TechLetters ☕️ W3C Vibration API privacy. U.S. election interference. Misinformation taking crowds on the street in Ireland. Misinformation about misinformation. U.S. Military deepfakes
Small editorial
I speak in a podcast Masters of Privacy about my book Propaganda, issues of misinformation, and also some emerging laws like EU Digital Services Act. I rarely do podcast/radio things, so here's one of these times. (Apple Podcast/Spotify supported). Text.
Security
Some success of Iran’s cyber-enabled information operation. Trump campaign data emerged in public via an independent journalist outlet. They apparently ask it to be attributed to them, not Iran's cyber operators. U.S. Intelligence agencies say that Russian actors manufactured and amplified a video that falsely depicted an individual ripping up ballots in Pennsylvania. Clearly, U.S. election interference was in full swing. That does not mean it was really effective. Another story.
More examples of U.S. election interference. U.S. security agencies disclose that Russian influence actors manufactured a video that falsely depicted individuals claiming to be from Haiti and voting illegally in multiple counties in Georgia, and a video falsely accusing an individual associated with the Democratic staff of taking a bribe from a U.S. entertainer
Italian company hired a private offensive cyber contractor to hack government systems. And steal private data, including of politicians like president or prime minister. They used trojans and insiders. The data was used to blackmail businesspeople and politicians.
LLM finds a 0day. The first public example of an AI agent finding a previously unknown exploitable memory-safety vulnerability (0day) in widely used real-world software. It bet a fuzzer AFL.
Russian cyber threat actor is targeting Ukraine military conscript system. Trying to infect conscripts systems (Windows, Android, macOS, iOS) with malware, and spreading narratives and content to undermine support for Ukraine's war mobilization.
Bad password scheme using crypt. Okta (popular identity & access management platform) generated security keys with bcrypt to hash a combined string of userId|username|password. This insecure scheme allowed an authentication bypass as bcrypt only processes the first 72 bytes of an input. To mitigate such risks, algorithms like Argon2 are recommended for their ability to handle longer inputs securely without truncation..
Privacy
Vibration API privacy, 8 years later. I closed a privacy issue ticket (from 2016!) of Vibration API. The specification is amended. Vibration API remains an interesting out of bands emitter-useful but may be privacy sensitive. My original assessment.
Apple and homomorphic encryption. Apple is expanding its use of privacy-preserving technology. Like homomorphic encryption, which enables data processing in encrypted form without revealing it in clear text. Often seen as the "holy grail" of privacy—and business—this technology allows operations like adding or multiplying encrypted numbers, then decrypting the result to obtain a clear-text outcome. For instance, while neither of us may disclose our age, we could still determine the combined sum. Apple also utilizes Private Information Retrieval (PIR) protocols, such as in contact searches. PIR enables accessing an item in a list without revealing which item was accessed. Previously considered theoretical due to high computational demands, PIR is now a valuable tool as it enables operations on non-personal data. Thus, the techniques may bypass regulations like GDPR, which focus solely on personally identifiable data. This approach also supports privacy-preserving training of machine learning models. However, caution needed, as some computational methods risk impact fairness of the outcomes or discrimination among groups.
Technology Policy
Misinformation about misinformation. While misinformation does impact public opinion and has led to changes in laws, it's often overstated. Those who consume large amounts of false or harmful content frequently seek it out intentionally. Efforts should target specific harmful activities rather than reiterate generic concerns about disinformation. Notably, laws have been shaped by policymaker and NGO concerns around misinformation risks. The issue of misinformation is real. However, it’s s complex nature and requires a nuanced approach.
Russia issued a monetary fine on Google. 2 undecillion rubles ($2,500,000,000,000,000,000,000,000,000,000,000) after refusing to restore the accounts of pro-Kremlin and state-run media outlets.
Other
Speech-to-text AI software inventing words. "AI-powered transcription tool used in hospitals invents things no one ever said" - it's about OpenAI's Whisper. Transcription is a game-changer for people with hearing disabilities. But in some circumstances precision is critical.
U.S. Special Operation Forces wants to buy deepfake technology. Generative AI production tools to create realistic looking personas. You may call it deepfake technology.
Misinformation bringing out the crowds on the street. On October 31, 2024, a large crowd gathered on Dublin's O'Connell Street for a nonexistent Halloween parade falsely advertised online, causing public transport disruptions. The hoax may have been the result of an AI-generated website. Quickly spreading misinformation on digital platforms may lead to physical events.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: