Feed aggregator

Article URL: https://www.wsj.com/economy/housing/apartment-developers-who-overbuilt-luck-out-with-tariffs-2ac8f6c3

Comments URL: https://news.ycombinator.com/item?id=43695462

Points: 2

# Comments: 0

Article URL: https://www.dailydot.com/debug/4chan-hack-data-leak/

Comments URL: https://news.ycombinator.com/item?id=43695457

Points: 1

# Comments: 2

Article URL: https://www.americanscientist.org/article/hidden-genius

Comments URL: https://news.ycombinator.com/item?id=43695453

Points: 1

# Comments: 0

Article URL: https://www.technologyreview.com/2025/04/15/1114406/architect-arnhildur-palmadottir-cities-lava-volcanos/

Comments URL: https://news.ycombinator.com/item?id=43695452

Points: 1

# Comments: 0

Article URL: https://www.researchgate.net/publication/383515797_JAPANESE_TYPOGRAPHY_ESSENTIALS_JAPANESE_TYPE_BETWEEN_JAPANESE_LATIN_CHARACTER

Comments URL: https://news.ycombinator.com/item?id=43695424

Points: 2

# Comments: 1

Article URL: https://pieces.app/blog/introducing-the-pieces-mcp-server

Comments URL: https://news.ycombinator.com/item?id=43695415

Points: 2

# Comments: 0

Article URL: https://cdm.link/benn-jordan-ai-poison-pill/

Comments URL: https://news.ycombinator.com/item?id=43695401

Points: 15

# Comments: 0

Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.

The post Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers appeared first on SecurityWeek.

RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator's infrastructure to extort money from victims. Read more in my article on the Fortra blog.

There has been plenty going on in the world of quantum computing, suggesting that commercial systems are on the horizon

Article URL: https://www.dumbpipe.dev/

Comments URL: https://news.ycombinator.com/item?id=43694793

Points: 1

# Comments: 0

Your location data isn't just a pin on a map—it's a powerful tool that reveals far more than most people realize. It can expose where you work, where you pray, who you spend time with, and, sometimes dangerously, where you seek healthcare. In today’s world, your most private movements are harvested, aggregated, and sold to anyone with a credit card. For those seeking reproductive or gender-affirming care, or visiting a protest or a immigration law clinic, this data is a ticking time bomb.

Last year, we sounded the alarm, urging lawmakers to protect individuals from the growing threats of location tracking tools—tools that are increasingly being used to target and criminalize people seeking essential reproductive healthcare.

The good news? Lawmakers in California, Massachusetts, Illinois and elsewhere are stepping up, leading the way to protect privacy and ensure that healthcare access and other exercise of our rights remain safe from invasive surveillance.

The Dangers of Location Data

Imagine this: you leave your home in Alabama, drop your kids off at daycare, and then drive across state lines to visit an abortion clinic in Florida. You spend two hours there before driving back home. Along the way, you used your phone’s GPS app to navigate or a free radio app to listen to the news. Unbeknownst to you, this “free” app tracked your entire route and sold it to a data broker. That broker then mapped your journey and made it available to anyone who would pay for it. This is exactly what happened when privacy advocates used a tool called Locate X, developed by Babel Street, to track a person’s device as they traveled from Alabama—where abortion is completely banned—to Florida, where abortion access is severely restricted but still available.

Despite this tool being marketed as solely for law enforcement use, private investigators were able to access it by falsely claiming they would work with law enforcement, revealing a major flaw in our data privacy system. In a time when government surveillance of private personal decisions is on the rise, the fact that law enforcement (and adversaries pretending to be law enforcement) can access these tools puts our personal privacy in serious danger.

The unregulated market for location data enables anyone, from law enforcement to anti-abortion groups, to access and misuse this sensitive information. For example, a data broker called Near Intelligence sold location data of people visiting Planned Parenthood clinics to an anti-abortion group. Likewise, law enforcement in Idaho used cell phone location data to charge a mother and her son with “aiding and abetting” abortion, a clear example of how this information can be weaponized to enforce abortion restrictions for patients and anyone else in their orbit. 

States Taking Action

As we’ve seen time and time again, the collection and sale of location data can be weaponized to target many vulnerable groups—immigrants, the LGBTQ+ community, and anyone seeking reproductive healthcare. In response to these growing threats, states like California, Massachusetts, and Illinois are leading the charge by introducing bills aimed at regulating the collection and use of location data. 

These bills are a powerful response to the growing threat. The bills are grounded in well-established principles of privacy law, including informed consent and data minimization, and they ensure that only essential data is collected, and that it’s kept secure. Importantly, they give residents—whether they reside in the state or are traveling from other states—the confidence to exercise their rights (such as seeking health care) without fear of surveillance or retaliation. 

This post outlines some of the key features of these location data privacy laws, to show authors and advocates of legislative proposals how best to protect their communities. Specifically, we recommend: 

• Strong definitions,
• Clear rules,
• Affirmation that all location data is sensitive,
• Empowerment of consumers through a strong private right of action,
• Prohibition of “pay-for-privacy” schemes, and
• Transparency through clear privacy policies.

Strong Definitions

Effective location privacy legislation starts with clear definitions. Without them, courts may interpret key terms too narrowly—weakening the law's intent. And in the absence of clear judicial guidance, regulated entities may exploit ambiguity to sidestep compliance altogether.

The following are some good definitions from the recent bills:

• In the Massachusetts bill, "consent" must be “freely given, specific, informed, unambiguous, [and] opt-in.” Further, it must be free from dark patterns—ensuring people truly understand what they’re agreeing to. 
• In the Illinois bill, a “covered entity” includes all manner of private actors, including individuals, corporations, and associations, exempting only individuals acting in noncommercial contexts. 
• "Location information" must clearly refer to data derived from a device that reveals the past or present location of a person or device. The Massachusetts bill sets a common radius in defining protected location data: 1,850 feet (about one-third of a mile). The California bill goes much bigger: five miles. EFF has supported both radiuses.
• A “permissible purpose” (which is key to the minimization rule) should be narrowly defined to include only: (1) delivering a product or service that the data subject asked for, (2) fulfilling an order, (3) complying with federal or state law, or (4) responding to an imminent threat to life.

Clear Rules

“Data minimization” is the privacy principle that corporations and other private actors must not process a person’s data except as necessary to give them what they asked for, with narrow exceptions. A virtue of this rule is that a person does not need to do anything in order to enjoy their statutory privacy rights; the burden is on the data processor to process less data. Together, these definitions and rules create a framework that ensures privacy is the default, not the exception.

One key data minimization rule, as in the Massachusetts bill, is: “It shall be unlawful for a covered entity to collect or process an individual’s location data except for a permissible purpose.” Read along with the definition above, this across-the-board rule means a covered entity can only collect or process someone’s location data to fulfil their request (with exceptions for emergencies and compliance with federal and state law).

Additional data minimization rules, as in the Illinois bill, back this up by restraining particular data practices:

• Covered entities can not collect more precise data than strictly necessary, or use location data to make inferences beyond what is needed to provide the service. 
• Data must be deleted once it’s no longer necessary for the permissible purpose. 
• No selling, renting, trading, or leasing location data – full stop.
• No disclosure of location data to government, except with a warrant, as required by state or federal law, on request of the data subject, or an emergency threat of serious bodily injury or death (defined to not include abortion). 
• No other disclosure of location data, except as required for a permissible purpose or when requested by the individual. 

The California bill rests largely on data minimization rules like these. The Illinois and Massachestts bills place an additional limit: no collection or processing of location data absent opt-in consent from the data subject. Critically, consent in these two bills is not an exception to the minimization rule, but rather an added requirement. EFF has supported both models of data privacy legislation: just a minimization requirement; and paired minimization and consent requirements. 

All Location Data is Sensitive

To best safeguard against invasive location tracking, it’s essential to place legal restrictions on the collection and use of all location data—not just data associated with sensitive places like reproductive health clinics. Narrow protections may offer partial help, but they fall short of full privacy.

Consider the example at the beginning of the blog: if someone travels from Alabama to Florida for abortion care, and the law only shields data at sensitive sites, law enforcement in Alabama could still trace their route from home up to near the clinic. Once the person enters a protected “healthcare” zone, their device would vanish from view temporarily, only to reappear shortly after they leave. This gap in the tracking data could make it relatively easy to deduce where they were during that time, essentially revealing their clinic visit.

To avoid this kind of loophole, the most effective approach is to limit the collection and retention of all location data—no exceptions. This is the approach in all three of the bills highlighted in this post: California, Illinois, and Massachusetts.

Empowering Consumers Through a Strong PRA

To truly protect people’s location privacy, legislation must include a strong private right of action (PRA)—giving individuals the power to sue companies that violate their rights. A private right of action ensures companies can’t ignore the law and empowers people to seek justice directly when their sensitive data is misused. This is a top priority for EFF in any data privacy legislation.

The bills in Illinois and Massachusetts offer strong models. They make clear that any violation of the law is an injury and allow individuals to bring civil suits:“A violation of this [law] … regarding an individual’s location information constitutes an injury to that individual. … Any individual alleging a violation of this [law] … may bring a civil action …” Further, these bills provide a baseline amount of damages (sometimes called “liquidated” or “statutory” damages), because an invasion of statutory privacy rights is a real injury, even if it is hard for the injured party to prove out-of-pocket expenses from theft, bodily harm, or the like. Absent this kind of statutory language, some victims of privacy violations will lose their day in court.

These bills also override mandatory arbitration clauses that limit access to court. Corporations should not be able to avoid being sued by forcing their customers to sign lengthy contracts that nobody reads.

Other remedies include actual damages, punitive damages, injunctive relief, and attorney’s fees. These provisions give the law real teeth and ensure accountability can’t be signed away in fine print.

No Pay-for-Privacy Schemes

Strong location data privacy laws must protect everyone equally—and that means rejecting “pay-for-privacy” schemes that allow companies to charge users for basic privacy protections. Privacy is a fundamental right, not a luxury add-on or subscription perk. Allowing companies to offer privacy only to those who can afford to pay creates a two-tiered system where low-income individuals are forced to trade away their sensitive location data in exchange for access to essential services. These schemes also incentivize everyone to abandon privacy.

Legislation should make clear that companies cannot condition privacy protections on payment, loyalty programs, or any other exchange of value. This ensures that everyone—regardless of income—has equal protection from surveillance and data exploitation. Privacy rights shouldn’t come with a price tag.

We commend this language from the Illinois and Massachusetts bills: 

A covered entity may not take adverse action against an individual because the individual exercised or refused to waive any of such individual’s rights under [this law], unless location data is essential to the provision of the good, service, or service feature that the individual requests, and then only to the extent that this data is essential. This prohibition includes, but is not limited to: (1) refusing to provide a good or service to the individual; (2) charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; or (3) providing a different level of quality of goods or services to the individual.

Transparency Through Clear Privacy Policies

It is helpful for data privacy laws to require covered entities to be transparent about their data practices. All three bills discussed in this post require covered entities to make available a privacy policy to the data subject—a solid baseline. This ensures that people aren’t left in the dark about how their location data is being collected, used, or shared. Clear, accessible policies are a foundational element of informed consent and give individuals the information they need to protect themselves and assert their rights.

It is also helpful for privacy laws like these to require covered entities to prominently publish their privacy policies on their websites. This allows all members of the public – as well as privacy advocates and government enforcement agencies – to track whether data processors are living up to their promises.

Next Steps: More States Must Join

The bottom line is clear: location data is highly sensitive, and without proper protections, it can be used to harm those who are already vulnerable. The digital trail we leave behind can reveal far more than we think, and without laws in place to protect us, we are all at risk. 

While some states are making progress, much more needs to be done. More states need to follow suit by introducing and passing legislation that protects location data privacy. We cannot allow location tracking to be used as a tool for harassment, surveillance, or criminalization.

To help protect your digital privacy while we wait for stronger privacy protection laws, we’ve published a guide specifically for how to minimize intrusion from Locate X, and have additional tips on EFF’s Surveillance Self-Defense site. Many general privacy practices also offer strong protection against location tracking.

If you live in California, Illinois, Massachusetts – or any state that has yet to address location data privacy – now is the time to act. Contact your lawmakers and urge them to introduce or support bills that protect our sensitive data from exploitation. Demand stronger privacy protections for all, and call for more transparency and accountability from companies that collect and sell location data. Together, we can create a future where individuals are free to travel without the threat of surveillance and retaliation.

For a little more each month, you'll get the certainty of knowing your bill won’t increase for at least five years.

Article URL: https://old.reddit.com/r/Genealogy/comments/1jzgwuv/to_the_person_who_posted_on_a_genealogy_forum_on/

Comments URL: https://news.ycombinator.com/item?id=43694748

Points: 2

# Comments: 0

Just as nature sheds its winter coat, it’s time to prune outdated security measures and plant the seeds of a more robust defense. For years, Microsoft Secure Score has served as a foundational tool for organizations to assess their security posture. By providing a numerical representation of security posture based on configurations and recommended controls within Microsoft products, it has offered valuable baseline measurements and helped organizations benchmark their efforts.

However, as cybersecurity practices have matured, the limitations of relying solely on a single aggregate score have become evident. Security professionals and executives now require more granular insights to track specific objectives, address evolving cyberthreats, and effectively communicate the value of security investments. This shift reflects the need for tools that not only measure progress but also enable proactive transformation. In this blog, we’ll explore how Microsoft Security Exposure Management initiatives build on this foundation to offer a renewed perspective on managing cybersecurity risks.

Learn more about Microsoft Security Exposure Management Bridging the gap between security metrics and business outcomes

A single security score, while useful for general benchmarking, can obscure critical vulnerabilities in specific areas. Customer feedback has revealed the need for security teams to simultaneously monitor multiple metrics to achieve a comprehensive understanding of their security posture. Furthermore, executives often struggle to translate these technical metrics into tangible business outcomes, creating a communication gap between security teams and leadership. This understanding has driven the development of security initiatives to provide scores for various security objectives.

Consequently, when security teams can’t track and communicate risks or improvements effectively, critical projects stall, budgets tighten, and the divide between teams and leadership widens. Microsoft Security Exposure Management addresses these challenges by introducing security initiatives, which provide a simple yet powerful way to assess readiness for specific areas or workloads, helping teams view current risks and allocate resources effectively.

Microsoft Security Exposure Management currently includes the following types of initiatives:

• Workload initiatives: Assess and manage risks associated with specific workload domains, such as endpoints, identity resources, and cloud assets.
• Horizontal cyberthreat initiatives: Focus on managing risks for specific cyberthreat areas, such as ransomware protection or business email compromise-financial fraud.
• Cyberthreat analytics initiatives: Based on up-to-date research from Microsoft threat analytics experts, these initiatives assess risks associated with threat actors and vectors as well as reports with actionable recommendations.
• Zero trust initiative: Evaluate risks related to zero trust compliance, aligning with guidance from the zero trust adoption framework.

These initiatives help create a snapshot of an organization’s security posture that both technical teams and business leaders can understand. Helping teams’ scope, discover, prioritize, and validate security findings while ensuring effective communication with stakeholders. Let’s examine some particularly valuable initiatives our customers have found helpful for communicating with leadership.

Learn more about AI-first, end-to-end security at The Microsoft at RSAC Experience Key security initiatives that resonate with leadership

“We spend a lot of time on ransomware protection, so something helpful about the ransomware initiative is that you’re now able to start to appreciate the ‘what’, the ‘why’, and the ‘how’ can I improve not only the score, but where’s the low hanging fruit we can tackle?”

—Joe Lykowski, Cyber Defense Leader at Dow Inc.

Ransomware protection

The Ransomware protection initiative provides metrics that instantly resonate with leadership, showing progress indicators from high exposure (0) to no exposure (100). This initiative helps ensure recommended controls are properly configured and utilized, reducing the risk of successful ransomware attacks. By presenting these concrete metrics, you can demonstrate how implementing Microsoft-recommended controls directly minimizes ransomware risks to the business.

Critical asset protection

The critical asset protection initiative helps security teams identify and prioritize the organization’s most valuable assets, show targeted security measures protecting these assets, and demonstrate reduced exposure of mission-critical systems. Critical assets are based on default rules Microsoft Security Exposure Management determined as critical, but users can also create custom roles to tag additional critical assets. By implementing suggested recommendations to boost the Critical Asset Protection initiative score, the organization lowers the risk of cyberattackers being able to circumvent critical assets.

Identity security initiative

The Identity security initiative protects digital identities against phishing, malware, and data breaches. With identity-based cyberattacks continuing to be the primary entry point for breaches, this initiative provides clear metrics on progress that can be easily communicated to leadership. When presenting to boards or fellow executives, security leaders can show concrete improvements in identity protection posture, helping executives understand how investment in this area directly reduces organizational risk.

Beyond ransomware, critical assets, and identity, Microsoft Security Exposure Management continues to develop initiatives that address other vital areas of security. These include cyberattack surface reduction, which minimizes potential entry points for cyberthreats, and data security posture, which helps organizations understand and improve their ability to protect sensitive information. Please click here for our full list of security initiatives.

Security initiatives enable prioritization based on business impact rather than technical severity. Security metrics show current compliance versus target state, critical asset tags highlight high-business-impact systems, and recommendation scoring shows the relative impact of each change.

This data-driven approach helps security leaders make the case for specific investments by showing how they impact the overall security posture score that matters to executives. When budget discussions arise, security leaders can point to specific initiatives and show exactly how investments will improve scores in the areas that matter most to the business.

Embracing clarity over fragmentation with Microsoft Security Exposure Management

Security initiatives solve the fragmentation problem by organizing security metrics around business objectives rather than technical controls. This shift in approach with help from Microsoft Security Exposure Management initiatives, helps security leaders refresh stale conversations with leadership and align security priorities with business objectives. In focusing on initiatives that matter most to your organization and utilizing their clear metrics, you can transform presentations from technical debates into strategic discussions about business risk.

RSAC 2025

Learn more about AI-first, end-to-end security at The Microsoft at RSAC Experience. From our signature Pre-Day to demos and networking, discover how Microsoft Security can give you the advantage you need in the era of AI.

Register now

It’s time to refresh how we communicate security to leadership, replacing technical complexity with clarity, and uncertainty with measurable progress. After all, effective security requires not just strong controls, but strong communication. By leveraging Microsoft Security Exposure Management and our security initiatives, organizations can ensure that security investments are clearly tied to business outcomes and strategic goals, fostering a more collaborative and informed approach to cybersecurity

Learn more with Microsoft Security

To learn more about Microsoft Security Exposure Management, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post ​​Transforming security​ with Microsoft Security Exposure Management initiatives​  appeared first on Microsoft Security Blog.

This new security feature from Google will make your Android phone more difficult to access if you haven't used it in a while.

Article URL: https://www.yahoo.com/news/chinas-harbin-says-us-launched-013146949.html

Comments URL: https://news.ycombinator.com/item?id=43694707

Points: 2

# Comments: 0

Hi HN!

We are very excited to launch our new and heavily reworked version of SimBricks, the virtual prototyping solution we are developing for computer systems! Whether you are building the next generation analog processor, optical AI accelerator, or computer systems around such components, SimBricks provides you with a means to test this as part of a complete system including multiple machines, networks, and the complete software stack on top. Another interesting use-case case we are currently investigating with our first pilot customer are much more interactive demos for early stage sales when building new computer components.

SimBricks enables all of this through modular combination (with efficient combination and synchronization) of different existing or custom simulators (qemu, gem5, ns3, omnet, simics, verilator, vivado, ....) for different system components. We can scale to simulate systems with hundreds of components without substantially slowing down. Depending on the use-case we also span the gamut from simple behavioral (e.g. SystemC) models all the way to detailed gate-level simulations.

In addition to simply making all of this possible, one of our key strengths is making this (relatively) easy to get started with, and providing flexibility to integrate this in other tools and processes, both to provide inputs and also to work with the outputs.

Please check out SimBricks and let us know what you think. It's as easy as registering and then doing pip install and you are in business!

Comments URL: https://news.ycombinator.com/item?id=43694704

Points: 1

# Comments: 0