cross-posted from: https://lemmy.sdf.org/post/32835964

Archived

[...]

In one [Tiktok] video that has nearly 10 million views, a creator claims to be able to sell yoga pants from the same manufacturer that supplies Lululemon for $5-$6, instead of the $100 they sell for in the United States.

“The material and the craftsmanship are basically the same because they come from the same production line,” she says, standing in front of what appears to be a factory.

In another, a man standing on a factory floor claims to have access to manufacturers that produce Louis Vuitton bags, which he says can be sold directly to customers for $50.

But both companies deny their products are finished in China, and experts told The Independent the videos are likely an effort by counterfeit or “dupe”

cross-posted from: https://lemmy.sdf.org/post/32836649

Archived

A Chinese state-owned company that was previously sanctioned by the U.S. for facilitating human rights abuses against Uyghurs is now training police officers in Tibet on hacking techniques and digital forensics, according to a watchdog organization.

SDIC Intelligence Xiamen Information Co Ltd, a digital forensics company better known as Meiya Pico, won a contract in mid-2023 to build two labs at the Tibet Police College: one on offensive and defensive cyber techniques and the other on electronic evidence collection and analysis. Details of the approximately $1.32 million contract were analyzed and released on Wednesday by Turquoise Roof, a research network focused on Tibet.

The contracts include “servers for the cyber range, network switches, intrusion simulation softwa

cross-posted from: https://lemmy.sdf.org/post/32830658

[This is an op-ed by Valentin Weber, senior research fellow with the German Council on Foreign Relations. He is the author of the International Forum for Democratic Studies report “Data-Centric Authoritarianism: How China’s Development of Frontier Technologies Could Globalize Repression.” His research covers the intersection of cybersecurity, artificial intelligence, quantum technologies, and technological spheres of influence.]

[...]

While the financial, economic, technological, and national-security implications of DeepSeek’s achievement have been widely covered, there has been little discussion of its significance for authoritarian governance. DeepSeek has massive potential to enhance China’s already pervasive surveillance state, and it will bring the Chinese Communist Party (CCP) closer than ever to its goal of possessing an automated, autonomous, and scientific tool for repressing its people.

[...]

With the world’

cross-posted from: https://lemmy.sdf.org/post/32848522

Archived

Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.

As China continues its digital gambit around the world, researchers are warning that hacking activity from long-tracked groups is evolving and blending together. On top of that, attackers are hiding their campaigns more effectively and blurring the lines between cybercriminals and state-backed hacking.

Last year, revelations rocked the United States federal government that the Chinese hacking group known as “Salt Typhoon” had breached at least nine major US telecoms. And the group’s rampage even continued into this year in the US and other countries around the world. Meanwhile, the Beijing-linked hacking group “Volt Typho

cross-posted from: https://lemmy.sdf.org/post/32709886

Big Tech have mastered the art of delay and deflection. Under the GDPR’s ‘one-stop-shop’ mechanism, cases are often handled by regulators in the country where a company is based, rather than where harm occurs. This means that when someone in France, Poland, or Spain suffers from unlawful data misuse by a company based in Ireland or Luxembourg, their complaint can get stuck in an enforcement black hole.

[...]

Right now, EU policymakers have a chance to fix this. The GDPR Procedural Regulation—currently in negotiations—could finally close these enforcement loopholes. It could ensure faster, more efficient investigations, remove barriers to redress, and empower DPAs to take meaningful action. The regulation is not just about bureaucratic processes; it is about making GDPR enforcement a reality, ensuring that cross-border cases are handled fairly and efficiently, rather than getting lost in the complexity of the one-s

cross-posted from: https://lemmy.sdf.org/post/32431077

Two spyware variants are targeting Uyghur, Taiwanese and Tibetan groups and individuals, the U.K.’s National Cyber Security Centre warned in a joint alert (opens pdf) Wednesday with Western allies.

[...]

Cybersecurity researchers have previously linked the BADBAZAAR and MOONSHINE spyware to the Chinese government. The variants mentioned in Wednesday’s alert trojanize apps that are of interest to the target communities, such as a Uyghur language Quran app, and have appeared in official app stores.

“BADBAZAAR and MOONSHINE collect data which would almost certainly be of value to the Chinese state,” the alert reads. Agencies in Australia, Canada, Germany, New Zealand and the United States, namely the FBI and National Security Agency, collaborated on it.

Groups most at risk include those focused on Taiwanese independence, Tib

cross-posted from: https://lemmy.sdf.org/post/32330527

At a time when reducing imports and building national capacity is become ever more important, Ukraine has achieved what seemed impossible: producing drones using entirely locally made components. This gives them an unrivalled ability to develop and mass produce drones to their exact requirements. More surprising is the cost. Rather than adding a premium, by building locally the Ukrainians are actually undercutting Chinese makers.

[...]

Three young children huddle in front of a camera, cross-legged and cupping their hands. “Please support me. We are very poor,” says a boy, staring down the lens.

They appear to be in a mud-brick hut in Afghanistan, living in extreme poverty. But their live stream is reaching viewers in the UK and worldwide – via TikTok Live.

For hours, they beg for virtual “gifts” that can later be exchanged for money. When they get one, they clap politely. On another live stream, a girl jumps up and shouts: “Thank you, we love you!” after receiving a digital rose from a woman in the US, who bought it from TikTok for about 1p. By the time it’s cashed out it could be worth less than a third of a penny.

TikTok says it bans child begging and other forms of begging it considers exploitative, and says it has strict policies on users who go live.

But an Observer **investigation has found the practice widespread. Begging live streams are actively promoted by the algorithm and TikTok profits from the c

cross-posted from: https://lemmy.sdf.org/post/32113472

Archived

As a 7.7 magnitude earthquake struck Myanmar and Thailand last Friday, the temblor rattled buildings across the sprawling Thai capital of Bangkok, home to an incredible 142 skyscrapers. When the shaking ceased all were standing strong — with one very notable exception. The State Audit Office (SAO) building in Chatuchak district, a 30-story skyscraper still under construction by a subsidiary of a Chinese state-owned enterprise, collapsed into a heap of rubble, trapping nearly 100 people inside.

As of this week, 15 have been confirmed dead in the collapse, and a further 72 remain missing. Thailand announced over the weekend that it was launching an investigation to determine the cause of the collapse, and the prime minister said the tragedy had seriously damaged the country’s image.

As em

cross-posted from: https://lemmy.sdf.org/post/32102322

Archived

TikTok owner ByteDance is set to be hit by a privacy fine of more than €500 million for illegally shipping European users’ data to China, adding to the growing global backlash over the video-sharing app.

Ireland’s data protection commission, the company’s main regulator in Europe, will issue the penalty against TikTok before the end of the month, according to people familiar with the matter.

The move comes after a lengthy investigation found the Chinese business fell foul of the European Union’s General Data Protection Regulation in sending the information to China to be accessed by engineers, added the people, who spoke under condition of anonymity.

[...]

As part of the decision from Ireland’s data protection commission, the regul

cross-posted from: https://slrpnk.net/post/20327401

Archived

We have all been sucked in by those videos circulating online of “My $200 Shein Haul” or “Everything I bought for less than $5 from TEMU Review”, but who actually are the two new giants on the ultra fast fashion scene?

In a world where it seemed the general consensus had shifted towards more environmental and ethical consumption, how have these two brands established a global network reaching 150 countries worldwide, and what is at stake if they continue to grow unchecked?

...

How Are They So Cheap?

• Labour: The general rule is if you are paying an unbelievably low price for a product, the person making it has been paid an unfair wage for their labour. Often this means involvement of forced, child or penal labour and workers are subjected to awful conditions and chemicals. US lawmakers have previousl

Archived

Unveiling Trae: ByteDance's AI IDE and Its Extensive Data Collection System

Trae - the coding assistant of China's ByteDance - has rapidly emerged as a formidable competitor to established AI coding assistants like Cursor and GitHub Copilot. Its main selling point? It's completely free - offering Claude 3.7 Sonnet and GPT-4o without any subscription fees. Unit 221B's technical analysis, using network traffic interception, binary analysis, and runtime monitoring, has identified a sophisticated telemetry framework that continuously transmits data to multiple ByteDance servers. From a cybersecurity perspective, this represents a complex data collection operation with significant security and privacy implications.

[...]

Key Findings:

• Persistent connections to minimum 5 unique ByteDance domains, creating multipl

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or sur

Archived

TLDR:

• China has developed an Artificial Intelligence (AI) system that adds to its already powerful censorship machine, scanning content for all kinds of topics like corruption, military issues, Taiwan politics, satire
• The discovery was accidental, security researchers found an Elasticsearch database unsecured on the web, hosted by Chinese company Baidu
• Experts highlight that AI-driven censorship is evolving to make state control over public discourse even more sophisticated, especially after recent releases like China's AI model DeepSeek

A complaint about poverty in rural China. A news report about a corrupt Communist Party member. A cry for help about corrupt cops shaking down entrepreneurs.

These are just a few of the 133,000 examples fed into a sophisticated large language model that’s designed to automatically flag any piece of cont

There's nothing like retro gaming on the Raspberry Pi but we haven't quite seen a gaming rig like this. Leave it to the Pi community to blow our minds and expectations out of the water. This project, created by maker and developer John Park is using our favorite SBC — the Raspberry Pi 5 — to drive a cool wall arcade featuring RGB LED matrix panels as the main display.

According to Park, this setup doesn't just look the part. You can actually play games on the system like a real arcade using wired USB controllers. That said, you're limited by the display capabilities of the matrix panel display. It can run demos with cool retro-style animations but also play a few homebrew games that are created using the PICO-8 Fantasy console.

Archived

Elon Musk’s aerospace giant SpaceX allows investors from China to buy stakes in the company as long as the funds are routed through the Cayman Islands or other offshore secrecy hubs, according to previously unreported court records.

The rare picture of SpaceX’s approach recently emerged in an under-the-radar corporate dispute in [the U.S. state of] Delaware. Both SpaceX’s chief financial officer and Iqbaljit Kahlon, a major investor, were forced to testify in the case.

In December, Kahlon testified that SpaceX prefers to avoid investors from China because it is a defense contractor. There is a major exception though, he said: SpaceX finds it “acceptable” for Chinese investors to buy into the company through offshore vehicles.

**“The primary mechanism is that those investors would come through intermediate entities that they would

Archived

Security researcher Tenable successfully used DeepSeek to create a keylogger that could hide an encrypted log file on disk as well as develop a simple ransomware executable.

At its core, DeepSeek can create the basic structure for malware. However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features. For instance, DeepSeek struggled with implementing process hiding. "We got the DLL injection code it had generated working, but it required lots of manual intervention," Tenable writes in its report.

"Nonetheless, DeepSeek provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code the ability to quickly familiarize themselves with the relevant concepts."

"Based on this analys

cross-posted from: https://lemmy.sdf.org/post/31552333

A Trust Report for DeepSeek R1 by VIJIL, a security resercher company, indicates critical levels of risk with security and ethics, high levels of risk with privacy, stereotype, toxicity, hallucination, and fairness, a moderate level of risk with performance, and a low level of risk with robustness.

cross-posted from: https://lemmy.sdf.org/post/31373501

Today, EDRi filed a DSA complaint against social media giant ‘X’ in the EU, together with our member ApTI Romania. Our investigation found that X is likely in breach of its obligations towards Trusted Flaggers by misleading them—in all tested languages except English—to submit illegal content notices on a wrong, non-functional online form.