Tech
Google continues its renaming streak by turning NotebookLM to Gemini Notebook
Google might launch an AI product with one name during its experimental phase, but it will eventually tie it all to Gemini. In the latest example of this trend, the company is renaming its AI-powered research product NotebookLM to Gemini Notebook. The company is also adding features to make the tool more interactive by infusing coding execution for data analysis.
The company first showed off NotebookLM during Google I/O in 2023 as Project Tailwind, and since then, it has made it into a product used by 30 million people and over 600,000 organizations. In the last three years, the company has added capabilities like interactive podcast generation, curated notebooks, video overviews, support for more file types, and an enterprise plan.
Because of NotebookLM, other companies and startups have added capabilities for podcast generation from source material and research tools.
Along with renaming, Google is rolling out a new update that makes each notebook its own secure container, in which users can generate code to make outputs interactive. It noted that with code execution ability, users can tap into multiple sources and create complex data analysis directly within the tool.
The company said the update is available to Google AI Ultra paid plan users, along with Workspace business customers with AI Ultra Access and AI Expanded Access. Pro users will get access to this feature in the coming weeks.
Google said that users can already look at their notebooks within the Gemini app, and soon, they will be able to access them through AI Mode in search.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
Period tracker Stardust shares users’ health data with analytics firm, says Mozilla research
“Your data is private. Period,” says period tracker Stardust on its website. As new research by Mozilla discovered, some users might find that claim to be a stretch.
According to Mozilla’s latest findings examining the privacy practices of period-tracking apps, Stardust was found to be sharing users’ sensitive health information with third-party analytics company RudderStack. This data included the user’s birthdate, birth control type, reproductive goals, and specific symptoms that the user was experiencing, and it tied that record to a unique identifier in place of the person’s name. (The FTC has long warned that this does not make the data anonymous or prevent it from being linked back to a person.)
Mozilla’s research underscores the security and privacy risks with using period tracking and other health apps that share data with third parties. Oftentimes this happens as background activity within the app, and isn’t visible to the user. It’s not uncommon for apps to share data with other services for storage, analytics, and payments, but sharing users’ information with third parties inherently carries risks, such as potential security lapses, data breaches, or having the data sought by law enforcement.
TechCrunch previously wrote about Stardust in 2022 after the app surged in downloads following the overturning of the constitutional right to seek an abortion in the United States. Stardust claimed it was end-to-end encrypted — meaning that not even the company could access its users’ data — but TechCrunch found by analyzing the app’s network traffic that the company’s claim was false.
Mozilla security researcher Shoshana Wodinsky used a similar technique of analyzing the network traffic of several period trackers, including Stardust, to understand how the apps collected and shared data (if at all) with third parties. Wodinsky found that Stardust was the only app out of the six tested that shared the user’s sensitive health data with another company.
As quoted by BBC News, a Stardust spokesperson said that RudderStack is “contractually prohibited from selling or using it for its own purposes.” As U.S.-based companies, both Stardust and RudderStack can still receive demands for users’ information from law enforcement for users’ health information that’s stored on their servers.
Stardust founder Rachel Moranis did not respond to TechCrunch’s request for comment on Thursday, or questions about whether the company has received demands for its users’ data. A spokesperson said in an email after publication that the company “has never received any requests, demands, or legal process for user data from authorities or third parties.”
Of the six apps tested by Wodinsky, Mozilla recommended Euki as “squeaky clean,” as the app was not seen to be sharing any data with third parties with its core features, and the user’s health data did not leave their device.
Updated with comment from Stardust.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
UK cops say arrest of two young hackers disrupted the operations of an infamous hacking group
U.K. police said on Thursday that the jailing of two hackers has “severely” hampered the activities of the infamous cybercrime group known as Scattered Spider.
Owen Flowers, 18, and Thalha Jubair, 20, pleaded guilty earlier this year to hacking Transport of London (TfL), the government body overseeing the U.K. capital’s public transit system, in 2024. The two were sentenced to five years and six months in prison on Thursday.
The jailing of Flowers and Jubair is a reminder that, sometimes, the most dangerous and effective hackers don’t work for sophisticated government agencies with millions of dollars of budget. More often, they are rather very young and smart hackers motivated by money and infamy among their peers.
Groups such as Scattered Spider, as well as ShinyHunters, another cybercriminal collective, often target and exploit employees and individuals rather than computer systems, a strategy that’s both effective and hard to counter.
While hacking groups’ members tend to come and go, the groups themselves can rebrand. But British authorities are convinced the jailing of Flowers and Jubair represents a significant blow to Scattered Spider, an amorphous group that’s been linked to dozens of high-profile attacks, such as those against casino giant MGM, airline WestJet, and cybersecurity firm Okta. These attacks in turn gave the hackers access to several of these companies’ customers.
“Scattered Spider has been the most significant cybercrime threat to the U.K. in recent years. Through this investigation, we have severely disrupted that threat and brought key offenders to justice,” said Paul Foster, the head of the U.K. National Crime Agency’s National Cyber Crime Unit.
The two hackers were behind the cyberattack against TfL in summer 2024, which took the system’s infrastructure offline, including the ticketing system, and the online real-time train arrival information system. The disruptions lasted for weeks.
Flowers and Jubair were arrested a year later. At the time, the FBI accused Jubair of being involved in attacks on more than 120 companies using social engineering tactics.
Authorities said the attack against TfL resulted in losses of around £29 million (around $47 million). The two hackers had such deep access to TfL systems that they “could have shut out and shut down TfL completely,” and held “the keys to the kingdom” to the company’s systems, according to The Guardian.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Tech
Yes, you can now order DoorDash from the command line
Sudo make me a sandwich. The future has arrived! DoorDash just introduced a limited beta of DoorDash CLI, a command-line tool for developers that lets you order DoorDash directly from your AI agent. The tool can be used to search stores, find deals, and check out, the company says.
Called “dd-cli,” the new tool is open to U.S. and Canadian macOS developers via a waitlist, said DoorDash co-founder and CTO Andy Fang in a post on X. DoorDash was asked for comment about the new feature.
The announcement is getting a lot of attention because, on the face of it, it’s rather funny. Command-line tools are associated with programming, not ordering lunch. An AI agent running commands to order your salad or sandwich can initially feel somewhat absurd.
But the DoorDash CLI isn’t actually a joke; it’s an example of what agentic commerce can look like.
With this move, the company is exposing DoorDash’s ordering platform to AI agents, allowing developers to add functionality to their own software and services. That means instead of visiting DoorDash’s app, developers could build their own tools for ordering food, groceries, or finding local lunch deals, among other things, or use those capabilities as building blocks that are combined with other tools.
DoorDash, too, has experimented with offering its service via iMessage and now has its own AI chatbot, “Ask DoorDash” — offering two examples of how agentic commerce can work. It also exposes its service to AI chatbots, like OpenAI’s ChatGPT and Claude.
The company’s sign-up form for access to the new CLI tool includes a field asking developers what they would build, if allowed into the beta.
The launch has a bit of humor to it, as it recalls that old XKCD comic about programmers automating ridiculous tasks — like making a sandwich. In the comic, a programmer says “make me a sandwich,” and the other person responds, “What? Make it yourself,” so the programmer says “sudo make me a sandwich,” and the other person says “OK.” (It’s programming humor, okay?)
The attached video in the X post leans into the over-engineering angle, as it reads Slack, recalls memories, parses JSON, inspects menu structures, runs Python scripts, recovers from errors, and calculates totals, just to do something as simple as ordering three salads. As the task runs, the interface reads “Flibbertigibbeting,” making the whole thing even funnier.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
