@Schwim@lemmy.zip I don't think it's so obvious as that. At least AI companies are giving users the option of deleting their data. And they also allow users to make use of their services very much for free. Copyright companies don't care about that. They want total control so that every online use of the works they own must be licensed. They want everyone to pay a rent. The ideia that they value art, culture, knowledge or public enlightenment is just bullshit. Even more so for media companies such as The New York Times which are always stating that they're essential to Democracy.
remixtures
joined 2 years ago
"As AI agents powered by Large Language Models (LLMs) become increasingly versatile and capable of addressing a broad spectrum of tasks, ensuring their security has become a critical challenge. Among
This should be more than enough to shown that copyright holders and media publishers are no friends of users. Quite the opposite! They're only friends of MONEY - specially when it comes in the form of
"Purely for trollish reasons — not expecting the pull request to be seriously considered — I submitted one that added in a version of what I thought might be in Grok’s system prompt during the
"- In March 2025, senior members of the World Uyghur Congress (WUC) living in exile were targeted with a spearphishing campaign aimed at delivering Windows-based malware capable of conducting remote
"Unknown hackers last month targeted leaders of the exiled Uyghur community in a campaign involving Windows spyware, researchers revealed Monday.
Citizen Lab, a digital rights research group based at the University of Toronto, detailed an espionage campaign against members of the World Uyghur Congress (WUC), an organization that represents the Muslim-minority group, which has for years faced repression, discrimination, surveillance, and hacking from China’s government."
"A government whistleblower told lawmakers that DOGE's access to National Labor Relations Board (NLRB) systems went far beyond what was needed to analyze agency operations and apparently led to a data
"The DOGE employees, who are effectively led by White House adviser and billionaire tech CEO Elon Musk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new administration's policies and to cut costs and maximize efficiency.
But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.
Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do."
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
"It is now time to fix it for good. A new solution has been proposed: partitioning visited link history. This approach fundamentally changes how browsers store and expose visited link data. Instead of
"Browsers keep track of the pages that a user has visited, and they use this information to style anchor elements on a page differently if a user has visited that link before. Most browsers give visited links a different color by default; some web developers rely on the :visited CSS selector to style visited links according to their own preferences.
It is well-known that styling visited links differently from unvisited links opens the door to side-channel attacks that leak the user’s browsing history. One notable attack used window.getComputedStyle and the methods that return a NodeList of HTMLCollection of anchor elements (e.g. document.querySelectorAll, document.getElementsByTagName, etc.) to inspect the styles of each link that was rendered on the page. Once attackers had the style of each link, it was possible to determine whether each link had been visited, leaking sensitive information that should have only been known to the user.
In 2010, browsers implemented a mitigation for this attack: (1) when sites queried link styling, the browser always returned the “unvisited” style, and (2) developers were now limited in what styles could be applied to links. However, these mitigations were complicated for both browsers to implement and web developers to adjust to, and there are proponents of removing these mitigations altogether." https://github.com/explainers-by-googlers/Partitioning-visited-links-history
"After the United Kingdom demanded that Apple create a backdoor that would allow government officials globally to spy on encrypted data, Apple decided to simply turn off encryption services in the UK
"Today, in response to the U.K.’s demands for a backdoor, Apple has stopped offering users in the U.K. Advanced Data Protection, an optional feature in iCloud that turns on end-to-end encryption for files, backups, and more.
Had Apple complied with the U.K.’s original demands, they would have been required to create a backdoor not just for users in the U.K., but for people around the world, regardless of where they were or what citizenship they had. As we’ve said time and time again, any backdoor built for the government puts everyone at greater risk of hacking, identity theft, and fraud.
This blanket, worldwide demand put Apple in an untenable position. Apple has long claimed it wouldn’t create a backdoor, and in filings to the U.K. government in 2023, the company specifically raised the possibility of disabling features like Advanced Data Protection as an alternative."
"The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who
"At a press conference in the Oval Office this week, Elon Musk promised the actions of his so-called Department of Government Efficiency (DOGE) project would be “maximally transparent,” thanks to information posted to its website.
At the time of his comment, the DOGE website was empty. However, when the site finally came online Thursday morning, it turned out to be little more than a glorified feed of posts from the official DOGE account on Musk’s own X platform, raising new questions about Musk’s conflicts of interest in running DOGE.
DOGE.gov claims to be an “official website of the United States government,” but rather than giving detailed breakdowns of the cost savings and efficiencies Musk claims his project is making, the homepage of the site just replicated posts from the DOGE account on X."
https://www.wired.com/story/doge-website-is-just-one-big-x-ad/
"Paragon Solutions, whose military-grade hacking software was allegedly used to target 90 people, including journalists and members of civil society, in two dozen countries, has terminated its client
Fascists love to surveil and harass... 😕
"The Italian founder of the NGO Mediterranea Saving Humans, who has been a vocal critic of Italy’s alleged complicity in abuses suffered by migrants in Libya, has revealed WhatsApp informed him his mobile phone was targeted by military-grade spyware made by the Israel-based company Paragon Solutions.
Luca Casarini, an activist whose organisation is estimated to have saved 2,000 people crossing the Mediterranean to Italy, is the most high profile person to come forward since WhatsApp announced last week that 90 journalists and other members of civil society had probably had their phones compromised by a government client using Paragon’s spyware.
The work of the three alleged targets to have come forward so far – Casarini, the journalist Francesco Cancellato, and the Sweden-based Libyan activist Husam El Gomati – have one thing in common: each has been critical of the prime minister, Giorgia Meloni. The Italian government has not responded to a request for comment on whether it is a client of Paragon."
"WhatsApp on Friday accused the commercial surveillance company Paragon of targeting about 90 of its users with spyware.
"Paragon’s spyware was allegedly delivered to targets who were placed on group chats without their permission, and sent malware through PDFs in the group chat. Paragon makes no-click spyware, which means users do not have to click on any link or attachment to be infected; it is simply delivered to the phone.
It is not clear how long Cancellato may have been compromised. But the editor published a high-profile investigative story last year that exposed how members of Meloni’s far-right party’s youth wing had engaged in fascist chants, Nazi salutes and antisemitic rants.
Fanpage’s undercover reporters – although not Cancellato personally – had infiltrated groups and chat forums used by members of the National Youth, a wing of Meloni’s Brothers of Italy party. The outlet published clips of National Youth members chanting “Duce” – a reference to Benito Mussolini – and “sieg Heil”, and boasting about their familial connections to historical figures linked to neo-fascist terrorism. The stories were published in May."
"WhatsApp on Friday accused the commercial surveillance company Paragon of targeting about 90 of its users with spyware.
"An Italian investigative journalist who is known for exposing young fascists within prime minister Giorgia Meloni’s far-right party was targeted with spyware made by Israel-based Paragon Solutions, according to a WhatsApp notification received by the journalist.
Francesco Cancellato, the editor-in-chief of the Italian investigative news outlet Fanpage, was the first person to come forward publicly after WhatsApp announced on Friday that 90 journalists and other members of civil society had been targeted by the spyware.
The journalist, like dozens of others whose identities are not yet known, said he received a notification from the messaging app on Friday afternoon.
WhatsApp, which is owned by Meta, has not identified the targets or their precise locations, but said they were based in more than two dozen countries, including in Europe.
WhatsApp said it had discovered that Paragon was targeting its users in December and shut down the vector used to “possibly compromise” the individuals. Like other spyware makers, Paragon sells use of its spyware, known as Graphite, to government agencies, who are supposed to use it to fight and prevent crime."
https://www.theguardian.com/technology/2025/jan/31/italian-journalist-whatsapp-israeli-spyware
"Some Motorola automated license plate reader surveillance cameras are live-streaming video and car data to the unsecured internet where anyone can watch and scrape them, a security researcher has
"In just 20 minutes this morning, an automated license plate recognition (ALPR) system in Nashville, Tennessee captured photographs and detailed information from nearly 1,000 vehicles as they passed by. Among them: eight black Jeep Wranglers, six Honda Accords, an ambulance, and a yellow Ford Fiesta with a vanity plate.
This trove of real-time vehicle data, collected by one of Motorola's ALPR systems, is meant to be accessible by law enforcement. However, a flaw discovered by a security researcher has exposed live video feeds and detailed records of passing vehicles, revealing the staggering scale of surveillance enabled by this widespread technology.
More than 150 Motorola ALPR cameras have exposed their video feeds and leaking data in recent months, according to security researcher Matt Brown, who first publicised the issues in a series of YouTube videos after buying an ALPR camera on eBay and reverse engineering it."
https://www.wired.com/story/license-plate-reader-live-video-data-exposed/
view more: next ›
"Design Patterns for Securing LLM Agents against Prompt Injections (2025) by Luca Beurer-Kellner, Beat Buesser, Ana-Maria Creţu, Edoardo Debenedetti, Daniel Dobos, Daniel Fabian, Marc Fischer, David Froelicher, Kathrin Grosse, Daniel Naeff, Ezinwanne Ozoani, Andrew Paverd, Florian Tramèr, and Václav Volhejn.
I’m so excited to see papers like this starting to appear. I wrote about Google DeepMind’s Defeating Prompt Injections by Design paper (aka the CaMeL paper) back in April, which was the first paper I’d seen that proposed a credible solution to some of the challenges posed by prompt injection against tool-using LLM systems (often referred to as “agents”).
This new paper provides a robust explanation of prompt injection, then proposes six design patterns to help protect against it, including the pattern proposed by the CaMeL paper."
https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/