CyberSecurity news

FlagThis - #dataprivacy

JournalBot@Ars OpenForum //

GM Banned from Selling Driver Data - General Motors and OnStar are banned from sharing consumer geolocation and driver behavior data for five years after an FTC investigation revealed the data was sold to third parties without consent.
General Motors and OnStar have been banned from sharing consumers’ geolocation and driver behavior data with consumer reporting agencies for the next five years, following an investigation by the Federal Trade Commission (FTC). The FTC found that GM had been collecting data through its OnStar Smart Driver program, which monitored driving habits and location, sometimes as frequently as every three seconds. This information was then sold to third-party platforms, including telematics analysis firms such as Verisk and LexisNexis, without adequate consent from customers. These third-party companies then offered the driver data to insurance companies, who used it to raise premiums for drivers deemed to be 'high risk'.

The investigation revealed that many consumers were unaware that their data was being shared and sold, with some expressing concern that it directly impacted their insurance costs. GM has acknowledged these privacy concerns and has discontinued the Smart Driver program, as well as terminated its third-party telematics relationships with LexisNexis and Verisk. As part of the settlement with the FTC, GM must now take steps to improve transparency for its customers regarding data collection practices.

Recommended read:
References :
  • Ars OpenForum: GM sold geolocation and other driving data without adequate consent, FTC says.
  • The Register - Security: We'll defo ask for permission next time, automaker tells FTC General Motors on Thursday said that it has reached a settlement with the FTC "to address privacy concerns about our now-discontinued Smart Driver program."
  • www.ftc.gov: GM monitored and sold people’s precise geolocation data and driver behavior information, sometimes as often as every three seconds,
  • Quartz: GM can't sell your location data for the next 5 years
  • 9to5mac.com: The Federal Trade Commission (FTC) has taken action against General Motors and OnStar for selling location and driving behavior data from millions of GM car owners without proper consent, requiring both companies to halt such practices for five years.
  • arstechnica.com: GM faces ban on selling driver data that can be used to raise insurance rates
  • discuss.privacyguides.net: FTC proposes banning General Motors from disclosing geolocation and driving behavior data
  • www.bleepingcomputer.com: The Federal Trade Commission (FTC) has announced action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and sale of drivers' precise geolocation and driving behavior data without first obtaining their consent.
  • The Verge: Illustration: Alex Castro / The Verge General Motors and its subsidiary OnStar are banned from selling customer geolocation and driving behavior data for five years, .
  • BleepingComputer: FTC orders GM to stop collecting and selling driver’s data
  • BleepingComputer: The FTC has accused General Motors (GM) of collecting and selling drivers' precise geolocation and driving behavior data without their consent.
  • 9to5Mac: FTC bans General Motors from selling driving data without permission, adding to case for CarPlay 2
Jibin Joseph@PCMag Middle East ai //

DeepSeek R1 Model Performance and Issues - DeepSeek AI's R1 model, known for its detailed reasoning, is now on AWS and NVIDIA NIM, improving accessibility, while benchmarks show AMD's RX 7900 XTX outperforms RTX 4090 in DeepSeek benchmarks; concerns arise over safety guardrails, data use, and GPU smuggling.
DeepSeek AI's R1 model, a reasoning model praised for its detailed thought process, is now available on platforms like AWS and NVIDIA NIM. This increased accessibility allows users to build and scale generative AI applications with minimal infrastructure investment. Benchmarks have also revealed surprising performance metrics, with AMD’s Radeon RX 7900 XTX outperforming the RTX 4090 in certain DeepSeek benchmarks. The rise of DeepSeek has put the spotlight on reasoning models, which break questions down into individual steps, much like humans do.

Concerns surrounding DeepSeek have also emerged. The U.S. government is investigating whether DeepSeek smuggled restricted NVIDIA GPUs via Singapore to bypass export restrictions. A NewsGuard audit found that DeepSeek’s chatbot often advances Chinese government positions in response to prompts about Chinese, Russian, and Iranian false claims. Furthermore, security researchers discovered a "completely open" DeepSeek database that exposed user data and chat histories, raising privacy concerns. These issues have led to proposed legislation, such as the "No DeepSeek on Government Devices Act," reflecting growing worries about data security and potential misuse of the AI model.

Recommended read:
References :
  • aws.amazon.com: DeepSeek R1 models now available on AWS
  • www.pcguide.com: DeepSeek GPU benchmarks reveal AMD’s Radeon RX 7900 XTX outperforming the RTX 4090
  • www.tomshardware.com: U.S. investigates whether DeepSeek smuggled Nvidia AI GPUs via Singapore
  • www.wired.com: Article details challenges of testing and breaking DeepSeek's AI safety guardrails.
  • decodebuzzing.medium.com: Benchmarking ChatGPT, Qwen, and DeepSeek on Real-World AI Tasks
  • medium.com: The blog post emphasizes the use of DeepSeek-R1 in a Retrieval-Augmented Generation (RAG) chatbot. It underscores its comparability in performance to OpenAI's o1 model and its role in creating a chatbot capable of handling document uploads, information extraction, and generating context-aware responses.
  • www.aiwire.net: This article highlights the cost-effectiveness of DeepSeek's R1 model in training, noting its training on a significantly smaller cluster of older GPUs compared to leading models from OpenAI and others, which are known to have used far more extensive resources.
  • futurism.com: OpenAI CEO Sam Altman has since congratulated DeepSeek for its "impressive" R1 reasoning model, he promised spooked investors to "deliver much better models."
  • AWS Machine Learning Blog: Protect your DeepSeek model deployments with Amazon Bedrock Guardrails
  • mobinetai.com: DeepSeek is a catastrophically broken model with non-existent, typical shoddy Chinese safety measures that take 60 seconds to dismantle.
  • AI Alignment Forum: Illusory Safety: Redteaming DeepSeek R1 and the Strongest Fine-Tunable Models of OpenAI, Anthropic, and Google
  • Pivot to AI: Of course DeepSeek lied about its training costs, as we had strongly suspected.
  • Unite.AI: Artificial Intelligence (AI) is no longer just a technological breakthrough but a battleground for global power, economic influence, and national security.
  • cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
  • neuralmagic.com: Enhancing DeepSeek Models with MLA and FP8 Optimizations in vLLM
  • www.unite.ai: Blog post about DeepSeek and the global power shift.
  • cset.georgetown.edu: This article discusses DeepSeek and its impact on the US-China AI race.
David Gerard@Pivot to AI //

DeepSeek AI Model: Capabilities and Security Concerns - DeepSeek AI is facing scrutiny due to its capabilities and potential security risks, including the possibility of misuse for harmful activities.
DeepSeek AI is facing increasing scrutiny and controversy due to its capabilities and potential security risks. US lawmakers are pushing for a ban on DeepSeek on government-issued devices, citing concerns that the app transfers user data to a banned state-owned company, China Mobile. This action follows a study that revealed direct links between the app and the Chinese government-owned entity. Security researchers have also discovered hidden code within DeepSeek that transmits user data to China, raising alarms about potential CCP oversight and the compromise of sensitive information.

DeepSeek's capabilities, while impressive, have raised concerns about its potential for misuse. Security researchers found the model doesn't screen out malicious prompts and can provide instructions for harmful activities, including producing chemical weapons and planning terrorist attacks. Despite these concerns, DeepSeek is being used to perform "reasoning" tasks, such as coding, on alternative chips from Groq and Cerebras, with some tasks completed in as little as 1.5 seconds. These advancements challenge traditional assumptions about the resources required for advanced AI, highlighting both the potential and the risks associated with DeepSeek's capabilities.

Recommended read:
References :
  • PCMag Middle East ai: The No DeepSeek on Government Devices Act comes after a study found direct links between the app and state-owned China Mobile.
  • mobinetai.com: This article analyzes the DeepSeek AI model, its features, and the security risks associated with its low cost and advanced capabilities.
  • Pivot to AI: Of course DeepSeek lied about its training costs, as we had strongly suspected.
  • AI News: US lawmakers are pushing for a DeepSeek ban after security researchers found the app transferring user data to a banned state-owned company.
  • mobinetai.com: Want to manufacture chemical weapons using household items, develop a self-replicating rootkit, write an essay on why Hiroshima victims deserved their fate, get a step-by-step guide to pressuring your coworker into sex, or plan a terrorist attack on an airport using a drone laden with home-made explosives (in any order)?
  • singularityhub.com: DeepSeek's AI completes "reasoning" tasks in a flash on alternative chips from Groq and Cerebras.
  • www.artificialintelligence-news.com: US lawmakers are pushing for a DeepSeek ban after security researchers found the app transferring user data to a banned state-owned company.
  • On my Om: DeepSeek, a company associated with High-Flyer, an $8 billion Chinese hedge fund, changed the AI narrative when it claimed OpenAI-like capabilities for a mere $6 million.
  • AI Alignment Forum: The article discusses the potential vulnerabilities and risks associated with advanced AI models, such as DeepSeek, in terms of their misuse. It emphasizes the need for robust safety mechanisms during development and deployment to prevent potential harm.
  • cset.georgetown.edu: This article explores the recent surge in generative AI models, highlighting the capabilities and concerns surrounding them, particularly DeepSeek. It examines the potential for misuse and the need for robust safety measures.
  • e-Discovery Team: An analysis of DeepSeek, a new Chinese AI model, highlights its capabilities but also its vulnerabilities, leading to a market crash. The article emphasizes the importance of robust security safeguards and ethical considerations surrounding AI development.
  • cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
  • techhq.com: This article discusses the security and privacy issues found in the DeepSeek iOS mobile application, raising concerns about data transmission to servers in the US and China.
  • TechHQ: Discusses security standards for deepseek.
  • GZERO Media: Gzero reports about a potential US ban for DeepSeek
  • pub.towardsai.net: DeepSeek-R1 is a language model developed in China to enable sophisticated reasoning capabilities.
  • Analytics Vidhya: DeepSeek-R1 is a new AI model with strong reasoning capabilities.
  • medium.com: This article focuses on the ability of DeepSeek to handle sensitive topics and how it can be leveraged to detect censorship filters.
  • the-decoder.com: This article focuses on the potential capabilities of DeepSeek as an AI model, highlighting its potential to perform deep research and providing insights into the various capabilities.
  • Analytics Vidhya: DeepSeek is a new model capable of impressive logical reasoning, and it has been tested for its ability to create a large number of different types of code. This is a summary of the results.
@www.forbes.com //

Apple Settles Siri Privacy Eavesdropping Lawsuit - Apple is settling a class-action lawsuit for $95 million over Siri recording users without consent, potentially sharing conversations with third parties.
Apple has agreed to a $95 million settlement to resolve a class-action lawsuit concerning its Siri voice assistant. The lawsuit alleges that Siri recorded private conversations when unintentionally activated, sharing these recordings with third parties including advertisers and human reviewers. The plaintiffs claim this happened without their consent and that they were then targeted with specific ads based on these conversations, with some citing examples of receiving ads for products or medical treatments after discussing those topics near their devices. The settlement also mentions that Apple employed contractors to listen to some of these recordings which included private and confidential conversations.

Apple denies any wrongdoing as part of the settlement. However, the agreement indicates that eligible users who owned a Siri-enabled device between 2014 and 2019 may be entitled to a payout of up to $20 per device. Class members are defined as individuals who are current or former owners of a Siri Device and reside in the US and its territories. They must also be willing to declare under oath that Apple recorded their conversations while Siri was accidentally activated. The final size of each payment will depend on the number of claims made.

Recommended read:
References :
  • www.bbc.com: Report on Apple paying $95 million to settle a lawsuit about Siri listening
  • www.businessinsider.com: Report about who might be eligible for a payout in the Siri settlement.
  • www.forbes.com: Details of the Apple Siri settlement and how users can claim.
  • Hacker News: Apple Siri Eavesdropping Payout–Here's Who's Eligible and How to Claim L: C: posted on 2025.01.04 at 09:40:24 (c=1, p=3)
  • www.forbes.com: Apple Siri Eavesdropping Payout—Here’s Who’s Eligible And How To Claim
  • www.apple.com: Our longstanding privacy commitment with Siri
  • The Verge: The Verge article on Apple refuting rumors about Siri and advertising.
  • Quartz: Apple says Siri isn't eavesdropping and selling your data
  • www.benzinga.com: Apple Clarifies Siri Privacy Policy After $95 Million Settlement Over Allegations Of Unauthorized Recordings
Jibin Joseph@PCMag Middle East ai //

DeepSeek AI Model Raises Security and Ethical Concerns - DeepSeek, a Chinese AI model, faces controversies due to lack of safety measures, misleading information on training costs, and security flaws, leading to government bans and scrutiny.
References: mobinetai.com , Pivot to AI , AI News ...
The DeepSeek AI model is facing growing scrutiny over its security vulnerabilities and ethical implications, leading to government bans in Australia, South Korea, and Taiwan, as well as for NASA employees in the US. Cisco researchers found DeepSeek fails to screen out malicious prompts and Dario Amodei of Anthropic has expressed concern over its ability to provide bioweapons-related information.

DeepSeek's lack of adequate guardrails has enabled the model to generate instructions on creating chemical weapons, and even planning terrorist attacks. Furthermore, DeepSeek has been accused of misrepresenting its training costs, with SemiAnalysis estimating that the company invested over $500 million in Nvidia GPUs alone, despite export controls. There are claims the US is investigating whether DeepSeek is acquiring these GPUs through gray market sales via Singapore.

Recommended read:
References :
  • mobinetai.com: Reports on DeepSeek's vulnerabilities and its ability to generate instructions on creating chemical weapons, and a terrorist attack.
  • Pivot to AI: Details DeepSeek's issues: government bans, lack of guardrails, and cost misrepresentations.
  • PCMag Middle East ai: The No DeepSeek on Government Devices Act comes after a study found direct links between the app and state-owned China Mobile.
  • AI News: US lawmakers are pushing for a DeepSeek ban after security researchers found the app transferring user data to a banned state-owned company.
  • mobinetai.com: Article on DeepSeek's ability to generate instructions for harmful activities, including chemical weapons and terrorist attacks.
  • www.artificialintelligence-news.com: News article about DeepSeek's data transfer to a banned state-owned company and the security concerns that follow.

Posts

Blogs

Research Tools