Chipp.in Tech News and Reviews

DoNotSpy11 update adds option to disable Windows AI features

Posted on June 11, 2024June 11, 2024 by Martin Brinkmann

DoNotspy11 is a long-standing privacy and tweaking application for Windows. The first update of 2024 introduces new features and compatibility with recent Windows releases.

It is a small tool that you may use to modify Windows settings with ease. It addresses one of the main issues that privacy-conscious users have with Windows: the scattering of privacy-related preferences and policies.

Instead of having to use the Control Panel, Settings app, Registry, Group Policy Editor, and some other tools to improve privacy, it delivers everything in a single easy-to-use interface.

Word of Advice: Windows may throw a SmartScreen error when you try to run the program on your device. This is not because it is malicious or faulty. SmartScreen displays also when a program is new.

Another great privacy tool is O&O ShutUp10++, which I reviewed some time ago.

A short DoNotspy11 Intro

DoNotSpy11 displays all applicable privacy tweaks in the interface. It uses color codes to highlight the safety of tweaks. The following colors are used:

Blue — These are safe settings that should not have any ill-effects.
Orange — It is necessary to read the description, as they may impact other features among other things.
Red — Usually not recommended to change.
Gray — These settings have not changed since the last use of the application.

The program suggests to create a System Restore point whenever changes are made. This allows you to go back to the previous state in case something does not work anymore. I never ran into this problem while using the app, but a backup option is always welcome.

Just check or uncheck the available options and hit the apply button in the end to make the change. It is easy to undo changes manually or through System Restore points.

DoNotSpy11 1.2.1.0 Changelog

The update introduces ten new tweaks, including a new Windows AI category. It also adds general compatibility with Windows 11 version 23H2 Moment 5 and Windows 11 version 24H2, which will be released later this year.

The final change adds high DPI support, which should improve visuals on high DPI displays.

As for the tweaks, here is what is new:

AI: Disable Recall (Snapshots) (from build 26100)
Apps: Disable Access to Cellular Data
Apps: Disable Access to Eye Tracking
Apps: Disable Access to Motion / Activity
Edge: Disable Control Copilot Access to Browser Context
Edge: Disable Spell Checking Provided by Microsoft Editor
Edge: Disable Website Typo Protection
Edge: Hide App Launcher on Microsoft Edge New Tab Page
Start: Disable Recommended Section
Start: Disable Website Recommendations in Recommended Section

Three tweaks have been updated. The first two add options to disable Copilot and the Copilot taskbar button on Windows 10 devices. The third changes the disable background applications recommendation from blue (safe) to yellow (read comment).

You can check out the full changelog here.

Do you use tweaking tools to improve privacy or other features of Windows devices?

AI is now capable of exploiting 0-Day vulnerabilities without description

Posted on June 10, 2024June 10, 2024 by Martin Brinkmann

A team of security researchers at the University of Illinois published a study back in April 2024 that demonstrated the hacking capabilities of AI.

Using OpenAI’s GPT-4 model, they discovered that exploit code could be generated for 87% of the tested 0-day vulnerabilities.

This figure dropped to 7% if the CVE description was not provided.

Good to known: 0-day vulnerabilities refer to security issues that are very recent. Patches may not be available in all cases, and systems that are not updated are vulnerable to attacks that target these vulnerabilities.

The same research team has now published a new research document: Teams of LLM Agents can Exploit Zero-Day Vulnerabilities

It builds on the previous research. This time, the researchers wanted to find a way to improve the exploiting capabilities of AI if no description of 0-day vulnerabilities was provided.

They managed to create a system that bumped the success rate to 53% using real-world 0-day vulnerabilities that were discovered after the AI model’s data cut-off date.

Using GPT-4, the researchers switched to a team-based approach to compartmentalize attacks. Instead of relying on a single GPT-4 instance for attacks, they developed an architecture that assigned AI agents with different tasks.

The tasks are assigned by a planner AI and controlled by a manager AI. The planner AI launches other AI instances, including the manager AI and AIs for specific tasks.

This approach worked well, as it improved the the capabilities of the AI attacker. The chance of success rose from 7% when using a single AI instance to 53% under the new team-based approach.

Closing Words

AI research that focuses on security is important. Besides demonstrating the capabilities of different AI models, it may also highlight future dangers. Well-funded hackers and criminals may use AI models for illegal activities. These may range from finding new exploits to creating exploits for existing vulnerabilities.

Web-based and App-based AI interactions prevent certain activities, including hacking. This is not the case, however, for self-hosted or created AI models.

What is your take on this? Will we see more exploits that are more widely used in attacks in the future? Or will we see the rise of AI-based Anti-hacking solutions that try to counter their breathren?

VLC Media Player 3.0.21 launches with AMD improvements

Posted on June 9, 2024June 9, 2024 by Martin Brinkmann

VideoLAN has released a new version of its cross-platform open source VLC Media Player application. VLC Media Player 3.0.21 is already available on the official distribution server. No official announcement at this point, but this is only a matter of time.

The new version of VLC Media Player comes with a number of improvements and fixes. Notable is improved support for devices with AMD hardware.

The release notes state the following in this regard:

Super Resolution scaling with AMD GPUs
New AMD VQ Enhancer filter

Super Resolution scaling is an upscaling technology that aims to improve the visual quality and sharpness of videos. It works best on low-quality videos and videos that are badly compressed.

The upscaling feature was available only for NVIDIA and Intel GPUs in previous versions of VLC Media Player. This changes with the new release and levels the playing field in this regard.

As far as other features are concerned, the following ones stick out:

The D3D11 HDR option can also turn on/off HDR for all sources regardless of the display
Improve subtitles rendering on Apple platforms of notably Asian languages by correcting font fallback lookups
Add D3D11 option to use NVIDIA TrueHDR to generate HDR from SDR sources
Improve Opus ambisonic support
Add support for HTTP content range handling according to RFC 9110

The new release includes a few fixes and updates to libraries next to that:

Fix some ASS subtitle rendering issues
Fix Opus in MP4 behaviour
Fix VAAPI hw decoding with some drivers
Fix some HLS Adaptive Streaming not working in audio-only mode
Fix regression on macOS causing crashes when using audio devices
Fix exposed UPnP directory URL schemes to be compliant with RFC 3986
Fix various warnings, leaks and potential crashes
Fix security integer overflow in MMS module

You can check out the full release notes here.

Which media player do you use primarily and why?

Microsoft announces changes to Recall in Windows 11 after backlash

Posted on June 8, 2024June 8, 2024 by Martin Brinkmann

When Microsoft announced the AI feature Recall in May, it felt confidence in its AI strategy. Recall, a feature that takes snapshots of the PC screen every five seconds, was designed to be the selling point for a new breed of PCs, that Microsoft calls Copilot+ PCs.

A lot depended on Recall. It was the first major AI feature that Microsoft designed exclusively for this new PC type.

The reveal and the days that followed turned out different. Recall was criticized left and right.

Core points were:

Windows 11 activated Recall for users automatically and there was no opt-out option.
The Recall database was not properly secured.

This would have made Recall one of the most lucrative target in computing history.

Tip: you can disable Recall in Windows 11 in several ways.

Microsoft announces changes to Recall

Today, Microsoft announced a series of changes to Recall that “improve privacy and security safeguards”.

The setup experience is changed. Users need to make a decision now to activate Recall or keep it disabled.
Windows Hello enrollment is required to enable Recall.
Proof of presence is required before users may interact with Recall’s database.
Additional security layers, including “just in time” decryption, is also enabled.

Closing words

Microsoft plans to ship the updated version of Recall on June 18th to Windows 11 Insider devices. By then, tinkerers will have another go at the feature to see if it is still possible to gain access to the database.

For a company that announced its new “security first” motto shortly before the reveal of Recall, feedback has been disastrous.

To end on a personal note. I still cannot find a use case for Recall. I do not see how it could help me improve my productivity on Windows PCs. Then again, I’m probably not the target audience for the feature.

What about you? Would you use the safer version of Recall?

DuckDuckGo AI Chat: promises anonymous access to AI models

Posted on June 7, 2024June 7, 2024 by Martin Brinkmann

DuckDuckGo has launched AI Chat officially. The feature promises anonymous interactions with several AIs, including GPT 3.5 , Claude 3, or Llama 3.

DuckDuckGo claims that access is free and that all chats are private. The company says that it is anonymizing interactions with the AI models. Furthermore, interactions are not used “for any AI model training”.

Users may communicate with all AIs free of charge. Interactions are, however, limited at this point. DuckDuckGo considers introducing paid plans in the future that increase limits and may give paying customers access to advanced models.

Using DuckDuckGo AI Chat is simple. Visit the startpage of the service and pick one of the available chat models to communicate with. Accept the privacy policy and terms of use on the next page.

The essential points are these:

DuckDuckGo is not saving or storing user prompts or outputs.
The company says it has agreements with model providers “to further protect” user privacy.

DuckDuckGo says that chats are anonymous and cannot be traced back to individuals. It achieves this by acting as a proxy. The AI communicates with DuckDuckGo, and thus also a DuckDuckGo IP address, and not the user directly.

Using DuckDuckGo AI Chat

AI Chat works as expected. You type and send the typed text to the AI. It will respond to it and DuckDuckGo shows the output from the AI in the interface.

Options to start the chat over and switch to another of the supported AI models are provided on the chat page.

The current limit is not highlighted on the AI Chat page. This means that you never know when you reach such a limit. You could switch to another AI model then to continue your interaction.

Closing Words

DuckDuckGo AI Chat gives you access to four different AI models at the time. If you trust the company’s claims, you get to interact with all of them anonymously. It is an interesting option to test the different AIs.

What about you? Do you use AI models already? If so, which is your favorite and why?

Firefox is getting Tab Previews soon

Posted on June 6, 2024June 6, 2024 by Martin Brinkmann

Mozilla has launched support for Tab Previews in Firefox Nightly officially. Firefox displays a thumbnail image of the open webpage on hover once the feature is enabled.

Current versions of Firefox display just the title of the website on hover. Firefox shows just the first few characters of a title on the tab itself by default.

While the title is sufficient for some users, others may prefer to see a preview of the actual web content. This may help identify the right webpage and thus tab when switching tabs in Firefox.

Once enabled, Firefox shows a preview of the webpage on hover.

Firefox users who run the Nightly version may enable Tab Previews in the following way:

Load about:config in the Firefox address bar.
Click on Accept the Risk and Continue.
Search for browser.tabs.cardPreview
Double-click on browser.tabs.cardPreview.enabled to set the value to True, , if it is not true already.
Double-click on browser.tabs.cardPreview.showThumbnails to set the value to True, if it is not true already.
Restart Firefox.

You should get previews now when you hover over a loaded tab in the browser.

Disable tab previews: if you do not like tab previews, you can disable them by setting browser.tabs.cardPreview.enabled to False.

A third preference determines how fast or slow previews are shown. This is browser.tabs.cardPreview.delayMs, which you may also change on about:config. The value is in milliseconds. Reduce the number and previews are shown quicker, or increase it, to get more hover time before tab previews are shown.

Bonus tip: set browser.taskbar.previews.enable to True to show up to 20 thumbnail images of open webpages in Firefox when hovering over the Firefox icon on the taskbar of the operating system. You can change that number by modifying browser.taskbar.previews.max on about:config.

Closing Words

Mozilla will enable Tab Previews in Firefox by default in the future. Good news is that users can disable the feature, if they have no use for it. Will take months before the feature lands in Firefox Stable.

Will you keep tab previews enabled or are you using them already in another browser?

TotalRecall: search Windows 11 Recall data and return results

Posted on June 5, 2024June 5, 2024 by Martin Brinkmann

TotalRecall is a new open source tool for Windows that can be used to run searches across the entire Recall database.

Recall is a new feature of Windows 11 that takes snapshots of the screen every five seconds. It stores them locally and makes them available for processing by the user.

Recall is enabled by default on supported systems. Users may disable Recall, but only after the initial setup. While that may change before public release, and Microsoft would do good to make the change, it is on by default right now.

The feature is officially available only for a batch of ARM64 devices at the time of writing, but it will expand to Intel and AMD hardware soon as well. Plus, there are tools available already to make it work on older ARM devices that do not have a NPU chip.

The data is protected, but unlocked once the user logs in. It is then accessible by the user, but also by System or Admin accounts. In other words, any process that runs as System or Admin may be used to access the data.

It does not take an Einstein to connect the dots here to spot the elephant in the room: malware and spyware will target Recall data. It reveals any activity of the user, with the exception of activity in certain private browsing windows.

Forget tracking, you get a clear picture of a user’s likes, dislikes, webpages, apps, games, documents, financial transactions, online banking, private and public messages on forums and chats, and much more, when you gain access to that data.

TotalRecall

TotalRecall is a third-party tool that makes the data searchable via the command line. Run a search for password, and the tool runs a query to return any user activity associated with the term password.

It saves the search results to a text document on the system. This file provides details on the “captured windows, images, and search results”.

You can limit the search to a specific data range or run it across the entire data.

Here is what the tool does:

TotalRecall copies the databases and screenshots and then parses the database for potentially interesting artifacts. You can define dates to limit the extraction as well as search for strings (that were extracted via Recall OCR) of interest. There is no rocket science behind all this. It’s very basic SQLite parsing.

Closing Words

Microsoft, probably, did not expect to receive that much backlash for Recall. It is anyone’s guess whether Microsoft is going to make adjustments to Recall.

Windows 11 users who buy a laptop that is Recall capable, may want to strongly consider turning it off. While it may be a useful tool in very specific work scenarios, the chance of Recall turning into a nightmare for many Windows users is a real one.

This online video downloader is fast, customizable, and ad-free

Posted on June 4, 2024June 4, 2024 by Martin Brinkmann

While I still swear on Internet Download Manager for all my downloading needs, many users may need such tools only occasionally or do not want to pay for a service. If you need to download a video every now and then, then you may prefer a fast solution that does not need to be installed.

Cobalt.tools is such a tool. Yes, there are numerous video downloaders out there, but hear me out.

Cobalt is an ad-free, tracking-free solution that has a minimalistic design. It worked with every video service I threw at it. Probably won’t work with DRM-videos, but that is a limitation for all video downloaders.

To use it, you simply paste the video URL into the form on the website. Hit the >> button and you get the download dialog of your browser. It does not get simpler than that.

The default configuration is set to auto. This means that Cobalt determines what to download and the quality of the download.

A click on settings shows a number of preferences. Here you can make changes to video, audio, and other settings.

Video — Change the preferred quality between 8k+ and 144p
YouTube Codec — Switch from h264 to av1 or vp9.
Twitter — Convert Gifs to .gif.
Audio — change format from mp3 to ogg, wav, opus, or “best”.
Mute Audio — remove audio from videos.
Use browser language — so that YouTube dubbed audio tracks provide the correct audio track.
Appearance — light and dark mode supported.
File name style — classic, basic, pretty, and nerdy (pick pretty).

Closing Words

Cobalt.tools is an excellent video downloader. It is easy to use and privacy friendly. You can customize it, if you want, but this is optional.

While it is not best-suited for mass download sessions, it may work for that as well, albeit a little bit less comfortably. Its strength is its simplicity. Paste, click go, and save. It does not get simpler than that.

Which video downloader do you use, if any? Feel free to leave a comment below.

Facebook will use your data for AI training, unless you opt-out

Posted on June 2, 2024June 2, 2024 by Martin Brinkmann

Meta is notifying its users currently on Facebook about a privacy-impacting change that will to into effect on June 26, 2024.

The company says that it is expanding “AI at Meta experiences” to the user’s region. AI refers to the “collection of generative AI features and experiences” at Meta. It includes Meta AI and AI Creative Tools according to the notification.

All Facebook users are opted-in automatically. Those who do not want their data to be used for AI training need to opt-out. This opt-out is not straightforward and it appears to be a deliberate decision by Meta.

Meta Facebook AI use of data for AI training

A click on the right to object link in the notification opens the Object to Your Information Being Used for AI at Meta page.

The page offers information on the data that Meta plans to use for AI training and the data that it won’t use. In a nutshell, public data, for instance posts or photos, will be used. Private data, including private messages, won’t be used.

For the opt-out, it is necessary to provide the following information:

Country of residence.
Email address.
Writing an essay on “how this processing impacts you”.

There is also one optional text field that users can fill out to provide additional information.

Meta processes the information and the notification sounds as it if can accept or decline the request. Meta writes:

If your objection is honored, it will be applied going forward.

This is not the end of it though. Meta sends a confirmation code to the email address. This code needs to be entered into a form on the Facebook website to confirm the email address.

Meta then says that it will review the submission as soon as possible. It took less than a minute to receive the answer:

Hi Martin,

We’ve reviewed your request and will honor your objection. This means your request will be applied going forward.

If you want to learn more about generative AI, and our privacy work in this new space, please review the information we have in Privacy Center.

facebook.com/privacy/genai

This inbox cannot accept incoming messages. If you send us a reply, it won’t be received.

Thanks,
Privacy Operations

In case you are wondering what I wrote in the required text field. It was “I object to the use of my data for the training of AI at Meta”

Whether Meta is analyzing user requests with AI is unclear, but it seems very unlikely that a human processed the request in less than a minute after sending it.

If someone could try and write nonsense in the field, we’d know for sure.

What about you? Do you mind if your public data is used for AI training?

Windows 11 Recall data is not secured properly

Posted on June 1, 2024June 1, 2024 by Martin Brinkmann

Is the upcoming Recall AI feature of the Windows 11 operating system a privacy nightmare? While the verdict is still out about that, it is clearly problematic on several levels in its current state.

Recall takes screenshots of the computer screen every 5 seconds. The default configuration takes screenshots of pretty much everything. The only exceptions are private browsing windows of popular browsers and DRM-protected content.

Every other activity, including views of financial documents, porn, games, visited websites, messages, and more may be captured.

It saves the data to a locally stored SQLite database. There it is kept until it is either deleted to make room for newer data or deleted by the user.

Users have several options:

Disable Recall entirely, which will likely erase the entire database.
Reduce the assigned storage size, which will delete older entries.
Use the delete snapshots option to delete some or all snapshots taken.

Multiple parties want access to Recall

Since Recall saves a user’s entire work history on a device for three months by default, it will be seen as a treasure trove by multiple parties.

Malware actors may find ways to grab the entire database, which is not encrypted when the system is running.
Law enforcement, customs, spies, state sponsored hackers may also want access to it.

Recall offers interesting data. Screenshots of one-time messages, or messages that get deleted by the user of the PC. These remain in the database until they are flushed out because of age.

Recall is not all that useful for most Windows users

The idea of searching through the computing activity of the past three months may sound appealing to some users.

In work or research environments, it may be seen as a great feature, provided that Microsoft gets privacy, security, regulatory requirements, and all of that in order before release.

For most home users, Recall does not have a great value proposition.

What problem is Recall solving? How often do home users need to find something very specific on their devices that they have trouble finding using the built-in search or manual searching?

In all of Microsoft’s talks and announcements, the company has not really answered that question.

If you weight this now against the prospect of maintaining a database on your computer that reveals what you have done on it in the past three months, then it is likely that most users may pass on this.

Depending on how it launches, enabled by default, with or without notification to the user, it is probably not going to see the wide use that Microsoft hopes it will have.

Closing Words

Recall is not here yet and things may change before the final release later this year. Most home users who happen to purchase Copilot+ PCs may want to consider disabling Recall to block the feature from recording everything they do on their devices.

I suggest you check out the following thread on Recall for additional information on it and the issues that it introduces.

What about you? Would you make use of Recall, if it would be available on your devices?