Read 4 remaining paragraphs | Comments

Microsoft is trying to create a personal digital assistant:

At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research. Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users.

I wrote about this AI trust problem last year:

One of the promises of generative AI is a personal digital assistant. Acting as your advocate with others, and as a butler with you. This requires an intimacy greater than your search engine, email provider, cloud storage system, or phone. You’re going to want it with you 24/7, constantly training on everything you do. You will want it to know everything about you, so it can most effectively work on your behalf.

And it will help you in many ways. It will notice your moods and know what to suggest. It will anticipate your needs and work to satisfy them. It will be your therapist, life coach, and relationship counselor.

You will default to thinking of it as a friend. You will speak to it in natural language, and it will respond in kind. If it is a robot, it will look humanoid—­or at least like an animal. It will interact with the whole of your existence, just like another person would.

[…]

And you will want to trust it. It will use your mannerisms and cultural references. It will have a convincing voice, a confident tone, and an authoritative manner. Its personality will be optimized to exactly what you like and respond to.

It will act trustworthy, but it will not be trustworthy. We won’t know how they are trained. We won’t know their secret instructions. We won’t know their biases, either accidental or deliberate.

We do know that they are built at enormous expense, mostly in secret, by profit-maximizing corporations for their own benefit.

[…]

All of this is a long-winded way of saying that we need trustworthy AI. AI whose behavior, limitations, and training are understood. AI whose biases are understood, and corrected for. AI whose goals are understood. That won’t secretly betray your trust to someone else.

The market will not provide this on its own. Corporations are profit maximizers, at the expense of society. And the incentives of surveillance capitalism are just too much to resist.

We are going to need some sort of public AI to counterbalance all of these corporate AIs.

Markos Moulitsas is the poll-watching founder of the political blog Daily Kos. Thursday he wrote that in 2021, future third-party presidential candidate RFK Jr. had sued their web site. "Things are not going well for him." Back in 2021, Robert F. Kennedy Jr. sued Daily Kos to unmask the identity of a community member who posted a critical story about his dalliance with neo-Nazis at a Berlin rally. I updated the story here, here, here, here, and here. To briefly summarize, Kennedy wanted us to doxx our community member, and we stridently refused. The site and the politician then continued fighting for more than three years. "Daily Kos lost the first legal round in court," Moulitsas posted in 2021, "thanks to a judge who is apparently unconcerned with First Amendment ramifications given the chilling effect of her ruling." But even then, Moulitsas was clear on his rights: Because of Section 230 of the Communications Decency Act, [Kennedy] cannot sue Daily Kos — the site itself — for defamation. We are protected by the so-called safe harbor. That's why he's demanding we reveal what we know about "DowneastDem" so they can sue her or him directly. Moulitsas also stressed that his own 2021 blog post was "reiterating everything that community member wrote, and expanding on it. And so instead of going after a pseudonymous community writer/diarist on this site, maybe Kennedy will drop that pointless lawsuit and go after me... consider this an escalation." (Among other things, the post cited a German-language news account saying Kennedy "sounded the alarm concerning the 5G mobile network and Microsoft founder Bill Gates..." Moulitsas also noted an Irish Times article which confirmed that at the rally Kennedy spoke at, "Noticeable numbers of neo-Nazis, kitted out with historic Reich flags and other extremist accessories, mixed in with the crowd.") So what happened? Moulitsas posted an update Thursday: Shockingly, Kennedy got a trial court judge in New York to agree with him, and a subpoena was issued to Daily Kos to turn over any information we might have on the account. However, we are based in California, not New York, so once I received the subpoena at home, we had a California court not just quash the subpoena, but essentially signal that if New York didn't do the right thing on appeal, California could very well take care of it. It's been a while since I updated, and given a favorable court ruling Thursday, it's way past time to catch everyone up. New York is one of the U.S. states that doesn't have a strict "Dendrite standard" law protecting anonymous speech. But soon the blog founder discovered he had allies: The issues at hand are so important that The New York Times, the E.W.Scripps Company, the First Amendment Coalition, New York Public Radio, and seven other New York media companies joined the appeals effort with their own joint amicus brief. What started as a dispute over a Daily Kos diarist has become a meaningful First Amendment battle, with major repercussions given New York's role as a major news media and distribution center. After reportedly spending over $1 million on legal fees, Kennedy somehow discovered the identity of our community member sometime last year and promptly filed a defamation suit in New Hampshire in what seemed a clumsy attempt at forum shopping, or the practice of choosing where to file suit based on the belief you'll be granted a favorable outcome. The community member lives in Maine, Kennedy lives in California, and Daily Kos doesn't publish specifically in New Hampshire. A perplexed court threw out the case this past February on those obvious jurisdictional grounds.... Then, last week, the judge threw out the appeal of that decision because Kennedy's lawyer didn't file in time — and blamed the delay on bad Wi-Fi... Kennedy tried to dismiss the original case, the one awaiting an appellate decision in New York, claiming it was now moot. His legal team had sued to get the community member's identity, and now that they had it, they argued that there was no reason for the case to continue. We disagreed, arguing that there were important issues to resolve (i.e., Dendrite), and we also wanted lawyer fees for their unconstitutional assault on our First Amendment rights... On Thursday, in a unanimous decision, a four-judge New York Supreme Court appellate panel ordered the case to continue, keeping the Dendrite issue alive and also allowing us to proceed in seeking damages based on New York's anti-SLAPP law, which prohibits "strategic lawsuits against public participation." Thursday's blog post concludes with this summation. "Kennedy opened up a can of worms and has spent millions fighting this stupid battle. Despite his losses, we aren't letting him weasel out of this."

Read more of this story at Slashdot.

When a Politician Sues a Blog to Unmask Its Anonymous Commenter

samleecole writes: Utah set up an online form for people to accuse other citizens and public establishments of violating the state's recently-enacted transphobic "bathroom bill." The submission form is being flooded with memes and troll comments, and the auditor also left the submissions database open to the public -- without a password, authentication, or any other protections that would keep anyone from viewing other people's submissions. After 404 Media contacted the auditor's office for comment, they changed the permissions to require authentication. The form link has been posted to Twitter, and people have repeatedly posted screenshots of themselves uploading memes. In the database, those included photos of Barry Wood, characters from Bee Movie, and Shutterstock images of bull testicles. Twitter users have also found a link to the database that the form is connected to, which is hosted on a public Google cloud console bucket that as of Thursday, required no authentication to view. I tested the form, and found that my submission -- a photo of the yelling table cat meme -- appeared instantly in the Google Console bucket. The submission form offers anonymity with the option for the state auditor to contact submitters for more details. I haven't seen names and contact information shared in the database, but comments and image attachments were easily viewable.

Read more of this story at Slashdot.

An Open Database Leaked Submissions To Utah's 'Bathroom Bill' Snitch Form

@prav messaging service is funded directly by users through subscriptions to replace monopoly of #WhatsApp. We are launching the pre order campaign to raise funds and meet expenses like server hosting, sms gateway charges and hiring a system admin.

This meeting is to plan logistics of the Prav Subscription Pre Order launch event. Everyone is invited to join and help.

RSVP and calendar invite (add to your phone calendar for reminder) https://gath.io/QPBzHGBw7RlnWf9mDGohs

#Prav #XMPP #privacy

@prav messaging service is funded directly by users through subscriptions to replace monopoly of #WhatsApp. We are launching the pre order campaign to raise funds and meet expenses like server hosting, sms gateway charges and hiring a system admin.

This meeting is to plan logistics of the Prav Subscription Pre Order launch event. Everyone is invited to join and help.

RSVP and calendar invite (add to your phone calendar for reminder) https://gath.io/QPBzHGBw7RlnWf9mDGohs

#Prav #XMPP #privacy

"Federal Grants (to local LE) Send Warzone Tech To USA Streets" To Tracking Wireless / Bluetooth Signals & More

(self driving tech also carries plenty to offer)

Yet another reminder: the very tech developed & many support for overseas use, eventually makes its way back home

No company calls it quits after war - they localize, lobby PD

#News #privacy #tracking #Tech #HumanRights #autonomy #infosec #USA #WiFi #bluetooth #policing

https://www.notus.org/technology/war-zone-surveillance-border-us

"Federal Grants (to local LE) Send Warzone Tech To USA Streets" To Tracking Wireless / Bluetooth Signals & More

(self driving tech also carries plenty to offer)

Yet another reminder: the very tech developed & many support for overseas use, eventually makes its way back home

No company calls it quits after war - they localize, lobby PD

#News #privacy #tracking #Tech #HumanRights #autonomy #infosec #USA #WiFi #bluetooth #policing

https://www.notus.org/technology/war-zone-surveillance-border-us

Car Manufacturers Betrayed Customers By Sharing Location Without Warrant -- After Some Pledged Not To

#News #privacy #cars #automotive #automobiles #EV #Toyota #Hyundai #Nissan #Subaru #Volkswagen #BMW #Mazda #Mercedes #Kia #Volvo #GPS #geolocation #location #tracking

https://www.pcmag.com/news/senators-car-companies-are-giving-location-data-to-police-without-a-warrant

Car Manufacturers Betrayed Customers By Sharing Location Without Warrant -- After Some Pledged Not To

#News #privacy #cars #automotive #automobiles #EV #Toyota #Hyundai #Nissan #Subaru #Volkswagen #BMW #Mazda #Mercedes #Kia #Volvo #GPS #geolocation #location #tracking

https://www.pcmag.com/news/senators-car-companies-are-giving-location-data-to-police-without-a-warrant

<p><a class="mention hashtag" href="https://fosstodon.org/tags/Networks" rel="tag">#<span>Networks</span></a> like <a class="mention hashtag" href="https://fosstodon.org/tags/I2P" rel="tag">#<span>I2P</span></a> serve useful to <a class="mention hashtag" href="https://fosstodon.org/tags/OSINT" rel="tag">#<span>OSINT</span></a> <a class="mention hashtag" href="https://fosstodon.org/tags/investigations" rel="tag">#<span>investigations</span></a>, <a class="mention hashtag" href="https://fosstodon.org/tags/Journalism" rel="tag">#<span>Journalism</span></a>, and <a class="mention hashtag" href="https://fosstodon.org/tags/activism" rel="tag">#<span>activism</span></a> (<a class="mention hashtag" href="https://fosstodon.org/tags/clearnet" rel="tag">#<span>clearnet</span></a> conns can be more private using <a class="mention hashtag" href="https://fosstodon.org/tags/outproxy" rel="tag">#<span>outproxy</span></a> in I2P).</p><p>You can customize your routing experience, even change number of hops, banning and unbanning routers based on suspicious behavior! 😎 </p><p>💡 TIP: take advantage of using both I2P &amp; <a class="mention hashtag" href="https://fosstodon.org/tags/Tor" rel="tag">#<span>Tor</span></a> browser set up - spreading the risk to personal <a class="mention hashtag" href="https://fosstodon.org/tags/privacy" rel="tag">#<span>privacy</span></a> / <a class="mention hashtag" href="https://fosstodon.org/tags/anonymity" rel="tag">#<span>anonymity</span></a> (+ avoid blocks).</p><p>Right now I2P is under attack: help by running i2p!</p><p><a class="mention hashtag" href="https://fosstodon.org/tags/infosec" rel="tag">#<span>infosec</span></a> <a class="mention hashtag" href="https://fosstodon.org/tags/cybersecurity" rel="tag">#<span>cybersecurity</span></a></p>

As part of anti-piracy scheme featuring warning letters, fines, and ISP disconnections, France has monitored and stored data on millions of internet users since 2010.

Digital rights groups insist that as a general surveillance and data retention scheme, the ‘Hadopi’ program violates fundamental rights.

Any program that monitors citizens’ internet activities, retains huge amounts of data, and then links identities to IP addresses, must comply with EU rules. Activists said that under EU law, only “serious crime” qualifies and since petty file-sharing fails to make the grade, the whole program represents a mass violation of EU citizens’ fundamental rights.

Surveillance and Serious Crime

Seeking confirmation at the highest level, La Quadrature du Net, Federation of Associative Internet Service Providers, French Data Network, and Franciliens.net, began their challenge in France . The Council of State referred the matter to the Constitutional Council, which in turn referred questions to the Court of Justice of the European Union (CJEU) for interpretation under EU law.

EU member states may not pass national laws that allow for the general and indiscriminate retention of traffic and location data. Retention of traffic and location data is permitted on a targeted basis as a “preventative measure” but only when the purpose of retention is to fight “serious crime.”

In his non-binding opinion , CJEU Advocate General Szpunar described Hadopi’s access to personal data corresponding to an IP address as a “serious interference with fundamental rights,” the clearest sign yet that the right to privacy had already taken a blow.

CJEU judgments have balanced citizens’ rights and rightsholders’ right to copy many times over the years but here, case law was deemed potentially problematic. In fact so much so, AG Szpunar proposed “readjustment of the case-law of the Court” to ensure that rightsholders would not be left in a position where it was impossible to enforce their rights on BitTorrent and similar networks.

EU Law Shouldn’t Rule Surveillance Out

By last September, it was clear that a legal basis needed to be found to allow Hadopi and similar programs to continue. For example, the fluid nature of dynamic IP addresses was mentioned as an obstacle to comprehensive tracking.

Well-constructed arguments stated that balance could be found in securing the harvested data and, to protect fundamental rights, limitations on how much data could be used in the event an alleged file-sharer was prosecuted.

Ultimately, however, when infringement occurs exclusively online, an IP address may be the only means to track down an alleged infringer, leading to the conclusion that retention and access to civil identifying data is both “necessary” and “wholly proportionate.”

Copyrights Trump Privacy Rights

In its decision handed down Tuesday, initially only in French, the CJEU leaves no stone unturned in delivering a win for rightsholders. Despite the problematic case law, the judgment builds a framework for how monitoring and data retention can be conducted within the requirements of EU law.

The judgment deals with three key questions, summarized as follows:

1. Is civil identity data corresponding to an IP address included among the traffic and location data which, in principle, requires prior review by a court or administrative entity?

2. If yes, is EU law to be interpreted as precluding national legislation that provides for the collection of such data, corresponding to users’ IP addresses, without prior review by a court or administrative entity?

3. If yes, does EU law preclude the review from being performed in an adapted fashion, for example as an automated review?

In other words, are member states precluded from having a national law that authorizes a copyright authority to access stored IP addresses and civil identity data relating to users, collected by rightsholders monitoring their activities on the internet, for the purpose of taking further action, without a review by a court or administrative body?

Data collected includes date and time of alleged infringement, IP address, peer-to-peer protocol, user pseudonym, details of copyright works, filename, ISP name.

Ensuring Privacy and Data Security

The judgment notes that IP addresses can constitute both traffic data and personal data. However, IP addresses that are public and visible, as they are in file-sharing swarms, are not being used in connection with the provision of an ‘electronic communication service’.

The judgment also states that, if Member States seek to impose “an obligation to retain IP addresses in a general and indiscriminate manner, in order to attain an objective linked to combating criminal offenses in general”, they should lay down clear and precise rules in legislation relating to retention of data, meeting strict requirements.

IP and civil identity data must be separated from each other and all other data, in a secure and reliable computer system. When IP addresses and civil data need to be linked, a process that does not undermine the “watertight separation” should be used, and regularly inspected for effectiveness. When these rules are followed, even citizens’ data gathered indiscriminately cannot result in “serious interference” to fundamental rights.

The judgment notes that EU law does not “preclude the Member State concerned from imposing an obligation to retain IP addresses, in a general and indiscriminate manner, for the purposes of combating criminal offenses in general.”

Balancing Competing Rights

The CJEU says that while EU citizens using internet services “must have a guarantee that their privacy and freedom of expression” will be respected, those fundamental rights are not absolute. The prevention of crime or the protection of the rights and freedoms of others may see those rights deemed less important.

Then, with some fluidity, the CJEU pulls the rug on excuses and upgrades petty file-sharing to something, well, a bit more serious .

To prevent crime, it may be strictly necessary and proportional for IP addresses to be captured and retained for “combating criminal offenses such as offenses infringing copyright or related rights committed online.”

Indeed, not allowing the above “would carry a real risk of systemic impunity not only for criminal offenses infringing copyright or related rights, but also for other types of criminal offenses committed online or the commission or preparation of which is facilitated by the specific characteristics of the internet.”

Pirate Privacy? Not Here

The judgment adds that despite the strict security guarding private information, there’s always a chance that a person might find themselves profiled. And that, the court suggests, may be of their own making.

[S]uch a risk to privacy may arise, inter alia, where a person engages in activities infringing copyright or related rights on peer-to-peer networks repeatedly, or on a large scale, in connection with protected works of particular types that can be grouped together on the basis of the words in their title, revealing potentially sensitive information about aspects of that person’s private life.

Thus, in the present case, in the context of the graduated response administrative procedure, a holder of an IP address may be particularly exposed to such a risk to his or her privacy where that procedure reaches the stage at which Hadopi must decide whether or not to refer the matter to the public prosecution service with a view to the prosecution of that person for conduct liable to constitute the minor offense of gross negligence or the offense of counterfeiting.

Throughout the course of the next few paragraphs, the judgment mentions processing data for the “prevention, investigation, detection or prosecution of criminal offenses,” and a quote from the French government stating that “the measures adopted by Hadopi in the context of the graduated response procedure ‘are of a pre-criminal nature directly linked to the judicial proceedings’.”

That leads to the predictable conclusion that EU law does not preclude national legislation that allows for the surveillance of internet users and the retention of their data, for the purpose of identifying users and taking legal action against them.

Member states just need to follow the rules to ensure that those who didn’t have their privacy breached when their data was collected, don’t have it breached or leaked as they wait for whatever punishment arrives in the mail.

La Quadrature du Net says it’s disappointed with the judgment.

“[T]his decision from the CJEU has, above all, validated the end of online anonymity. While in 2020 it stated that there was a right to online anonymity enshrined in the ePrivacy Directive, it is now abandoning it.

Unfortunately, by giving the police broad access to the civil identity associated with an IP address and to the content of a communication, it puts a de facto end to online anonymity.”

The judgment is available here

From: TF , for the latest news on copyright battles, piracy and more.