New Things to Beware on the Internet
On May 3rd, Google released 8 new top-level domains (TLDs) -- these are new values like .com, .org, .biz, domain names. These new TLDs were made available for public registration via any domain registrar on May 10th.
Usually, this should be a cool info, move on with your life and largely ignore it moment.
Except a couple of these new domain names are common file type extensions: ".zip" and ".mov".
ALTThis means typing out a file name could resolve into a link that takes you to one of these new URLs, whether it's in an email, on your tumblr blog post, a tweet, or in file explorer on your desktop.
What was previously plain text could now resolve as link and go to a malicious website where people are expecting to go to a file and therefore download malware without realizing it.
Folk monitoring these new domain registrations are already seeing some clearly malicious actors registering and setting this up. Some are squatting the domain names trying to point out what a bad idea this was. Some already trying to steal your login in credentials and personal info.
ALT
ALT
ALT
ALT
ALTThis is what we're seeing only 12 days into the domains being available. Only 5 days being publicly available.
What can you do? For now, be very careful where you type in .zip or .mov, watch what website URLs you're on, don't enable automatic downloads, be very careful when visiting any site on these new domains, and do not type in file names without spaces or other interrupters.
I'm seeing security officers for companies talking about wholesale blocking .zip and .mov domains from within the company's internet, and that's probably wise.
Be cautious out there.
I really want to reiterate how this can go wrong frequently and fast, folks.
A malicious actor sets up a page with an auto-downloader squatting on a domain name that matches a common zip file name like photos DOT zip. This website is set up to start an auto downloader upon being visited, downloading a zip file with the same name as the URL which contains malicious software (virus, worm, keylogger, etc).
Scenario.
Someone you know well sends you an email or text with promised photos attached. The email even reads something like this.
Because .zip is now a TLD, that plain text is automatically formatted into a link to malicious actor's website without them having to send you anything.
Folk with family with iPhones or iPads that are sent multiple photos in one go might be familiar with iCloud's tendency to automatically compile them into zip file for the sender and less savvy tech users have trouble NOT doing that.
These same less savvy users, or even just someone just not thinking in the moment, will click that .zip link, not realizing it isn't the the same as clicking on the promised attachment.
They download a file that matches the name they expected. They open it because they were expecting that file and it's from a trusted source. Except the file they downloaded isn't the one that was sent by their trusted source and now they have malware.
Another Scenario.
An IT person tries to send you an email with instructions on how to resolve a problem with a commonly used filename like install-repair DOT zip or to install new software like microsoft-office DOT zip.
The email may start with instructions of where to go get the legitimate file to do the install or repair, but now a line later in the instructions is also has a link to a .zip URL. A user, already frazzled by IT problems, may click it to ensure they have the right file. Again, they download malicious code from a squatting website or it prompts them with a fake login and now the squatting website has stolen their login credentials for a legitimate site. All due to an expected email from a trusted source.
Above you can see microsoft-office DOT zip is already out there with a fake Microsoft login screen waiting to steal your credentials.
These risks are already out there now because the TLD has been activated.
Plain text on old post are already being resolved into links to the new websites.
Here you can see a tweet from 2021, long before .zip was a domain name, now resolves that plan text into a clickable link. You'll start seeing this everywhere, and malicious actors do not have to lift a finger to send it to you.
Yes, a lot of users aren't going to click that, but a lot of folk will. Whomever is squatting on photos DOT zip domain name has made a one time payment to have access to anyone that ever sees that file name typed out.
In an example of an existing squatter site, clientdocs DOT zip is exactly one such pre-setup .zip domain name that initiates an automatic download. This one may be harmless, but the set ups are already out there and waiting to catch folk.
It's an unnecessary and risky can of worms that's been opened up.
Holy Unforced Errors, Batman.
I could have lived in peace (stayed warm in my bed) but my enemies (job that pays my bills) brought me war (e-mails i have to respond to)
what you don’t get is science exists because people can love. medicine exists because people love each other enough to want each other to live long healthy lives. astronomy exists because someone loved the stars and the planets enough to track them through their ever changing position in the darkest night. science exists because humans are curious little creatures and we want to know the world around us and understand it like it does us. we know stars and planets worlds away, we’ve sent cameras worlds away, all because we love the universe, and we also put love in those satellites!! we sent the sound of a 100 languages, lovely messages, the sound of rain and a laugh, all out there just in case there’s someone in the universe looking for us like we do them, and so that they know that they were never alone, and we sent them the most simple loving things we could find.
science exists because people can love
elon musk should kill himself elon musk needs to kill himself elon musk would make society as a whole better if he killed himself now
Sorry to break the theme of the blog but a lot of people who post their incredible works here use Twitter so
Reblogging this for a second time because your art will also be used in AI training models, apparently.
proud to never have used twitter or x in my life but artist friends need to hear this
The US Copyright Office is opening a public comment period around AI
American friends! The US Copyright Office (which we know exerts huuuge influence in how these things are treated elsewhere) wants to hear opinions on copyright and AI.
"The US Copyright Office is opening a public comment period around AI and copyright issues beginning August 30th as the agency figures out how to approach the subject."
We can assume that the opposing side will definitely be using all of their lobbying power towards widespread AI use, so this is a very good chance to let them know your thoughts on AI and how art and creative content of all kinds should be protected.
One of the things they’re asking for comment on is the use of copyrighted works to train AI. The Copyright Office really will read what you write. If lots of people write in that they oppose allowing generative AI to train on copyrighted works, that could encourage the Copyright Office to also find that using copyrighted works to train AI engines should not be allowed. Courts routinely look at Copyright Office publications while interpreting the Copyright Act, so this is an opportunity to actually have a say in the issue.
You might be wondering how you should express that letting AI train on people’s copyrighted works is bad in a way that the Copyright Office will take seriously. The simple answer is: Be polite and be honest. If you’ve been a victim, you can share how you felt when you discovered your work had been used to train AI without your permission. If you think authors and artists deserve not to have their work used without their permission, you can say that. Be truthful. Don’t present something as a fact if it is not. Avoid hyperbole, inflammatory accusations, and foul language. It is okay to say you are upset, concerned, and/or hurt, but do it without calling someone else a “fucker.”
If you have no idea what to say, but want to comment, I've got some suggestions on how to write a comment under the cut.
EXTREMELY IMPORTANT! Please take a moment out of your day, on behalf of all authors, artists, and terrible bosses looking to replace human creativity with ultra-cheap good-enough alternatives to comment. And I don't generally ask for reblogs, but yeah. Do that too. But the most important part is commenting. Doesn't have to be perfect, just copy and paste from above if you want to, or write a heartfelt two-sentence "artists and writers should give consent and receive compensation to be included in a training set, and images and writing resulting from AI should not be eligible for copyright without significant further human manipulation/improvement of the generated image." Which is my own current stance on this issue.
I've seen two links floating on the reblogs for where to comment officially at, which is confusing
At the copyright office: here
BOTH OF THESE ULTIMATELY LINK TO THE SAME COMMENT FORM (on regulations.gov), so just to preemptively clear up that confusion, follow either link they're both fine
Here's what I wrote on behalf of the Press:
While I think there are potentially useful applications of learned language model text and model-generated artwork, I think the current models built on unethically sourced content, in clear violation of the copyrights held by the original creators of the works, is the "poison pill" that destroys any utility these models might have had. Until models are ethically built, and the use of them a required disclosure (for example, articles must say "llms have been used to generate part or all of this text"), and the acknowledgement made that these model-generated creations are not art, cannot be copyrighted as art, and have no place being treated as a replacement for art (but rather as a supplement), there's no way llms and art generators can be allowed to grow. It's my opinion that the current existing models need to be destroyed, and replaced by models built using ethically sourced datasets.
We CAN have an influence on policy. MAKE YOUR VOICE HEARD.
honestly the human brain is so small that you *will* forget how much beauty there is out there to experience unless you leave your house every three days. ik its fucked up but i promise its true
sending love out tonight to everyone who is progressively losing their abilities, whether that's movement, ability to walk, eyesight, or hearing.
it's hard to come to terms with the fact that you can't do things that you used to be able to do. I'll be honest, it feels like you're losing control of your life. it can feel very isolating and hopeless. its scary and overwhelming, and it's so hard to deal with.
you are not less than just because you can do less. im proud of you for still being here, and i wish you ease with adjusting to new ways of life. please take care of yourself, i love you.
gentle addition for the folks who are losing their mental capacity in any way, shape, or form. If you can’t think as clearly as you used to, if you don’t have the executive functioning you once had, if your memory is getting worse, if your sensory processing issues are increasing, if your episodes are becoming more frequent. Your life has inherent value and I hope I can help remind you of that.
i remember when we were in typography II and also editorial design I we got shown the fucking text hierarchy image
and I'm seeing more and more people not grasping this concept when editing so i thought that if for some reason you haven't seen this image i probably shouldn't gatekeep it. Text hierarchy is literally essential knowledge to make yourself understood. Try to have an order in your text, investigate, test things, show your edits to people and ask "hey what order are you reading this on?" because the golden rule is that your design should be easy to interpret most of the time.