In an age where fraudsters are using generative AI to scam money or tarnish one's reputation, tech firms are coming up with methods to help users verify content — at least still images, to begin with. As teased in its 2024 misinformation strategy, OpenAI is now including provenance metadata in images generated with ChatGPT on the web and DALL-E 3 API, with their mobile counterparts receiving the same upgrade by February 12.

The metadata follows the C2PA (Coalition for Content Provenance and Authenticity) open standard, and when one such image is uploaded to the Content Credentials Verify tool, you'll be able to trace its provenance lineage. For instance, an image generated using ChatGPT will show an initial metadata manifest indicating its DALL-E 3 API origin, followed by a second metadata manifest showing that it surfaced in ChatGPT.

Despite the fancy cryptographic tech behind the C2PA standard, this verification method only works when the metadata is intact; the tool is of no use if you upload an AI-generated image sans metadata — as is the case with any screenshot or uploaded image on social media. Unsurprisingly, the current sample images on the official DALL-E 3 page returned blank as well. On its FAQ page, OpenAI admits that this isn't a silver bullet to addressing the misinformation war, but it believes that the key is to encourage users to actively look for such signals.

While OpenAI's latest effort on thwarting fake content is currently limited to still images, Google's DeepMind already has SynthID for digitally watermarking both images and audio generated by AI. Meanwhile, Meta has been testing invisible watermarking via its AI image generator, which may be less prone to tampering.

YouTube TV users are getting a higher-quality video option for everything from binging their favorite shows to catching a live game. Google is rolling out a new setting called 1080p Enhanced for YouTube TV and Primetime Channels subscribers. The 1080p Enhanced setting improves on the existing 1080p60 resolution through improved bitrate —how many bits get processed per second. 

Google confirmed the update after a Reddit user posted about it on the platform. The 1080p Enhanced setting "delivers our highest video quality," according to the response. Reddit users who already have access to 1080p Enhanced report that the resolution is available for all of the same channels as 1080p60, such as Paramount and Syfy. The 1080p Enhanced option also follows 2023's YouTube Premium, which boosted video quality for Premium subscribers on the company's original platform.

In this case, any YouTube TV and Primetime Channels subscribers with an updated 4K-compatible streaming device should gain access to the option by accessing video quality settings. However, Google has discovered a bug that stops users from manually choosing 1080p Enhanced. However, the company reports that the bug doesn't impact picture quality and that it is working to fix the problem. 

Disney+ started getting strict about password sharing in Canada last year, and now it's expanding the restriction to the US. According to The Verge, the streaming service has been sending out emails to its subscribers in the country, notifying them about a change in its terms of service. Its service agreement now states that users may not share their passwords outside of their household "unless otherwise permitted by [their] service tier," suggesting the arrival of new subscription options in the future. 

The Verge says Disney+ told subscribers that they can analyze the use of their account to "determine compliance," though it didn't elaborate on how its methods work exactly. "We're adding limitations on sharing your account outside of your household, and explaining how we may assess your compliance with these limitations," Disney+ reportedly wrote in its email. In its Service Agreement, the service describes "household" as "the collection of devices associated with [subscribers'] primary personal residence that are used by the individuals who reside therein." The rule already applies to new subscribers, but old ones have until March 14 to feel its effects. 

Disney's other streaming service, Hulu, also recently announced that it's clamping down on password sharing outside the subscriber's "primary personal residence." It used the same language in its its warning to users, also telling them that their accounts will be analyzed for compliance and that it will start enforcing the new rule on March 14. 

Just one more hand. Just one more attempt to win at the card game, Queen’s Blood. In my limited preview time with Final Fantasy 7 Rebirth, weeks before the game is due to be released, I may have spent a little too long learning the rules of this companion card game, introduced relatively early into the game. And I regret nothing. (For one, because I previewed most of the changes to the battle system a few months ago.)

This early addiction bodes well for the wider game. It’s a sign that the team behind this sequel-of-a-remake is making a world bigger and richer than the occasionally on-the-rails one in Remake. I’m hoping for a more open-world experience, now that the characters have finally escaped Midgar. (See: the plot of Final Fantasy 7 Remake) A change of location, too, shakes up the look of Rebirth. It has plants! Nature, everywhere! At least once you’re out of a satellite town called Kalm in Chapter 2.

Square Enix

First, I played through Chapter 1, which also acts as a tutorial. It’s a flashback to Nibelheim, which explains how protagonist Cloud and antagonist Sephiroth worked together before; well, the latter seemingly lost his mind and slaughtered everyone in town.

It’s a more story-weighted version of my earlier demo, but I could now explore the town that multiple party members grew up in. When Cloud explores his friend Tifa’s house – without her permission – it sets up some entertaining criticisms of his lack of boundaries. Still, it was all predicated on me choosing to be awful and barge into Tifa’s room, play her piano, and just be a bit of a creep.

The chapter also raises some unanswered questions around Cloud and his fuzzy memories of Nibelheim. Anyone who’s played the original knows where this is going, but given how some characters in the first third of the game didn’t die, I’m waiting to see how the developers further shake up the plot for new and old fans. There should be a significant death during this middle chapter of the game: Will they twist the knife?

Let’s go back to the new card game. Queen’s Blood follows on from Triple Triad, Tetra Master and that weird pinball-ish game in Final Fantasy XV that might best be forgotten. You’ll be able to customize your deck of cards, each with a different layout of tiles and occasional special effects. It’s almost Risk-like, aiming to dominate the board and rack up the highest score on three rows. Cards can reclaim territory, lower stats, and all the usual videogame card antics, and yes, I am struggling to explain it in words. But it’s fun. And I should have stopped playing to explore more of the grasslands than I did.

Square Enix

Once you’ve wrapped up your card games and stepped out from Kalm, I could explore in most directions. In the time I had leftover, I saw points of interest packed with treasure, unique monster packs, resources to collect, weapons with skills to master, chocobos to tame and race, chocobo stops to repair (which add fast-travel spots to the map); and the return of the terribly-named Chad with virtual battles and tasks for you to help unlock more materia for extra spells and abilities. I then ate dirt in a battle to unlock the summon spell for Titan.

I liked this pick-and-choose busy-ness, but some diversions felt like they were there for the sake of killing time, a la Assassin’s Creed. I hope the developers remember to pare down travel time where they can, because traversing an area can get boring, even when riding a giant bird.

Fortunately, getting from A to B is interrupted by entertaining, occasionally challenging, battles. One new addition to Rebirth is an enemy detection radar that shows enemies' aggression level, helping you avoid fights when you just want to get going.

Another new dynamic is the party’s bonds with each other, which are now integrated with your movesets and stats. This presented itself in dialogue choices and side quests, adding a popular social mechanic seen in so many JRPGs into this remake sequel. What’s notable is that the more you deepen this friendship, a separate skill tree improves characters’ stats and even unlocks new synergy attacks (which I elaborated on here) to use in battle. Square Enix teased that the level of bonds could affect the story too – but that could just reflect the theme park ‘date’ that Cloud goes on, later, in the original game. We’ll find out in a few weeks.

Final Fantasy VII Rebirth launches on the PS5 on February 29, 2024.

Three of the biggest sports TV companies in the US — ESPN, Fox, and Warner Bros. Discovery — will launch a streaming sports service in the fall of 2024, the companies said in a joint statement on Tuesday. It will stream sporting events from networks that all three companies own, including games from the NFL, MLB, NHL, and the NBA. Importantly, subscribers will also be able to stream linear channels, including ESPN, ESPN2, ESPNU, SECN, ACCN, ESPNEWS, ABC, FOX, FS1, FS2, BTN, TNT, TBS, truTV, and ESPN+, helpful for anyone thinking about canceling cable.

The name of the service and its pricing will be announced later this year, the companies said. It will be available as a standalone app that anyone in the US can subscribe to. But customers will also be able to bundle it with their existing Disney+, Hulu, and Max subscriptions for an undisclosed fee.

Each network will own one-third of the service, which will be run by an independent management team. Still the new service won’t be the one-stop shop that diehard sports fanatics might want it to be. Amazon, for instance, owns Thursday Night Football; Apple owns Major League Soccer; NBC owns Sunday Night Football; and Paramount owns some NFL rights.

Four days after the death of former costar Carl Weathers, onetime The Mandalorian actor Gina Carano is suing Disney and Lucasfilm for her departure from the series — with Elon Musk’s help. Carano, whose post-Disney credits include a film produced by conspiracy theorist Ben Shapiro, posted Tuesday on X, “The truth is I was being hunted down from everything I posted to every post I liked because I was not in line with the acceptable narrative of the time.” X confirmed its assistance in a statement to Engadget.

Carano shared news of the lawsuit in a 694-word post on X. In the essay, she claims never to have used aggressive language, compared Republicans to Jewish people during the Holocaust or written anything racist or transphobic. She insists her male costars were “permitted to speak without harassment & re-education courses or termination,” but she “was not afforded the same right to exercise my freedom of speech.”

“Artists do not sign away our rights as American citizens when we enter into employment,” Carano wrote Tuesday. However, since she wasn’t arrested or detained for her views, her rights as an American citizen appear fully intact. Meanwhile, American businesses like Disney have the right not to employ actors whose views clash with their brand.

The actor and former mixed martial arts competitor thanked Musk and X on Tuesday for “giving me an opportunity to bring my case to light” by helping fund her lawsuit. Musk previously said he would pay the legal costs of users who got in trouble for their posts on the platform.

X confirmed its monetary assistance in a statement to Engadget. “As a sign of X Corp’s commitment to free speech, we’re proud to provide financial support for Gina Carano’s lawsuit, empowering her to seek vindication of her free speech rights on X and the ability to work without bullying, harassment, or discrimination,” a company spokesperson wrote.

Disney+

Carano’s troubles with Disney arose from social media posts on X (Twitter at the time) and Instagram. In her posts, she questioned the effectiveness of COVID-19 vaccines, blamed the Biden administration for the deaths of vaccinated people, claimed Jeffrey Epstein didn’t kill himself and added “boop/bop/beep” as her pronouns.

The final straw for Disney was when she shared a post on Instagram implying that the treatment of conservatives in Trump-era America had parallels to the targeting of Jews in Nazi-era Germany. The following day, Disney dropped Carano from The Mandalorian and the (since canceled) Rangers of the New Republic series.

“Gina Carano is not currently employed by Lucasfilm and there are no plans for her to be in the future,” a spokesperson wrote in a statement at the time. “Nevertheless, her social media posts denigrating people based on their cultural and religious identities are abhorrent and unacceptable.” Carano’s agency, United Talent Agency, dropped her around the same time.

Carano’s post-Star Wars career has included Terror on the Prairie, produced by Ben Shapiro’s The Daily Wire. She also starred in the 2022 film My Son Hunter, a “fictional retelling of the lifestyle and scandals of Hunter Biden, son of US President Joe Biden.”

Two companies based in Texas have been linked to a spate of robocalls that used artificial intelligence to mimic President Joe Biden. The audio deepfake was used to urge New Hampshire voters not to participate in the state's presidential primary. New Hampshire Attorney General John Formella said as many as 25,000 of the calls were made to residents of the state in January.

Formella says an investigation has linked the source of the robocalls to Texan companies Life Corporation and Lingo Telecom. No charges have yet been filed against either company or Life Corporation's owner, a person named Walter Monk. The probe is ongoing and other entities are believed to be involved. Federal law enforcement officials are said to be looking into the case too.

“We have issued a cease-and-desist letter to Life Corporation that orders the company to immediately desist violating New Hampshire election laws," Formella said at a press conference, according to CNN. "We have also opened a criminal investigation, and we are taking next steps in that investigation, sending document preservation notices and subpoenas to Life Corporation, Lingo Telecom and any other individual or entity."

The Federal Communications Commission also sent a cease-and-desist letter to Lingo Telecom. The agency said (PDF) it has warned both companies about robocalls in the past.

The deepfake was created using tools from AI voice cloning company ElevenLabs, which banned the user responsible. The company says it is "dedicated to preventing the misuse of audio AI tools and [that it takes] any incidents of misuse extremely seriously."

Meanwhile, the FCC is seeking to ban robocalls that use AI-generated voices. Under the Telephone Consumer Protection Act, the agency is responsible for making rules regarding robocalls. Commissioners are to vote on the issue in the coming weeks.

Akai just officially announced the MPC Key 37, a standalone workstation and groovebox. This is the latest standalone MPC device, following last year’s larger Key 61. The Key 37 has everything you need to make a beat or song from scratch without having to use an actual computer and DAW, with some limitations. 

There are 37 full-size keys, complete with polyphonic aftertouch. There aren’t that many standalone devices out there with a full keybed, so this should excite musicians who lack experience with Akai-style pads. This device does have 16 velocity-sensitive pads for laying down drum parts and triggering samples, so it’s a “best of both worlds” type situation.

The Key 37 ships with 32GB of on-board storage, though 10GB is used up by the OS and included sound packs. Thankfully, there’s a slot for an SD card to expand the storage — these standalone devices fill up fast.

You get the same color 7-inch multi-touch display and four assignable Q-Link knobs as the company’s Key 61 workstation. This is great for making system adjustments and for controlling effects plugins and the like. As a matter of fact, the entire layout recalls the Key 61, though this new release is slightly less powerful.

Akai

The Key 37 features 2GB of RAM, compared to 4GB with the Key 61. This is going to hamper the number of tracks that will play simultaneously without any hiccups. It also lacks the two microphone inputs and associated preamps. There are, however, stereo 1/4-inch inputs and outputs, USB Midi, 5-pin MIDI In/MIDI Out, 4 TRS CV/Gate output jacks and a USB host port. This keyboard also boasts Bluetooth and WiFi connectivity for wireless streaming with platforms like Ableton Link.

Beyond the iconic 16 pad layout, the highlight of any MPC machine is the software. To that end, the Key 37 ships with Akai’s MPC2 desktop software and its standalone suite. You get eight instrument plugins out of the box and a voucher for a premium plug from the company’s ever-growing collection. You even get that cool stem separation software, though it’s not available on the Key 37 yet.

Akai’s latest and greatest may not be as full-featured as 2022’s Key 61, but it’s around half the price. The Key 37 costs $900 and is available to order right now via parent company inMusic and authorized retailers.

Hackers use ransomware to go after every industry, charging as much money as they can to return access to a victim's files. It’s a lucrative business to be in. In the first six months of 2023, ransomware gangs bilked $449 million from their targets, even though most governments advise against paying ransoms. Increasingly, security professionals are coming together with law enforcement to provide free decryption tools — freeing locked files and eliminating the temptation for victims to pony up.

There are a couple main ways that ransomware decryptors go about coming up with tools: reverse engineering for mistakes, working with law enforcement and gathering publicly available encryption keys. The length of the process varies depending on how complex the code is, but it usually requires information on the encrypted files, unencrypted versions of the files and server information from the hacking group. “Just having the output encrypted file is usually useless. You need the sample itself, the executable file,” said Jakub Kroustek, malware research director at antivirus business Avast. It’s not easy, but does pay dividends to the impacted victims when it works.

First, we have to understand how encryption works. For a very basic example, let's say a piece of data might have started as a cognizable sentence, but appears like "J qsfgfs dbut up epht" once it's been encrypted. If we know that one of the unencrypted words in "J qsfgfs dbut up epht" is supposed to be "cats," we can start to determine what pattern was applied to the original text to get the encrypted result. In this case, it's just the standard English alphabet with each letter moved forward one place: A becomes B, B becomes C, and "I prefer cats to dogs" becomes the string of nonsense above. It’s much more complex for the sorts of encryption used by ransomware gangs, but the principle remains the same. The pattern of encryption is also known as the 'key', and by deducing the key, researchers can create a tool that can decrypt the files.

Some forms of encryption, like the Advanced Encryption Standard of 128, 192 or 256 bit keys, are virtually unbreakable. At its most advanced level, bits of unencrypted "plaintext" data, divided into chunks called "blocks," are put through 14 rounds of transformation, and then output in their encrypted — or "ciphertext" — form. “We don’t have the quantum computing technology yet that can break encryption technology,” said Jon Clay, vice president of threat intelligence at security software company Trend Micro. But luckily for victims, hackers don’t always use strong methods like AES to encrypt files.

While some cryptographic schemes are virtually uncrackable it’s a difficult science to perfect, and inexperienced hackers will likely make mistakes. If the hackers don’t apply a standard scheme, like AES, and instead opt to build their own, the researchers can then dig around for errors. Why would they do this? Mostly ego. “They want to do something themselves because they like it or they think it's better for speed purposes,” Jornt van der Wiel, a cybersecurity researcher at Kaspersky, said.

For example, here’s how Kaspersky decrypted the Yanluowang ransomware strain. It was a targeted strain aimed at specific companies, with an unknown list of victims. Yanluowang used the Sosemanuk stream cipher to encrypt data: a free-for-use process that encrypts the plaintext file one digit at a time. Then, it encrypted the key using an RSA algorithm, another type of encryption standard. But there was a flaw in the pattern. The researchers were able to compare the plaintext to the encrypted version, as explained above, and reverse engineer a decryption tool now made available for free. In fact, there are tons that have already been cracked by the No More Ransom project.

Ransomware decryptors will use their knowledge of software engineering and cryptography to get the ransomware key and, from there, create a decryption tool, according to Kroustek. More advanced cryptographic processes may require either brute forcing, or making educated guesses based on the information available. Sometimes hackers use a pseudo-random number generator to create the key. A true RNG will be random, duh, but that means it won’t be easily predicted. A pseudo-RNG, as explained by van der Wiel, may rely on an existing pattern in order to appear random when it's actually not — the pattern might be based on the time it was created, for example. If researchers know a portion of that, they can try different time values until they deduce the key.

But getting that key often relies on working with law enforcement to get more information about how the hacking groups work. If researchers are able to get the hacker’s IP address, they can request the local police to seize servers and get a memory dump of their contents. Or, if hackers have used a proxy server to obscure their location, police might use traffic analyzers like NetFlow to determine where the traffic goes and get the information from there, according to van der Wiel. The Budapest Convention on Cybercrime makes this possible across international borders because it lets police request an image of a server in another country urgently while they wait for the official request to go through.

The server provides information on the hacker’s activities, like who they might be targeting or their process for extorting a ransom. This can tell ransomware decryptors the process the hackers went through in order to encrypt the data, details about the encryption key or access to files that can help them reverse engineer the process. The researchers comb through the server logs for details in the same way you may help your friend dig up details on their Tinder date to make sure they’re legit, looking for clues or details about malicious patterns that can help suss out true intentions. Researchers may, for example, discover part of the plaintext file to compare to the encrypted file to begin the process of reverse engineering the key, or maybe they’ll find parts of the pseudo-RNG that can begin to explain the encryption pattern.

Working with law enforcement helped Cisco Talos create a decryption tool for the Babuk Tortilla ransomware. This version of ransomware targeted healthcare, manufacturing and national infrastructure, encrypting victims' devices and deleting valuable backups. Avast had already created a generic Babuk decryptor, but the Tortilla strain proved difficult to crack. The Dutch Police and Cisco Talos worked together to apprehend the person behind the strain, and gained access to the Tortilla decryptor in the process.

But often the easiest way to come up with these decryption tools stems from the ransomware gangs themselves. Maybe they’re retiring, or just feeling generous, but attackers will sometimes publicly release their encryption key. Security experts can then use the key to make a decryption tool and release that for victims to use going forward.

Generally, experts can’t share a lot about the process without giving ransomware gangs a leg up. If they divulge common mistakes, hackers can use that to easily improve their next ransomware attempts. If researchers tell us what encrypted files they’re working on now, gangs will know they’re on to them. But the best way to avoid paying is to be proactive. “If you’ve done a good job of backing up your data, you have a much higher opportunity to not have to pay,” said Clay.

This may be a good time to buy one of Amazon's latest tablets as many of them are on sale, with discounts of up to 35 percent. The sale brings the 2023 Fire HD 10 down to $95, which is only $15 more than its record low and 32 percent off the $140 list price. This model comes with 3GB of RAM, 32GB of storage and a speedier processor than the last time around. The 1080p HD screen is touch- and stylus-compatible and there's a 5 megapixel camera up front and another in back. Note that this model displays ads on the lockscreen. If you'd rather not see those promos, the ad-free version is also on sale and currently $15 more at $110. 

All Fire tablets are budget slates that let you browse the web, watch shows and play casual games; They probably aren't the best pick if you're looking for a workhorse productivity tablet, which tend to cost significantly more. You won't be able to run Apple apps, which seems obvious, but Fire tablets also don't natively support the Google Play store — even though Fire OS is a fork of Android. Readily available apps come from the Amazon app store, which include most major streamers like Netflix, Max, Peacock, social apps like TikTok and Instagram, and plenty of casual games. If you're just looking for a way to entertain yourself after a day of being productive, Fire tablets offer one of the few ways to do so for under $100. And like all Amazon devices, Alexa is built in to answer questions and control your smart home lights, cameras and doorbells. 

Elsewhere in the sale, the Fire HD 8 is down to $65, which is 35 percent off and around $10 more than its record low. This is an 8-inch version of Amazon's tablet, with 2GB of RAM, 32GB of storage and a 1280 x 800 screen at 189 ppi. There's a 2MP front camera and a claimed battery life of 13 hours. This is also a model with lockscreen promos, the ad-free version is $80. 

Follow @EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice.