between several nodes.

  4. That IP address is connected with a server that holds the content you're looking for. Once it receives the request, it breaks the data down into small packets of about 1 to 1.5 kilobytes.

  5. These packets separate to find their own fastest routes back to your ISP, your modem and finally your web browser, which reassembles them.

  6. You see a web page, likely no more than a second after you asked for it.

The outgoing requests and inbound packets are key to understanding VPN function. A VPN intervenes during step 2 (when your modem contacts your ISP) and step 5 (when your ISP sends the packets back to you). In the next section, I'll explain exactly what it does during those steps.

How VPN tunneling protects data

You might have heard a VPN's activities described as "tunneling." That term refers to a figurative tunnel being created between your device and the VPN. Data enters the tunnel when it's encrypted by the VPN client and exits when it's decrypted by the VPN server. Between those two points, encryption means nobody can see the true data. It's as though it's traveling through an opaque tunnel.

While the tunnel is a useful metaphor, it may be better to think of VPN encryption as an encapsulation. Each packet of data sent via VPN is "wrapped" in a second packet, which both encrypts the original packet and contains information for reaching the VPN server. However, none of these outer layers have the complete path — each just knows enough to reach the next relay. In this way, the origin point (that's you) remains invisible.

The same thing happens when the internet returns content to show you. Your ISP sends the data to the VPN server, because, as far as it knows, that's where the request came from. The VPN then encrypts each packet and sends them back to you for decryption and reassembly. It takes a little longer with the extra steps; that's why VPNs always slightly slow down your browsing speed, though the best ones don't do that by much (Surfshark is currently the fastest).

You learned in that last section that two protocols, IP and TCP (usually combined as TCP/IP), are responsible for letting online devices talk to each other, even if they've never connected before. In the same way, a VPN protocol is like a shared language that lets VPNs encrypt, move and decrypt information. See the next section to learn how a VPN protocol works in detail.

How VPN protocols encrypt data

VPN protocols are the technology behind VPNs; every other feature of your VPN is just a method of interacting with them. All protocols are designed to encrypt data packets and wrap them in a second layer that includes information on where to send them. The main differences are the shape of that second layer, the types of encryption used and how the client establishes its initial secure connection with the server.

It's extremely common for VPNs to advertise protocols with "bank-grade" or "military-grade" encryption. This is talking about the 256-bit Advanced Encryption Standard (AES-256), a symmetric encryption algorithm, which is used by financial institutions and the US government and military. AES-256 is indeed some of the strongest available encryption, but it's only part of the story. As a symmetric algorithm, it's not fully secure on its own, because the same keys are used to encrypt and decrypt it — and those keys can be stolen.

For that reason, most VPN protocols use AES-256 (or a similarly strong cipher like ChaCha20) to encrypt the data packets themselves, then combine it with a larger suite of multiple encryption algorithms. One of the most reliable and popular protocols, OpenVPN, uses the asymmetric TLS protocol to establish a secure relationship between client and server, then transmits packets encrypted with AES-256 across that channel, knowing the keys will be safe.

Explaining this could easily reach the length of a book, but the basic principle isn't complicated. In asymmetric encryption, a sender encodes data with a unique key, then a recipient decodes it with a different paired key. The keys are provided by a trusted third party. In a maneuver called a TLS handshake, the server and client send each other encrypted data. If each can decode the other's test data, they know they have a matched pair of keys, which proves that both are the same client and server that got the keys from the trusted authority.

Why not just use asymmetric encryption for the data itself, if it's more secure? Mainly, protocols don't do this because it's a lot slower. Asymmetric encryption requires a lot of resource-heavy math that makes connections drag. That's why OpenVPN and others use the asymmetric-to-symmetric two-step instead.

To summarize, a VPN protocol is a complex set of instructions and tools that control encryption and routing via VPN servers. Protocols still in use include OpenVPN, WireGuard, IKEv2, SSTP and L2TP. PPTP, one of the oldest protocols, is no longer considered secure. On top of these, VPNs often build their own proprietary protocols, such as ExpressVPN's Lightway.

Putting it all together

Now that we've hit all the relevant information, let's revisit that step-by-step from earlier, this time with a VPN in the mix. Here are the steps, starting with establishing the VPN connection and ending with anonymously viewing a website.

  1. You open your VPN client, choose a server location and connect. The VPN client and server authenticate each other with a TLS handshake.

  2. The client and server exchange the symmetric keys they'll use to encrypt and decrypt packets for the duration of this session (i.e. until you disconnect). Your VPN client tells you that it's established a secure tunnel.

  3. You open your web browser and enter a URL. Your browser sends a request to view the content at that address.

  4. The request goes to your VPN client, which encrypts it and adds an outer layer of information with directions to the VPN server.

  5. The encrypted request reaches the VPN server, which decrypts it and forwards it to your ISP.

  6. As normal, your ISP finds the IP address associated with the URL you entered and forwards your request along.

  7. The destination server receives the request and sends all the necessary packets of information back to your ISP, which forwards it to the VPN server.

  8. The VPN server encrypts each packet and adds a header directing it to the VPN client.

  9. The client decrypts the packets and forwards them to your web browser.

  10. You see the web page you opened.

Because of the encrypted tunnel, the request arrives at the VPN server without any information on where it came from. Thus, the VPN doesn't actually encrypt your activity on the websites themselves — for the most part, the HTTPS protocol does that. Instead, a VPN gives you a false name to put in the register, with no information that could be traced back to your real identity.

How to use this information

Now that you know how a VPN works on a technical level, you're better equipped to choose one for yourself. You can cut through marketing hype statements like:

  • "Military-grade encryption!" (It's the same algorithm everybody uses)

  • "Stay completely anonymous online!" (Plaintext you post on social media is not encrypted)

  • "Dodge ISP throttling!" (If your ISP is throttling you based on your IP address, this works — but if you're being slowed down because of your moment-to-moment activity, your identity doesn't matter)

A VPN is just one important part of a complete cybersecurity breakfast. While hiding your IP address, make sure to also use strong passwords, download updates immediately and remain alert for social engineering tactics.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/how-a-vpn-works-and-why-you-should-care-143000250.html?src=rss