Facebook Instagram

Meta gives Europeans a pass – won’t use data for AI training

Posted on by Martin Brinkmann

European Facebook and Instagram users may breathe a sigh of relief, as their public data won’t be used by Meta for AI training for the time being.

Meta published an update regarding the use of data from European users on Facebook.

Here are the highlights:

  • Meta will pause plans to train its large language models using publicly shared content from European users on Facebook or Instagram.
  • Data protection agencies from 11 countries from the EU have filed complaints against Meta.
  • Meta calls it a “step backwards for European innovation”.

The decision does not change the handling of data from users outside of the European Union. Meta will use public data from these users to train its AI systems.

Meta said that it hopes that the data protection authorities chance their stance on the issue. The company said previously that it would use public posts and comments from users over the age of 18 only for AI training. European users were the only ones to get an opt-out option.

While Meta said that it remains committed to bringing AI functionality to users from the European Union, it added that the lack of local information would make it a “second-rate experience”.

Here is an interesting idea: how about making the training opt-in? Giving Facebook and Instagram users the option to give Meta permission to use their data for AI training.

The main issue here, at least for Meta, is that it would gain access to a fraction of the data only. Opt-in systems are favored by users, as they give them full control over a feature. They are disliked by companies, as it limits the reach significantly.

Meta could counter this by giving users incentives to share their data. It will be interesting to see how this will turn out in the end. Meta said that it will “continue to work collaboratively” with the Irish Data Protection Commission.

Would you allow companies to use your public data for AI training?

YouTube Firefox Playback issue

Try these fixes if you have problems playing 1080p+ videos on YouTube in Firefox

Posted on by Martin Brinkmann

For approximately four months, some Firefox users have experienced video playback issues while playing videos on YouTube.

Affected users noted that certain videos would stop playing on the site all of a sudden. YouTube would show a loading animation and it appeared that buffering was the culprit in many cases.

When Mozilla started to analyze the issue, it quickly discovered that 1080p or higher quality videos were affected only.

In particular, Mozilla discovered that 1080p, 2k and 4k videos on YouTube were affected when played in Firefox. The issues did not occur on every video playback and not for every user.

The issue is linked to the VP9 protocol that Google uses on YouTube.

Mozilla is keeping track of the issue here, but there is no fix available yet. This has not stopped some of the affected users from trying different things to get the issue fixed on their end.

Here are three solutions that worked for some affected users, but not for all of them:

  • Reduce the video quality with a click on the settings icon in the video player and the selection of quality from the menu that opens.
  • Install the enhanced-h264ify extension for Firefox. The extension switches playback to H.264 by default, but you can experiment with different codecs to see if any work.
  • Try setting the value of network.http.http3.enable to False on about:config.

These workarounds worked for some of the affected users, but not for everyone. Some lower the video quality, but they at least let affected users watch the videos that do not work otherwise.

Another option is to switch to a different browser for the time being, all Chromium-based browsers work, which should not surprise anyone, or third-party services such as Invidious or Freetube.

Did you experience issues on YouTube lately? Google has been cracking down on adblock users heavily in recent time.

Microsoft explains unintentionally why offline accounts are better in Windows

Posted on by Martin Brinkmann

The release of Windows 10 saw a fundamental shift towards Microsoft accounts. While users got to choose between local and Microsoft accounts in Windows 10, it was clear that Microsoft’s intention was to get customers to use online accounts.

It integrated new features into Windows that required an online account. From OneDrive over the synchronization of settings to the ability to restore an account password.

Microsoft shifted into a higher gear with the release of Windows 11. It enforces the creation of a Microsoft account on first setup now for Home and Pro systems.

Many workarounds do not work anymore, but there may still be options to deal with the user-unfriendly behavior. Still, most users may not know about these and that forces them to create the Microsoft account.

It is possible to create local accounts after the initial setup phase and delete the Microsoft account, but Microsoft has scattered warnings across the system in that case.

Microsoft highlights the advantages of local accounts

The support page “Change from a local account to a Microsoft account” on Microsoft’s official support website lists the advantages of both local and Microsoft accounts.

Here is what Microsoft has to say about local accounts (via WinFuture)

A local account is created on the device and doesn’t require Internet connectivity to sign in. It’s independent of other services, and it’s not connected to the cloud. Your settings, files, and applications are limited to that single device

While that is meant to be discouraging, may of the users who prefer local accounts may beg to differ.

The key here is that local accounts are not known to Microsoft. They work offline and files stay on the local system by default. Users may still sync files using first or third-party tools, but this is completely optional.

Wonder about the advantages of using a Microsoft account? Here are the key features of using a Microsoft account, according to Microsoft:

When you sign in to your PC with a Microsoft account, you’re connected to a Microsoft cloud service, and your settings and files can sync across various devices. You can also use it to access other Microsoft services

So, some settings and files sync when a Microsoft account is used. Using a Microsoft account may also give users access to services that require it.

Closing Words

To break it down: if you prefer privacy, you may want to consider using local accounts. If you prioritize convenience, or use multiple Windows devices, you may find that the advantages outweigh the disadvantages.

What about you? Do you prefer local or Microsoft accounts on Windows devices?

Bitwarden Extension causes websites to hang

Posted on by Martin Brinkmann

Just a quick note. Bitwarden’s latest client release seems to cause issues for some users. The update to version 2024.6.0 may cause issues in browsers.

According to reports. websites may hang or stall when loaded while the Bitwarden extension is active.

The issue is causing high CPU usage when some websites are opened. This causes the loading of the website to hang and the browser to freeze entirely in some cases. Crashes may also happen.

Several browsers, including Safari, Chrome, and Edge, and operating systems appear affected by the issue.

Deactivation of the extension restores the status quo. Users who downgraded the client version to the previous one reported that this fixed the issue as well. Desktop users may download previous releases from the official Bitwarden GitHub repository.

A third workaround is to change when Bitwarden’s extension becomes active in the browser. This may not be possible in all browsers. To check it out, right-click on the Bitwarden extension icon in the browser and hover over “This can read and change site data”.

There you switch from “on all sites” to “when you click the extension”.

Bitwarden confirmed that it is investigating the issue at the time. The issue is affecting other projects, including Home Assistant as well.

Closing Words

It is probably only a matter of time before a fixed version is released by Bitwarden. Try one of the workarounds in the meantime.

Google Chrome 126

Google Chrome 126 fixes 21 security issues

Posted on by Martin Brinkmann

Google released a new stable version of its Chrome web browser for all supported platforms. Chrome 126 is a security update first and foremost, but it makes non-security changes to the browser as well.

The security update is available already. Google rolls out these updates over the course of days and weeks. Most Chrome installations are updated automatically, thanks to the built-in updating system.

Desktop users may install the update quicker by opening Menu > Help > About Google Chrome. Chrome displays the installed version on the page that opens and runs a check for updates. The browser will download any new version it finds.

Chrome 126: the security fixes

Google mentions that it has fixed 21 unique security issues in Chrome 126. It lists only externally reported issues on the page. All of these are rated high or lower, and there does not seem to be a(nother) 0-day issue that is affecting the browser at this time.

The security issues rated high type confusion, use after free, heap buffer overflow, and inappropriate implementation issues.

The non-security changes of Chrome 126

Here is an overview of important non-security changes in the new Chrome release:

  • OCR-AI Reader for inaccessible PDF documents that creates a “built-in PDF screen reader”.
  • Beginning to switch to an out-of-process iframe architecture for the PDF viewer. This makes it simpler to add new features to it according to Google.
  • Reactive prefetch on desktop. The feature speeds up navigations and the loading of pages by using a Google-owned service to predict resources that should be prefetched.
  • Tab Group support on iPad.
  • Starting in Chrome 126, Chrome starts to directly support accessibility client software that uses Microsoft Windows’s UI Automation accessibility framework.
  • Search any text or image using Google Lens.

Developers may want to check out the Chrome Status website for development related changes.

Have you tried Google Chrome recently?

DoNotSpy11 Update

DoNotSpy11 update adds option to disable Windows AI features

Posted on by Martin Brinkmann

DoNotspy11 is a long-standing privacy and tweaking application for Windows. The first update of 2024 introduces new features and compatibility with recent Windows releases.

It is a small tool that you may use to modify Windows settings with ease. It addresses one of the main issues that privacy-conscious users have with Windows: the scattering of privacy-related preferences and policies.

Instead of having to use the Control Panel, Settings app, Registry, Group Policy Editor, and some other tools to improve privacy, it delivers everything in a single easy-to-use interface.

Word of Advice: Windows may throw a SmartScreen error when you try to run the program on your device. This is not because it is malicious or faulty. SmartScreen displays also when a program is new.

Another great privacy tool is O&O ShutUp10++, which I reviewed some time ago.

A short DoNotspy11 Intro

DoNotSpy11 displays all applicable privacy tweaks in the interface. It uses color codes to highlight the safety of tweaks. The following colors are used:

  • Blue — These are safe settings that should not have any ill-effects.
  • Orange — It is necessary to read the description, as they may impact other features among other things.
  • Red — Usually not recommended to change.
  • Gray — These settings have not changed since the last use of the application.

The program suggests to create a System Restore point whenever changes are made. This allows you to go back to the previous state in case something does not work anymore. I never ran into this problem while using the app, but a backup option is always welcome.

Just check or uncheck the available options and hit the apply button in the end to make the change. It is easy to undo changes manually or through System Restore points.

DoNotSpy11 1.2.1.0 Changelog

The update introduces ten new tweaks, including a new Windows AI category. It also adds general compatibility with Windows 11 version 23H2 Moment 5 and Windows 11 version 24H2, which will be released later this year.

The final change adds high DPI support, which should improve visuals on high DPI displays.

As for the tweaks, here is what is new:

  1. AI: Disable Recall (Snapshots) (from build 26100)
  2. Apps: Disable Access to Cellular Data
  3. Apps: Disable Access to Eye Tracking
  4. Apps: Disable Access to Motion / Activity
  5. Edge: Disable Control Copilot Access to Browser Context
  6. Edge: Disable Spell Checking Provided by Microsoft Editor
  7. Edge: Disable Website Typo Protection
  8. Edge: Hide App Launcher on Microsoft Edge New Tab Page
  9. Start: Disable Recommended Section
  10. Start: Disable Website Recommendations in Recommended Section

Three tweaks have been updated. The first two add options to disable Copilot and the Copilot taskbar button on Windows 10 devices. The third changes the disable background applications recommendation from blue (safe) to yellow (read comment).

You can check out the full changelog here.

Do you use tweaking tools to improve privacy or other features of Windows devices?

AI

AI is now capable of exploiting 0-Day vulnerabilities without description

Posted on by Martin Brinkmann

A team of security researchers at the University of Illinois published a study back in April 2024 that demonstrated the hacking capabilities of AI.

Using OpenAI’s GPT-4 model, they discovered that exploit code could be generated for 87% of the tested 0-day vulnerabilities.

This figure dropped to 7% if the CVE description was not provided.

Good to known: 0-day vulnerabilities refer to security issues that are very recent. Patches may not be available in all cases, and systems that are not updated are vulnerable to attacks that target these vulnerabilities.

The same research team has now published a new research document: Teams of LLM Agents can Exploit Zero-Day Vulnerabilities

It builds on the previous research. This time, the researchers wanted to find a way to improve the exploiting capabilities of AI if no description of 0-day vulnerabilities was provided.

They managed to create a system that bumped the success rate to 53% using real-world 0-day vulnerabilities that were discovered after the AI model’s data cut-off date.

Using GPT-4, the researchers switched to a team-based approach to compartmentalize attacks. Instead of relying on a single GPT-4 instance for attacks, they developed an architecture that assigned AI agents with different tasks.

The tasks are assigned by a planner AI and controlled by a manager AI. The planner AI launches other AI instances, including the manager AI and AIs for specific tasks.

This approach worked well, as it improved the the capabilities of the AI attacker. The chance of success rose from 7% when using a single AI instance to 53% under the new team-based approach.

Closing Words

AI research that focuses on security is important. Besides demonstrating the capabilities of different AI models, it may also highlight future dangers. Well-funded hackers and criminals may use AI models for illegal activities. These may range from finding new exploits to creating exploits for existing vulnerabilities.

Web-based and App-based AI interactions prevent certain activities, including hacking. This is not the case, however, for self-hosted or created AI models.

What is your take on this? Will we see more exploits that are more widely used in attacks in the future? Or will we see the rise of AI-based Anti-hacking solutions that try to counter their breathren?

VLC Media Player 3.0.21

VLC Media Player 3.0.21 launches with AMD improvements

Posted on by Martin Brinkmann

VideoLAN has released a new version of its cross-platform open source VLC Media Player application. VLC Media Player 3.0.21 is already available on the official distribution server. No official announcement at this point, but this is only a matter of time.

The new version of VLC Media Player comes with a number of improvements and fixes. Notable is improved support for devices with AMD hardware.

The release notes state the following in this regard:

  • Super Resolution scaling with AMD GPUs
  • New AMD VQ Enhancer filter

Super Resolution scaling is an upscaling technology that aims to improve the visual quality and sharpness of videos. It works best on low-quality videos and videos that are badly compressed.

The upscaling feature was available only for NVIDIA and Intel GPUs in previous versions of VLC Media Player. This changes with the new release and levels the playing field in this regard.

As far as other features are concerned, the following ones stick out:

  • The D3D11 HDR option can also turn on/off HDR for all sources regardless of the display
  • Improve subtitles rendering on Apple platforms of notably Asian languages by correcting font fallback lookups
  • Add D3D11 option to use NVIDIA TrueHDR to generate HDR from SDR sources
  • Improve Opus ambisonic support
  • Add support for HTTP content range handling according to RFC 9110

The new release includes a few fixes and updates to libraries next to that:

  • Fix some ASS subtitle rendering issues
  • Fix Opus in MP4 behaviour
  • Fix VAAPI hw decoding with some drivers
  • Fix some HLS Adaptive Streaming not working in audio-only mode
  • Fix regression on macOS causing crashes when using audio devices
  • Fix exposed UPnP directory URL schemes to be compliant with RFC 3986
  • Fix various warnings, leaks and potential crashes
  • Fix security integer overflow in MMS module

You can check out the full release notes here.

Which media player do you use primarily and why?

Microsoft announces changes to Recall in Windows 11 after backlash

Posted on by Martin Brinkmann

When Microsoft announced the AI feature Recall in May, it felt confidence in its AI strategy. Recall, a feature that takes snapshots of the PC screen every five seconds, was designed to be the selling point for a new breed of PCs, that Microsoft calls Copilot+ PCs.

A lot depended on Recall. It was the first major AI feature that Microsoft designed exclusively for this new PC type.

The reveal and the days that followed turned out different. Recall was criticized left and right.

Core points were:

  • Windows 11 activated Recall for users automatically and there was no opt-out option.
  • The Recall database was not properly secured.

This would have made Recall one of the most lucrative target in computing history.

Tip: you can disable Recall in Windows 11 in several ways.

Microsoft announces changes to Recall

Recall new setup with opt-out and opt-in

Today, Microsoft announced a series of changes to Recall that “improve privacy and security safeguards”.

  • The setup experience is changed. Users need to make a decision now to activate Recall or keep it disabled.
  • Windows Hello enrollment is required to enable Recall.
  • Proof of presence is required before users may interact with Recall’s database.
  • Additional security layers, including “just in time” decryption, is also enabled.

Closing words

Microsoft plans to ship the updated version of Recall on June 18th to Windows 11 Insider devices. By then, tinkerers will have another go at the feature to see if it is still possible to gain access to the database.

For a company that announced its new “security first” motto shortly before the reveal of Recall, feedback has been disastrous.

To end on a personal note. I still cannot find a use case for Recall. I do not see how it could help me improve my productivity on Windows PCs. Then again, I’m probably not the target audience for the feature.

What about you? Would you use the safer version of Recall?

DuckDuckGo AI Chat

DuckDuckGo AI Chat: promises anonymous access to AI models

Posted on by Martin Brinkmann

DuckDuckGo has launched AI Chat officially. The feature promises anonymous interactions with several AIs, including GPT 3.5 , Claude 3, or Llama 3.

DuckDuckGo claims that access is free and that all chats are private. The company says that it is anonymizing interactions with the AI models. Furthermore, interactions are not used “for any AI model training”.

Users may communicate with all AIs free of charge. Interactions are, however, limited at this point. DuckDuckGo considers introducing paid plans in the future that increase limits and may give paying customers access to advanced models.

Using DuckDuckGo AI Chat is simple. Visit the startpage of the service and pick one of the available chat models to communicate with. Accept the privacy policy and terms of use on the next page.

The essential points are these:

  • DuckDuckGo is not saving or storing user prompts or outputs.
  • The company says it has agreements with model providers “to further protect” user privacy.

DuckDuckGo says that chats are anonymous and cannot be traced back to individuals. It achieves this by acting as a proxy. The AI communicates with DuckDuckGo, and thus also a DuckDuckGo IP address, and not the user directly.

Using DuckDuckGo AI Chat

AI Chat works as expected. You type and send the typed text to the AI. It will respond to it and DuckDuckGo shows the output from the AI in the interface.

Options to start the chat over and switch to another of the supported AI models are provided on the chat page.

The current limit is not highlighted on the AI Chat page. This means that you never know when you reach such a limit. You could switch to another AI model then to continue your interaction.

Closing Words

DuckDuckGo AI Chat gives you access to four different AI models at the time. If you trust the company’s claims, you get to interact with all of them anonymously. It is an interesting option to test the different AIs.

What about you? Do you use AI models already? If so, which is your favorite and why?