The contactless payment system for New York City’s subways has a security hole. Anyone with access to someone’s credit card number can see when and where they entered the city’s underground transit during the last seven days. The problem lies in a “feature” on the website for OMNY, the tap-to-pay system for the Metropolitan Transportation Authority (MTA), which allows you to view your recent ride history using only credit card info. Further, subway entries purchased using Apple Pay — which gives merchants a virtual number instead of your real one — still somehow link to your physical credit card number.

The MTA’s loose implementation could allow stalkers, abusive exes or anyone who hacks into or purchases a person’s credit card information online to find out when and where they typically enter the subway. Joseph Cox of 404 Media initially reported on the story, detailing how (with a rider’s consent) he tracked the stations they entered — with corresponding times. “If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live,” Cox wrote. “I would also know what specific time this person may go to the subway each day.”

“This is a gift for abusers,” Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity, told Engadget. The OMNY website also allows passengers to create a password-protected account, but it sits below the more prominent “Check trip history” section atop the page, requiring only a number and expiration date without any further security input. “It is a real problem that the option to track your location — without any kind of password security — is available first on the website,” noted Galperin. She says the MTA could have “fixed this simply” by including a PIN or password requirement alongside the credit card field.

Metropolitan Transportation Authority

The website still shows your travel history even if you paid with Apple Pay. The iPhone maker says its tap-to-pay system gives merchants a virtual number rather than the physical card’s number. “And when you pay, your card numbers are never shared by Apple with merchants,” a marketing blurb on the company’s website reads. But an Engadget staffer confirmed that entering their actual credit card number linked to the used Apple Pay account — without having directly used that card to ride — still revealed their seven-day point-of-entry history.

When asked about the OMNY website linking the two regardless, the MTA told Engadget it can’t see the credit card numbers of customers who use Apple Pay. Apple didn’t immediately respond to an emailed request for comment about how the MTA website associates the two without vendors having access to the physical credit card number.

The MTA says it will consider security changes as it improves its system. “The MTA is committed to maintaining customer privacy,” MTA spokesperson Eugene Resnick wrote to Engadget in an email. “The trip history feature gives customers a way to check their paid and free trip history for the last 7 days without having to create an OMNY account. We also give customers the option of paying for their OMNY travel with cash. We’re always looking to improve on privacy, and will consider input from safety experts as we evaluate possible further improvements.”

Late-night comedy’s five biggest hosts are starting a podcast. Stephen Colbert, Jimmy Kimmel, Seth Meyers, John Oliver and Jimmy Fallon will host Strike Force Five, a weekly chat about “the complexities behind the ongoing Hollywood strikes.” All proceeds will go to out-of-work staff from the hosts’ five talk shows.

“The hosts bring their unique insights, opinions, and humor to the show as they navigate the Hollywood strikes and beyond,” a Spotify blog post reads. The five comedians will take turns moderating the episodes. Spotify’s Megaphone is producing the series, and the streaming service is the podcast’s sole sales partner — but the series isn’t exclusive to the platform. “[It’s available on] Spotify, or wherever you get your podcasts,” Meyers said in a video Kimmel posted to X (formerly Twitter). “But Spotify, you fucks,” Oliver aggressively deadpanned.

The series launches on August 30th (day 120 of the strike, as noted byTVLine). It will run for at least 12 episodes.

The Writers Guild of America (WGA) and the Alliance of Motion Picture and Television Producers (AMPTP) have been at odds without much discernible progress since the WGA began striking on May 2nd. The WGA described the sides’ latest meeting last week as more of a “lecture” than a negotiation. “We were met with a lecture about how good their single and only counteroffer was,” the WGA negotiating committee wrote to members. “But this wasn’t a meeting to make a deal. This was a meeting to get us to cave, which is why, not 20 minutes after we left the meeting, the AMPTP released its summary of their proposals. This was the companies’ plan from the beginning — not to bargain, but to jam us. It is their only strategy — to bet that we will turn on each other.”

Three major American sports leagues want to speed up Digital Millennium Copyright Act (DMCA) takedowns. In a letter posted and reported by TorrentFreak (viaThe Verge), the UFC, NBA and NFL urged the US Patent and Trademark Office (USPTO) to make the removal process for illegal livestreams nearly instantaneous. The organizations say the global sports industry is losing up to $28 billion from fans watching pirated live feeds instead of paid ones.

“The rampant piracy of live sports events causes tremendous harm to our companies,” legal representatives for the UFC, NBA and NFL allegedly wrote in the letter. The leagues say online service providers often take “hours or even days” to take down infringing content — leaving illegal sports streams plenty of time to complete the event without removal. “This is particularly damaging to our companies given the unique time-sensitivity of live sports content.”

The Digital Millennium Copyright Act’s language in Section 512 is at the heart of the complaint, which states that content must be removed “expeditiously.” The UFC, NBA and NFL want the wording changed to “instantaneously or near-instantaneously” to help with their revenue problems. “This would be a relatively modest and non-controversial update to the DMCA that could be included in the broader reforms being considered by Congress or could be addressed separately,” the posted letter reads.

The letter didn’t address sports fans’ distaste for regional blackouts, which many viewers likely use the pirated feeds to bypass.

The leagues also ask the USPTO to consider more stringent requirements for online service providers to verify users posting livestreams. They ask for “particular verification measures,” including blocking the ability to stream from newly created accounts or those with few subscribers. “Certain [online service providers] already impose measures like these, demonstrating that the measures are feasible, practical and important tools to reduce livestream piracy,” the letter reads.

Sending a letter is the first step in communicating intent, but the UFC, NBA and NFL will likely have a long road ahead if they want to change the DMCA. The law, signed into law by Bill Clinton in 1998, has faced numerous calls for change in the following decades — both from media companies wanting stricter measures and users who believe it gives copyright holders too much power. Changing it would require Congress to pass a law revising it, which is never a quick or easy process.

General Motors is taking Google’s AI chatbot on the road. The automaker announced today that it’s using Google Cloud’s Dialogflow to automate some non-emergency OnStar features like navigation and call routing. Crucially, the automaker claims the bot can pinpoint keywords indicating an emergency situation and “quickly route the call” to trained humans when needed. GM says the system frees up OnStar Advisors to spend more time with customers requiring a live human.

According to GM, the OnStar Interactive Virtual Assistant (IVA) has used Google Cloud’s Dialogflow under the hood since IVA’s 2022 launch. The virtual voice assistant can handle common customer questions and help with routing and navigation, including turn-by-turn directions. The companies see the collaboration as expanding down the road. “The successful deployment of Google Cloud’s AI in GM’s OnStar service has now opened the door to future generative AI deployments being jointly piloted by General Motors and Google Cloud,” the companies wrote in a joint press release.

The automaker says Google Cloud’s AI has allowed OnStar to better understand customer requests on the first try. In addition, it says customers have reacted positively to avoiding hold times as they can quickly begin chatting with an AI-powered bot with a “modern, natural sounding voice.” GM says the virtual assistant now handles over one million customer inquiries per month in the US and Canada. OnStar IVA is available in most GM vehicles, 2015 and newer, with OnStar connections.

GM has also reportedly worked on developing a ChatGPT-powered assistant for its vehicles, although it isn’t yet clear if that project is still on the table.

“Generative AI has the potential to revolutionize the buying, ownership, and interaction experience inside the vehicle and beyond, enabling more opportunities to deliver new features and services,” Mike Abbott, GM’s executive vice president of software and services, wrote in the press release. “Our software-led approach has accelerated the creation of compelling services for our customers while driving increased efficiency across the GM enterprise. The work with Google Cloud is another example of our efforts to transform how customers engage with our products and services.”

The companies also announced today that Google’s Dialogflow tech is behind chatbots on the GM website, similar to the slew of OpenAI-powered assistants that began popping up since the launch of the ChatGPT API earlier this year. GM’s web bots can “conversationally help answer customer questions about GM vehicles and product features based on the technical information from GM’s extensive vehicle data repositories,” according to the automaker.

“General Motors is at the forefront of deploying AI in practical and effective ways that ultimately create better customer experiences,” Thomas Kurian, Google Cloud CEO, wrote today. “We’re looking forward to a deepened relationship and more collaboration with GM as we explore how the company uses generative AI in transformational ways.”

Google took a step towards transparency in AI-generated images today. Google DeepMind announced SynthID, a watermarking / identification tool for generative art. The company says the technology embeds a digital watermark, invisible to the human eye, directly onto an image’s pixels. SynthID is rolling out first to “a limited number” of customers using Imagen, Google’s art generator available on its suite of cloud-based AI tools.

One of the many issues with generative art — apart from the ethical implications of training on artists’ work — is the potential for creating deepfakes. For example, the pope’s hot new hip-hop attire (an AI image created with MidJourney) going viral on social media was an early example of what could become more commonplace as generative tools evolve. It doesn’t take much imagination to see how something like political ads using AI-generated art could do much more damage than a funny image circulating on Twitter. “Watermarking audio and visual content to help make it clear that content is AI-generated” was one of the voluntary commitments that seven AI companies agreed to develop after a July meeting at the White House. Google is the first of the companies to launch such a system.

Google doesn’t go too far into the weeds about SynthID’s technical implementation (likely to prevent workarounds), but it says the watermark can’t be easily removed through simple editing techniques. “Finding the right balance between imperceptibility and robustness to image manipulations is difficult,” the company wrote in a DeepMind blog post published today. “We designed SynthID so it doesn’t compromise image quality, and allows the watermark to remain detectable, even after modifications like adding filters, changing colours, and saving with various lossy compression schemes — most commonly used for JPEGs,” DeepMind’s SynthID project leaders Sven Gowal and Pushmeet Kohli wrote.

Google DeepMind

The identification part of SynthID rates the image based on three digital watermark confidence levels: detected, not detected and possibly detected. Since the tool is embedded into the image’s pixels, Google says its system can work alongside metadata-based approaches, like the one Adobe uses with its Photoshop generative features, currently available in an open beta.

SynthID includes a pair of deep learning models: one for watermarking and the other for identifying. Google says the two trained on diverse images, culminating in a combined ML model. “The combined model is optimised on a range of objectives, including correctly identifying watermarked content and improving imperceptibility by visually aligning the watermark to the original content,” Gowal and Kohli wrote.

Google acknowledged that it isn’t a perfect solution, adding that it “isn’t foolproof against extreme image manipulations.” But it describes the watermark as “a promising technical approach for empowering people and organisations to work with AI-generated content responsibly.” The company says the tool could expand to other AI models, including those tasked with generating text (like ChatGPT), video and audio. 

Although watermarks could help with deepfakes, it’s easy to imagine digital watermarking turning into an arms race with hackers, with services that adopt SynthID requiring continual updating. In addition, the open-source nature of Stable Diffusion, one of the leading generative tools, could make industry-wide adoption of SynthID or any similar solution a tall order: It already has countless custom builds that can run on local PCs out in the wild. Regardless, Google hopes to make SynthID available to third parties “in the near future” to at least improve AI transparency industry-wide. 

Americans have grown more worried about AI in the last nine months. A new survey from the Pew Research Center indicates 52 percent of respondents are more concerned than excited about rising artificial intelligence use, up 14 points since December. Meanwhile, only 10 percent say they’re more excited than worried, while another 36 percent described their views as equally balanced. “Concern about AI outweighs excitement across all major demographic groups,” the Pew Research Center wrote in a blog post today.

It’s been an eventful nine months since the Pew Center last surveyed people about AI. OpenAI’s ChatGPT went from a buzzed-about homework cheating tool to a household name, and the corporate world — including tech’s most prominent companies — raced to prove who was the most invested in generative AI. Microsoft plugged GPT-4 into Office and Windows, and Google launched its Bard chatbot while adding AI components to search. AI writing and generative art have made controversial (and widely covered in the media) entries into journalism, book writing, song production and even some political campaigns.

Although younger Americans are still more concerned than excited, their views tend to be more positive than their older counterparts. Among 18- to 29-year-olds, 42 percent are more concerned about “the growing use of AI in daily life,” and 17 percent are more excited. But among adults 65 and up, 61 percent say they’re primarily concerned, while excitement only outweighs concern for a mere four percent.

ASSOCIATED PRESS

Pew Research also polled respondents on awareness of AI, and it appears the more people have heard about its rising adoption, the more uneasy they feel. The polling reports that about 90 percent of adults have heard a lot (33 percent) or a little (56 percent) about artificial intelligence, with the “a lot” group growing by seven points since December. Those who have heard much about AI are more likely to be worried than in December: Anxiety outweighs enthusiasm (47 percent to 15 percent) among that demographic, compared to 31 percent concerned to 23 percent excited last year. Even those who have only heard a little about it describe a more negative view than respondents in the December poll — by 19 points.

When breaking down AI’s impact into categories, results are more mixed. On one hand, 49 percent said it helps more than hurts when finding products and services they’re interested in online (compared to 15 percent that say it hurts more). But 53 percent answered that it hurts more than helps in keeping personal information private, with a mere 10 percent saying it helps more in that area. Other areas where the polled Americans said it helps more include companies making safe vehicles, doctors providing quality care and people taking care of their health. Categories like finding accurate online information, providing quality customer service and police keeping the peace were closer to an even split between positive and negative.

Respondents with and without higher education answered differently. For example, college graduates were more likely to view AI as a positive in finding products and services online and helping doctors provide quality care (60 percent positive among college grads, 44 percent for those without a degree). But people with “some college or less” were less likely to view it as a negative for protecting private information (59 percent among college-educated, 50 percent for those with less). Overall, those polled with a college education were more likely to view AI positively.

OpenAI launched ChatGPT Enterprise today, the business-focused subscription it teased in April. The company says it won’t train its AI models on any business data or conversations under the new plan. “Our models don’t learn from your usage,” the company wrote in an announcement blog post about the enterprise features. In addition, the new plan encrypts business chats (in transit and at rest) and is SOC 2 compliant. OpenAI says companies including Block, Canva, Carlyle, The Estée Lauder Companies, PwC and Zapier have already tested ChatGPT Enterprise.

ChatGPT Enterprise provides two times faster access to GPT-4 (the same model from ChatGPT Pro) but without usage caps — and with a boosted 32,000-token context, letting the AI model process up to four times the input / output text as the $20-per-month Pro tier. The business-focused plan also includes unlimited access to advanced data analysis (previously called Code Interpreter), allowing teams to quickly analyze enormous swaths of data.

The business subscription gives companies an admin console, allowing for bulk management of employee use. This includes the ability to create shared chat templates for teams that share common workflows. It also offers enterprises free credits for OpenAI’s API, which can be used for custom chatbots and other tailored AI-generated text. Business customers will also receive an analytics dashboard for “usage insights” within their organizations.

With today’s launch focusing on large corporations, OpenAI says a version for smaller businesses will arrive at some point in the future. COO Brian Lightcap toldCNBC today that starting with more robust enterprise customers “gives us a little bit more of a way to engage with teams in a hands-on way and understand what the deployment motion looks like before we fully open it up.” The company isn’t announcing pricing publicly, but businesses can contact OpenAI to learn about their options and tailor a custom plan. Lightcap told CNBC that pricing “will depend, for us, on every company’s use cases and size.”

iRobot announced two new combo vacuum / mop combo robots today. The Roomba Combo j5+ and Combo i5+ provide some of the dual-mode features of the $1,1099 Roomba j7+ but for more affordable prices. However, there are some tradeoffs in selling these models for $799 (j5+) and $549 (i5+), including having to swap out their bins when it’s time to switch between vacuuming and mopping.

One of the biggest differences between the two new models is that the Roomba j5+, the higher-end one, can identify “No Mop Zones” to avoid rugs and carpeted rooms and learn your overall cleaning preferences. In addition, only the j5+ has advanced obstacle avoidance and can steer clear of “over 80” common floor hazards, including solid pet waste. The more expensive model also adds iRobot’s P.O.O.P. promise, which vows to replace your device if it fails to avoid pet messes.

iRobot

Apart from those differences that make the i5+ $250 cheaper, the two have much in common. They both run iRobot OS, provide control through the iRobot Home app and have self-emptying dustbins / charging stations. Each will automatically switch between vacuuming and mopping when you attach the corresponding bin. (According toThe Verge, they have 360ml dustbins and 210ml mopping tanks.) The machines also work with voice assistants, letting you control them with Alexa, Siri or Google Assistant devices. And although the cheaper i5+ won’t learn specific carpeted / rugged areas, you can still label room names and program it to target specific ones.

The $799 Roomba Combo j5+ and $549 Roomba Combo i5+ are available for pre-order today in North America on iRobot’s website ahead of retail availability on September 3rd. Meanwhile, European customers can buy the i5+ today, with the j5+ arriving in September. iRobot says it will roll out to other international markets throughout 2023 and into early next year.

The Withings Body Scan Connected Health Station has received the go-ahead from the FDA and is set to launch this fall. Engadget’s Daniel Cooper tried it earlier this year and had “nothing but praise for” the luxury smart scale when trying it earlier this year, although he also described its $400 price tag as “mad money” to pay for an extravagance many of us won’t need.

The Body Scan was announced back at CES 2022, seemingly another epoch in the fast-moving world of consumer tech. Withings initially priced the scale at $300, but after getting caught in FDA approval limbo — and facing inflation and a semiconductor crisis during that window — its cost grew.

As for what you get for that significant investment, the scale is a powerhouse. It’s the first FDA-approved health station that detects atrial fibrillation through a six-lead ECG. In addition, it analyzes your segmented body composition, measures nerve activity and monitors your vascular age. It even uses Galvanic Skin Response (GSR) to monitor foot sweat levels to screen for signs of neuropathy.

During Engadget’s time with it, we found the process to be straightforward and nearly effortless. “Get on the scale, hold the grab at pelvis height and wait 90 seconds for it to do its thang,” Daniel Cooper wrote in February. “It’ll run the gamut of tests measuring your weight, body fat, muscle mass, visceral fat, ECG, Pulse Wave Velocity, vascular age and nerve health. It’ll then relay those data points to you in a big, bright, bold and easy-to-read manner, followed by the day’s weather and an indicator about the local air quality (pulled from an online service).”

The device itself consists of a tempered glass platform with an integrated retractable handle. It has four weight sensors, 14 ITP electrodes on the scale and four stainless steel electrodes in the handle. Withings says its battery will last 12 months before needing a recharge. The device’s display is a 3.2-inch color LCD for viewing your metrics. Withings says the scale’s weight measurements are precise down to 0.1 lbs. It measures Basal Metabolic Rate (BMR).

The Withings Body Scan Connected Health Station will be available this September for $400. 

Wing, Alphabet’s aviation subsidiary, is partnering with Walmart to kick off drone deliveries from the retail chain in the Dallas-Fort Worth (DFW) metro area. The flights will begin taking off “in the coming weeks” from a Walmart Supercenter in Frisco, TX, and the companies plan to expand to a second DFW location before the end of the year. The companies say the coverage area from both stores will cover 60,000 homes.

The service will be available to homes within about six miles of the supported stores. Residents in those areas can order things like quick meals, groceries, essentials and over-the-counter medicines. The drones can fly up to 65 mph, and Wing says you’ll get your items in under 30 minutes. They use a retractable tether to “gently deliver even delicate items” — including challenging products like eggs and frozen treats.

Wing’s drones are largely automated and monitored remotely. “Wing’s technology allows operators to oversee the system from a remote location, which means pilots won’t need to be stationed at stores or customer homes,” Alphabet’s company wrote in an announcement blog post. “The aircraft essentially fly themselves, so each operator is approved to safely oversee many drones at the same time.”

Wing has already partnered with Walgreens for drone deliveries in the DFW region. Meanwhile, Walmart said in 2022 that its own DroneUp delivery service had covered around four million households in Arizona, Arkansas, Florida, Texas, Utah and Virginia. However, the retailer reportedly laid off 418 DroneUp employees earlier this year.

If you live in the DFW metroplex, you can check eligibility by installing the Wing Drone Delivery app from the App Store or Google Play. You’ll need to create an account and enter your address to view the results. A “coming soon” message means you’ll be covered as soon as deliveries begin. If the app tells you you’re not eligible, Wing says it will add new DFW neighborhoods soon.