Posts with «internet & networking technology» label

UK's AI Safety Institute easily jailbreaks major LLMs

In a shocking turn of events, AI systems might not be as safe as their creators make them out to be — who saw that coming, right? In a new report, the UK government's AI Safety Institute (AISI) found that the four undisclosed LLMs tested were "highly vulnerable to basic jailbreaks." Some unjailbroken models even generated "harmful outputs" without researchers attempting to produce them.

Most publicly available LLMs have certain safeguards built in to prevent them from generating harmful or illegal responses; jailbreaking simply means tricking the model into ignoring those safeguards. AISI did this using prompts from a recent standardized evaluation framework as well as prompts it developed in-house. The models all responded to at least a few harmful questions even without a jailbreak attempt. Once AISI attempted "relatively simple attacks" though, all responded to between 98 and 100 percent of harmful questions.

UK Prime Minister Rishi Sunak announced plans to open the AISI at the end of October 2023, and it launched on November 2. It's meant to "carefully test new types of frontier AI before and after they are released to address the potentially harmful capabilities of AI models, including exploring all the risks, from social harms like bias and misinformation to the most unlikely but extreme risk, such as humanity losing control of AI completely."

The AISI's report indicates that whatever safety measures these LLMs currently deploy are insufficient. The Institute plans to complete further testing on other AI models, and is developing more evaluations and metrics for each area of concern.

This article originally appeared on Engadget at

OpenAI strikes deal to put Reddit posts in ChatGPT

OpenAI and Reddit announced a partnership on Thursday that will allow OpenAI to surface Reddit discussions in ChatGPT and for Reddit to bring AI-powered features to its users. The partnership will “enable OpenAI’s tools to better understand and showcase Reddit content, especially on recent topics,” both companies said in a joint statement. As part of the agreement, OpenAI will also become an advertising partner on Reddit, which means that it will run ads on the platform.

The deal is similar to the one that Reddit signed with Google in February, and which is reportedly worth $60 million. A Reddit spokesperson declined to disclose the terms of the OpenAI deal to Engadget and OpenAI did not respond to a request for comment.

OpenAI has been increasingly striking partnerships with publishers to get data to continue training its AI models. In the last few weeks alone, the company has signed deals with the Financial Times and Dotdash Meredith. Last year, it also partnered with German publisher Axel Springer to train its models on news from Politico and Business Insider in the US and Bild and Die Welt in Germany.

Under the new arrangement, OpenAI will get access to Reddit’s Data API, which, the company said, will provide it with “real time, structured, and unique content from Reddit.” It’s not clear what AI-powered features Reddit will build into its platform as a result of the partnership. A Reddit spokesperson declined to comment.

Last year, getting access to Reddit’s data, a rich source of real time, human generated, and often high-quality information, became a contentious issue after the company announced that it would start charging developers to use its API. As a result, dozens of third-party Reddit clients were forced to shut down and thousands of subreddits went dark in protest. At the time, Reddit stood its ground and said that large AI companies were scraping its data with no payment. Since then, Reddit has been monetizing its data by striking such deals with Google and OpenAI, whose progress in training their AI models depends on having access to it.

This article originally appeared on Engadget at

YouTube reportedly agrees to block videos of Hong Kong’s protest song inside the region

YouTube said it would comply with an order blocking access to videos of Hong Kong’s protest anthem inside the region, according to The Guardian. The platform’s decision comes after an appeals court banned the protest song “Glory to Hong Kong,” which the largely China-controlled government (predictably) framed as a national security threat.

Alphabet, YouTube and Google’s parent company, followed its familiar playbook of legally complying with court orders undermining human rights while issuing statements puffing up its advocacy for them. “We are disappointed by the Court’s decision but are complying with its removal order,” YouTube’s statement to The Guardian said. “We’ll continue to consider our options for an appeal, to promote access to information.”

Alphabet reportedly told the outlet the block would take effect immediately inside the region. It added that it shares the concerns of human rights groups that it could deal a blow to online freedoms.

YouTube reportedly said links to the videos will eventually no longer be visible in Google Search inside Hong Kong. I tried using a Hong Kong-based VPN server while in the US, and the videos were still viewable on Thursday morning. However, The Guardian said attempts to view it from inside the region show the message, “This content is not available on this country domain due to a court order.”

This article originally appeared on Engadget at

OpenAI is reportedly working on a search feature for ChatGPT

OpenAI is reportedly working on a search feature for ChatGPT that could make the chatbot a veritable alternative to Google Search. According to Bloomberg, the company is currently developing the capability, which can scour the web for answers to your queries and spit out results complete with citations to their sources. ChatGPT could take information from Wikipedia or blog posts, for instance, and link to their original pages when you ask it questions. 

Bloomberg says that in one version of the experimental search function, ChatGPT can show you images along with its written responses whenever they're relevant. For example, if the chatbot deems illustrated instructions or diagrams useful for an inquiry, such as "how to change a doorknob" or "how to clean a split-type AC," then it could include them in its responses. As Bloomberg notes, ChatGPT can already do searches for paying customers, but it could give faulty responses or replies with incorrect citations.

Earlier this month, DataChaz on Twitter/X, reported that OpenAI had created a new subdomain with the address It apparently briefly rerouted to the main ChatGPT page over the weekend, though you'll get a "Not found" note if you try to access it now. While the company has yet to officially confirm this particular undertaking, working on AI search is a logical next step if it wants to keep competing with its staunchest rivals. Google recently expanded its AI-powered search results test and started showing them to users who didn't opt in. Then there's Perplexity, a startup currently valued at $1 billion, thanks to its AI-powered search engine that Rabbit uses to respond to inquiries made through the R1 device

This article originally appeared on Engadget at

Proton's new password monitor update will scour the dark web on your behalf

Proton’s encrypted password manager, Proton Pass, has received a significant update with an emphasis on security. This comes in the form of a new toolset called Pass Monitor, which will alert users of account weaknesses and data breaches.

This is done automatically and the system will even guide users through solutions in the event of a data leak from a third-party service, which happens a whole lot. It also scours the dark web and alerts people if Proton addresses, email aliases and up to ten custom email addresses have been leaked and used for nefarious purposes. If this happens, you’ll get an alert so you can take action.

Pass Monitor includes a password health feature that flags any weak or reused passwords that could use an update. The inactive two-factor authentication portion of the toolset is an additional layer of security that identifies various accounts that offer the option for 2FA.

Finally, the company’s bringing its Proton Sentinel feature into Pass Monitor. The service uses a combination of AI and human analysts to detect and block account takeover attacks.

The password health and 2FA checks are available to free users, but monitoring of the dark web and Proton Sentinel are only for paying members. Luckily, Pass Plus memberships are currently on sale for $2 per month. These new tools, available on Windows, Android and iOS, will roll out to current users in the “next few days.”

Proton is actually a fairly new entrant in the password security game, as the password manager just celebrated its one-year birthday. The company is more famous for its stellar VPN software, which topped our list of the best VPNs.

This article originally appeared on Engadget at

Huawei has been secretly funding research in America after being blacklisted

Chinese tech giant Huawei has been secretly funding research in America despite being blacklisted, as reported by Bloomberg. The cutting-edge research is happening at universities, including Harvard, and the money is being funneled through an independent Washington-based research foundation, along with a competition for scientists.

Bloomberg found that Huawei was the sole funder of a research competition that has awarded millions of dollars since 2022 and attracted hundreds of proposals from scientists. Some of these scientists are at top US universities that have banned researchers from working with the company.

What’s the big deal? The fear is that this research could lead to innovations that give China a leg up with regard to both defense contracting and commercial interests, according to Kevin Wolf, a partner at the business-focused law firm Akin who specializes in export controls. Optica, the foundation behind all of this, has posted online that it is interested in “high-sensitivity optical sensors and detectors," among other categories of research.

“It’s a bad look for a prestigious research foundation to be anonymously accepting money from a Chinese company that raises so many national security concerns for the US government,” said James Mulvenon, a defense contractor who has worked on research security issues and co-authored several books on industrial espionage.

It’s worth noting that this money funneling operation doesn’t look to be illegal, as research intended for publication doesn’t fall under the purview of the ban. Huawei operates similar competitions in other parts of the world, though openly. People who participated in the US-based research competition didn’t even know that Huawei was involved, believing the money to come from Optica. The competition awards $1 million per year and Optica didn’t give any indication that Huawei was supplying the cash.

A Huawei spokesperson told Bloomberg that the company and the Optica Foundation created the competition to support global research and promote academic communication, saying that it remained anonymous to keep from being seen as a promotion of some kind. Optica’s CEO, Liz Rogan, said in a statement that many foundation donors “prefer to remain anonymous” and that “there is nothing unusual about this practice.” She also said that the entire board knew about Huawei’s involvement and that everyone signed off on it. Bloomberg did note that the Huawei-backed competition was the only one on Optica’s website that didn’t list individual and corporate financial sponsors.

Huawei has been wrapped in a web of US restrictions these past several years. We can’t buy the vast majority of Huawei products in America, as the company’s been effectively banned. This all started in 2019 when President Trump signed an executive order that banned the sale and use of telecom equipment that posed “unacceptable" risks to national security. At the time, Trump said that “foreign adversaries” were exploiting security holes that would eventually lead to "potentially catastrophic effects.” Wait, Trump used the words “potentially catastrophic effects?” Wild.

To that end, the company has faced numerous claims that it installs backdoors in networks for the purpose of data theft, though there’s no proof of actual theft and the company denies the accusations. Huawei has also been accused of employing Chinese spies to influence an investigation and documents seem to indicate Huawei’s involvement in China’s surveillance efforts.

Some expected President Biden to reverse Trump’s executive order when it expired in 2021, but he headed in the opposite direction. Not only does the order stand, but Biden signed a law that blocked Huawei from obtaining an FCC license and he banned American investments in China’s high tech industries. We aren’t cozying up to China anytime soon, so Huawei will continue to be persona non grata on this side of the pond (the company still does booming business in Europe.)

This article originally appeared on Engadget at

The European Union will reportedly open a new investigation into Meta over election policies

The European Union is getting ready to launch a new investigation into Meta over its handling of election-related content, according to a new report in The Guardian. Details of the investigation could be announced “later this week,” but European officials are reportedly concerned about “deceptive advertising and political content.”

According to the Financial Times, the EU has also raised concerns about Russia’s “efforts to undermine upcoming European elections” and other foreign interference campaigns. The EU is set to hold parliamentary elections in June. If the company is found to have run afoul of the Europe’s Digital Services Act, it could be hit with large fines.

EU officials are also “particularly concerned” about Meta’s plan to shut down CrowdTangle in August. The tool has been widely used by researchers and fact checkers for years to study how content spreads across Facebook and Instagram. Dozens of researchers and fact-checking groups signed an open letter to the company last month saying that shutting down the tool ahead of dozens of global elections would be a “direct threat” to election integrity efforts around the world.

“We have a well-established process for identifying and mitigating risks on our platforms,” a Meta spokesperson told Engadget in a statement. “We look forward to continuing our cooperation with the European Commission and providing them with further details of this work.”

Elsewhere, the EU is also investigating Meta over its ad-free subscription plan available to European users. That investigation, which could last up to a year, will look into whether the social media company has violated Europe’s Digital Markets Act, by not offering users a “real alternative” to opt out of data collection.

This article originally appeared on Engadget at

Budget doorbell camera manufacturer fixes security issues that left users vulnerable to spying

Eken Group has reportedly issued a firmware update to resolve major security issues with its cheap doorbell cameras that were uncovered by a Consumer Reports investigation earlier this year. The cameras in question pair with the Aiwit app and are sold under a slew of brand names, including Eken, Tuck, Fishbot, Rakeblue, Andoe, Gemee and Luckwolf. During its tests, the watchdog found that the unencrypted cameras could expose sensitive information like home IP addresses and Wi-Fi networks, and allow outside parties to access images from a camera’s feed using its serial number. Now, Consumer Reports says the issues have been fixed — just make sure you update your devices.

Devices from those brands should now reflect a firmware version of 2.4.1 or higher, which would indicate they’ve received the update. Consumer Reports says its own samples got the update automatically, but it can’t hurt to double check in your settings considering the risks (that is, if you haven’t tossed the cameras out already). The publication says it’s confirmed that the update fixes the security problems. Eken also told Consumer Reports that the two doorbell cams it had rated with the “Don’t Buy” label — the Eken Smart Video Doorbell and Tuck Sharkpop Doorbell Camera — have been discontinued.

These doorbell cameras, which were sold on popular ecommerce platforms including Amazon, Walmart and Temu but since appear to have been pulled, also lacked the proper labeling required by the FCC. The company told Consumer Reports it will add these IDs to new products moving forward. Following its tests of the update, Consumer Reports has removed the warning labels from its scorecards.

This article originally appeared on Engadget at

FCC votes to restore net neutrality protections

The Federal Communications Commission has voted to reinstate net neutrality protections that were jettisoned during the Trump administration. As expected, the vote fell across party lines with the three Democratic commissioners in favor and the two Republicans on the panel voting against the measure.

With net neutrality rules in place, broadband service is considered an essential communications resource under Title II of the Communications Act of 1934. That enables the FCC to regulate broadband internet in a similar way to water, power and phone services. That includes giving the agency oversight of outages and the security of broadband networks.

Under net neutrality rules, internet service providers have to treat broadband usage in the same way. Users have to be provided with access to all content, websites and apps under the same speeds and conditions. ISPs can't block or prioritize certain content — they're not allowed to throttle access to specific sites or charge streaming services for faster service.

The FCC adopted net neutrality protections in 2015 during the Obama administration. But they were scrapped when President Donald Trump was in office. Back in 2021, President Joe Biden signed an executive order to bring back the Obama-era rules, but the FCC was unable to do so for quite some time. The commission was deadlocked with two Democratic votes and two Republican votes until Anna Gomez was sworn in as the third Democratic commissioner on the panel last September. The FCC then moved relatively quickly (at least in terms of the FCC's pace) to re-establish net neutrality protections.

The issue may not be entirely settled. There may still be legal challenges from the telecom industry. However, the FCC's vote in favor of net neutrality is a win for advocates of an open and equitable internet.

This article originally appeared on Engadget at

Google has delayed killing third-party cookies from Chrome (again)

Google keeps promising to phase out third-party cookies on Chrome but not actually doing it. The company vowed to deprecate cookies back in 2020, pushing the date back to 2023 and then 2024. We did get some traction earlier this year, when Google disabled cookies for one percent of Chrome users, but those efforts have stalled. Now, the company says it won’t happen until next year.

It’s easy to drag Google for this but it’s not entirely in the company’s hands. The tech giant is working closely with the UK’s Competition and Markets Authority (CMA) to ensure that any tools it implements to replace the cookie’s tracking and measurement capabilities aren’t anti-competitive. These tools are known collectively as the Privacy Sandbox and Google says it has to wait until the CMA has had “sufficient time to review” results from industry tests that’ll be provided by the end of June.

Google’s Privacy Sandbox has stirred up some controversy in recent years. The proposed tools have drawn complaints from adtech companies, publishers and ad agencies, on the grounds that they are difficult to operate, don’t adequately replace traditional cookies and give too much power to Google. To that end, the company said that it recognizes “ongoing challenges related to reconciling divergent feedback from the industry, regulators and developers.” This is another reason given for the delay until next year.

The CMA isn’t the only regulatory agency giving the side-eye to the current iteration of these Privacy Sandbox tools. The UK-based Information Commissioner’s Office drafted a report that indicated these tools could be used by advertisers to identify consumers, as suggested by the Wall Street Journal.

Those in the ad industry want to see cookies given the heave-ho, despite complaints about Privacy Sandbox. Drew Stein, CEO of adtech data firm Audigent, told Engadget that it’s time for Google “to deliver on the promise of a better ecosystem” by implementing its plans to eliminate third-party cookies.

The CMA, on the other hand, has indicated a willingness to keep third-party cookies in play, particularly if Google’s solution does more harm than good. Craig Jenkins, the CMA’s director of digital markets, recently said the organization would delay implementation of Privacy Sandbox tools if “we’re not satisfied we can resolve the concerns”, as reported by Adweek. We’ll see what happens in 2025.

This article originally appeared on Engadget at