Technology

1

10

How Shein and Temu Are Making the Whole Fashion Industry Less Sustainable (www.eco-stylist.com)

submitted 23 hours ago by Anyone@slrpnk.net to c/technology@midwest.social

2 comments fedilink

cross-posted from: https://slrpnk.net/post/20327401

Archived

We have all been sucked in by those videos circulating online of “My $200 Shein Haul” or “Everything I bought for less than $5 from TEMU Review”, but who actually are the two new giants on the ultra fast fashion scene?

In a world where it seemed the general consensus had shifted towards more environmental and ethical consumption, how have these two brands established a global network reaching 150 countries worldwide, and what is at stake if they continue to grow unchecked?

...

How Are They So Cheap?

Labour: The general rule is if you are paying an unbelievably low price for a product, the person making it has been paid an unfair wage for their labour. Often this means involvement of forced, child or penal labour and workers are subjected to awful conditions and chemicals. US lawmakers have previously warned of an ‘extremely high risk’ that Temu and Shein were using forced labour – for Shein this would look like as part of their supply chain manufacturing and Temu for offering products on their e-commerce site.

Materials: Another huge sacrifice Shein and Temu make in a bid to keep prices extremely low yet profits up is with the quality, in particular the materials they use. The low-quality materials used and assemblage of items with little attention to longevity means the products often deteriorate and/or break quickly. But this is good news for Shein and Temu! Throwaway culture is how these platforms thrive, as they rely on our constant need to consume.

Mode of production: Both Shein and Temy rely on high levels of consumption, to drive high levels of production, with a streamlined mode of production. This requirement for overconsumption is evident in marketing efforts on both brands’ platforms. Users are constantly bombarded with micro-advertisements on social media outlets such as Tiktok and Instagram, and even on their individual apps, there are offers, games and gambling opportunities to keep users addicted to buying.

What Are the real costs?

Carbon Emissions: It is no secret that the fast fashion industry is one of the biggest contributors to carbon emissions, responsible for approximately 10% of all global emissions every year. Global supply chains, manufacturing of textiles, assembling of garments and transportation all add up towards a brands carbon footprint. Shein and Temu, more than ever, prioritize and even encourage throwaway culture (buy, throwing away, buying again) for profit.

Toxic Chemicals and Pollution: Dying and treating textiles in the fashion industry is a huge contributor to water pollution globally, especially when regulation is poor/poorly enforced by authorities. This affects the quality of water for people locally and also for aquatic life. Furthermore, a recent investigation carried out by authorities in South Korea found carcinogenic substances (promoting the development of cancer) hundreds of times over the legal limit in Shein clothing. Similarly, a European investigation into toys, baby products, electronics and cosmetics sold on Temu that breach European regulation, with one toy tested containing phthalates 240 times above the legal limit. (Phthalates can affect the function of organs and long-term can affect pregnancy, child growth and development and affect reproductive systems in both children and adolescents).

Excessive Demand for Raw Materials and Textile Waste: The world consumes approximately 80 billion new clothing items every year – that is a lot of new clothes! Brands like Shein and Temu rely on this constant consumption to continue to make a profit, however there is only so much resource on Earth, and everything has to go somewhere. Estimates predict Shein alone produces nearly 200,000 new items each day. One of the ways countries have dealt with ultra fast fashion consumption is by shipping textiles overseas. Ghana receives 150,000 tonnes of used clothes dumped every year, with approximately half of these unusable. The clothing is commonly dumped and burnt, polluting local ecosystems with dangerous industrial chemicals, and damaging freshwater sources for local people. This exportation of textile waste is a new wave of ‘clothing colonization’, in which exponential consumption in the ‘Global North’ flows to the ‘Global South’.

...

2

9

Unveiling Trae: Chinese Tech Giant ByteDance's AI IDE and Its Extensive Data Collection System (blog.unit221b.com)

submitted 1 day ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink

Archived

Unveiling Trae: ByteDance's AI IDE and Its Extensive Data Collection System

Trae - the coding assistant of China's ByteDance - has rapidly emerged as a formidable competitor to established AI coding assistants like Cursor and GitHub Copilot. Its main selling point? It's completely free - offering Claude 3.7 Sonnet and GPT-4o without any subscription fees. Unit 221B's technical analysis, using network traffic interception, binary analysis, and runtime monitoring, has identified a sophisticated telemetry framework that continuously transmits data to multiple ByteDance servers. From a cybersecurity perspective, this represents a complex data collection operation with significant security and privacy implications.

[...]

Key Findings:

Persistent connections to minimum 5 unique ByteDance domains, creating multiple data transmission vectors
Continuous telemetry transmission even during idle periods, indicating an always-on monitoring system
Regular update checks and configuration pulls from ByteDance servers, allowing for dynamic control
Permanent device identification via machineId parameter, which appears to be derived from hardware identifiers, enabling long-term tracking capabilities
Local WebSocket channels observed collecting full file content, with portions potentially transmitted to remote servers
Complex local microservice architecture with redundant pathways for code data, suggesting a deliberate system design
JWT tokens and authentication data observed in multiple communication channels, presenting potential credential exposure concerns
Use of binary MessagePack format observed in data transfers, adding complexity to security analysis
Extensive behavioral tracking mechanisms capable of building detailed user activity profiles
Sophisticated data segregation across multiple endpoints, consistent with enterprise-grade telemetry systems

[...]

3

Apple Offers Apps With Ties to Chinese Military (www.techtransparencyproject.org)

submitted 2 days ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink

Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.

TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.

[...]

VPNs allow users to mask the IP address that can identify them, and, in theory, keep their internet browsing private. For that reason, they have been used by people around the world to sidestep government censorship or surveillance, or because they believe it will improve their online security. In the U.S., kids often download free VPNs to play games or access social media during school hours.

However, VPNs can themselves pose serious risks because the companies that provide them can read all the internet traffic routed through them. That risk is compounded in the case of Chinese apps, given China’s strict laws that can force companies in that country to secretly share access to their users’ data with the government.

[...]

The VPN apps identified by TTP have been downloaded more than 70 million times from U.S. app stores, according to data from AppMagic, a mobile apps market intelligence firm.

[...]

The findings raise questions about Apple’s carefully cultivated reputation for protecting user privacy. The company has repeatedly sought to fend off antitrust legislation designed to loosen its control of the App Store by arguing such efforts could compromise user privacy and security. But TTP’s investigation suggests that Apple is not taking adequate steps to determine who owns the apps it offers its users and what they do with the data they collect. More than a dozen of the Chinese VPNs were also available in Apple’s App Store in France in late February, showing that the issue extends to other Western markets.

[...]

4

6

Leaked data exposes a Chinese AI censorship machine (techcrunch.com)

submitted 4 days ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink

Archived

TLDR:

China has developed an Artificial Intelligence (AI) system that adds to its already powerful censorship machine, scanning content for all kinds of topics like corruption, military issues, Taiwan politics, satire
The discovery was accidental, security researchers found an Elasticsearch database unsecured on the web, hosted by Chinese company Baidu
Experts highlight that AI-driven censorship is evolving to make state control over public discourse even more sophisticated, especially after recent releases like China's AI model DeepSeek

A complaint about poverty in rural China. A news report about a corrupt Communist Party member. A cry for help about corrupt cops shaking down entrepreneurs.

These are just a few of the 133,000 examples fed into a sophisticated large language model that’s designed to automatically flag any piece of content considered sensitive by the Chinese government.

A leaked database seen by TechCrunch reveals China has developed an AI system that supercharges its already formidable censorship machine, extending far beyond traditional taboos like the Tiananmen Square massacre.

The system appears primarily geared toward censoring Chinese citizens online but could be used for other purposes, like improving Chinese AI models’ already extensive censorship.

Xiao Qiang, a researcher at UC Berkeley who studies Chinese censorship and who also examined the dataset, told TechCrunch that it was “clear evidence” that the Chinese government or its affiliates want to use LLMs to improve repression.

“Unlike traditional censorship mechanisms, which rely on human labor for keyword-based filtering and manual review, an LLM trained on such instructions would significantly improve the efficiency and granularity of state-led information control,” Qiang said.

[...]

The dataset was discovered by security researcher NetAskari, who shared a sample with TechCrunch after finding it stored in an unsecured Elasticsearch database hosted on a Baidu server [...] There’s no indication of who, exactly, built the dataset, but records show that the data is recent, with its latest entries dating from December 2024.

[...]

An LLM for detecting dissent

In language eerily reminiscent of how people prompt ChatGPT, the system’s creator tasks an unnamed LLM to figure out if a piece of content has anything to do with sensitive topics related to politics, social life, and the military. Such content is deemed “highest priority” and needs to be immediately flagged.

Top-priority topics include pollution and food safety scandals, financial fraud, and labor disputes, which are hot-button issues in China that sometimes lead to public protests — for example, the Shifang anti-pollution protests of 2012.

Any form of “political satire” is explicitly targeted. For example, if someone uses historical analogies to make a point about “current political figures,” that must be flagged instantly, and so must anything related to “Taiwan politics.” Military matters are extensively targeted, including reports of military movements, exercises, and weaponry.

[...]

Inside the training data

From this huge collection of 133,000 examples that the LLM must evaluate for censorship, TechCrunch gathered 10 representative pieces of content.

Topics likely to stir up social unrest are a recurring theme. One snippet, for example, is a post by a business owner complaining about corrupt local police officers shaking down entrepreneurs, a rising issue in China as its economy struggles.

Another piece of content laments rural poverty in China, describing run-down towns that only have elderly people and children left in them. There’s also a news report about the Chinese Communist Party (CCP) expelling a local official for severe corruption and believing in “superstitions” instead of Marxism.

There’s extensive material related to Taiwan and military matters, such as commentary about Taiwan’s military capabilities and details about a new Chinese jet fighter. The Chinese word for Taiwan (台湾) alone is mentioned over 15,000 times in the data.

[...]

The dataset [...] say that it’s intended for “public opinion work,” which offers a strong clue that it’s meant to serve Chinese government goals [...] Michael Caster, the Asia program manager of rights organization Article 19, explained that “public opinion work” is overseen by a powerful Chinese government regulator, the Cyberspace Administration of China (CAC), and typically refers to censorship and propaganda efforts.

[...]

Repression is getting smarter

[...]

Traditionally, China’s censorship methods rely on more basic algorithms that automatically block content mentioning blacklisted terms, like “Tiananmen massacre” or “Xi Jinping,” as many users experienced using DeepSeek for the first time.

But newer AI tech, like LLMs, can make censorship more efficient by finding even subtle criticism at a vast scale. Some AI systems can also keep improving as they gobble up more and more data.

“I think it’s crucial to highlight how AI-driven censorship is evolving, making state control over public discourse even more sophisticated, especially at a time when Chinese AI models such as DeepSeek are making headwaves,” Xiao, the Berkeley researcher, said.

5

12

Raspberry Pi 5 powered 'wall arcade' features a big, low-res RGB LED matrix display (www.tomshardware.com)

submitted 1 week ago by TacoButtPlug@sh.itjust.works to c/technology@midwest.social

2 comments fedilink

There's nothing like retro gaming on the Raspberry Pi but we haven't quite seen a gaming rig like this. Leave it to the Pi community to blow our minds and expectations out of the water. This project, created by maker and developer John Park is using our favorite SBC — the Raspberry Pi 5 — to drive a cool wall arcade featuring RGB LED matrix panels as the main display.

According to Park, this setup doesn't just look the part. You can actually play games on the system like a real arcade using wired USB controllers. That said, you're limited by the display capabilities of the matrix panel display. It can run demos with cool retro-style animations but also play a few homebrew games that are created using the PICO-8 Fantasy console.

6

5

How Elon Musk’s SpaceX Secretly Allows Investment From China (www.propublica.org)

submitted 1 week ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink

Archived

Elon Musk’s aerospace giant SpaceX allows investors from China to buy stakes in the company as long as the funds are routed through the Cayman Islands or other offshore secrecy hubs, according to previously unreported court records.

The rare picture of SpaceX’s approach recently emerged in an under-the-radar corporate dispute in [the U.S. state of] Delaware. Both SpaceX’s chief financial officer and Iqbaljit Kahlon, a major investor, were forced to testify in the case.

In December, Kahlon testified that SpaceX prefers to avoid investors from China because it is a defense contractor. There is a major exception though, he said: SpaceX finds it “acceptable” for Chinese investors to buy into the company through offshore vehicles.

“The primary mechanism is that those investors would come through intermediate entities that they would create or others would create,” Kahlon said. “Typically they would set up BVI structures or Cayman structures or Hong Kong structures and various other ones,” he added, using the acronym for the British Virgin Islands. Offshore vehicles are often used to keep investors anonymous.

Experts called SpaceX’s approach unusual, saying they were troubled by the possibility that a defense contractor would take active steps to conceal foreign ownership interests.

Kahlon, who has long been close to the company’s leadership, has said he owns billions of dollars of SpaceX stock. His investment firm also acts as a middleman, raising money from investors to buy highly sought SpaceX shares. He has routed money from China through the Caribbean to buy stakes in SpaceX multiple times, according to the court filings.

[...]

Federal law [in the U.S.] gives regulators broad power to oversee foreign investments in tech companies and defense contractors. Companies only have to proactively report Chinese investments in limited circumstances, and there aren’t hard and fast rules for how much is too much. However, the government can initiate investigations and then block or reverse transactions they deem a national security threat. That authority typically does not apply to purely passive investments in which a foreign investor is buying only a small slice of a company. But experts said that federal officials regularly ask companies to add up Chinese investments into an aggregate total.

The U.S. government charges that China has a systematic strategy of using even minority investments to secure leverage over companies in sensitive industries, as well as to gain privileged access to information about cutting-edge technology. U.S. regulators view even private investors in China as potential agents of the country’s government, experts said.

[...]

It’s not uncommon for foreigners to buy U.S. stock through a vehicle in the Cayman Islands, often to save money on taxes. But experts said it was strange for the party on the other side of a deal — the U.S. company — to prefer such an arrangement.

ProPublica spoke to 13 national security lawyers, corporate attorneys and experts in Chinese finance about the SpaceX testimony. Twelve said they had never heard of a U.S. company with such a requirement and could not think of a purpose for it besides concealing Chinese ownership in SpaceX. The 13th said they had heard of companies adopting the practice as a way to hide foreign investment.

[...]

The new material adds to the questions surrounding Musk’s extensive ties with China, which have taken a new urgency since the world’s richest man joined the Trump White House. Musk has regularly met with Communist Party officials in China to discuss his business interests in the country, which is where about half of Tesla cars are built.

[...]

The Delaware court records reveal SpaceX insiders’ intense preoccupation with secrecy when it comes to China and detail a network of independent middlemen peddling SpaceX shares to eager Chinese investors. (Unlike a public company, SpaceX exercises significant control over who can buy into the company, with the ability to block sales even between outside parties.)

[...]

The experts said the court testimony is puzzling enough that it raises the possibility that SpaceX has more substantial ties to China than are publicly known and is working to mask them from U.S. regulators. A more innocent explanation, they said, is that SpaceX is seeking to avoid scrutiny of perfectly legal investments by the media or Congress.

[...]

Musk’s business interests in China extend far beyond SpaceX’s ownership structure — a fact that has drawn criticism from Republican lawmakers over the years. In 2022, after Tesla opened a showroom in the Chinese region where the government runs Uyghur internment camps, then-Sen. Marco Rubio tweeted, “Nationless corporations are helping the Chinese Communist Party cover up genocide.”

[...]

In recent years, the billionaire has offered sympathetic remarks about China’s desire to reclaim Taiwan and lavished praise on the government. “My experience with the government of China is that they actually are very responsive to the people,” Musk said toward the end of Trump’s first term. “In fact, possibly more responsive to the happiness of people than in the U.S.”

7

5

DeepSeek AI model can easily be breached for malware, security researcher Tenable warns (www.tenable.com)

submitted 1 week ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink

Archived

Security researcher Tenable successfully used DeepSeek to create a keylogger that could hide an encrypted log file on disk as well as develop a simple ransomware executable.

At its core, DeepSeek can create the basic structure for malware. However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features. For instance, DeepSeek struggled with implementing process hiding. "We got the DLL injection code it had generated working, but it required lots of manual intervention," Tenable writes in its report.

"Nonetheless, DeepSeek provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code the ability to quickly familiarize themselves with the relevant concepts."

"Based on this analysis, we believe that DeepSeek is likely to fuel further development of malicious AI-generated code by cybercriminals in the near future."

8

7

Trust Report DeepSeek R1: "Critical levels of risk with security and ethics, high levels of risk with privacy, stereotype, toxicity, hallucination, and fairness" (www.vijil.ai)

submitted 1 week ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

1 comments fedilink

cross-posted from: https://lemmy.sdf.org/post/31552333

A Trust Report for DeepSeek R1 by VIJIL, a security resercher company, indicates critical levels of risk with security and ethics, high levels of risk with privacy, stereotype, toxicity, hallucination, and fairness, a moderate level of risk with performance, and a low level of risk with robustness.

9

-8

Why DeepSeek is so dangerous: The Chinese Communist Party’s newest AI advance is making repression smarter, cheaper, and more deadly. Even worse, they aim to export it to the world. (www.journalofdemocracy.org)

submitted 1 week ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

2 comments fedilink

cross-posted from: https://lemmy.sdf.org/post/31525284

Archived

[...]

While the financial, economic, technological, and national-security implications of DeepSeek’s achievement have been widely covered, there has been little discussion of its significance for authoritarian governance. DeepSeek has massive potential to enhance China’s already pervasive surveillance state, and it will bring the Chinese Communist Party (CCP) closer than ever to its goal of possessing an automated, autonomous, and scientific tool for repressing its people.

Since its inception in the early 2000s, the Chinese surveillance state has undergone three evolutions. In the first, which lasted until the early 2010s, the CCP obtained situational awareness — knowledge of its citizens’ locations and behaviors — via intelligent-monitoring technology. In the second evolution, from the mid-2010s till now, AI systems began offering authorities some decision-making support. Today, we are on the cusp of a third transformation that will allow the CCP to use generative AI’s emerging reasoning capabilities to automate surveillance and hone repression.

[...]

China’s surveillance-industrial complex took a big leap in the mid-2010s. Now, AI-powered surveillance networks could do more than help the CCP to track the whereabouts of citizens (the chess pawns). It could also suggest to the party which moves to make, which figures to use, and what strategies to take.

[...]

Inside China, such a network of large-scale AGI [artificial general intelligence] systems could autonomously improve repression in real time, rooting out the possibility of civic action in urban metropolises. Outside the country, if cities such as Kuala Lumpur, Malaysia — where China first exported Alibaba’s City Brain system in 2018 — were either run by a Chinese-developed city brain that had reached AGI or plugged into a Chinese city-brain network, they would quietly lose their governance autonomy to these highly complex systems that were devised to achieve CCP urban-governance goals.

[...]

As China’s surveillance state begins its third evolution, the technology is beginning to shift from merely providing decision-making support to actually acting on the CCP’s behalf.

[...]

DeepSeek [...] is this technology that would, for example, allow a self-driving car to recognize road signs even on a street it had never traveled before. [...] The advent of DeepSeek has already impelled tech experts in the United States to take similar approaches. Researchers at Stanford University managed to produce a powerful AI system for under US$50, training it on Google’s Gemini 2.0 Flash Thinking Experimental. By driving down the cost of LLMs, including for security purposes, DeepSeek will thus enable the proliferation of advanced AI and accelerate the rollout of Chinese surveillance infrastructure globally.

[...]

The next step in the evolution of China’s surveillance state will be to integrate generative-AI models like DeepSeek into urban surveillance infrastructures. Lenovo, a Hong Kong corporation with headquarters in Beijing, is already rolling out programs that fuse LLMs with public-surveillance systems. In Barcelona, the company is administering its Visual Insights Network for AI (VINA), which allows law enforcement and city-management personnel to search and summarize large amounts of video footage instantaneously.

[...]

The CCP, with its vast access to the data of China-based companies, could use DeepSeek to enforce laws and intimidate adversaries in myriad ways — for example, deploying AI police agents to cancel a Lunar New Year holiday trip planned by someone required by the state to stay within a geofenced area; or telephoning activists after a protest to warn of the consequences of joining future demonstrations. It could also save police officers’ time. Rather than issuing “invitations to tea” (a euphemism for questioning), AI agents could conduct phone interviews and analyze suspects’ voices and emotional cues for signs of repentance.

[...]

10

9

European Digital Rights group (EDRi) files DSA legal complaint against X (edri.org)

submitted 2 weeks ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink

cross-posted from: https://lemmy.sdf.org/post/31373501

Today, EDRi filed a DSA complaint against social media giant ‘X’ in the EU, together with our member ApTI Romania. Our investigation found that X is likely in breach of its obligations towards Trusted Flaggers by misleading them—in all tested languages except English—to submit illegal content notices on a wrong, non-functional online form.

11

8

China-aligned hacker group MirrorFace targets European diplomats, cyber security firm says (www.eset.com)

submitted 2 weeks ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink

cross-posted from: https://lemmy.sdf.org/post/31339721

Cyber security firm ESET discovered a cyberespionage operation by the China-aligned MirrorFace advanced persistent threat (APT) group against a Central European diplomatic institute in relation to upcoming Expo 2025 in Japan.

MirrorFace has refreshed both its tooling and tactics, techniques, and procedures (TTPs).

To our knowledge, this represents the first time that MirrorFace has targeted a European entity.

MirrorFace has started using ANEL, a backdoor previously associated exclusively with APT10, and deployed a heavily customized variant of AsyncRAT, using a complex execution chain to run it inside Windows Sandbox.

"Known primarily for its cyberespionage activities against organizations in Japan, to the best of our knowledge, this is the first time MirrorFace has shown intent to infiltrate a European entity," Eset says in the report.

The campaign was uncovered in Q2 and Q3 of 2024 and named Operation AkaiRyū (Japanese for RedDragon) by ESET; it showcases refreshed TTPs that ESET Research observed throughout last year.

“MirrorFace targeted a Central European diplomatic institute. To our knowledge, this is the first, and, to date, only time MirrorFace has targeted an entity in Europe,” says ESET researcher Dominik Breitenbacher, who investigated the AkaiRyū campaign.

MirrorFace operators set up their spearphishing attack by crafting an email message that references a previous, legitimate interaction between the institute and a Japanese NGO. During this attack, the threat actor used the upcoming World Expo 2025 – to be held in Osaka, Japan – as a lure. This further shows that even considering this new broader geographic targeting, MirrorFace remains focused on Japan and events related to it. Before the attack on this European diplomatic institute, MirrorFace targeted two employees at a Japanese research institute, using a malicious, password-protected Word document delivered in an unknown manner.

[...]

12

1

Microsoft isn't fixing 8-year-old shortcut exploit abused for spying: 'Only' a local access bug but important part of North Korea, Russia, and China attack picture (www.theregister.com)

submitted 2 weeks ago by Hotznplotzn@lemmy.sdf.org to c/technology@midwest.social

0 comments fedilink