10 interesting stories served every morning and every evening.

StreetComplete

streetcomplete.app

Help im­prove OpenStreetMap with StreetComplete! This app finds miss­ing map data in your vicin­ity and dis­plays it on a map as quests. Solve each quest by vis­it­ing the lo­ca­tion on-site and an­swer­ing a sim­ple ques­tion to up­date the map. The info you en­ter is di­rectly added to OpenStreetMap in your name, with­out the need to use an­other ed­i­tor.

Microsoft Fire idTech Team at id Software

gamefromscratch.com

id Software are with­out a doubt one of the most im­por­tant game de­vel­op­ers in the first per­son genre his­tory. The tech­nol­ogy em­pow­er­ing their games, idTech pow­ers a shock­ing num­ber of games and even game en­gines ( we ranked it 4th in our Most Important Game Engines of all Time rank­ing). This era might be com­ing to a close as it’s be­ing re­ported that most, if not all, de­vel­op­ers work­ing on idTech at id Software have been fired.

This comes as part of the MASSIVE lay­offs across all Xbox di­vi­sions. Asha Sharma, the new CEO of Xbox tweeted the email that was sent to the en­tire com­pany. It ex­plains why the lay­offs are hap­pen­ing, start­ing with:

We are be­gin­ning the most sig­nif­i­cant re­struc­ture in XBOX his­tory. After care­ful con­sid­er­a­tion, I’ve made the dif­fi­cult de­ci­sion to re­duce our team by ap­prox­i­mately 3,200 through­out FY27. This will in­clude ap­prox­i­mately 1,600 role elim­i­na­tions to­day, and in ad­di­tion, four stu­dios will leave XBOX to new man­age­ment. I rec­og­nize that a year-long re­struc­tur­ing cre­ates ad­di­tional chal­lenges. Unfortunately, it is not pos­si­ble to make all the nec­es­sary changes in a sin­gle day, and I wanted to be di­rect about the scale.

We are be­gin­ning the most sig­nif­i­cant re­struc­ture in XBOX his­tory. After care­ful con­sid­er­a­tion, I’ve made the dif­fi­cult de­ci­sion to re­duce our team by ap­prox­i­mately 3,200 through­out FY27. This will in­clude ap­prox­i­mately 1,600 role elim­i­na­tions to­day, and in ad­di­tion, four stu­dios will leave XBOX to new man­age­ment. I rec­og­nize that a year-long re­struc­tur­ing cre­ates ad­di­tional chal­lenges. Unfortunately, it is not pos­si­ble to make all the nec­es­sary changes in a sin­gle day, and I wanted to be di­rect about the scale.

Since this an­nounce­ment, sev­eral ad­di­tional de­tails have been made avail­able about the im­pact of the lay­offs, sev­eral sur­round­ing id Software, start­ing with this Tweet from Apogee founder Scott Miller:

Additionally Rebs Gaming tweeted the fol­low­ing linked in post from im­pacted id Software de­vel­oper and 20+ year id vet­eran Michael Maynard:

Key Links

XBox CEO Email to Employees

Game Industry.biz Coverage of Layoffs Across Studios

You can learn more about the XBox lay­offs, the idTech game en­gine and more in the video be­low.

Showdown in Strasbourg: The unexpected return of Chat Control 1.0

www.heise.de

The European Parliament cleared the way for a re­newed ex­ten­sion of the so-called Chat Control” on Tuesday af­ter­noon. With a nar­row ma­jor­ity of 331 to 304 votes and eleven ab­sten­tions, the MEPs voted for an ur­gency mo­tion that Parliament President Roberta Metsola had put on the agenda at short no­tice at the be­hest of the mem­ber states and the EPP group. This al­lows Parliament to vote again on the con­tro­ver­sial plan on Thursday, its last ses­sion be­fore the sum­mer break.

The aim of this ma­neu­ver: to re­in­state the tran­si­tional reg­u­la­tion for Chat Control, which ex­pired in April. This ex­cep­tion reg­u­la­tion al­lowed tech gi­ants like Meta, Google, or Microsoft to vol­un­tar­ily search pri­vate chats, emails, and mes­sen­ger ser­vices for ma­te­r­ial re­lated to child sex­ual abuse with­out spe­cific sus­pi­cion. Parliament had not agreed to a re­newed ex­ten­sion, and the reg­u­la­tion had there­fore ex­pired in April.

The vote was pre­ceded by a back-and-forth, with op­po­nents call­ing it an un­prece­dented par­lia­men­tary ma­neu­ver. Pirate MEP Markéta Gregorová ac­cused the con­ser­v­a­tive European People’s Party (EPP) of en­gag­ing in a farce and vi­o­lat­ing its own rules of pro­ce­dure. She ap­pealed in vain to her col­leagues to vote against Chat Control again. Metsola nar­rowly de­fended the pro­ce­dure, stat­ing she was ad­her­ing to all rules.

Supporters re­ceived back­ing through pres­sure from the EU Commission. Four Commissioners had ur­gently warned the peo­ple’s rep­re­sen­ta­tives in a let­ter shortly be­fore the vote about a con­tin­u­ing reg­u­la­tory gap. Without the scans, per­pe­tra­tors would not be held ac­count­able, and al­most all abuse ma­te­r­ial would re­main undis­cov­ered — even though Meta & Co. are cur­rently still pro­vid­ing re­ports. Parliament could not go into the sum­mer break like this, ac­cord­ing to the EPP.

AfD MEP Mary Khan, on the other hand, com­plained that a law that had al­ready been re­jected was be­ing re­vived through the back door us­ing salami-tac­tics un­til the de­sired out­come was achieved. No one wants to weaken child pro­tec­tion, but that should not jus­tify putting all cit­i­zens un­der gen­eral sus­pi­cion and le­git­imiz­ing mass sur­veil­lance. In fact, Parliament had re­jected a re­newed ex­ten­sion of this Chat Control by a clear ma­jor­ity in March and April af­ter failed ne­go­ti­a­tions with the EU mem­ber states.

The fact that the dossier is now land­ing in the ple­nary again at the urg­ing of the gov­ern­ments and the Parliament President is also caus­ing frus­tra­tion among the ne­go­tia­tors. Rapporteur Birgit Sippel (SPD) spoke of an un­fair ma­neu­ver by the EU coun­tries and re­fused her sup­port. Nevertheless, the Social Democratic group caved in be­fore­hand and sig­naled its ap­proval for the ur­gency pro­ce­dure, which en­sured the nec­es­sary ma­jor­ity.

Procedural tricks un­til the last ses­sion day

The pro­ce­dure now cho­sen gives the pro­po­nents of Chat Control a sig­nif­i­cant tac­ti­cal ad­van­tage. Since the law is in its sec­ond read­ing, an ab­solute ma­jor­ity of 361 votes of all par­lia­ment mem­bers is re­quired for amend­ments or a re­newed re­jec­tion on Thursday. In con­trast, a sim­ple ma­jor­ity of the MEPs pre­sent is suf­fi­cient for the other side. As many par­lia­men­tar­i­ans have his­tor­i­cally al­ready de­parted by the last day be­fore the sum­mer break, the re-en­act­ment of the reg­u­la­tion is con­sid­ered al­most un­avoid­able.

Had the MEPs re­jected the ur­gency, the draft would have gone to the re­spon­si­ble Committee on Civil Liberties, Justice and Home Affairs, where a legally sound com­pro­mise could have been worked out af­ter the sum­mer break.

IT se­cu­rity re­searchers have re­peat­edly warned in ur­gent let­ters about un­ac­cept­ably high er­ror rates of the AI scans used, which en­dan­gered the pri­vacy of in­no­cent cit­i­zens. A board mem­ber of the Society for Informatics even filed an ur­gent ap­pli­ca­tion with the Federal Constitutional Court. Civil rights ac­tivists like Patrick Breyer even fear that the re­newed tran­si­tional sta­tus will re­lieve po­lit­i­cal pres­sure on EU gov­ern­ments to en­gage in a much more ef­fec­tive and tar­geted per­ma­nent suc­ces­sor reg­u­la­tion to the blocked Chat Control 2.0.

(vbr)

Don’t miss any news — fol­low us on Facebook, LinkedIn or Mastodon.

This ar­ti­cle was orig­i­nally pub­lished in

German.

It was trans­lated with tech­ni­cal as­sis­tance and ed­i­to­ri­ally re­viewed be­fore pub­li­ca­tion.

Chat Control 1.0 vs 2.0

fightchatcontrol.eu

The tem­po­rary, vol­un­tary scan­ning regime — adopted in 2021, re­jected by Parliament in March 2026, ex­pired in April 2026, and now the sub­ject of an un­prece­dented re­vival at­tempt.

Jul 14, 2021

Temporary dero­ga­tion adopted

Regulation (EU) 2021/1232 cre­ates a tem­po­rary ex­cep­tion to the ePri­vacy Directive, giv­ing providers a le­gal ba­sis to vol­un­tar­ily scan pri­vate mes­sages for child sex­ual abuse ma­te­r­ial. Originally set to ex­pire 3 August 2024.

Apr 29, 2024

First ex­ten­sion

With the per­ma­nent reg­u­la­tion (Chat Control 2.0) nowhere near agree­ment, the dero­ga­tion is ex­tended un­til 3 April 2026.

Dec 18, 2025

Commission pro­poses sec­ond ex­ten­sion

The Commission pro­poses ex­tend­ing the dero­ga­tion by an­other two years, to April 2028.

Mar 2, 2026

LIBE com­mit­tee re­jects the ex­ten­sion

In a sur­prise vote, the Parliament’s civil lib­er­ties com­mit­tee re­jects the draft ex­ten­sion by 38 votes to 28.

Mar 11, 2026

Parliament adopts a pro­tec­tive po­si­tion

The ple­nary votes 458 – 103 for a com­pro­mise: ex­tend to 2027, but only with tar­geted and pro­por­tion­ate de­tec­tion of known con­tent, no end-to-end en­crypted com­mu­ni­ca­tions, and lim­it­ing scan­ning to sus­pected users or groups iden­ti­fied by the com­pe­tent ju­di­cial au­thor­ity.

Mid-Mar 2026

Trilogue on the ex­ten­sion col­lapses

The Council re­jects Parliament’s con­di­tions and shows no flex­i­bil­ity in ne­go­ti­a­tions; talks on the ex­ten­sion break down.

Mar 26, 2026

Parliament re­jects the ex­ten­sion out­right

311 MEPs vote against ex­tend­ing the dero­ga­tion (228 in favour, 92 ab­sten­tions). The crit­i­cal Amendment 34, re­ject­ing au­to­mated as­sess­ment of un­known pho­tos and texts, passes by a sin­gle vote (307 – 306).

Apr 4, 2026

Chat Control 1.0 ex­pires

The le­gal ground for vol­un­tary, in­dis­crim­i­nate scan­ning ends. Google, Meta, Microsoft, and Snap state they will con­tinue scan­ning pri­vate mes­sages re­gard­less.

Jun 26, 2026

Council moves to res­ur­rect the ex­pired law

EU am­bas­sadors agree to push a tem­po­rary re­vival — un­prece­dented, as Parliament’s re­jec­tion was con­sid­ered fi­nal. Because an ex­pired reg­u­la­tion can­not be ex­tended, the Council pro­poses a for­mally new law with iden­ti­cal con­tent via an ex­pe­dited pro­ce­dure.

Jul 2, 2026

Council adopts its po­si­tion

The Council adopts its po­si­tion on the new” reg­u­la­tion via writ­ten pro­ce­dure.

Jul 7, 2026

Urgency pro­ce­dure ap­proved

Parliament voted 331 – 303 (11 ab­sten­tions) to fast-track the ex­pired dero­ga­tion, skip­ping the re­spon­si­ble Committee. A bind­ing vote fol­lows on Thursday, 9 July, where an ab­solute ma­jor­ity of 361 MEPs is needed to stop it.

The per­ma­nent CSA Regulation — pro­posed in 2022, dead­locked for years, and still un­a­greed af­ter five rounds of tri­logue ne­go­ti­a­tions. Encryption re­mains the red line.

May 11, 2022

Commission pro­poses the CSA Regulation

Home Affairs Commissioner Ylva Johansson un­veils a pro­posal for a per­ma­nent reg­u­la­tion mak­ing de­tec­tion and re­port­ing of child sex­ual abuse ma­te­r­ial a le­gal re­quire­ment for plat­forms — in­clud­ing a re­quire­ment to by­pass end-to-end en­cryp­tion.

Nov 2023

Parliament adopts a pro­tec­tive man­date

No scan­ning of end-to-end en­crypted ser­vices, de­tec­tion lim­ited to vi­sual ma­te­r­ial, ju­di­cial war­rants tar­geted at spe­cific sus­pects, and no manda­tory age ver­i­fi­ca­tion.

Oct 2025

Germany breaks the Council dead­lock

After years of Council dead­lock, Germany an­nounces it will vote against manda­tory sus­pi­cion­less scan­ning. The Danish pres­i­dency drops de­tec­tion or­ders and shifts to risk as­sess­ment and mit­i­ga­tion oblig­a­tions for providers, while propos­ing to make the vol­un­tary sus­pi­cion­less scan­ning (interim reg­u­la­tion) per­ma­nent.

Nov 26, 2025

Council en­dorses its po­si­tion

The Council adopts the soft­ened Danish com­pro­mise, open­ing tri­logue ne­go­ti­a­tions. Critics note the text still al­lows voluntary” sus­pi­cion­less de­tec­tion and im­poses broad risk-mit­i­ga­tion du­ties, in­clud­ing manda­tory age ver­i­fi­ca­tion, that could re­shape pri­vate mes­sag­ing in prac­tice.

Dec 2025 — May 2026

Four tri­logue rounds

Negotiations be­tween Parliament, Council, and Commission take place on 9 December 2025, 26 February, 16 April, and 11 May 2026 — with­out agree­ment on the core is­sues.

Jun 10, 2026

Council’s own lawyers raise the alarm

The Council Legal Service states that the voluntary” scan­ning pro­posal still con­sti­tutes gen­er­alised scan­ning of com­mu­ni­ca­tions — in­com­pat­i­ble with Article 7 of the EU Charter ab­sent rea­son­able sus­pi­cion and prior ju­di­cial au­tho­ri­sa­tion.

Jun 29, 2026

Final” tri­logue fails

The fifth tri­logue, billed as the last with adop­tion tar­geted for July, pro­duces no deal. Negotiators can­not agree on mak­ing sus­pi­cion­less scan­ning per­ma­nent, as re­quested by Council. Progress is re­ported on ex­clud­ing manda­tory age ver­i­fi­ca­tion, but agree­ment is post­poned and talks con­tinue un­der the in­com­ing Irish pres­i­dency.

Jul 14, 2021

Chat Control 1.0

Temporary dero­ga­tion adopted

Regulation (EU) 2021/1232 cre­ates a tem­po­rary ex­cep­tion to the ePri­vacy Directive, giv­ing providers a le­gal ba­sis to vol­un­tar­ily scan pri­vate mes­sages for child sex­ual abuse ma­te­r­ial. Originally set to ex­pire 3 August 2024.

May 11, 2022

Chat Control 2.0

Commission pro­poses the CSA Regulation

Home Affairs Commissioner Ylva Johansson un­veils a pro­posal for a per­ma­nent reg­u­la­tion mak­ing de­tec­tion and re­port­ing of child sex­ual abuse ma­te­r­ial a le­gal re­quire­ment for plat­forms — in­clud­ing a re­quire­ment to by­pass end-to-end en­cryp­tion.

Nov 2023

Chat Control 2.0

Parliament adopts a pro­tec­tive man­date

No scan­ning of end-to-end en­crypted ser­vices, de­tec­tion lim­ited to vi­sual ma­te­r­ial, ju­di­cial war­rants tar­geted at spe­cific sus­pects, and no manda­tory age ver­i­fi­ca­tion.

Apr 29, 2024

Chat Control 1.0

First ex­ten­sion

With the per­ma­nent reg­u­la­tion (Chat Control 2.0) nowhere near agree­ment, the dero­ga­tion is ex­tended un­til 3 April 2026.

Oct 2025

Chat Control 2.0

Germany breaks the Council dead­lock

After years of Council dead­lock, Germany an­nounces it will vote against manda­tory sus­pi­cion­less scan­ning. The Danish pres­i­dency drops de­tec­tion or­ders and shifts to risk as­sess­ment and mit­i­ga­tion oblig­a­tions for providers, while propos­ing to make the vol­un­tary sus­pi­cion­less scan­ning (interim reg­u­la­tion) per­ma­nent.

Nov 26, 2025

Chat Control 2.0

Council en­dorses its po­si­tion

The Council adopts the soft­ened Danish com­pro­mise, open­ing tri­logue ne­go­ti­a­tions. Critics note the text still al­lows voluntary” sus­pi­cion­less de­tec­tion and im­poses broad risk-mit­i­ga­tion du­ties, in­clud­ing manda­tory age ver­i­fi­ca­tion, that could re­shape pri­vate mes­sag­ing in prac­tice.

Dec 18, 2025

Chat Control 1.0

Commission pro­poses sec­ond ex­ten­sion

The Commission pro­poses ex­tend­ing the dero­ga­tion by an­other two years, to April 2028.

Dec 2025 — May 2026

Chat Control 2.0

Four tri­logue rounds

Negotiations be­tween Parliament, Council, and Commission take place on 9 December 2025, 26 February, 16 April, and 11 May 2026 — with­out agree­ment on the core is­sues.

Mar 2, 2026

Chat Control 1.0

LIBE com­mit­tee re­jects the ex­ten­sion

In a sur­prise vote, the Parliament’s civil lib­er­ties com­mit­tee re­jects the draft ex­ten­sion by 38 votes to 28.

Mar 11, 2026

Chat Control 1.0

Parliament adopts a pro­tec­tive po­si­tion

The ple­nary votes 458 – 103 for a com­pro­mise: ex­tend to 2027, but only with tar­geted and pro­por­tion­ate de­tec­tion of known con­tent, no end-to-end en­crypted com­mu­ni­ca­tions, and lim­it­ing scan­ning to sus­pected users or groups iden­ti­fied by the com­pe­tent ju­di­cial au­thor­ity.

Mid-Mar 2026

Chat Control 1.0

Trilogue on the ex­ten­sion col­lapses

The Council re­jects Parliament’s con­di­tions and shows no flex­i­bil­ity in ne­go­ti­a­tions; talks on the ex­ten­sion break down.

allaboutcookies.org

allaboutcookies.org

Please en­able JS and dis­able any ad blocker

- YouTube

www.youtube.com

98% isn't very much

whynothugo.nl

98% sounds like a lot. If some­one wins the lot­tery 98% of the times they play, they are clearly blessed. Getting a top mark (e.g.: 10/10) on ex­ams 98% of the time will likely lead to an ho­n­our diploma.

But a restau­rant where clients don’t get of food poi­son­ing 98% of time is get­ting peo­ple sick on a monthly (or even weekly) ba­sis. If an em­ployer pays their em­ploy­ees 98% of the times, I def­i­nitely would­n’t want to work there. If I pay be­fore leav­ing a restau­rant only 98% of the time, I’ll be in trou­ble.

98% is great for ex­cep­tion­ally good things, like dra­mat­i­cally in­creas­ing some­one’s qual­ity of life, but very low for ba­sic ex­pec­ta­tions, like a baby sur­viv­ing a babysit­ter tak­ing care of them.

If a web­site uses fancy new browser fea­tures and works for 98% of the pop­u­la­tion, that means that it won’t work for ~150 mil­lion peo­ple. If a web­site makes a change and that works for 98% of their vis­i­tors, they’re ba­si­cally kick­ing out 2% of their au­di­ence. Can you imag­ine a venue re­fus­ing en­try to for­mer clients 2% of the time just be­cause they’ve improved their ex­pe­ri­ence”?

98% of the pop­u­la­tion might not im­ply 98% of my au­di­ence ei­ther: some­thing might work for 98% of the gen­eral pop­u­la­tion out there, but only for 70% of my ac­tual au­di­ence.

Just a few months ago the topic of nested CSS came up. Somebody pointed out that it is stan­dard since 2023 and safe to use on­line. I also checked the ex­act browser dis­tri­b­u­tion of a clien­t’s web­site (where I would by happy to trim out the scss pipeline). Over the last year, only ~70% of the vis­it­ing browsers sup­ported the new CSS fea­tures. Even thought this fea­ture is widely sup­ported” in a gen­eral au­di­ence, for my au­di­ence, it left out 30% of the vis­i­tors.

You prob­a­bly know one hun­dred peo­ple. Picture two of them star­ing at a bro­ken screen. The 98% sta­tis­tic is a lazy short­cut. Truly ro­bust en­gi­neer­ing is­n’t about what works for most; it’s about grace­fully han­dling the edge cases. If a fancy new fea­ture can’t de­grade grace­fully, then 98% is­n’t widely sup­ported”. It failed to meet the ba­sic min­i­mum for 2% of the peo­ple out there.

Have com­ments or want to dis­cuss this topic?Send an email to my pub­lic in­box: ~whynothugo/pub­lic-in­box@lists.sr.ht.Re­ply pri­vately by email: hugo@whynothugo.nl.

— § —

30 papers · The reading list Ilya Sutskever gave John Carmack

30papers.com

A Hacker's Arrest Reveals Microsoft Can Track Users Via a Windows Device ID

www.pcmag.com

The ar­rest of a teenage hacker has re­vealed that Microsoft can track a Windows PC and its on­line ac­tiv­ity through a Global Device ID that seems to have no easy opt-out, spark­ing fears about po­ten­tial sur­veil­lance.

Last week, the US an­nounced it had ex­tra­dited 19-year-old Peter Stokes from Europe for al­legedly be­ing a mem­ber of the no­to­ri­ous hack­ing group Scattered Spider. But the case stands out be­cause Microsoft played a key role in link­ing Stokes to the sus­pected hack­ing crimes, ac­cord­ing to an un­sealed crim­i­nal com­plaint.

(Credit: DOJ)

Stokes al­legedly hacked an un­named lux­ury jew­elry re­tailer in May 2025 while us­ing a VPN. The 39-page crim­i­nal com­plaint shows the FBI used Microsoft records to dis­cover that his IP ad­dress was as­so­ci­ated with a Microsoft de­vice iden­ti­fier known as Global Device ID (GDID).

According to a Microsoft rep­re­sen­ta­tive, a Global Device Identifier in the Windows ecosys­tem is a per­sis­tent, de­vice-level iden­ti­fier de­signed to uniquely iden­tify an in­stal­la­tion of a Windows op­er­at­ing sys­tem on a de­vice, ei­ther a phys­i­cal de­vice (e.g., a mo­bile phone or lap­top) or vir­tual ma­chine, across cer­tain Microsoft ser­vices and sce­nar­ios,” the com­plaint ex­plains.

The global de­vice ID is­n’t ex­actly sur­pris­ing, given that it’s stan­dard prac­tice to as­sign a unique ID to each ac­count or de­vice so a tech provider can rec­og­nize and dis­tin­guish be­tween them. But the com­plaint re­veals Microsoft can as­so­ci­ate the GDID with third-party ser­vices and the tim­ing as well, giv­ing Redmond a way to the­o­ret­i­cally track a user’s on­line ac­tiv­ity. In other words, Redmond might be able to track the on­line ac­tiv­ity of your Windows PC with­out third-party browser cook­ies.

(Credit: DOJ)

Stokes was dis­cov­ered ex­ploit­ing a web de­vel­op­ment tool called ngrok to by­pass the jew­elry re­tail­er’s net­work de­fenses. The com­plaint says Microsoft had records show­ing that on May 12, 2025, at 19:21 UTC, the GDID as­so­ci­ated with Stokes’ com­puter accessed, among other ngrok pages, https://​dash­board[.]ngrok.com/​signup,′ the ngrok page to set up an ngrok ac­count.”

The doc­u­ment adds that Microsoft records also showed the GDID ac­cess­ing multiple sites” from servers at Tzulo, a web host­ing provider, to help pull off the hack.

The GDID for Stokes’ PC was al­legedly 6755467234350028. (Credit: DOJ)

Hence, the fact that fed­eral in­ves­ti­ga­tors used the Microsoft iden­ti­fier to nab a sus­pected hacker is rais­ing con­cerns that it could be abused for other sur­veil­lance pur­poses. Microsoft Windows is sur­veil­lance soft­ware,” cy­ber­se­cu­rity ex­pert Matthew Hickey al­leged in a tweet.

The de­vice ID is men­tioned briefly on this sup­port page, but Microsoft has­n’t oth­er­wise com­mented on it pub­licly. According to the crim­i­nal com­plaint, a Windows user can re­set the GDID on their own, al­though it’s not easy. A GDID re­mains con­sis­tent across Windows op­er­at­ing sys­tem up­dates on a de­vice, but a re­in­stall of Windows, ei­ther on the same de­vice or on a dif­fer­ent de­vice, will be tied to a new unique GDID,” the court doc­u­ment says. In a foot­note, it adds, Thus, one Microsoft user could have mul­ti­ple GDIDs.”

Recommended by Our Editors

Still, we sus­pect it would­n’t be hard for Microsoft to tie a newly set GDID to the old one, since the com­pany could look at other iden­ti­fiers, such as a Microsoft ac­count lo­gin or an IP ad­dress, and match them. In re­sponse to the sur­veil­lance po­ten­tial, some users have al­ready been ex­plor­ing ways to con­tain and scrub the GDID iden­ti­fier.

Meanwhile, cy­ber­se­cu­rity re­searcher Costin Raiu is ques­tion­ing whether other tech com­pa­nies have the same sur­veil­lance ca­pa­bil­i­ties, given the use of unique iden­ti­fiers.

I would also ask: how much of this is hap­pen­ing on Apple de­vices? Is it on the same scale? Is it hap­pen­ing at an even higher level — do they tie it to the hard­ware, so that even if you re­in­stall, it does­n’t mat­ter, be­cause it’s hard­ware-based?” he said in the Three Buddy Problem pod­cast. Very likely it’s not unique to Microsoft. And prob­a­bly, if you want to be fully anony­mous, you may at some point have to use Linux, FreeBSD, what­ever, for your de­vel­op­ment en­vi­ron­ments, and tun­nel every­thing through prox­ies, Tor, VPNs, and such.”

About Our Expert

Michael Kan

Principal Reporter

Experience

I’ve been a jour­nal­ist for over 15 years. I got my start as a schools and cities re­porter in Kansas City and joined PCMag in 2017, where I cover satel­lite in­ter­net ser­vices, cy­ber­se­cu­rity, PC hard­ware, and more. I’m cur­rently based in San Francisco, but pre­vi­ously spent over five years in China, cov­er­ing the coun­try’s tech­nol­ogy sec­tor.

Since 2020, I’ve cov­ered the launch and ex­plo­sive growth of SpaceX’s Starlink satel­lite in­ter­net ser­vice, writ­ing 600+ sto­ries on avail­abil­ity and fea­ture launches, but also the reg­u­la­tory bat­tles over the ex­pan­sion of satel­lite con­stel­la­tions, fights with ri­val providers like AST SpaceMobile and Amazon, and the ef­fort to ex­pand into satel­lite-based mo­bile ser­vice. I’ve combed through FCC fil­ings for the lat­est news and dri­ven to re­mote cor­ners of California to test Starlink’s cel­lu­lar ser­vice.

I also cover cy­ber threats, from ran­somware gangs to the emer­gence of AI-based mal­ware. In 2024 and 2025, the FTC forced Avast to pay con­sumers $16.5 mil­lion for se­cretly har­vest­ing and sell­ing their per­sonal in­for­ma­tion to third-party clients, as re­vealed in my joint in­ves­ti­ga­tion with Motherboard.

I also cover the PC graph­ics card mar­ket. Pandemic-era short­ages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now fol­low­ing how the AI-driven mem­ory short­age is im­pact­ing the en­tire con­sumer elec­tron­ics mar­ket. I’m al­ways ea­ger to learn more, so please jump in the com­ments with feed­back and send me tips.

Latest By Michael Kan

Read Full Bio

Local, CPU-Friendly, High-Quality TTS (Text-to-Speech) with Kokoro

ariya.io

Mar 31, 2026

#tts

#privacy

Just a few years ago, re­al­is­tic lo­cal speech gen­er­a­tion seemed unimag­in­able. Today, its qual­ity is ex­cep­tional and, cru­cially, it de­liv­ers these re­sults with­out com­pro­mis­ing pri­vacy.

The video above show­cases au­dio gen­er­ated from a sam­ple text, run­ning en­tirely on the lo­cal ma­chine pre­vi­ously dis­cussed in the GTX 1080 Ti for Local LLM ar­ti­cle. While this ma­chine has a ded­i­cated GPU, the GPU is fully re­served for LLM in­fer­ence and the speech syn­the­sis is pow­ered en­tirely by the CPU.

The model used is Kokoro, which, de­spite hav­ing only 82M pa­ra­me­ters, pro­duces re­al­is­tic speech in mul­ti­ple lan­guages in­clud­ing English, Mandarin, and Hindi. It pro­vides around 50 dis­tinct voices, pri­mar­ily op­ti­mized for English.

There are sev­eral ways to set up a server for Kokoro. The sim­plest method in­volves us­ing a pre-made con­tainer im­age called Kokoro-FastAPI, which in­cludes pre-down­loaded voice mod­els. Because of that, the con­tainer im­age is rather large, at about 5 GB in size.

To launch the con­tainer us­ing Docker or Podman, use the fol­low­ing com­mand:

pod­man run -p 8880:8880 ghcr.io/​rem­sky/​kokoro-fastapi-cpu

To quickly ver­ify that it runs cor­recly, the con­tainer serves a sim­ple web UI at lo­cal­host:8880/​web. Here you can gen­er­ate (and au­to­mat­i­cally play) an au­dio given some text.

In ad­di­tion to the sim­ple web UI, this con­tainer also serves a TTS in­ter­face com­pat­i­ble with the OpenAI speech API, mak­ing it easy to adapt ex­ist­ing pro­grams that al­ready use the OpenAI speech API. To fa­cil­i­tate a quick test, sam­ple code in both JavaScript and Python is avail­able at github.com/​re­mote­browser/​speak. Cloning this repos­i­tory will en­able you to fol­low the sub­se­quent demon­stra­tion.

For JavaScript:

ex­port TTS_API_BASE_URL=http://​127.0.0.1:8880/​v1 ./speak.js Good morn­ing! How are you to­day?”

For Python, the com­mand is very sim­i­lar:

ex­port TTS_API_BASE_URL=http://​127.0.0.1:8880/​v1 ./speak.py Good morn­ing! How are you to­day?”

The gen­er­ated au­dio will be saved as an MP3 file. If SoX or Sound eX­change (see sox.sf.net for de­tails) is in­stalled on your ma­chine, the au­dio will also play back au­to­mat­i­cally.

You can also se­lect a dif­fer­ent voice by set­ting the TTS_VOICE en­vi­ron­ment vari­able:

ex­port TTS_API_BASE_URL=http://​127.0.0.1:8880/​v1 ex­port TTS_VOICE=“am_eric” ./speak.js Good morn­ing! How are you to­day?”

A com­plete list of avail­able voices can be found on the of­fi­cial Kokoro pro­ject page: hug­ging­face.co/​hex­grad/​Kokoro-82M/​blob/​main/​VOICES.md.

How fast is the syn­the­sis? Here are some mea­sure­ments us­ing the am_eric voice on a short test para­graph:

Jupiter is the largest and most mas­sive planet in our so­lar sys­tem. This gas gi­ant, made mostly of hy­dro­gen and he­lium, is known for its Great Red Spot—a mas­sive storm ob­served for cen­turies.

Jupiter is the largest and most mas­sive planet in our so­lar sys­tem. This gas gi­ant, made mostly of hy­dro­gen and he­lium, is known for its Great Red Spot—a mas­sive storm ob­served for cen­turies.

The fol­low­ing list sum­ma­rizes the gen­er­a­tion time (best of 3 runs) across dif­fer­ent CPUs:

Intel Core i7 – 4770K: 4.7 sec­onds

Apple M2 Pro: 4.5 sec­onds

AMD Ryzen 7 8745HS: 1.5 sec­onds

The first CPU in the list was re­leased 12 years ago. If that an­cient CPU can do the job just fine, you know that this is a highly ca­pa­ble TTS sys­tem.

Finally, for an al­ter­na­tive OpenAI-compatible con­tainer­ized TTS ser­vice, con­sider Speaches (speaches.ai). Unlike Kokoro-FastAPI, Speaches re­quires you to ex­plic­itly down­load voice weights via its API, as they are not bun­dled in the con­tainer im­age. However, Speaches of­fers an ad­van­tage by in­clud­ing Whisper, OpenAI’s renowned high-qual­ity Speech-to-Text (STT) sys­tem. If your ap­pli­ca­tion needs both TTS and STT func­tion­al­ity, Speaches could be your one-stop so­lu­tion.

When com­bined with a lo­cal LLM, a speech syn­the­sis sys­tem like this al­lows you to en­joy lis­ten­ing to LLM an­swers in­stead of read­ing them!

Note: This ar­ti­cle orig­i­nally ap­peared on the Remote Browser Substack.

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

Visit pancik.com for more.