Earlier this year, FIFA named YouTube a preferred partner for experiencing the World Cup 2026. On Wednesday, the next step in this partnership was announced, with the inaugural YouTube FIFA Creator Cup. It’s an exhibition match that’ll feature popular content creators from the platform, as well as athletes and celebrities. It’ll take place in New York City on July 12, ahead of the FIFA World Cup Final.

The Creator Cup is the latest step in FIFA’s moves to broaden soccer’s appeal through creator-involved content, potentially reaching the platform’s digital audience. The creators, athletes and celebrities competing in the match will be announced closer to the date.

Being a FIFA preferred partner means YouTube will, for the first time ever, broadcast unique World Cup-themed coverage — including the ability for viewers to stream the first 10 minutes of each game live on approved creators’ channels. 

The roster of approved creators includes: Anwar Jibawi, Ara y Fer, Ashley Alexander, Celine Dept, Courtreezy, Deestroying, Haley Kalil, Horchata Soto, Howieazy, Jeenie Weenie, Jenny Hoyos, Jesser, Kelly Wakasa, Kika Kim, KYLECTRIX, Kwak Yoongy, Max the Meat Guy, Neagle, Noor Stars, The Sidemen, Sonrixs, TokaiOnAirRYO, Viniblogger and Zhong.

According to the platform, these creators have collectively amassed more than 350 million subscribers, all specializing in different content niches from sports analysis to food features, social challenges and travel videos. This means you’ll have an array of options to choose from for unique programming featuring your favorite YouTube personalities, all while still getting your World Cup fix.

A YouTube spokesperson didn’t immediately respond to our request for further comment.

Algorithms. Beauty filters. Endless scrolling.

The case over “social media addiction” against Meta and Google in a California courtroom ultimately came down to these elements, legal experts say, and what a jury found was negligence on social media companies’ part when designing apps where tweens and teens would come to spend roughly one-fifth of their day.

Joseph McNally, former federal prosecutor and director of Emerging Torts and Litigation at McNicholas & McNicholas in California, says jurors agreed with the novel legal argument that Meta and Google were negligent in their design of Instagram and YouTube, respectively, contributing to the mental health problems of the plaintiff. Parent companies of Snapchat and TikTok settled with the plaintiffs before the trial.

McNally and other experts tell EdSurge the verdict will affect thousands of similar cases and influence how tech companies roll out their features — and that the legal tussle over where liability falls when it comes to youth mental health isn’t over yet. With the social media giants vowing to appeal, the case could end up before the U.S. Supreme Court.

Email Evidence

The impact left by the presentation of internal company emails was undeniable, McNally says. Internal Meta communications showed that employees raised alarms about the potential harm to teen girls posed by a beauty filter. Documents also showed they knew that users much younger than 13 — the minimum age required for sign up — were on their platforms, he adds.

“They looked the other way because — the plaintiffs argued — they had a long-term benefit, long-term value of hooking those users early,” McNally says. “I think that the emails painted a picture of a company whose own employees were raising concerns about features in the product, and the plaintiff effectively used those emails to show that they knew about the risk of the product.”

“Addictive” Design

If Meta and Google had settled, the court wouldn’t have had cause to grapple with the legal question of whether social media companies can be held liable for harm caused by their design. But from the defense’s perspective, tech companies had been solidly protected by Section 230 in the past, explains Princess Uchekwe, corporate attorney and founder of The Chief Counsel in New York. That’s the part of the 1996 Communications Decency Act that shields websites and online platforms from being sued over content posted by users.

Just one day before the California verdict, a New Mexico jury found Meta liable in a $375 million consumer protection lawsuit over its failure to protect children from social media harm on its platforms.

“What the lawyers for the plaintiffs were arguing is, essentially, it’s not the content that we have a problem with,” Uchekwe says, “It’s the fact that when people use your platform, you have implemented certain features that make it almost impossible for people to leave. You can scroll into the bottomless pit of hell on Instagram, and nothing ever tells you, ‘Maybe you should pause.’”

The Appeal of an Appeal

The $6 million in damages is a drop in the bucket for the two social media giants, but McNally says there are potential benefits to appealing the ruling anyway. There are thousands more consumer lawsuits against social media companies around the country, with school districts joining as plaintiffs.

One is that an appellate court might find that the long-time protections that social media companies have relied on should have come into play. The verdict barreled through the defenses raised by Section 230, which protects platforms from claims of harm caused by third-party content. It’s a policy that makes a free and open internet possible.

“[Section] 230 has resulted in the dismissal of hundreds of lawsuits over the years where they would’ve otherwise faced hundreds of millions of dollars in liability,” McNally says. “An appeal [based on] Section 230, which is a federal statute, could make its way up to the Supreme Court, who would have the final word on the scope. [If the] court of appeals remanded it back to the trial court and said, ‘Look, Section 230 applies,’ it would essentially bar these claims [of harm caused by the design].”

Uchekwe says failure to win an appeal could be “almost devastating” for tech companies due to the sheer amount of damages they could have to pay across thousands of similar lawsuits, along with the cost of restructuring how their apps function. That could mean rethinking features like targeted algorithms, the ability to endlessly scroll and notifications that draw users back into the app.

“Not only social media companies,” Uchekwe says, “all tech companies that have implemented things like that, especially if they have children as a base, are going to have to start reconsidering.”

First Amendment Question

There’s also a First Amendment case to be made, McNally adds. Some legal experts, including UC Berkeley law professor Erwin Chemerinsky, argue that the “addictive” algorithms that came under fire during the trial are protected free speech. If that argument succeeds on appeal, it could stop the legal cases arguing product liability in their tracks.

“If the Supreme Court overturned it based on Section 230 and the First Amendment, it’s unlikely there’s going to be a new trial. It would likely be dismissed,” McNally says. “I won’t say that with certainty, but the prospects of dismissal would be pretty good for the defendants.”

Ripple Effect

McNally says the fact that a jury ruled Meta and Google’s app features were “unreasonably unsafe for its users” creates challenges for them in the swaths of similar lawsuits they’re facing. Plaintiffs in those cases still must prove a direct link between the social media companies and the harm they’re alleging.

“I think it’s going to result in some cases probably moving closer to settlement, but in all those cases, I think that the defendants are going to be looking closely at the causation issue,” McNally says. “There’s probably other cases out there where the evidence of causation is not as strong, and those cases may be harder for a plaintiff to get across the finish line.”

Uchekwe predicts that if the verdict sticks, tech companies — especially those with users who are under 18 — will be forced to retool their app features to encourage users to spend less time on their platforms. That could hurt the companies’ ad revenue and their ability to gather data on users.

“Undoing some of those things may decrease their bottom line, but I’m not sure it will do it to the extent that it’s detrimental to their revenue,” Uchekwe says. “If you weigh the benefits of putting these safeguards in for children versus your revenue, I never think that your profit should come at the expense of a generation of people.”

Apple has terminated support for AFP in macOS 27, effectively killing off the Time Capsule. However, affected owners might be able to revive their hardware.

A long-discontinued network storage device, Time Capsules gave Mac users a way to back up over a home network using Time Machine. While the hardware hasn’t been available for quite a few years, support continued up to macOS 26.

However, as warned in macOS Sequoia 15, support for the Apple Filing Protocol, AFP, was being deprecated and removed in a future macOS release. That turned out to be macOS 27, thanks to a notice in macOS 26 warning about the end of support for AirPort Disk and other Time Capsule disks.

This is an issue that affects Time Capsule specifically, as it relies on AFP for its connectivity. While Time Capsule does include support for SMBv1 (Server Message Block), it was only supported in macOS 26 as a deprecated measure.

From macOS 27 onwards, Time Machine will require hardware using SMBv2 or SMBv3. This will mean it will work with modern NAS devices, but not Time Capsules.

Life finds a way

While Time Capsules in their normal state won’t work for Time Machine, there are efforts to try and add the required functionality to the hardware.

A GitHub project we wrote about in April, titled TimeCapsuleSMB, aims to update the outdated SMB layer with a newer one, while keeping Apple’s firmware untouched. This way, Apple’s file sharing stays enabled, so your internal disk, or connected USB ones, keep auto-mounting and working on the forthcoming macOS 27.

Really, it’s a modern Samba build to manage file sharing that’s loaded onto the Time Capsule. It runs Samba 4.24.3 server, advertises itself with Bonjour, and accepts authenticated SMB3 connections.

At that point, assuming the project ever works, you can connect to the server using a normal SMB URL, and then use it for Time Machine backups.

When we first wrote about the project, there were concerns that it was more a proof-of-concept than a full project. However, at the time of publication, there have been many commits to the project, including some that are just hours old.

According to the project’s requirements, you need to use a Mac running macOS 14 or later, or a Linux device on the same local network as the Time Capsule. You also need the password for the Time Capsule, as well as Homebrew, Python 3.9 or later, and smbclient installed locally.

The instructions to install it are quite complex, which puts the project out of reach of the typical user. However, near the top is a “Quick Start” option that relies on just five commands, streamlining the process.

As it stands, Time Machine users have few choices in how they maintain their backups. They could look for an external drive or invest in a NAS, as the most obvious, if expensive, solutions.

But, with a project like TimeCapsuleSMB, there’s a chance of reviving an underappreciated part of Apple’s former product line.

SECURITY

The CEO thought this was the best way to deal with some email issues

PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here.

Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request.

This week’s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He’s been in the industry for more than a quarter of a century and he knows where the bits are buried. 

At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly.

The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees’ login credentials.

The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file.

In any decent security setup, no one in the company has access to anyone else’s password. Even the head of the IT department should not know another employee’s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems.

But this company’s CEO wanted the usernames and passwords for reasons I’m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague had sent secret information to the entire company via email and he had spent the evening logging into every single account and deleting the message before anyone could see it.

Just in case other messages were sent in error in the future, the CEO wanted the ability to log into all the relevant accounts and delete them himself. Perhaps for the same reason, he would not allow MFA (multi-factor authentication), because that would have kept him out of people’s inboxes. He was adamant even though the company had been the victim of a ransomware incident previously. 

“Despite repeated advice, he held that position for around four months, until we were able to demonstrate that the IT team could remove messages centrally using fairly simple administrative commands, without needing everyone’s password,” Irwin said.

Even after getting rid of the Excel sheet of shame, the boss still refused to turn on MFA and the company subsequently suffered two data breaches involving sensitive client data. 

Unfortunately, this company wasn’t the only one that Irwin worked with where the management had something against MFA. Another client, this one in the medical sector, was opposed to multi-factor authentication because it “made things just a little too hard” for the external consultants they were using to access their systems.

During the time that Irwin worked with that company, they got lucky and no one breached them. But since then, he’s seen signs that their data was available on the dark web. No word on whether they ever switched MFA on.

There’s plenty to learn from Irwin’s two clients, but it’s all pretty obvious. First, don’t let anyone, even administrators or CEOs, have other people’s passwords. If someone has to get into another person’s email account, have IT use administrative access. Second, always enable MFA, preferably MFA with passkeys. ®

Chaotic Eclipse, the security researcher Microsoft threatened with criminal prosecution, has published a seventh Windows zero-day exploit. Called RoguePlanet, it grants attackers SYSTEM privileges on fully patched Windows 10 and 11 machines. The researcher released the proof-of-concept hours after Microsoft shipped its June Patch Tuesday update, which fixed a record 200 vulnerabilities.

RoguePlanet exploits a race condition in Windows Defender’s internal processing logic. Specifically, it is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability. An unprivileged user can redirect a file operation performed by Defender, which runs as SYSTEM, to execute attacker-controlled code at the highest privilege level.

“The exploit is a race condition, so it’s a hit or miss,” the researcher said. “I have managed to get a 100% success rate on some machines while it struggled to work on others.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Security firm ThreatLocker confirmed the flaw works and published a video demonstration. “Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described,” said CEO Danny Jenkins. He added that application allowlisting can prevent the exploit from executing.

The proof-of-concept was published on a self-hosted Git repository after the researcher said Microsoft had both GitHub and GitLab repositories hosting earlier work removed. This is part of an escalating dispute. Microsoft invoked its Digital Crimes Unit against the researcher and revoked access to their Microsoft Security Response Center account.

Chaotic Eclipse has disclosed seven zero-days in a matter of months: BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, MiniPlasma, and now RoguePlanet. Microsoft’s June Patch Tuesday fixed two of them, GreenPlasma and YellowKey, but the rest remain unpatched. The researcher says the disclosures are retaliation for how Microsoft handled the process.

“They mopped the floor with me and pulled every childish game they could,” the researcher wrote. “I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer.”

The timing is pointed. Microsoft’s June Patch Tuesday was its largest ever, fixing 200 vulnerabilities including 33 rated critical and three publicly disclosed zero-days. Analysts attribute the surge in part to AI-assisted code auditing, which is finding vulnerabilities faster than defenders can patch them. RoguePlanet arriving hours after the record update underscores the gap: even the biggest patch cycle in Microsoft’s history was immediately obsolete for anyone running Windows Defender.

[Dennis] is on YouTube with his channel “Made By Dennis,” but for the record he is a maker, not a V-tuber. On the other hand, his latest project– creating a profesisonal-level tracking rig with DIY IR cameras and a whole lot of moxie–does mean he’s now equipped to make the move to the prestigious, high-status world of pretending to be an anime girl.

That is of course not why he did it. Like most projects around here, the motivation was more a case of “I wonder if I can…”– in this case [Dennis] wondered what it would take for him to pull off the same sort of optical motion capture, or MoCap, that is used in Hollywood studios. Optical mocap has the advantage of being very precise, able to track things at high speeds, and not being in any way limited to the human form like the slew of AI-assisted methods hitting the market right now. The disatvantage is that you need to place markers on any part of your subject you want tracked, film them from all angles, and process a whole lot of pixels. In [Dennis]’s case, it ended up being about four billion. Keeping in mind that actually locating those points in 3D space is dependent on knowing exactly where your cameras are: if you want sub-millimeter precision, your cameras need to be fixed with sub-millimeter tolerance. It’s a big project, hence a long video, which is embedded below.

The DIY cameras use a AR0234 MIPI camera on a custom PCB with M12 lenses and IR filters. To improve the signal-to-noise ratio on optical MoCap, it’s standard to use near-IR light. The camera boards, as you might expect given the MIPI interface, hook into Raspberry Pi compute modules– the cheapest CM4 should work, though he’s using CM5s. The compute modules sit on custom boards that provide PoE, and some other niceties– like a small microcontroller driven by the pulse-per-second pin to help trigger the cameras in sync.

Each camera gets a ring light of near-IR LEDs that pulse at 160 W, which would be way more than PoE is specced to provide, but since the LEDs are only on when the camera is taking a frame, the average power is well within allowable limits. With 16 cameras each having their own ring light, that’s a lot of near-IR photons. Don’t forget your safety squints!

Rather than process the images with OpenCV, he has his own custom solution optimized for this use-case that [Dennis] reports is 300x faster. Luckily, he’s put his implementation on GitHub, along with the rest of the project. Even if you don’t have any v-tubing ambitions, this project is very impressive and worth checking out in its entirety.

Optical MoCap isn’t the only game in town, of course. If you want to do this cheap and easy, you can strap a bunch of IMU sensors to yourself– just don’t expect the same precision.

Thanks to [Dennis] for the tip!

Following its 2024 acquisition of McIntosh and Sonus faber, Bose is making another calculated move in connected audio with the acquisition of StreamUnlimited Engineering GmbH, a Vienna-based company that supplies streaming software platforms, hardware modules, app frameworks, certifications, and engineering support for audio and smart home manufacturers.

This is not just Bose buying another parts supplier. StreamUnlimited gives Bose something far more useful: the software plumbing and certification backbone needed to build, support, and potentially license connected audio products across multiple brands and categories. That matters for Bose, but it may matter even more for McIntosh and Sonus faber, two premium audio brands that need stronger streaming ecosystems if they are going to compete in a market increasingly shaped by BluOS, Sonos, HEOS, WiiM, AirPlay, Google Cast, Spotify Connect, TIDAL Connect, Qobuz Connect, and Roon.

The deal also gives Bose a broader path to embed its proprietary audio technologies, including Sound by Bose and the Bose WaveForm Audio Engine, into more products beyond its own speakers and headphones. That could include smart speakers, soundbars, multiroom systems, mobile devices, wearables, automotive audio, and third-party connected products. In other words, Bose is not just chasing another box for the shelf. It is buying the infrastructure needed to make its audio technology travel farther.

Two current examples of Bose’s Sound by Bose strategy already exist in the wild: Epson’s Lifestudio projector lineup and Skullcandy’s Method 360 ANC earbuds. In both cases, Bose is not selling a finished Bose-branded speaker or headphone. It is licensing its audio tuning, acoustic design, and performance credibility into third-party products that need better sound to stand out. 

That makes the StreamUnlimited acquisition more interesting. If Bose can combine Sound by Bose with StreamUnlimited’s streaming software, app frameworks, hardware modules, certification work, and connected-audio engineering, the company gains a much wider path to expand beyond its own products. Epson and Skullcandy show the basic strategy. StreamUnlimited could help scale it.

“As connected ecosystems scale and become more complex, how devices work together is a central driver of value,” said Nick Smith, president of Bose Audio Technology and chief strategy officer. “StreamUnlimited has built a trusted position at the center of this coordination layer, where interactions between devices are defined and orchestrated. We’re excited to welcome their team to Bose as we bring our capabilities to more partners, products, and experiences.” 

“We look forward to joining with Bose as we expand StreamUnlimited’s offerings and accelerate the development of next-generation intelligent audio experiences for our customers,” said Frits Wittgrefe, CEO at StreamUnlimited. Markus Rutz, CTO at StreamUnlimited, added, “There is a significant opportunity to further advance the orchestration capabilities at the core of our platform, enabling more seamless, adaptive, and AI-driven audio ecosystems. This will unlock broader access to new streaming technologies, services, and capabilities, positioning us for continued growth as the market evolves.” 

StreamUnlimited will continue to support both current and new customers, while extending its expertise into new markets. Its solutions will remain fully supported, interoperable, and open to integration with third-party technologies, products, and ecosystems.

Additional information about the acquisition, including financial and other transaction terms, remains confidential at this time.

The Bottom Line 

Bose’s acquisition of StreamUnlimited is not about turning McIntosh and Sonus faber into Bose-branded lifestyle products. So far, both brands have continued on their own legacy paths. What this deal really gives Bose is something more strategic: the software, streaming, app, certification, hardware-module, and engineering infrastructure needed to compete in connected audio at a much larger scale.

That matters across the portfolio. Bose gets more control over the platform layer behind smart speakers, soundbars, headphones, wearables, automotive systems, and third-party products using Sound by Bose. McIntosh could benefit from stronger connected amplifiers, streamers, preamps, and in-car systems without losing its identity. Sonus faber gains a clearer path toward active, wireless, and lifestyle products that still feel like Sonus faber, not another anonymous app-controlled box.

The AI angle is part of the story, but not the whole story. StreamUnlimited gives Bose a foundation for more adaptive, personalized, voice-enabled, and software-driven audio experiences. That does not mean Bose bought an AI company or that a Bose rival to BluOS, Sonos, HEOS, or WiiM appears tomorrow. It means Bose now owns more of the plumbing required to build one, license one, or embed its technology more deeply into other companies’ products.

Bose is no longer just chasing the next speaker or headphone. It is building a broader audio technology ecosystem that can live inside its own products, its luxury brands, and the products of third-party partners. That is the real move.

Related Reading: