If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste the other tech giants, but it’s silent about its own corporate parent’s misdeeds.

When Alexa responds in this way, it’s obvious that it is putting its developer’s interests ahead of yours. Usually, though, it’s not so obvious whom an AI system is serving. To avoid being exploited by these systems, people will need to learn to approach AI skeptically. That means deliberately constructing the input you give it and thinking critically about its output.

Newer generations of AI models, with their more sophisticated and less rote responses, are making it harder to tell who benefits when they speak. Internet companies’ manipulating what you see to serve their own interests is nothing new. Google’s search results and your Facebook feed are filled with paid entries. Facebook, TikTok and others manipulate your feeds to maximize the time you spend on the platform, which means more ad views, over your well-being.

What distinguishes AI systems from these other internet services is how interactive they are, and how these interactions will increasingly become like relationships. It doesn’t take much extrapolation from today’s technologies to envision AIs that will plan trips for you, negotiate on your behalf or act as therapists and life coaches.

They are likely to be with you 24/7, know you intimately, and be able to anticipate your needs. This kind of conversational interface to the vast network of services and resources on the web is within the capabilities of existing generative AIs like ChatGPT. They are on track to become personalized digital assistants.

As a security expert and data scientist, we believe that people who come to rely on these AIs will have to trust them implicitly to navigate daily life. That means they will need to be sure the AIs aren’t secretly working for someone else. Across the internet, devices and services that seem to work for you already secretly work against you. Smart TVs spy on you. Phone apps collect and sell your data. Many apps and websites manipulate you through dark patterns, design elements that deliberately mislead, coerce or deceive website visitors. This is surveillance capitalism, and AI is shaping up to be part of it.

Quite possibly, it could be much worse with AI. For that AI digital assistant to be truly useful, it will have to really know you. Better than your phone knows you. Better than Google search knows you. Better, perhaps, than your close friends, intimate partners and therapist know you.

You have no reason to trust today’s leading generative AI tools. Leave aside the hallucinations, the made-up “facts” that GPT and other large language models produce. We expect those will be largely cleaned up as the technology improves over the next few years.

But you don’t know how the AIs are configured: how they’ve been trained, what information they’ve been given, and what instructions they’ve been commanded to follow. For example, researchers uncovered the secret rules that govern the Microsoft Bing chatbot’s behavior. They’re largely benign but can change at any time.

Many of these AIs are created and trained at enormous expense by some of the largest tech monopolies. They’re being offered to people to use free of charge, or at very low cost. These companies will need to monetize them somehow. And, as with the rest of the internet, that somehow is likely to include surveillance and manipulation.

Imagine asking your chatbot to plan your next vacation. Did it choose a particular airline or hotel chain or restaurant because it was the best for you or because its maker got a kickback from the businesses? As with paid results in Google search, newsfeed ads on Facebook and paid placements on Amazon queries, these paid influences are likely to get more surreptitious over time.

If you’re asking your chatbot for political information, are the results skewed by the politics of the corporation that owns the chatbot? Or the candidate who paid it the most money? Or even the views of the demographic of the people whose data was used in training the model? Is your AI agent secretly a double agent? Right now, there is no way to know.

We believe that people should expect more from the technology and that tech companies and AIs can become more trustworthy. The European Union’s proposed AI Act takes some important steps, requiring transparency about the data used to train AI models, mitigation for potential bias, disclosure of foreseeable risks and reporting on industry standard tests.

Most existing AIs fail to comply with this emerging European mandate, and, despite recent prodding from Senate Majority Leader Chuck Schumer, the US is far behind on such regulation.

The AIs of the future should be trustworthy. Unless and until the government delivers robust consumer protections for AI products, people will be on their own to guess at the potential risks and biases of AI, and to mitigate their worst effects on people’s experiences with them.

So when you get a travel recommendation or political information from an AI tool, approach it with the same skeptical eye you would a billboard ad or a campaign volunteer. For all its technological wizardry, the AI tool may be little more than the same.

This essay was written with Nathan Sanders, and previously appeared on The Conversation.

Read More

Research from UCL finds that humans struggle to identify deepfake audio

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

More than 67% of internet users in the US remain blissfully unaware of online privacy and data protection regulations.

At the same time, the global average cost of data breaches and cyber-attacks has increased by 15% since 2020 to $4.45 million. In fact, compromised credentials and personal information are responsible for nearly 20% of nearly 1.4 billion security incidents during this period.

As a result, there’s a growing need for a solution to protect sensitive data from potential theft or misuse.

Global Privacy Control (GPC) is an emerging resolution to give users more control over their data when navigating the internet and using digital solutions.

In this article, you’ll learn about the core concept of GPC and its importance in digital protection.

What is Global Privacy Control (GPC)?

Global Privacy Control, or GPC, is a cybersecurity and data privacy initiative to give businesses and individuals greater control over their data, including its storage, distribution, and usage.

It offers a simple, standardized way to assert and protect your privacy rights while surfing the internet and navigating different websites and applications.

Adopting and implementing the protocol sends a “Do Not Collect or Share My Data” signal to digital platforms, prompting them to refrain from selling your data to third parties for advertising and other commercial purposes.

Common data websites collect generally include:

Personal information (Name, contact, address, etc.);
Browsing history;
Live location;
Device information (Model, operating system, etc.);
IP address;
Cookies;
Payment information (Card details, digital wallet credentials, etc.);
Account credentials (Social media apps, third-party services, etc.);
Usage data (Time, features used, launch frequency, and more).

By activating the GPC signal, you can exercise your privacy rights and stop sites and apps from collecting all the information listed (and more).

The significance of data privacy and how can GPC help?

Data privacy is more critical than ever due to the unprecedented exchange and collection of data on the internet. Digital entities actively collect your valuable data, including personal information, browsing habits, location, financial details, etc.

By creating vast repositories of your data, websites, and apps gain insights into your online behavior, and use them to tailor:

Ads;
UI/UX design;
Site content;
Products;
Services.

However, by doing so, they increase your risk of security breaches and privacy infringements. Hackers and cybercriminals actively target sensible information like your IP address to orchestrate various attacks, including:

Distributed Denial of Service (DDoS) attacks;
Spoofing;
Ransomware and spyware;
Man-in-the-Middle attacks;
Brute force attacks, etc.

Fortunately, you can prevent an IP address hack and consequential attacks using a virtual private network (VPN). A VPN encrypts your IP address and online traffic, making it nearly impossible for malicious criminals to access your data.

However, you can take data protection to a whole new level by combining Global Privacy Control with VPN and other essential cybersecurity tools, such as:

Anti-malware software;
SSL certificates;
Multi-factor authentication;
Intrusion detection systems, etc.

Preserving data privacy is crucial for protecting valuable data and building trust between users and digital platforms. As it stands, GPS is one of the few initiatives that can proactively prevent breaches by stopping the flow of user data.

Benefits of adopting Global Privacy Control

Below are the key benefits of adopting GPC on websites or apps:

1. Data security & privacy enhancement

GPC enables you to fortify your valuable data against nonconsensual or unauthorized sharing. Hence, you can use your personal information solely for core purposes, such as logging into your account or online transactions.

With GPC protocols, no website or app will record your browsing activity, usage, or online behavior, significantly reducing the risk of attacks, identity theft, and unauthorized access.

2. Transparent data collection and usage

If your business relies on collecting user data, you can use GPC to enable transparent collection and usage. You can share how your site or app collects, processes, and shares user data. This transparency allows visitors, customers, or users to make more informed decisions about engaging with your site or app.

3. Building trust & credibility

If you run an online business, one of the best ways to build trust with users is by respecting their online privacy preferences. This powerful branding and marketing strategy allows you to implement GPC and honor “Do Not Share My Data” requests.

Demonstrating that you care about your user’s privacy needs can improve credibility and foster a long-term relationship with them.

4. Compliance with privacy regulations

In the post-pandemic age, there’s an increased focus on data privacy regulations worldwide, including (but not limited to):

General Data Protection Regulation (GDPR) – EU and UK;
California Consumer Privacy Act (CCPA);
California Privacy Rights Act (CPRA);
Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada;
Health Information Technology for Economic and Clinical Health Act (HITECH), etc.

These bodies have strict privacy laws and policies you must adhere to. Failure to comply could lead to heavy fines and legal liabilities. Moreover, when users learn you’re non-compliant, they’ll hesitate to visit your site or use your app.

5. Empowering user control

Global Privacy Control makes users 100% responsible and accountable for the data they share on digital platforms. You have full control over your sharing preferences and can choose to avoid sharing data with third-party companies directly or through the site or app.

This user-centric approach promotes a sense of ownership and helps businesses mitigate security risks.

Conclusion

As the world rapidly shifts to a digital-first economy, you must take the necessary steps to safeguard data privacy.

With our commitment to Global Privacy Control (GPC), you can maximize data control and privacy protection. So, feel free to delve into our wealth of resources and empower yourself with the knowledge to fortify your online defenses.

Read More

Four members behind bars after EncroChat bust

Read More

Zero-day exploit warning was issued a week ago

Read More

Latest bug described as a patch bypass

Read More

Analysis by Comparitech found that manufacturers have lost $46.2bn from ransomware attacks in downtime alone since 2018

Read More