The FCC Wants to Kill Burner Phones
The FCC Wants to Kill Burner Phones
美国联邦通信委员会(FCC)意欲终结“一次性手机”
After WIRED reported last week that Meta’s smart glasses app contained code that would enable the company to activate face-recognition features on the devices, the company removed the code this week without commenting on why or whether it plans to add such functionality back into the app later. Another WIRED investigation this week found that xAI’s Grok is still hosting sexualized deepfakes, including “nudified” images and videos, of celebrities and at least one prominent US politician.
在上周《连线》(WIRED)报道 Meta 的智能眼镜应用程序中包含一段代码,可使该公司激活设备上的面部识别功能后,Meta 本周移除了该代码,但未就原因或未来是否计划将此功能重新加入应用发表评论。本周《连线》的另一项调查发现,xAI 的 Grok 仍在托管色情化的深度伪造内容,包括针对名人和至少一位美国知名政客的“裸露化”图像和视频。
After limiting the release of its new Mythos-class AI model over concerns about its potential impacts on cybersecurity, Anthropic announced a model upgrade for partners in its limited-access group this week and launched a “safe” version of the model to the public with guardrails meant to keep the system from being used to fuel cyberattacks. Meanwhile, the United States Cybersecurity and Infrastructure Security Agency issued a new directive to federal agencies this week in reaction to new AI threats that includes a requirement to fix the most urgent software vulnerabilities in as little as three days.
在因担心对网络安全产生潜在影响而限制发布其新款 Mythos 级 AI 模型后,Anthropic 本周宣布为其有限访问组的合作伙伴进行模型升级,并向公众发布了一个“安全”版本,其中包含旨在防止系统被用于助长网络攻击的护栏。与此同时,美国网络安全与基础设施安全局(CISA)本周针对新的 AI 威胁向联邦机构发布了一项新指令,要求在短至三天内修复最紧急的软件漏洞。
As Europe looks to separate and insulate itself from US Big Tech, WIRED created a timeline that tracks all the ways EU governments, companies, and other organizations are moving away from US tech. A new open-source project dubbed Encrypted Spaces could be used to make countless mainstream collaboration apps more private and surveillance-resistant with end-to-end encryption. And illegal pharmacy and scam websites hijacked Spotify’s search rankings using fake podcasts, according to a new joint US Congressional report.
随着欧洲寻求与美国大型科技公司脱钩并建立隔离,WIRED 制作了一个时间轴,追踪了欧盟政府、企业和其他组织摆脱美国技术的各种方式。一个名为“加密空间”(Encrypted Spaces)的新开源项目,可以通过端到端加密使无数主流协作应用变得更加私密且具备抗监控能力。此外,根据美国国会的一份新联合报告,非法药店和诈骗网站利用虚假播客劫持了 Spotify 的搜索排名。
The 2026 World Cup is in full swing, and WIRED looked at the surveillance technologies, from anti-drone tech to face recognition, that are being used in US, Canadian, and Mexican stadiums. We also mapped every Flock license plate reader near a US World Cup stadium. More broadly, Amnesty International said this week that it has concluded fans in all three host countries—both local residents and visitors—face potential human rights violations as a result of the FIFA tournament.
2026 年世界杯正如火如荼地进行,WIRED 审视了美国、加拿大和墨西哥体育场内使用的监控技术,从反无人机技术到面部识别技术。我们还绘制了美国世界杯体育场附近所有 Flock 车牌识别器的地图。更广泛地说,国际特赦组织本周表示,其结论是,由于国际足联(FIFA)的赛事,所有三个主办国的球迷——包括当地居民和游客——都面临潜在的人权侵犯风险。
The American Civil Liberties Union is suing two Florida police departments over its use of FACES, one of the longest-running face recognition tools in the US, after its alleged misuse led to the wrongful arrest of a Fort Myers man. Donald Trump, meanwhile, jeopardized the future of a key surveillance authority after selecting Bill Pulte, who’s been described as “deeply unqualified,” as the acting director of national intelligence. (Trump has since selected an alternative nominee for the permanent role.)
美国公民自由联盟(ACLU)正在起诉佛罗里达州的两个警察局,原因是其使用了美国运行时间最长的面部识别工具之一 FACES,此前该工具的涉嫌滥用导致了一名迈尔斯堡男子被错误逮捕。与此同时,唐纳德·特朗普在选择被形容为“极度不称职”的比尔·普尔特(Bill Pulte)担任国家情报代理局长后,危及了一个关键监控机构的未来。(特朗普此后已为该常设职位选择了另一位提名人。)
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
还有更多内容。每周,我们都会汇总那些我们未进行深度报道的安全与隐私新闻。点击标题即可阅读完整报道。祝大家平安。
A New FCC Proposal Could Kill Burner Phones—and Every Other Anonymous Cellular Service
FCC 的一项新提案可能终结“一次性手机”及所有其他匿名蜂窝服务
As difficult as digital anonymity has become in the modern world, obtaining a phone number without revealing almost any identifying information—whether by buying a temporary burner phone or registering an account with a privacy-preserving phone carrier—has remained entirely legal in the US. Now the Federal Communications Commission wants to change that.
在现代社会,数字匿名变得愈发困难,但通过购买临时“一次性手机”或在注重隐私的运营商处注册账户来获取电话号码,且几乎不透露任何身份信息,在美国仍然是完全合法的。现在,联邦通信委员会(FCC)想要改变这一现状。
Late last month, the FCC released a proposal for a new rule that would implement know-your-customer requirements for cellular networks, requiring that cellular providers “at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services.” The proposal is described as a measure akin to money-laundering laws designed to make it more difficult for scammers to exploit the phone networks. But privacy advocates argue it also threatens a last conduit of anonymity for those seeking to evade phone surveillance—whether that’s journalists, whistleblowers, activists, or simply people seeking to avoid mass data collection in yet another facet of their communications.
上个月底,FCC 发布了一项新规提案,旨在对蜂窝网络实施“了解你的客户”(KYC)要求,要求蜂窝运营商“在授予服务访问权限之前,至少获取并保留任何新客户和续约客户的姓名、实际地址、政府签发的身份证件号码以及备用电话号码”。该提案被描述为一种类似于反洗钱法的措施,旨在增加诈骗者利用电话网络的难度。但隐私倡导者认为,这也威胁到了那些试图规避电话监控的人——无论是记者、举报人、活动人士,还是仅仅希望在通信的另一个层面避免大规模数据收集的普通人——所拥有的最后一条匿名渠道。
The new rule would threaten, for instance, to curtail the privacy promises of Phreeli, a newly launched phone carrier that allows users to register with nothing but a ZIP code. “We’re trying to help people feel more comfortable living their normal lives, where they’re not doing anything wrong, and not feel watched and exploited by giant surveillance and data mining operations,” as Phreeli’s founder, Nicholas Merrill, put it to WIRED last year. “I think it’s not controversial to say the vast majority of people want that.”
例如,这项新规将威胁到 Phreeli 的隐私承诺。Phreeli 是一家新推出的电话运营商,允许用户仅凭邮政编码进行注册。“我们试图帮助人们更舒适地过正常生活,在他们没有做错任何事的情况下,不感到被庞大的监控和数据挖掘行动所监视和剥削,”Phreeli 的创始人尼古拉斯·梅里尔(Nicholas Merrill)去年对《连线》表示,“我认为,绝大多数人都希望如此,这一点毫无争议。”
The FCC is accepting comments on the proposal until June 25.
FCC 将在 6 月 25 日前接受公众对该提案的意见。
ShinyHunter Hackers Exploit Oracle Zero-Day Bug in Intrusion Spree
ShinyHunter 黑客利用 Oracle 零日漏洞进行入侵狂潮
Google warned on Thursday that the cybercriminal group known as ShinyHunters was on a rampage through victim networks in the education sector, exploiting a critical vulnerability in Oracle’s HR and payroll software known as PeopleSoft. According to the group’s own claims, it had breached more than a hundred organizations and counting. Oracle alerted customers to the vulnerability, but not before ShinyHunters had already discovered it and begun its hacking spree. ShinyHunters has a long history of holding victims ransom, including in a notorious ransomware attack against the education software company Instructure last month that affected thousands of schools before Instructure paid a ransom to the hackers. Now it seems the group has perhaps realized the leverage it can gain over school and university targets, and has continued to seek similar victims.
谷歌周四警告称,名为 ShinyHunters 的网络犯罪团伙正在教育行业的受害者网络中横行,利用 Oracle 人力资源和薪资软件 PeopleSoft 中的一个关键漏洞进行攻击。据该团伙自称,他们已经入侵了超过一百个组织,且数量还在增加。Oracle 已向客户发出漏洞警报,但在那之前,ShinyHunters 已经发现了该漏洞并开始了黑客攻击。ShinyHunters 有着长期勒索受害者的历史,包括上个月针对教育软件公司 Instructure 的臭名昭著的勒索软件攻击,该攻击影响了数千所学校,最终 Instructure 向黑客支付了赎金。现在看来,该团伙可能已经意识到他们可以利用学校和大学目标作为筹码,并继续寻找类似的受害者。
Microsoft Releases Its Biggest Patch Tuesday Ever, Courtesy of AI
微软发布史上最大规模“补丁星期二”,得益于 AI
For years, Microsoft’s Patch Tuesday has been part of every IT administrator’s calendar. It’s the company’s cyclical release of software updates, which often includes some designed to fix serious security issues. But with the advent of AI-enabled bug hunting, the company has now carried out its biggest Patch Tuesday ever, with more than 200 bug fixes by some co
多年来,微软的“补丁星期二”(Patch Tuesday)一直是每位 IT 管理员日程表的一部分。这是该公司周期性的软件更新发布,通常包含旨在修复严重安全问题的补丁。但随着 AI 辅助漏洞挖掘技术的出现,该公司现在已经执行了其史上最大规模的“补丁星期二”,修复了超过 200 个漏洞……