Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks

The Hacker News - 18 Červenec, 2024 - 11:33
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New UK government downplays AI regulation in program for the next year

Computerworld.com [Hacking News] - 18 Červenec, 2024 - 11:22

As Britain’s King Charles III stood up in the Houses of Parliament on Wednesday to present the new Labour government’s proposed legislative program, technology experts were primed for any mention of artificial intelligence (AI).

In the event, amidst the colorful pomp and arcane ceremony the British state is famous for in the state opening of Parliament, what the speech delivered was mostly a promise of future legislation shorn of any detail on the form this will take.

Talking head

The King’s Speech is where Britain’s elected government, in this case the recently elected Labour administration, lays out bills it plans to enact into law in the coming year.

The monarch delivers the speech, but it is written for him by the government. His role is purely constitutional and ceremonial.

It is hard to imagine a greater contrast than a ceremony whose origins date back hundreds of years and topics such as AI, which embodies the promise and peril of 21st century technology.

The government “will seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models,” announced King Charles.

Beyond the focus on regulating models used for generative AI, though, that leaves the government’s plans and their timing open to interpretation. But even the willingness to act marks a change of direction from the policy of the deposed Conservative administration to legislate on AI within narrow constraints.

Everyone wants to regulate AI

There had been an expectation that the new government would go further, primed by general statements of intent in the Labour Party Manifesto 2024.

“We will ensure our industrial strategy supports the development of the Artificial Intelligence (AI) sector, removes planning barriers to new datacentres,” stated the Manifesto before turning to the need for regulation.

“Labour will ensure the safe development and use of AI models by introducing binding regulation on the handful of companies developing the most powerful AI models and by banning the creation of sexually explicit deepfakes.”

The disappearance of these modest ambitions could signal that the government has yet to work out what “binding regulation” should look like at a time when other legislation seems more pressing.

The previous government worried that too much regulation risked stifling development. Equally, no regulation at all carries the risk that by the time it becomes necessary it will be too late to act.

The EU, of course, already has its AI Act while the US is still working through a mixture of proposed legislation bolstered by the Biden administration’s executive orders describing first principles.

Still too early?

A comment by open-source industry advocate OpenUK in advance of the King’s Speech sums up the dilemma.

“There are lessons the UK can learn from the EU’s AI Act that will likely prove to be an overly prescriptive and unwieldy cautionary tale of regulatory capture with only the largest companies able to comply, stifling innovation in the EU,” said the organization’s CEO, Amanda Brock.

It was still too early to legislate in a way that creates walls and legal restrictions.

“For the UK to stay relevant globally, and to build successful AI companies, openness is crucial. This will allow the UK ecosystem to grow its status as a world leader in open- source AI, behind only the US and China,” she added.

But not everyone is convinced that the wait-and-see approach is the right one.

“Regulation is not just about setting restrictions on AI development; it’s about providing the clarity and guidance needed to promote safe and sustainable innovation,” said Bruna de Castro e Silva of AI Governance specialist Saidot.

“As the EU moves forward with publishing its official AI Act, UK businesses have been left waiting for clear guidance on how to develop and deploy AI safely and ethically.”

This is why AI regulation is seen as a thankless task. Take an interventionist approach and experts will line up to say you’re stifling a technology with huge economic and social potential. Take a more cautious approach and others will say you’re not doing enough.

Last November, the previous Conservative administration of Rishi Sunak jumped on the theme of AI, hosting a global AI Safety Summit with symbolic flourish at the famous Second World War code-breaking facility just outside London, Bletchley Park.

At that event, several big AI names — OpenAI, Google DeepMind, Anthropic — undertook to give a new Frontier AI Taskforce early access to their models to conduct safety evaluations.

The new government inherits that promise even if to many others it will seem as if certainty about the UK’s AI legislative regime is no nearer than it was then.

More on AI regulation:

Kategorie: Hacking & Security

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

The Hacker News - 18 Červenec, 2024 - 11:10
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,
Kategorie: Hacking & Security

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks

The Hacker News - 18 Červenec, 2024 - 11:10
Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

The Hacker News - 18 Červenec, 2024 - 08:14
Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the
Kategorie: Hacking & Security

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

The Hacker News - 18 Červenec, 2024 - 08:14
Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

The Hacker News - 18 Červenec, 2024 - 08:01
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper
Kategorie: Hacking & Security

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

The Hacker News - 18 Červenec, 2024 - 08:01
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

About the Best Places to Work in IT

Computerworld.com [Hacking News] - 18 Červenec, 2024 - 06:49

Nominations for the 2025 Best Places to Work in IT program are now closed. We are currently reviewing the submissions. The list of honorees will be announced in our Special Report in December.

About the Best Places to Work in IT program

Computerworld conducts an annual survey to identify the best places to work for IT professionals. We invite readers, PR professionals and other interested parties to nominate companies they consider great employers for IT workers. You may nominate your own company. We then ask those nominated companies that meet our basic criteria to participate in our survey.

Once again, we are excited to extend this program, which has a 31-year history in the United States, to companies worldwide.

The employers in the Best Places list are evaluated by company size: Large companies have 5,000 or more employees; midsize have between 1,001 and 4,999 employees; and small companies employ from 100 to 1,000.

For a list of the 2024 honorees and more, please see our Best Places to Work in IT 2024 special report.

To be eligible, companies must have a minimum of 5 IT employees and a minimum of 100 total employees. We consider IT employees to be those IT workers who provide technology support and services to their own company — or to multiple companies through their work at an IT service provider. Workers who would *not* be included are administrative support staff for the IT department, staff who work in communications or PR for the technology department, IT contractors, or those staff whose primary role is in product development for outside sales.

Best Places to Work in IT is a global program. We ask that companies submit no more than one survey within any one country. If your company operates in multiple countries and you would like to submit a survey for your location only, please note this in the company name field (e.g., “Foundry North America” or “Foundry Germany”). If no location is specified in the company name, we will assume that the entry represents all locations worldwide.

In most cases, we prefer to have the parent company, rather than subsidiaries or affiliates, apply for the Best Places to Work in IT list. However, a subsidiary or affiliate may be eligible, providing that it stands out as a separate entity from the parent company, with separate business functions, IT leadership and so on. A subsidiary may also be eligible to apply separately if its parent company is a holding company. In those cases, the parent company and subsidiary may be able to apply separately. We encourage companies to complete the nomination form or contact us at [email protected], and our Best Places research team will evaluate the submissions on a case-by-case basis.

Questions about the Best Places to Work in IT program can be emailed to [email protected].

Frequently asked questions Survey requirements and eligibility Does my company have to be nominated to complete the survey?

No. Companies may participate even if they were not nominated. In lieu of a nomination, please send an email to [email protected] with the name and contact information (including email address) of the individual who should receive the company survey and other information; we’ll take care of the rest.

Does the Best Places to Work in IT list include public companies only?

No. The survey includes private as well as public companies.

What criteria must my company meet to participate?

To be considered for our Best Places to Work in IT list:

  • Companies must have a minimum of 5 IT employees.
  • Companies must have a minimum of 100 total employees worldwide.
  • In most cases, we prefer to have the parent company, rather than subsidiaries or affiliates, apply for the Best Places to Work in IT list. However, a subsidiary or affiliate may be eligible, providing that it stands out as a separate entity from the parent company, with separate business functions, IT leadership and so on. A subsidiary may also be eligible to apply separately if its parent company is a holding company. In those cases, the parent company and subsidiary may be able to apply separately. We encourage companies to complete the nomination form or contact us at [email protected], and our Best Places research team will evaluate the submissions on a case-by-case basis.
Who should complete the survey?

An individual familiar with employment statistics, benefits, policies and programs of your IT department and your company should complete the survey. This could be a human resources representative, a CIO or corporate PR representative — or a team of all the above.

Survey contents and procedures What does the company survey ask?

Our online survey includes questions about companies’ benefits, training and development, IT salary changes, percent of IT employees promoted, IT turnover rates, and the percentage of women employees in management in IT departments. In addition, we will collect information about diversity, equity and inclusion (DEI) programs, remote/hybrid working, and company growth.

Which employees are considered “IT workers” in this survey?

Answers to the survey should be based on those IT workers who provide technology support and services to their own company — or to multiple companies through their work at an IT service provider. Workers who wouldn’t be included are administrative support staff for the IT department, staff who work in communications or PR for the technology department, IT contractors, or those staff whose primary role is in product development for outside sales.

What happens if I leave a question blank on the survey?

You can’t leave a question blank if it is required. Many of the questions on the survey are required; the survey can’t be processed if they aren’t answered. Please answer to the best of your ability for questions with lists or options included. If any open-ended/text based questions aren’t applicable to your company, please indicate “NA” for “not applicable.” If there is a question you can’t answer fully given the format of the survey, you may briefly explain your answers in an addendum field that follows each survey section.

Companies that withhold information used to rank the finalists will have points deducted from their ranking. Answers that are left blank or have unexplained N/As will be assumed to be 0 (zero).

Companies must provide answers to questions related to data we run in our feature story and graphics in order to be considered. Please see below for the types of required information that are typically shared publicly.

Can I save my survey and come back to it at a later date?

Yes. You will be able to save your partially completed survey and can save a partially completed survey as many times as necessary. Please save your unique URL to re-enter the survey. When you return to the survey, you will be able to review/modify questions that you have already answered. However, we will continue to provide a printer-friendly version of the survey, and we recommend that you complete this survey, then enter your answers online.

How should I send my company’s information to Computerworld?

We accept company information from the online survey only. Please enter all data as accurately as possible. Provide company name, location, web address and other information, as you would like it to appear in print.

Can I get a copy of the survey to review before I go to the online survey and submit my company’s information?

Yes. A printer-friendly version of the 2025 Best Places company survey can be downloaded for reference. We encourage participants to complete the printer-friendly version offline before filling out the online survey.

Download: 2025 Best Places to Work in IT Company Survey
Printer-friendly copy of the 2025 Best Places to Work in IT company survey. Will Computerworld provide us with a copy of our submitted survey?

Upon request, Computerworld will email you a PDF of your company’s survey responses.

Is there an employee portion to the survey?

There is no longer an employee survey portion to the survey. Computerworld decided to make this change in the 2023 program to streamline the process for global participation and to enable companies with smaller IT departments to participate. In lieu of the employee survey portion of the program, Computerworld will be inviting a panel of judges consisting of industry experts to evaluate entries and confirm this year’s honorees.

List publication and notification When will the list of honorees be published?

The Best Places to Work in IT honorees will be announced in December 2024 on Computerworld.com.

When can I find out if my company is on the list?

Computerworld will notify companies that will be honored as a 2025 Best Place to Work in IT several weeks in advance of publication. Computerworld’s marketing group contacts honorees to offer assistance with press releases.

Is there a timeline to which I can refer for survey action items?

Below is the 2025 Best Places to Work in IT timeline.

Week of April 8, 2024

Nominations open for the 2025 Best Places to Work in IT. Nominated companies receive an email with a unique link to the Best Places company survey from Computerworld by the second week of April. Thereafter, company surveys will be sent on a rolling basis.

Monday, July 15, 2024

DEADLINE: Completed Best Places company survey is due to Computerworld.

November 2024

Best Places to Work in IT honorees are notified of their status.

December 2024

List of Best Places to Work in IT honorees is available online.

What information will be shared publicly?

Computerworld tries to avoid printing information that a company may consider competitive. The following information may appear publicly:

  • Company name
  • Location
  • Industry
  • Website
  • Total number of employees
  • Total number of IT employees
  • Percentage of IT employee turnover
  • Percentage of IT employee promotions
  • Number of training days offered per IT employee
  • Information from a 300-word essay outlining what’s special about your company and IT department

Please note that revenue, overall IT budget and other sensitive information will not be reported. Such information will be used only in aggregate format or for ranking purposes.

What if I have a question that was not answered in this FAQ?

Please email your questions to the following address: [email protected].

In the subject line, please include your company name and be as descriptive as possible in the subject line as to the nature of your inquiry.

Kategorie: Hacking & Security

Platform lets creators monetize their content for use in LLM training

Computerworld.com [Hacking News] - 18 Červenec, 2024 - 02:33

Avail, an AI research firm that focuses on the media industry, today launched Corpus, a platform it said enables creators and media rights holders to license their work to AI model developers.

Corpus, the Brooklyn, New York-based firm said in a release, enables “rights holders to seek compensation for both catalog content and real-time answers derived from their work.”

A company FAQ describes it as a “monetization platform for creators, media companies and rights holders of all kinds. We connect content owners with AI companies interested in licencing their work for training purposes or real-time chatbot answer retrieval.” The Corpus homepage contains a valuation calculator that provides creators an estimate of their catalog’s worth based on recent benchmarks, Avail said.

On the site, it states that it has partnered with OpenAI, Anthropic, film production and distribution company 30West, AI-based wealth management firm Range, and venture capitalists General Catalyst and Seven Seven Six.

Bill Wong, AI research fellow at Info-Tech Research Group, viewed the launch of Corpus as a positive move for creators, and necessary in order to reset “expectations that Big Tech vendors have regarding their use of copyrighted data.”

While, he said, an initiative such as this has the potential to be beneficial not only to content creators, but also to those firms who train AI models, “there will be challenges in resetting expectations and making this work in an efficient manner. The advantage of accessing curated data is that it provides a higher quality of data to train the model. However, the administration of this may be a challenge, such as calculating the right costs, perhaps implementing new types of watermarks, etc.”

Wong added that Avail’s Corpus tool “flies in the face” of recent comments made by Mustafa Suleyman, the CEO of Microsoft AI, in an interview at the recent Aspen Ideas Festival. “While attempting to define what kind of content is protected by publishers, he proceeded to say: ‘With respect to content already on the open web, the social contract of that content since the 1990s has been that it is fair use. Anyone can copy it, recreate it, or reproduce it. That has been freeware, if you like; that’s been the understanding.’”

Had the internet had a tool like Corpus available in the 1990s, said Wong, “I am sure content creators would have been properly acknowledged and compensated for their content. Today, the jury is still assessing whether copyright data for LLM training should fall under ‘fair use,’ but accessing data in real-time should be recognized as of value to both users and vendors, and this content should not be considered freeware.”

Today, he said, the US copyright office has not prevented “LLM vendors from using copyrighted data to train their models. The vendors typically state that the use of the copyrighted data falls under the legal concept of ‘fair use,’ which allows people/companies to use limited portions of the work for non-commercial, educational, or transformative uses.”

According to Wong, “It is the ‘transformative’ use the vendors argue that is how the LLMs are using the data. Ingested data is not simply reproduced by the LLM; the content is transformed and used to generate new content for new uses. However, I don’t believe that when the ‘fair use’ doctrine was first defined, they considered a program that would ingest all the data, be used for commercial purposes, and disrupt the industry of the creators.”

The launch of Corpus follows an announcement late last month that seven companies that license music, images, videos, and other data used for training AI systems have formed a trade association to promote responsible and ethical licensing of intellectual property. To be known as the Dataset Providers Alliance (DPA), the primary goals are to standardize the licensing of intellectual property for AI and ML datasets, facilitate industry collaboration, be an advocate for content creators’ rights and protect intellectual property.

What can potentially happen if an organization does end up getting caught for copyright violations? Consider: in March, France’s competition authority fined Google, its parent company Alphabet, and two subsidiaries a total of €250 million ($271 million) for breaching a previous agreement on using copyrighted content for training its Bard AI service, now known as Gemini.

The Autorité de la concurrence said that the search giant failed to comply with a June 2022 settlement over the use of news stories in its search results, News and Discover pages. Google avoided a fine at that point by pledging to enter into good-faith negotiations with news providers over compensation for their content, among other actions.

Next read this:

Kategorie: Hacking & Security

Finally, there’s an Android app for Anthropic’s chatbot, Claude

Computerworld.com [Hacking News] - 17 Červenec, 2024 - 22:17

Anthropic released an iOS version of its popular chatbot Claude for the iPhone in May; now, it’s time for an Android version.

The artificial intelligence (AI) company announced the Android iteration on Tuesday.

With the help of Claude, users can have conversations in a number of languages, including English, German, French, Spanish and Italian. The new app reportedly can be used with all subscriptions, which includes Pro and Team. Business users have the option to sign up for a monthly subscription that costs roughly $31 per user. The minimum number of users that can be registered is five.

Users who can’t download the app from Google Play or the App Store, can still access Claude via the web at claude.ai .

Next read this:

Kategorie: Hacking & Security

ARM-based Copilot+ PCs offer precious few backup options

Computerworld.com [Hacking News] - 17 Červenec, 2024 - 20:52

On June 18, 2024, the first round of Copilot+ PCs arrived, including offerings from Microsoft, HP, Asus Acer, Dell, and Lenovo. I was lucky enough to land a Lenovo Yoga Slim 7x on June 21st and have been digging into its capabilities and limitations ever since.

Over the weekend, I stumbled upon a situation that is both unsurprising and disturbing — namely, that there are very, very few image backup and restore tools that work with the ARM64-based version of Windows 11 24H2 that ships on all currently available Copilot+ PCs.

Searching for working image backup packages

Indeed, a concerted series of Google and Bing searches have turned up exactly three software programs that can back up and restore ARM64 versions of Windows (all of which run only on Snapdragon X CPUs at present, though AMD64 versions on Intel and AMD CPUs are expected in the next month or two).

Two of those three options are at least mildly questionable, as I’ll explain:

1. Zinstall FullBack is a full-featured backup and restore package that performs constant incremental backups to a local or networked drive, or into the cloud. Zinstall has been active in the ARM side of Windows backup since Microsoft released early versions of Windows on ARM (WoA) for the Surface Pro X in November 2019. The vendor offers a free 30-day trial, and then charges US$14.90 per month thereafter to use the software.

A bare-metal restore to a non-booting PC will first require a clean Windows install on that machine (I’d recommend an ARM64 ISO from UUP dump), and then installing the Zinstall application. After that, you can restore a backup from your collection of prior snapshots and overwrite the temporary install with that install to pick up where it left off.

2. Microsoft’s Backup and Restore (Windows 7) Control Panel item is still available in Windows 11 24H2. As you can see in this Microsoft Learn article, Windows 7 Backup and Restore has been deprecated since the release of Windows 8 in 2012. This tool is intended to restore existing Windows 7 backups to newer Windows PCs, but it can back up and restore newer versions as well. It’s not a production-grade tool.

3. Version 6.0 of the Veeam Agent (which works with the company’s various backup and replication enterprise-grade solutions) has been force-fit to back up on ARM-based CPUs as of March 2023 (see the end of this R&D Forums note). It can be restored using a Veeam Agent running on an X64 PC. Here again, this appears to be something of a kludge.

Just for grins, I checked all of the backup packages mentioned in Tim Fisher’s November 2023 Lifewire article 32 Best Free Backup Software Tools. None of them supports ARM64 CPUs, either.

The Windows Backup option

When I asked Microsoft to comment on the situation, a spokesperson pointed me to the Microsoft support page for the Windows Backup app built into Windows 11, indicating that this tool provides a backup and recovery solution for ARM-based PCs. It does, but not completely.

As I discuss in a recent article on the new backup, recovery, and repair tools in Windows 11, the Windows Backup app is undoubtedly a useful tool for backing up files and folders, apps, settings, and credentials and restoring same. But its restore operation is not as seamless as when using dedicated image backup software, and it doesn’t easily scale up for enterprise use. Indeed, it requires one-at-a-time reinstall of all Windows apps and applications (through links in the Start menu) to fully restore a Windows 11 PC to match its backed-up installation state.

In other words, making complete image backups that can be quickly and easily restored requires third-party image backup software.

Get real about backup and restore in Copilot+ PCs

Realistically, Zinstall FullBack appears to be the only viable option for backing up and restoring Copilot+ PCs with Snapdragon X Elite and Snapdragon X Plus CPU models. (Elite models include X1E-00-1DE, X1E-84-100, X1E-80-100, and the X1E-78-100 found in the Lenovo Yoga Slim 7X; Plus models include X1P-64-100.)

Buyers considering an investment in the current crop of Copilot+ PCs should ponder this potential limitation (among others) carefully. They should also consider that the upcoming collection of Intel- and AMD-based Copilot+ PCs will work with all currently available Windows 11-compatible image backup and restore tools and platforms.

Related reading:

Kategorie: Hacking & Security

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

The Hacker News - 17 Červenec, 2024 - 18:27
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,
Kategorie: Hacking & Security

North Korean Hackers Update BeaverTail Malware to Target MacOS Users

The Hacker News - 17 Červenec, 2024 - 18:27
Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic People's Republic of Korea (DPRK) have delivered as part of prior cyber espionage campaigns targeting job seekers. The artifact in question is an Apple macOS disk image (DMG) file named "MiroTalk.dmg" that mimics the legitimate video call service of the same name,Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Why Apple Intelligence will grab hearts and minds

Computerworld.com [Hacking News] - 17 Červenec, 2024 - 15:20

If personal privacy remains a human right, one day Apple’s approach to artificial intelligence (AI) and generative AI (genAI) will be emulated by the industry, at least to some extent. Because Apple is going where public opinion already is and will benefit from that stance with Apple Intelligence.

This view comes after Ive looked over the 10th Mobile Ecosystem Forum (MEF) Consumer Trust Study, which shows a growing public consciousness around data collection, use, and privacy. And it also tells us that people trust the companies that handle their data less and less.

Tech firms, consumers don’t trust you any more

This should be alarming at this stage of the evolution of AI and shows the clear advantage Apple has as it works to create a trusted, private, powerful model of personal AI. The idea of edge-based, completely private intelligence seems to reflect what users want, rather than feeding the fast-growing industry around surveillance capital.

Apple’s core message about personal privacy — and its recognition that if you are giving up control of your data to use a product, you are the product — were ahead of their time when the company began to promote those thoughts. And now, it is precisely where consumers are going.

Apple’s attempt to deliver a trusted AI may be difficult to accomplish, but the company has already shown a pragmatic awareness of how to get there. Yes, you can use third-party services with Apple Intelligence if you want. But the company will also provide far more private services you can use for specific domains. 

I expect the goal is that eventually the tasks people most want genAI to do for them will be available at the edge, or in trusted iCloud.

What’s changed? 

Convenience isn’t as attractive as it used to be. MEF tells us consumers are less convinced by arguments around ease and convenience and far more likely to question the hidden privacy costs of so-called “free” services. That consciousness means they are searching for and will migrate to trusted services offering high degrees of privacy and control. 

At present in Big Tech, only Apple really provides this.

There are numerous additional relevant insights buried in the MEF report:

  • The rise of the “Savvy Consumer” — people who are cautious about data sharing and demand greater control and transparency. They want to be in control of their own data. 
  • Consumers are becoming more aware of how data is collected and used and less happy to share their information. Just 12% of online users are unconcerned about data control, and that number is shrinking.
  • People are also increasingly concerned about identity theft and data breaches, which once again makes them less likely to share information.  MEF claims 67% of users globally avoid sharing personal data.
  • Consumers want clear privacy policies and transparent tools that put them in control of the information they share.
  • In the absence of these tools, people limit what they share in an attempt to control what’s known about them. This is a direct challenge to businesses that exploit personal data, particularly for advertising, and for some of the emerging business models around those.

So, where does this leave Apple and AI?

Consumers understand the link between data and privacy

The MEF survey makes it crystal clear that the frontier era of internet privacy has moved into history. While a lot of people became super-rich through various velvet-gloved business plans that involved privacy abuse, the lack of security, care, transparency and respect for consumers has had its cost; people now demand better.

It is true that users continue to be concerned at the overarching power of Big Tech (including Apple), the need to prevent proliferation of harmful content, and a desire to eliminate misleading advertising. But consumers are now also developing awareness of the connection between AI and data privacy.

That they have developed such awareness should be an alarm to incumbents in this space, as that recognition will translate into changing consumer behavior and regulation in double-quick time. It also means Apple’s unique combination of privacy and convenience looks a lot better than what rivals are doing.

People have become ambivalent about technology

MEF tells us the awareness of the challenges of data and privacy is fostering a deep sense of disappointment in technology on an existential level. “Levels of positivity towards tech advancements have stopped increasing, and most users felt either ambivalent or negative towards developments such as artificial intelligence and virtual reality,” MEF said in its executive report.

That’s a bad thing for tech, even for Apple. It’s probably an inevitable disappointment, as utopian promises devolve into increasingly dystopian reality. “The focus is on collaboratively building the next paradigm for a data economy that prioritizes user trust and data control,” wrote MEF CEO Dario Betti.

And which company is already doing more than any other to build something like that? Apple, of course, which has been on precisely this journey since Apple CEO Tim Cook delivered a speech in the EU to warn: “This is surveillance,” and the company intensified its work to build a data economy that prioritizes user trust and data control.

It is fair to say Apple has faced resistance since it set off on this path. Being ahead of your time can generate headwinds. But enterprise and consumer users are catching up fast.

The industry will need to keep up

A pro-privacy, pro-data protection approach will be a key stratagem to put wind under the wings of Apple Intelligence. But it is also the approach consumer and enterprise users will demand from all services in this space.

In this, Apple is already ahead of the game.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

More by Jonny Evans:

Kategorie: Hacking & Security

Google Boosts Linux Security with Array Checks

LinuxSecurity.com - 17 Červenec, 2024 - 14:20
As the cybersecurity landscape continues to evolve, developers and system administrators have faced several challenges in ensuring the safety of systems written using C. This is due to their vulnerability to buffer overflows.
Kategorie: Hacking & Security

Big tech firms have reportedly used thousands of YouTube videos to train AI

Computerworld.com [Hacking News] - 17 Červenec, 2024 - 13:29

Proof News has published a new audit showing that major tech companies such as Apple, Nvidia, Anthropic, and Salesforce used subtitle data from 173,536 YouTube videos to train their artificial intelligence (AI) tools.

The companies plan to use the “Youtube Subtitles” data collection, created by EleutherAI; it contains transcripts from news channels such as Khan Academy, MIT, Harvard, The Wall Street Journal, NPR and BBC, as well as entertainment channels such as The Late Show with Stephen Colbert, Last Week Tonight with John Oliver and Jimmy Kimmel Live.

The data collection also contains subtitles for videos belonging to big YouTube stars such as MrBeast, Swedish PewDiePie, and Jacksepticeye. According to Youtube’s rules, companies are not allowed to harvest material from the platform without permission.

EleutherAI has so far not commented on Proof News’ review.

More tech news:

Kategorie: Hacking & Security

Mistral’s new Codestral Mamba to aid longer code generation

Computerworld.com [Hacking News] - 17 Červenec, 2024 - 13:27

French AI startup Mistral has launched a new large language model (LLM) that can help generate longer tranches of code comparatively faster than other open-source models, such as CodeGemma-1.1 7B and CodeLlama 7B.

“Unlike transformer models, Mamba models offer the advantage of linear time inference and the theoretical ability to model sequences of infinite length. It allows users to engage with the model extensively with quick responses, irrespective of the input length,” the startup said in a statement.

Kategorie: Hacking & Security

Data about millions of Trello users leaks online

Computerworld.com [Hacking News] - 17 Červenec, 2024 - 13:16

Earlier this year, Atlassian was subjected to a massive cyberattack, leading to sensitive information about the software company’s customers ending up in the wrong hands.

According to Bleeping Computer, data on 15 million users of the popular planning tool Trello, including account information, names and email addresses, has now been put up for sale on a hacker forum.

Given that it only costs about $3.66 to access the information, users can expect many scammers to take advantage of the “offer.”

To be safe, Trello users should change their login credentials as soon as possible.

More tech news:

Kategorie: Hacking & Security

FTC is looking into Amazon’s deal with AI startup Adept

Computerworld.com [Hacking News] - 17 Červenec, 2024 - 13:11

The US Federal Trade Commission (FTC) has sought details from Amazon about the recruitment of key personnel from the AI startup Adept, according to a Reuters report.

The request follows the announcement that Adept CEO David Luan, along with other top executives, will be joining Amazon, which is also set to license some of Adept’s technologies.

This underscores the growing scrutiny by the FTC and other regulatory bodies worldwide on AI-related deals, especially partnerships between major technology companies and leading AI startups.

Earlier this week, the UK’s Competition and Markets Authority (CMA) announced an inquiry into a similar move by Microsoft, which recruited most of the employees from startup, Inflection, for its consumer AI group. In June, the FTC too had launched an investigation to determine whether there actually was an undisclosed acquisition through the hiring of key personnel and the licensing agreement with Inflection.

AI growth amid scrutiny


Expanding AI capabilities has become inevitable for tech companies. Faisal Kawoosa, chief analyst at Techarc, pointed out that Amazon has been lagging in its AI journey compared to other big tech companies, necessitating a search for inorganic growth strategies.

“We’ve seen a similar approach with Apple, which acquired a startup like DarwinAI due to uncertainties in their ecosystem,” said Kawoosa. “As for this investigation, it appears to be preliminary to determine if it warrants a deeper look. Regulators are assessing whether anything in this transaction violates trade practices.”

This could further raise concerns for companies considering partnerships with the likes of Amazon, as regulatory hurdles can be daunting, said Thomas George, president of Cybermedia Research. The main concerns involve information privacy, copyright infringement, and antitrust issues.

“This forces organizations to think critically to avoid legal risks, especially when handling sensitive customer data or formulating contracts that do not give one company too much influence over the market,” George said. “Given prevailing trends, regulatory bodies like the FTC require a forward-thinking approach to compliance to ensure partnerships align with shifting regulations through transparency.”

Impact of regulatory intervention

Given its benefits, the trend of integrating AI startups will likely continue, with both deep tech and big tech companies trying to enhance their capabilities and quickly develop their large language models.

For instance, Kawoosa pointed out that such acquisitions provide Amazon with rapid access to advanced AI technologies. The widespread use of AWS enables Amazon to offer enhanced AI services to its many enterprise customers.

This could naturally lead to increased regulatory scrutiny in the industry. The bigger issue would be the two-fold impact on AI innovation and adoption in enterprises. On one hand, this might slow down aggressive acquisition strategies as companies navigate regulatory landscapes.

“On the other, this could create a better competitive environment by preventing market monopolization and ensuring smaller AI innovators can compete and collaborate within the ecosystem on equal footing,” George said. “Finally, while such scrutiny could pose some obstacles in the near term, it can foster a more diverse and robust innovation landscape that would benefit the entire industry, thereby facilitating the equitable development of AI technologies.”

Kategorie: Hacking & Security
Syndikovat obsah