→ Meta Silently Added Face-Recognition Code for Its #Smart Glasses to Millions of Phones

https://www.wired.com/story/meta-smart-glasses-face-recognition-nametag-connections/

“"The feature is not yet exposed to consumers but seems nearly ready to go," says [Cooper Quintin, a #security researcher and senior public interest technologist with the nonprofit Electronic Frontier Foundation’s Threat Lab]. "Despite the billions of reasons not to, #Meta seems to have created the capacity to turn their customers into a distributed #surveillance machine."”

#Face

Fight back against obnoxious spyware that will never work, and only harm creativity and experimentation. Bloomberg wants to control what you can and can't make with your 3D printer, milling machine, etc. #maker #3d #manufacturing #innovation #CAD #CAM #CopyAndRepost and add appropriate tags,

https://youtu.be/E1B2cWEaWDw

Yikes. I just found out that I overlapped with Alex Karp (multi-billionaire CEO of Palantir) for a year at our very small university ('college' in the US). Don't remember him, but it's scary to see what he's become. Just watching this... https://www.youtube.com/watch?v=6H7VOoFwDtU

This is hilarious. After decades where the conservatives pushed for “religious exemptions” based on “sincerely held beliefs”, a Catholic woman working at tech company just won a religious exemption: she won’t have to use AI in her work.

https://www.businessinsider.com/worker-got-religious-exemption-using-ai-at-work-2026-6

Check out some HUGE news in reproducible builds our latest report! https://reproducible-builds.org/reports/2026-05/

La creatividad

Initial Flatpak support in Ubuntu Touch soon? :D

https://gitlab.com/ubports/development/core/seeds/ubuntu-touch/-/merge_requests/151

#LinuxMobile

#UbuntuTouch

A user reported that age verification company Yoti flagged and reported him for using GrapheneOS, a privacy-focused OS. Yoti's data policies have been scrutinized before, and Spain fined them €950,000 earlier this year for GDPR violations.

https://alternativeto.net/news/2026/6/grapheneos-user-reported-to-authorities-by-age-verification-company-yoti-for-using-this-os/

I often watch #Apple's #WWDC as they're always ridiculous, but this year's #WWDC26 was boring as hell. All they presented is:

1. "Fixed" liquid ass (like how Windows 7 "fixed" Vista) which is what *OS 26 should have been from the beginning

2. Extensive parental controls as a way to comply to bullshit age verification laws (parents never use parental controls anyway)

3. AI AI AI AI AI AI!!!!!!!!!!! (white label Gemini)

And the "AI" parts had awkwardly long pauses, probably just to fill in time.

#KDE is turning 30, time to celebrate and donate!

https://kde.org/anniversaries/30/

#linux #anniversary #opensource

RE: https://mastodon.social/@jdelacueva/116103089304791787

More on this EU login trojan horse. I used DuckDuckGo app to check the trackings triggered by EU Login app. The result is 39 tracking attempts. The collected data is shown in the screenshots that follow. #privacy

RE: https://grapheneos.social/@GrapheneOS/116550899908879585

This is more important now than ever.

Unfortunately, even Mozilla (@mozilla@mastodon.social) recently added the Google Play Integrity API to Firefox for Android (@firefoxnightly@mastodon.social), as part of their effort to support generative AI features.

Hoping that someone at Mozilla sees this thread and reconsiders that decision, in order to reconcile with their mission statement/values.

#Meta Deletes Face-Recognition System From Its #SmartGlasses App After WIRED Report

https://www.wired.com/story/meta-removes-face-recognition-code-meta-ai-app-smart-glasses/

#privacy #FRT #FacialRecognition #Oakley #RayBan

progress

https://www.404media.co/fcc-wants-to-kill-burner-phones-by-forcing-telecoms-to-get-all-customers-ids/

The FCC wants to make it impossible to buy "burner" phones, such as pre-paid phones not linked to your identity. They plan to do this by forcing all companies to store a ton of data about ALL phone users, including Copy of ID, and Verified address and a ton more info for both new & existing phone users, regardless of company or phone.

#FCC #Privacy #Security

Didn't know #Flatpak apps can have internal updaters interacting with Flatpak directly so that they can update without the need for a graphical store like Discover or touching the command line. Handling things in Discover or the command line is probably more intuitive, but it's neat that apps can do this rather than trying to do their own thing only and possibly messing up files and introducing conflicts.

MANY ORPHANED AUR PACKAGES ARE BEING TARGETED WITH AN INFOSTEALER. official statement (fediverse discussion)

collection of detection scripts

the Arch User Repository package alvr has been orphaned, then adopted by a threat actor who immediately updated it with an infostealer. If you have this package on your system and updated it recently, you've been compromised. This is not a result of any upstream compromise; it's just that one AUR package. in particular, the alvr-bin sister package seems to be fine.

here's the relevant thread for alvr from the Arch Linux mailing list. alvr seems to be the first package compromised and/or the first one that was noticed. it was updated maliciously at 2026-06-11 13:53:45 UTC (2026-06-11T13:53:45.000Z) and reverted approximately 3-4 hours after that.

SEVERAL OTHER PACKAGES ARE BEING TARGETED WITH THE SAME MALWARE: 1, 2, 3, 4, 5

AUR mailing list megathread <-- over 400 (!!!!) packages have the malicious npm dependency

i believe this is an up-to-date list of all packages that are known to be compromised

they all share in common that they will install the atomic-lockfile package from NPM. they were all orphan takeovers. as far as i can tell, all of the ones that have been noticed were reverted to known safe versions. including alvr.

THAT NPM PACKAGE HAS BEEN TAKEN DOWN, but there is another wave of this attack still ongoing! this time, the infected packages are installing js-digest or lockfile-js, also from npm registry (but using bun). js-digest was already taken down, but lockfile-js was published 2026-06-12 13:01:03 UTC (2026-06-12T13:01:03.000Z) and is still live right now !!

this is an infostealer, meaning it exfiltrates sensitive data from your system such as browser cookies, discord tokens, ssh keys, and container registry logins. removing the malware will not undo the damage; the attacker now has all your credentials. moreover, uninstalling the malicious package will not remove the malware because it persists as a systemd service that stays on your system indefinitely.

it executes as an npm preinstall script, and the npm package is installed by the AUR packages. this means that simply installing the malicious versions of any of these packages will compromise you. it does not require you to do anything more afterwards. again, the malware persists if you uninstall the malicious packages

to check if you've been compromised, look in /etc/systemd/system and ~/.config/systemd/user for a recently added .service file with a random name. that's the persistence mechanism and the most obvious mark that you've been compromised.

---

Attached is a screenshot of an announcement from the "Linux VR Adventures" discord.

i know we all hate discord, but LVRA has a lot of auxiliary discussion, so here's an invite link. (or at least, it had a lot of relevant discussion when the news broke and this post was much shorter; it's mostly quiet now as we realized the scope goes way beyond VR. this post is also now more complete than it was)

of special interest, here's a malware analysis thread. Feel free to follow it in real time, or contribute, or whatever. Whanos has produced a preliminary analysis blog post that contains a lot of important information about the malware.

#IntelligenzaArtificiale alla polizia, il Governo approva i decreti. #Piantedosi: “Non sarà un Grande Fratello”.

Il Consiglio dei ministri ha approvato in esame preliminare due decreti legislativi per adeguare la normativa italiana ai regolamenti europei. Uno dei passaggi riguarda l’uso dei sistemi di #AI da parte delle forze di polizia per attività di videosorveglianza, riconoscimento facciale e trattamento di dati biometrici collegati all’identificazione.

@tecnologia

https://www.greenme.it/scienza-e-tecnologia/social-e-web/intelligenza-artificiale-alla-polizia-il-governo-approva-i-decreti-piantedosi-non-sara-un-grande-fratello/

The Arch Linux AUR had over 400 packages compromised with malware https://www.gamingonlinux.com/2026/06/the-arch-linux-aur-had-over-400-packages-compromised-with-malware/

#Linux #ArchLinux #Security