In an age where fraudsters are using generative AI to scam money or tarnish one's reputation, tech firms are coming up with methods to help users verify content — at least still images, to begin with. As teased in its 2024 misinformation strategy, OpenAI is now including provenance metadata in images generated with ChatGPT on the web and DALL-E 3 API, with their mobile counterparts receiving the same upgrade by February 12.

The metadata follows the C2PA (Coalition for Content Provenance and Authenticity) open standard, and when one such image is uploaded to the Content Credentials Verify tool, you'll be able to trace its provenance lineage. For instance, an image generated using ChatGPT will show an initial metadata manifest indicating its DALL-E 3 API origin, followed by a second metadata manifest showing that it surfaced in ChatGPT.

Despite the fancy cryptographic tech behind the C2PA standard, this verification method only works when the metadata is intact; the tool is of no use if you upload an AI-generated image sans metadata — as is the case with any screenshot or uploaded image on social media. Unsurprisingly, the current sample images on the official DALL-E 3 page returned blank as well. On its FAQ page, OpenAI admits that this isn't a silver bullet to addressing the misinformation war, but it believes that the key is to encourage users to actively look for such signals.

While OpenAI's latest effort on thwarting fake content is currently limited to still images, Google's DeepMind already has SynthID for digitally watermarking both images and audio generated by AI. Meanwhile, Meta has been testing invisible watermarking via its AI image generator, which may be less prone to tampering.

Disney+ started getting strict about password sharing in Canada last year, and now it's expanding the restriction to the US. According to The Verge, the streaming service has been sending out emails to its subscribers in the country, notifying them about a change in its terms of service. Its service agreement now states that users may not share their passwords outside of their household "unless otherwise permitted by [their] service tier," suggesting the arrival of new subscription options in the future. 

The Verge says Disney+ told subscribers that they can analyze the use of their account to "determine compliance," though it didn't elaborate on how its methods work exactly. "We're adding limitations on sharing your account outside of your household, and explaining how we may assess your compliance with these limitations," Disney+ reportedly wrote in its email. In its Service Agreement, the service describes "household" as "the collection of devices associated with [subscribers'] primary personal residence that are used by the individuals who reside therein." The rule already applies to new subscribers, but old ones have until March 14 to feel its effects. 

Disney's other streaming service, Hulu, also recently announced that it's clamping down on password sharing outside the subscriber's "primary personal residence." It used the same language in its its warning to users, also telling them that their accounts will be analyzed for compliance and that it will start enforcing the new rule on March 14. 

Meta plans to ramp up its labeling of AI-generated images across Facebook, Instagram and Threads to help make it clear that the visuals are artificial. It's part of a broader push to tamp down misinformation and disinformation, which is particularly significant as we wrangle with the ramifications of generative AI (GAI) in a major election year in the US and other countries.

According to Meta's president of global affairs, Nick Clegg, the company has been working with partners from across the industry to develop standards that include signifiers that an image, video or audio clip has been generated using AI. "Being able to detect these signals will make it possible for us to label AI-generated images that users post to Facebook, Instagram and Threads," Clegg wrote in a Meta Newsroom post. "We’re building this capability now, and in the coming months we’ll start applying labels in all languages supported by each app." Clegg added that, as it expands these capabilities over the next year, Meta expects to learn more about "how people are creating and sharing AI content, what sort of transparency people find most valuable and how these technologies evolve." These will help inform both industry best practices and Meta's own policies, he wrote.

Meta says the tools it's working on will be able to detect invisible signals — namely AI generated information that aligns with the C2PA and IPTC technical standards — at scale. As such, it expects to be able to pinpoint and label images from Google, OpenAI, Microsoft, Adobe, Midjourney and Shutterstock, all of which are incorporating GAI metadata into images that their products whip up.

As for GAI video and audio, Clegg points out that companies in the space haven't started incorporating invisible signals into those at the same scale that they have images. As such, Meta isn't yet able to detect video and audio that's generated by third-party AI tools. In the meantime, Meta expects users to label such content themselves.

"While the industry works towards this capability, we’re adding a feature for people to disclose when they share AI-generated video or audio so we can add a label to it," Clegg wrote. "We’ll require people to use this disclosure and label tool when they post organic content with a photorealistic video or realistic-sounding audio that was digitally created or altered, and we may apply penalties if they fail to do so. If we determine that digitally created or altered image, video or audio content creates a particularly high risk of materially deceiving the public on a matter of importance, we may add a more prominent label if appropriate, so people have more information and context."

That said, putting the onus on users to add disclosures and labels to AI-generated video and audio seems like a non-starter. Many of those people will be trying to intentionally deceive others. On top of that, others likely just won't bother or won't be aware of the GAI policies.

In addition, Meta is looking to make it harder for people to alter or remove invisible markers from GAI content. The company's FAIR AI research lab has developed tech that "integrates the watermarking mechanism directly into the image generation process for some types of image generators, which could be valuable for open source models so the watermarking can’t be disabled," Clegg wrote. Meta is also working on ways to automatically detect AI-generated material that doesn't have invisible markers.

Meta plans to continue collaborating with industry partners and "remain in a dialogue with governments and civil society" as GAI becomes more prevalent. It believes this is the right approach to handling content that's shared on Facebook, Instagram and Threads for the time being, though it will adjust things if necessary.

One key issue with Meta's approach — at least while it works on ways to automatically detect GAI content that doesn't use the industry-standard invisible markers — is that it requires buy-in from partners. For instance, C2PA has a ledger-style method of authentication. For that to work, both the tools used to create images and the platforms on which they're hosted both need to buy into C2PA.

Meta shared the update on its approach to labeling AI-generated content just a few days after CEO Mark Zuckerberg shed some more light on his company's plans to build general artificial intelligence. He noted that training data is one major advantage Meta has. The company estimates that the photos and videos shared on Facebook and Instagram amount to a dataset that's greater than the Common Crawl. That's a dataset of some 250 billion web pages that has been used to train other AI models. Meta will be able to tap into both, and it doesn't have to share the data it has vacuumed up through Facebook and Instagram with anyone else.

The pledge to more broadly label AI-generated content also comes just one day after Meta's Oversight Board determined that a video that was misleadingly edited to suggest that President Joe Biden repeatedly touched the chest of his granddaughter could stay on the company's platforms. In fact, Biden simply placed an "I voted" sticker on her shirt after she voted in person for the first time. The board determined that the video was permissible under Meta's rules on manipulated media, but it urged the company to update those community guidelines.

Mozilla is rolling out a tool that can automatically monitor data brokers for your personal information and scrub any of your exposed details from them. Mozilla Monitor Plus expands on the Mozilla Monitor (formerly Firefox Monitor) service, which lets you know when your email address is included in a data breach.

This new paid service, which costs $9 per month or $107.88 per year, aims to proactively make sure your personal information stays off more than 190 data broker sites. Mozilla says that's double the number of data brokers that its competitors monitor. Subscribers will receive data breach alerts too.

Mozilla

To get a better understanding of how prevalent the issue is, you can get a free one-time scan that can show you if and where your data has been exposed. To do so, you'll need to sign up for a Mozilla account and provide your name, current city and state, date of birth and your email address. Mozilla says it will encrypt this data, which it notes is the least amount of information needed to obtain the most accurate results. The tool will also highlight information from "high-risk data breaches" — such as social security numbers, credit card details and banking information — along with advice on how to have that data scrubbed.

Mozilla Monitor and Monitor Plus are only available to folks based in the US for now. Google offers a similar tool. If you sign up for Mozilla's version, you can also get access to features including two-factor authentication, email alias tool Firefox Relay and Mozilla VPN.

The CEOs of five social media companies are headed to Washington to testify in a Senate Judiciary Committee hearing about child safety. The hearing will feature Meta CEO Mark Zuckerberg, Snap CEO Evan Spiegel, TikTok CEO Shou Chew, Discord CEO Jason Citron and X CEO Linda Yaccarino.

The group will face off with lawmakers over their record on child exploitation and their efforts to protect teens using their services. The hearings will be live streamed beginning at 10 AM ET on Wednesday, January 31.

Though there have been previous hearings dedicated to teen safety, Wednesday’s event will be the first time Congress has heard directly from Spiegel, Yaccarino and Citron. It’s also only the second appearance for TikTok’s Chew, who was grilled by lawmakers about the app’s safety record and ties to China last year.

Zuckerberg, of course, is well-practiced at these hearings by now. But he will likely face particular pressure from lawmakers following a number of allegations about Meta’s safety practices that have come out in recent months as the result of a lawsuit from 41 state attorneys general. Court documents from the suit allege that Meta turned a blind eye to children under 13 using its service, did little to stop adults from sexually harassing teens on Facebook and that Zuckerberg personally intervened to stop an effort to ban plastic surgery filters on Instagram.

As with previous hearings with tech CEOs, it’s unclear what meaningful policy changes might come from their testimony. Lawmakers have proposed a number of bills dealing with online safety and child exploitation, though none have been passed into law. However, there is growing bipartisan support for measures that would shield teens from algorithms and data gathering and implement parental consent requirements.

X’s head of business operations Joe Benarroch said the company plans to open a new office in Austin, Texas for a team that will be dedicated to content moderation, Bloomberg reports. The “Trust and Safety center of excellence,” for which the company is planning to hire 100 full-time employees, will primarily focus on stopping the spread of child sexual exploitation (CSE) materials. 

X CEO Linda Yaccarino is set to testify before Congress on Wednesday in a hearing about CSE, and the platform at the end of last week published a blog post about its efforts to curb such materials, saying it’s “determined to make X inhospitable for actors who seek to exploit minors.”

According to Bloomberg, Benarroch said, “X does not have a line of business focused on children, but it’s important that we make these investments to keep stopping offenders from using our platform for any distribution or engagement with CSE content.” The team will also address other content issues, like hate speech and “violent posts,” according to Bloomberg. Elon Musk spent much of his first year at X taking steps to turn the platform into a bastion of “free speech,” and gutted the content moderation teams that had been put in place by Twitter before his takeover.

ElevenLabs, an AI startup that offers voice cloning services with its tools, has banned the user that created an audio deepfake of Joe Biden used in an attempt to disrupt the elections, according to Bloomberg. The audio impersonating the president was used in a robocall that went out to some voters in New Hampshire last week, telling them not to vote in their state's primary. It initially wasn't clear what technology was used to copy Biden's voice, but a thorough analysis by security company Pindrop showed that the perpetrators used ElevanLabs' tools. 

The security firm removed the background noise and cleaned the robocall's audio before comparing it to samples from more than 120 voice synthesis technologies used to generate deepfakes. Pindrop CEO Vijay Balasubramaniyan told Wired that it "came back well north of 99 percent that it was ElevenLabs." Bloomberg says the company was notified of Pindrop's findings and is still investigating, but it has already identified and suspended the account that made the fake audio. ElevenLabs told the news organization that it can't comment on the issue itself, but that it's "dedicated to preventing the misuse of audio AI tools and [that it takes] any incidents of misuse extremely seriously."

The deepfaked Biden robocall shows how technologies that can mimic somebody else's likeness and voice could be used to manipulate votes this upcoming presidential election in the US. "This is kind of just the tip of the iceberg in what could be done with respect to voter suppression or attacks on election workers," Kathleen Carley, a professor at Carnegie Mellon University, told The Hill. "It was almost a harbinger of what all kinds of things we should be expecting over the next few months."

It only took the internet a few days after ElevenLabs launched the beta version of its platform to start using it to create audio clips that sound like celebrities reading or saying something questionable. The startup allows customers to use its technology to clone voices for "artistic and political speech contributing to public debates." Its safety page does warn users that they "cannot clone a voice for abusive purposes such as fraud, discrimination, hate speech or for any form of online abuse without infringing the law." But clearly, it needs to put more safeguards in place to prevent bad actors from using its tools to influence voters and manipulate elections around the world. 

Most people want a VPN for security, and power users will want all of their tech protected. That means getting a VPN that can handle multiple phones, laptops, smart TVs, gaming consoles and other tech with an internet connection simultaneously. Out of the nine VPN services we tested, Surfshark came out on top when it came to protecting multiple devices. Here’s a rundown of our experience with Surfshark.

Surfshark VPN pricing and features

Surfshark VPN has three membership tiers: Starter, One and One+. Starter promises a secure VPN, an ad blocker and a pop-up blocker, while the other two tiers layer on additional features. I tested out Surfshark One, so in addition to the perks of the Starter tier, I had access to an antivirus scanner, data-breach monitoring and the option to create an Alternative ID, a beta feature that can create an alias for you. With this, you can have a fake name, home address and email to use when you want to mask your identity on sites that you feel are suspect. On top of all that, Surfshark has its own secure search engine that’s billed as a more private version of Google.

Paying for Surfshark One+, the most expensive tier, guarantees that your data will be removed from search sites and company databases, on top of everything that the One tier gives you. Surfshark One+ costs about $4-5 a month (depending on the sales the company has going on), which is fairly affordable in the VPN world, so it may be worth it to dish out the extra few dollars to go from Starter to One+ for the additional features.

I enjoyed Surfshark One’s features and think most people will be served well by this middle tier. Checking for possible email breaches with Surfshark was a breeze; it took less than 30 seconds to scan my inbox and tell me whether my email had been spotted in a data breach. The antivirus runs had different speeds depending on what device I used: quick scans could take less than five minutes, but would only scan a little over 1,000 files. Full scans could scan over a million files on my MacBook and Google Pixel 7 phone in about 10 minutes.

Surfshark

Surfshark VPN setup and streaming capabilities

Setting up Surfshark was easy on most of my devices: I needed to download the app, sign in and Surfshark automatically connected me to a server close to my current location. If you would like to explore the other servers, that needs to be done manually. For devices like my Fire TV, I was able to enter in a login code from my MacBook and was then automatically signed into my account. With my Pixel 7, MacBook, Fire TV, and work laptop all connected simultaneously, I was able to run four devices seamlessly without any major errors, and I didn’t experience any bandwidth issues after adding additional devices.

I stream a lot of movies and TV shows regularly, so I want to be able to switch from Netflix to Peacock to Max and the like with no interruption and jump into content immediately. It took Surfshark a few tries to keep up with me. Watching the finale of Only Murders in the Building seemed impossible since Hulu wouldn't load titles at first. On second try, I could play an episode but it took a few minutes of being on the site for thumbnail images to load. After another try, I could finally watch the show on my laptop with no hiccups. 

Things got smoother over time, and I only experienced consistent issues like this with Disney-owned services like Hulu. When it comes to international content, it’s usually easier to access those catalogs with Netflix while on a VPN, but the service was a bit more selective when I used Surfshark. The streamer didn’t catch on when I tried to watch Spy x Family on Japanese Netflix, but it blocked me once I tried to watch Marie Antoinette on Italian Netflix.

Surfshark is also available on smart TVs and game consoles, but features like antivirus sweeps, Alternative ID and Surfshark Alert are not available on those devices. Smart TVs only have the capabilities of the most basic Surfshark tier, with a couple other features like an ad blocker and the option to have some apps bypass the VPN. Gaming consoles are only connected to the VPN through your router or through a virtual router on your PC, so as long as the console is connected to the Wi-Fi, you should be protected. 

Unfortunately, as someone who owns a MacBook and a proprietary Verizon router, protecting my PS5 was a bit more complicated than I anticipated. While Surfshark provides helpful tips to connect its VPN to a proprietary router, doing so can void your warranty or even make it so your router no longer works. With all of those caveats, it almost felt like leaving my console unprotected was the better option.

Surfshark Search

Browsing the web while using Surfshark VPN was a smooth experience, save for the fact that I had to confirm I wasn’t a bot every time I Googled something. To bypass that, you can use Surfshark Search, the only VPN-provided search engine that comes with the One and One+ membership tiers. This feature works on Surfshark’s mobile and desktop apps and isn’t as intuitive as Google, but promises an ad-free and tracking-free search experience.

With Surfshark Search, I wasn’t bombarded with sponsored search results when I looked something up, but I did get more general answers overall. Surfshark’s tool couldn’t give me specific details on an actor when I searched them and I had to go digging for any decent photos. The service tried to anticipate what I wanted to search, but Google’s autocomplete predictions are much more advanced. 

For example, if I wanted to know how old an actor is, Google would give me their age immediately before even completing the search, and put their age and birth date at the top of the search results. Surfshark Search just defaults to the individual’s Wikipedia page. If you care most about privacy and a tracking-free search experience, these are some of the conveniences you’ll have to leave behind. Also, it’s worth noting that Surfshark’s search engine isn’t the only option if you want to search with more privacy; DuckDuckGo has become more widely available in recent years and is free to use.

Surfshark VPN

Surfshark VPN security capabilities

Surfshark passed our basic security tests: there were no DNS, WebRTC or IP leaks while using the VPN. Since Consumer Report’s full VPN report, Surfshark has now implemented multi-factor authentication to their accounts. While it is not something you’re prompted to set up right away, you can still go in and add that to your account. Compared to others like NordVPN, Tunnelbear and ExpressVPN, Surfshark seems to offer similar security and features for a cheaper price.

That said, despite our lack of bandwidth issues across several devices, Surfshark remains one of the slower VPN options compared to Tunnelbear and Bitdefender. Also, if you ever decide to switch VPNs, it’s not super easy to leave Surfshark. Contacting customer service seems to be the only way to have them delete your data or cancel your subscription. With no option to easily cancel your subscription yourself, this feels like a major red flag and something we would not want to deal with ourselves.

Surfshark VPN: Final thoughts

Overall, Surfshark VPN is a solid option when it comes to protection and reliability. However, if you’re going to use it for things like streaming shows, movies and games, this might not be the VPN for you. As an alternative, you might prefer ExpressVPN, which we’ve voted the best for gaming and streaming. For a more multifaceted experience with strong protection and ease of use, we’ve found that ProtonVPN is the most balanced of them all. But if you want a relatively affordable VPN that handles multiple connected devices well, Surfshark is a decent option.

As expected, the commissioners of the Federal Communications Commission voted along party lines to move forward with a plan to largely restore Obama-era net neutrality protections. All three of the agency's Democratic commissioners voted in favor of the Notice of Proposed Rulemaking (PDF), with the two Republican commissioners dissenting.

FCC Chairwoman Jessica Rosenworcel, who has long supported net neutrality rules, last month announced a proposal to reclassify fixed broadband as an essential communications service under Title II of the Communications Act of 1934. It also aims to reclassify mobile broadband as a commercial mobile service.

If broadband is reclassified in this way, the FCC would have greater scope to regulate it in a similar way to how water, power and phone services are overseen. As such, it would have more leeway to re-establish net neutrality rules.

Supporters believe that net neutrality protections are fundamental to an open and equitable internet. When such rules are in place, internet service providers have to provide users with access to every site, content and app at the same speeds and conditions. They can't block or give preference to any content and they're not allowed to, for instance, charge video streaming streaming services for faster service.

"The proposed net neutrality rules will ensure that all viewpoints, including those with which I disagree, are heard," Commissioner Anna Gomez, who was sworn in as the panel's third Democratic member in September, said ahead of the vote. "Moreso, these principles protect consumers while also maintaining a healthy, competitive broadband internet ecosystem. Because we know that competition is required for access to a healthy, open internet that is accessible to all."

On the other hand, critics say that net neutrality rules are unnecessary. "Since the FCC’s 2017 decision to return the Internet to the same successful and bipartisan regulatory framework under which it thrived for decades, broadband speeds in the U.S. have increased, prices are down, competition has intensified, and record-breaking new broadband builds have brought millions of Americans across the digital divide," Brendan Carr, the senior Republican on the FCC, said in a statement. "The Internet is not broken and the FCC does not need Title II to fix it. I would encourage the agency to reverse course and focus on the important issues that Congress has authorized the FCC to advance."

Restoring previous net neutrality rules (which the Trump administration overturned in 2017) has been part of President Joe Biden's agenda for several years. However, until Gomez was sworn in, the FCC was deadlocked, leaving that goal in limbo until now.

The FCC suggests that reclassification will grant it more authority to "safeguard national security, advance public safety, protect consumers and facilitate broadband deployment." In addition, the agency wants to "reestablish a uniform, national regulatory approach to protect the open internet" and stop ISPs from "engaging in practices harmful to consumers."

The FCC will now seek comment on the proposal with members of the public and stakeholders (such as ISPs) having the chance to weigh in on the agency's plan. After reviewing and possibly implementing feedback, the FCC is then expected to issue a final rule on the reclassification of broadband internet access. As the Electronic Frontier Foundation points out, this means net neutrality protections could be restored as soon as next spring.

It's still not a sure thing that net neutrality protections will return, however. The implementation of revived rules could face legal challenges from the telecom industry. It may also take quite some time for the FCC to carry out the rulemaking process, which may complicate matters given that we're going into a presidental election year. 

Nevertheless, net neutrality is a major priority for the fully staffed commission under Rosenworcel. “We’re laserlike focused on getting this rulemaking process started, then we're going to review the record, and my hope is we'll be able to move to order," the FCC chair told The Washington Post. 

Ironically, when ChatGPT debuted last November and basically broke the internet for a few days, the AI itself wasn't informed. In fact, its entire knowledge base stopped abruptly in September, 2021 because that was the most recent data the system was initially trained on. Wednesday, OpenAI announced that ChatGPT will now be able to answer even the most modern of queries as the generative AI assistant can now look up information, in real-time.

The new feature is being called Browse with Bing and appears to work directly within the normal Bing Chat window, notifying the user when it is looking up information from the web and providing citation links with its answers. "Browsing is particularly useful for tasks that require up-to-date information, such as helping you with technical research, trying to choose a bike, or planning a vacation," the OpenAI team wrote in a subsequent tweet. "Browsing is available to Plus and Enterprise users today, and we’ll expand to all users soon. To enable, choose Browse with Bing in the selector under GPT-4."

This isn't the first time that ChatGPT has gone on the internet, mind you. It had a web browsing capability available to Plus subscribers as recently as this past July, though that feature got axed after users kept exploiting it to get around paywalls. This announcement follows another major update from earlier in the week, revealing the chatbot's new multimodal functions.