Source: Nextgov/FCW
https://www.nextgov.com/digital-government/2025/06/irs-isnt-checking-performance-its-identity-proofing-vendor/406074/
The identity validation service, ID.me, is the only option for taxpayers looking to access the more sensitive online services offered by the IRS.The IRS isn’t doing quality control checks on the vendor-powered digital identity proofing that it requires taxpayers to pass in order to access many online IRS applications.
Although the tax agency beefed up its privacy protections after its use of the company ID.me and face recognition technology caused concern for members of Congress and advocacy groups in 2022, the IRS isn’t evaluating ID.me’s work or independently verifying performance data, according to a new report [*] from the Government Accountability Office.
That means that the IRS is “relying on ID.me’s own assessments of its solutions’ performance,” reads the new report, which includes recommendations for IRS.
The tax agency promised to add a government-run option following backlash in 2022, but ID.me is still the only option for taxpayers wanting to access dozens of IRS applications online where stronger security controls are required.
The IRS also hasn’t listed the identity proofing solution in its artificial intelligence inventory as required by law, executive order and IRS policies, despite the fact that ID.me uses AI as part of its face recognition process.
In 2022, the IRS promised to add a government option — Login.gov — for users to select when accessing services, following backlash over its use of ID.me. The IRS currently only offers the government solution for IRS apps requiring less rigorous identity proofing.
The National Institute of Standards and Technology, which sets the identity proofing standards that are followed by the IRS and other agencies, should set metrics and performance guidelines for identity vendors, and the company also welcomes AI oversight, the spokesperson said.
…
Filed: https://www.nextgov.com/digital-government/
[*] 35-page PDF
Page i GAO-25-107273 Taxpayer Identity Verification
Letter 1
Background 3
IRS Has Taken Steps to Protect Users’ Privacy and Monitors Aspects of ID.me’s Performance, but Gaps Remain in Program Oversight 14
Conclusions 21
Recommendations for Executive Action 21
Agency Comments 22
Appendix I Objectives, Scope, and Methodology 23
Appendix II IRS Applications Requiring Identity-Proofing 26
Appendix III Comments from the Internal Revenue Service 28
Appendix IV GAO Contact and Staff Acknowledgments 30
Tables
Table 1: Identity Assurance Levels (IAL) as Defined by the National Institute of Standards and Technology 4
Table 2: Internal Revenue Service Applications Requiring Identity Assurance Level (IAL) 1 and 2 Identity Proofing 26
Figures
Figure 1: Identity Proofing Balances Privacy, Security, and Usability 6
Figure 2: Digital Taxpayer Identity-Proofing Process for Internal Revenue (IRS) Service Identity Assurance Level 2 Online Applications 9
Figure 3: Timeline of Key Taxpayer Identity-Proofing Events at the Internal Revenue Service (IRS) 10
Source: Reviews by Wirecutter
https://www.nytimes.com/wirecutter/reviews/avoid-customs-tariffs-on-cheap-orders/
I might be the only person in America who recently placed an online order hoping to get a huge tariff bill. Let me explain.The de minimis exemption — which previously allowed all shipments under $800 to enter the US without additional fees — ended on May 2 for packages from China and Hong Kong. (For now, this exemption remains in place for other countries.) You may have seen some of the eye-popping customs bills posted by shoppers across Reddit and TikTok over the past couple of weeks.
Wirecutter also received one of these bills, which turned a $56 ukulele into a $158 ukulele because it was made in China and shipped to the US from Germany.
So we waded into the chaos and bought a bunch of stuff to test what would happen. The results were, to be honest, confusing. We received higher-than-expected bills, lower-than-expected bills, and often no bill at all. One China-based headphone maker claimed that its product was worth a fraction of what I paid, to save my wallet. That’s excellent customer service — but it may also be customs fraud.
Here’s what we learned from our own experience and from experts to help you avoid a surprise tariff bill on your cheap purchases.
[…]
Source: WIRED
https://www.wired.com/story/no-kings-protests-citizen-run-ice-trackers-trigger-intelligence-warnings/
Army intelligence analysts are monitoring civilian-made ICE tracking tools, treating them as potential threats, as immigration protests spread nationwide.As protests continue to swell across the United States in response to aggressive Immigration and Customs Enforcement actions, civilians are turning to homebrew digital tools to track ICE arrests and raids in real time. But restricted government documents, obtained by the nonprofit watchdog Property of the People, show that US intelligence agencies are now eyeing the same tools as potential threats. A law enforcement investigation involving the maps is also apparently underway.
Details about Saturday’s “No Kings” protest—specifically those in California—are also under watch by domestic intelligence centers, where analysts regularly distribute speculative threat assessments among federal, state, and local agencies, according to an internal alert obtained exclusively by WIRED.
A late-February bulletin distributed by a Vermont-based regional fusion center highlights several websites hosting interactive maps that allow users to drop “pins” indicating encounters with ICE agents.
Property of the People, a nonprofit focused on transparency and national security, attempted to obtain additional details about the maps using public records laws. The group was informed by the Northern California Regional Intelligence Center (NCRIC) that all relevant information is “associated with active law enforcement investigations.”
The documents identify maps and information shared across Reddit and the website Padlet, which allows users to collaborate and build interactive maps. An “OPSEC” warning concerning the maps was also separately issued in February by the Wisconsin Statewide Intelligence Center (WSIC). That report indicates the sites are being treated as a “strategic threat” and are under monitoring by a special operations division.
Source: TechRepublic
https://www.bespacific.com/how-to-find-the-owner-of-a-voip-number-easy-lookup-methods/TechRepublic:
Key takeaways:
- Voice-over-Internet-Protocol (VoIP) is a technology that enables users to make and receive calls over the Internet.
- While VoIP is cheaper and offers more calling functionalities, it’s also more difficult to trace than traditional landline calls.
- Various methods can be used to trace a VoIP call: reverse phone lookup, caller ID, quick online search, and domain search. Law enforcement agencies can assist in more serious situations…”
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Source: The Markup
https://themarkup.org/pixel-hunt/2025/06/17/we-caught-4-more-states-sharing-personal-health-data-with-big-tech
Healthcare exchanges in Nevada, Maine, Massachusetts and Rhode Island shared users’ sensitive health data with companies like Google and LinkedIn
State-run health care websites around the country, meant to provide a simple way to shop for insurance, have been quietly sending visitors’ sensitive health information to Google and social media companies, The Markup and CalMatters found.
The data, including prescription drug names and dosages, was sent by web trackers on state exchanges set up under the Affordable Care Act to help Americans purchase health coverage.
The exchange websites ask users to answer a series of questions, including about their health histories, to find them the most relevant information on plans. But in some cases, when visitors responded to sensitive questions, the invisible trackers sent that information to platforms like Google, LinkedIn, and Snapchat.
The Markup and CalMatters audited the websites of all 19 states that independently operate their own online health exchange. While most of the sites contained advertising trackers of some kind, The Markup and CalMatters found that four states exposed visitors’ sensitive health information.
How to stop data trackers from sucking up your health data
A Google Analytics information page specifically discusses how organizations that use the company’s tools should comply with the Health Insurance Portability and Accountability Act, which protects health data. The page notes that “Google makes no representations that Google Analytics satisfies HIPAA requirements.”
[…]
See also:
You can check out The Markup’s Gentle January series for bite-sized measures to shore up your defenses, and follow these guides to protect your data in multiple different places:
Filed: https://themarkup.org/series/pixel-hunt
Subject: Understanding the Impacts of Generative AI Use on Children
Source: The Alan Turing Institute and LEGO Foundation
https://www.bespacific.com/understanding-the-impacts-of-generative-ai-use-on-children/
The project provides unique and much needed insights into impacts of generative AI on children through combining quantitative and qualitative research methods. The research consists of two work packages funded by the LEGO Group, comprising survey research on opinions of children, their parents and carers and teachers, and qualitative research through school-based workshops, which explored children’s experiences and perspectives around generative AI with a focus on multi-modal generative AI tools such as ChatGPT and Dall-E. Each of the work packages and their respective findings are outlined below. Additionally, overarching recommendations for policymakers and industry about future approaches for the safe and responsible design, development, and deployment of generative AI technologies that support the promotion of children’s wellbeing are provided. This research contributes to a body of evidence on the opinions of critically important stakeholders, as well as the potential impacts of generative AI on children and their online lives…”
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Subject: Google Messages Removes the ‘Unsubscribe’ Button for US Users
Source: Android Headlines
https://www.androidheadlines.com/2025/06/google-messages-removes-the-unsubscribe-button-us-spain.html
The useful “unsubscribe” button has been removed from Google Messages for users in the US and Spain. This feature, which simplified opting out of automated business texts, is now gone from many chats. The reason for its regional removal remains unclear, forcing users to unsubscribe manually again.If you’re a Google Messages user in the US or Spain, you might have noticed a small but significant change: that handy “unsubscribe” button, which made it so easy to ditch annoying automated business texts, has quietly disappeared. This removal is leaving some users scratching their heads and possibly wading through more unwanted messages.
Just a couple of months ago, in April, Google rolled out this convenient feature. As its name suggests, it allowed users to directly unsubscribe from automated business communications right from within the chat box. It was a neat trick—instead of digging through settings or replying with cryptic commands, a simple tap of the “unsubscribe” button would send the necessary “STOP” command on your behalf. This was a great help to clean up your inbox.
…
Filed: https://www.androidheadlines.com/category/apps
Source: tech.co
https://tech.co/news/latest-cybersecurity-threat-target-us-insurance-companies
Add hackers to the list of those who aren’t thrilled with the US insurance business: Google Threat Intelligence Group warns that a new pattern is emerging, and hackers are now targeting US companies in the insurance industry. Specifically, the concerns are centered on a group of teenagers and young adults called “Scattered Spider” (or UNC3944, or a number of other names).
The group directs its attention at one sector at a time, the researchers say, with indications pointing to insurance companies as their next target.
What to Know About the Threat:
Just in June 2025, two insurance companies have disclosed that they’ve been impacted by cyberattacks. First, Philadelphia Insurance Companies (PHLY) says it discovered unauthorized access on its network, but was able to disconnect the affected systems before the issue spread.
During the same month, Erie Insurance suffered business disruptions, and soon said that the outage was caused by “unusual network activity.”
Staying safe when the big threat is social engineering is tough, however: Workers will need to be trained to pay attention at all times for impersonation attempts that might arrive via SMS, phone calls, or messaging platforms.
[…]
Subject: Yoshua Bengio is redesigning AI safety at LawZero
Source: VOX
https://www.vox.com/future-perfect/417087/ai-safety-yoshua-bengio-lawzero
Even though he helped lay the foundation for today’s advanced AI, Bengio is increasingly worried about the technology over the past few years. In 2023, he signed an open letter urging AI companies to press pause on state-of-the-art AI development. Both because of AI’s present harms (like bias against marginalized groups) and AI’s future risks (like engineered bioweapons), there are very strong reasons to think that slowing down would have been a good thing….
So now, Bengio is pivoting to a backup plan. If he can’t get companies to stop trying to build AI that matches human smarts (artificial general intelligence, or AGI) or even surpasses human smarts (artificial superintelligence, or ASI), then he wants to build something that will block those AIs from harming humanity. He calls it “Scientist AI.”…
…
See More:
Source: Android Headlines
https://www.androidheadlines.com/2025/06/ai-chatbots-are-impersonating-students-to-steal-financial-aid.html
AI chatbots are impersonating students to scam colleges for financial aid, also occupying online class spots. This growing fraud leverages stolen data, costing institutions millions and fueling identity theft. Strong digital hygiene and identity theft protection are crucial to stay safe from these sophisticated schemes.A concerning new trend is emerging in the world of cyber fraud. A recent report reveals how sophisticated AI chatbots are now impersonating students on a massive scale. Their goal is primarily to siphon off college financial aid and, alarmingly, even occupy coveted spots in online courses. This isn’t just theoretical; it’s a rapidly evolving scam that’s costing institutions millions. Plus, it is potentially displacing legitimate students right here in the US market and globally.
Sophisticated AI chatbots are impersonating students using stolen data
Disturbingly, there have been reports of entire online classrooms where there are only these AI imposters. This leaves genuine students struggling for access.
The AP News report highlights that increasing sophistication of AI is a major driver behind this emergence in fraudulent activity. The ability of these chatbots to convincingly mimic human applicants makes detection incredibly challenging for college admissions and financial aid offices. It particularly affects larger institutions and community colleges dealing with high application volumes. The financial losses for colleges are substantial, with some states already reporting millions in unrecoverable funds. Beyond the institutional impact, this also creates a significant risk of identity theft for the individuals whose stolen data is being used in these schemes.
…
Filed: https://www.androidheadlines.com/category/tech-news/artificial-intelligence
Source: Cybernews
https://www.bespacific.com/billions-credentials-exposed-infostealers-data-leak/
Cybernews: Several collections of login credentials reveal one of the largest data breaches in history, totaling a humongous 16 billion exposed login credentials. The data most likely originates from various infostealers. This story, based on unique Cybernews findings and originally published on the website on June 18, is constantly being updated with clarifications and additional information in response to public discourse.
[…]
- The largest data breach in history involves 16 billion login credentials
- The records are scattered across 30 different databases, and some records are or might be overlapping
- The data most likely comes from various infostealers
- The data is recent, not merely recycled from old breaches
- [more]
“This is not just a leak – it’s a blueprint for mass exploitation. With over 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing..”