ai Archives - Page 3 of 5 - Chipp.in Tech News and Reviews

Recall: Microsoft’s second attempt begins with security and privacy changes

Posted on September 28, 2024September 28, 2024 by Martin Brinkmann

The initial announcement of the AI feature Recall is a great example of shooting yourself in the foot. When Microsoft announced Recall, it floated on a wave of positive and encouraging AI news and developments.

Recall was never tested in Insider builds prior to the announcement, at least to my knowledge. While the reason for that decision is unknown, it is possible that Microsoft wanted to launch the new Copilot+ PCs with a banger.

Microsoft did not anticipate the criticism that it received after the announcement. These complaints were valid and could have been avoided if Microsoft would have received feedback from beta testers outside the company.

Privacy and security were at the center of the issue. Recall was enabled by default, which meant that users had to disable it, if they did not want to use it. It recorded the screen every 5 seconds and saved the data in a database that was not protected during runtime.

Microsoft pulled Recall shortly thereafter and promised to do better. Today. Microsoft revealed the improved version of Recall on its Windows Experience website.

Has it improved? Lets find out.

Recall Security

Microsoft makes four statements in regards to security:

Recall is opt-in — The option is shown during the setup experience and users need to enable the feature to use it.
Recall data is encrypted — Snapshots and information is stored in an encrypted database. Keys are protected using TPM and are linked to the user’s Windows Hello Enhanced Sign-in Security identity.
A core service is further isolated — Microsoft says that the service responsible for accessing snapshots and data runs in a secure VBS Enclave. Only data that the user requests is getting outside, according to Microsoft.
Recall uses Windows Hello Enhanced Sign-in Security – This is done to authorize Recall operations.

Particularly interesting is the fact that users may uninstall Recall. Microsoft introduced the option under Optional Features some time ago, then pulled it again saying that it was a bug. Now it turns out that Recall can be uninstalled fully, if the user so desires.

Microsoft addresses main criticisms with the change. Making Recall opt-in will reduce usage, but it ensures that unsuspecting users do not have screenshots of their activity taken every five seconds by the feature.

Recall Privacy

Next to security, Microsoft says that it has also improved privacy controls. Apart from making Recall opt-in, Microsoft highlights the following options to users who choose to enable the AI-feature.

In-private browsing data is never captured or saved. This is true for supported browsers. Microsoft lists Edge, Chrome, Firefox, Opera and other Chromium-based browsers.
Specific apps or websites viewed in browsers may be filtered. Works only in Edge, Chrome, Firefox and Opera.
Users control how much disk space Recall uses and how long content is retained.
Sensitive content filtering is enabled by default. This helps protect passwords, credit card numbers and the like to a degree.
Options to delete a time range, or all content from an app or website, or “anything and everything found in Recall search”.
An icon visualizes when snapshots are saved. Allows to pause snapshots.

Closing Words

Some of the features existed in the first version already. Microsoft has addressed the major points of criticism. While it is too early to tell how this will all work out, as Recall has not been released yet, it is giving users who are interested in the feature more control and better security.

Those who have no interest in the feature can either ignore it, by making sure not to opt-in during setup, or to remove it from the system entirely, if they prefer that.

You can check out the full blog post, which includes many security details, here.

What is your take on the changes? Do they go far enough, or is still something amiss? Feel free to leave a comment down below.

X’s AI Grok uses your data for training by default – here is how you can turn that off

Posted on July 26, 2024July 26, 2024 by Martin Brinkmann

If you use X, you may have heard about the AI Grok already. Currently, xAI and Grok are playing catch-up with the current AI allstars. Plans are to push Grok to first place by the end of the year.

Whether that is going to happen or not remains to be seen. What is clear is that Grok, like any large language model, needs access to as much data as possible.

One source for such data is X itself. If you use X, your data on the site is used to train and fine-tune Grok by default.

X says that it is using posts, interactions, inputs, and results to train the AI on the site.

Block X from using your data to train the AI

If you do not want that, you may make a change in settings and also delete your conversation history.

Here is how that is done:

Click on this link to open the setting directly on X.
- If you prefer, you may also go there manually (Menu > Settings and privacy > Privacy and safety > Grok.
Uncheck “Allow your posts as well as your interactions, inputs, and results with Grok to be used for training and fine-tuning”.
Optional step: click on Delete conversation history to delete all interactions with Grok.

Note: Grok access is limited to X-subscribers at the time of writing. Your data may still be used to train the AI, even if you are not a subscriber or have used Grok in the past.

Once you have made the change, Grok will no longer use your posts on Twitter for training.

Now you: do you use X? What is your take on the default setting? Feel free to leave a comment down below.

Microsoft working on next step to make AI centerpiece of Bing Search

Posted on July 25, 2024July 25, 2024 by Martin Brinkmann

In some years from today, search engines will likely look completely different. The traditional way of showing links to websites that match the search query best, at lest according to the search engine that you are using, is being phased-out.

The replacement comes in form of AI generations. AI takes the user’s query, generates a response and returns it to the user.

Microsoft revealed a new experiment that it runs on Bing currently that is shifting towards this.

When a user runs a search, Bing will use an AI-generated response for the search results page. It is the first thing that the user sees. While there are regular web links attached afterwards, most searches tend to focus what happens above the fold.

So, AI generates a result and Bing shows it to the searcher first. This includes links to sources and Microsoft says that this will drive more traffic to sites than regular search pages. The claim is not backed up, though.

AI generated results do not work equally well on all types of user searches. Search for something new or unique, and you may not get an answer that you find sufficient.

Search for common knowledge, and you may get an answer that you find useful. AI may still hallucinate and display answers that are factually incorrect.

The future of search

For sources to be included in the answers of AIs, they need to allow them to be crawled. Any source that does not, either for exclusive deals with certain companies or for other reasons, won’t have their pages linked by the AI.

While Microsoft says otherwise, it seems clear that this new type of search format benefits larger websites more than smaller ones. Lesser known sites will be pushed further down still, which will likely reduce traffic further to them.

Google, Microsoft, and other search companies are interested in keeping searches on their properties. Direct answers, integrated tools, and other services are added constantly to search engines to keep searchers, and their eyes on ads, on the search engine’s site.

Plenty of smaller publishers have given up in the past already. Remember Freeware Genius? An excellent site for freeware recommendations. The site was heavily punished by Google Search for unknown reasons and died because of that.

Samer, the creator of the site, never found out why his site tanked in first place.

The trend will continue. Bing, Google, and others will use AI to keep searchers longer on their sites.

What about you? Do you find AI results useful?

Opera launches preview of Opera One R2 with improved functionality

Posted on June 26, 2024June 26, 2024 by Martin Brinkmann

Opera Software has released a preview version of its upcoming updated Opera One browser. Called Opera One R2, it comes with new and improved functionality.

Where to download: you can download Opera One R2 Preview from this page on Opera’s website.

Note: if you install the browser on Windows, you may get a SmartScreen security warning. This is because the browser is new, not because it is malicious.

Opera One R2

Opera highlights three new and improved features in the preview.

Improved control over multimedia.
More AI.
Split screen tabs.

Improved multimedia controls

Opera Browser displays music and media playing options in its sidebar. You can access the likes of YouTube Music, Spotify, or Apple Music directly from the sidebar.

Each service is in reach and it is easy to switch between the options. The music player mutes itself automatically when audio is played on a webpage and it resumes playback afterwards.

Tip: you can change the option by loading opera://settings/playerService in the browser’s address bar. Here you can turn auto-mute off or change the resume interval.

Most Opera users who use the player keep it running in the background while they do other tasks. Hovering over the media player icon displays controls now to interact with playback without leaving the site you are on.

Video popout allows Opera users to display videos on top of other webpages. Useful to keep watching something while doing other things in the browser. The popout can now be dragged anywhere and it can be resized.

I could not drag & drop the media player around in the interface as Opera showcased it on its website. Maybe that is coming, but it looked like the coolest feature of the bunch.

More AI

Like it or not, but AI is going to play a much bigger role in most web browsers in the coming months and years.

The new version introduces additional features:

Answers, Images and Page Context Mode (Ctrl+/ on Windows, then Tab to access Page Context Mode).
AI Image recognition to get information about images you upload.
AI Image generation.
Aria, Opera’s built-in AI, offers “more and deeper information”, including source links, search suggestions, and more.
Text-to-Speech support.

Split Screen

Not a unique feature, but still useful. Just drag an open tab to the right side of the screen to get the option to split the screen between the two active tabs.

Closing Words

The new Opera is available as a preview. In other words, it should be considered Beta at this stage. If that does not bother you, you may give it a try by following the link I posted near the top.

It seems unlikely that the new update is going to convince lots of users to give Opera a try. Split Tabs is not a unique feature and media playback controls seem limited at this point.

Still, if you happen to listen to music or videos while doing “things” in your browser, or want to give the new AI capabilities a try, it may be worth checking out.

What about you? Do you use Opera at all? What is your take on these features?

Meta gives Europeans a pass – won’t use data for AI training

Posted on June 17, 2024June 17, 2024 by Martin Brinkmann

European Facebook and Instagram users may breathe a sigh of relief, as their public data won’t be used by Meta for AI training for the time being.

Meta published an update regarding the use of data from European users on Facebook.

Here are the highlights:

Meta will pause plans to train its large language models using publicly shared content from European users on Facebook or Instagram.
Data protection agencies from 11 countries from the EU have filed complaints against Meta.
Meta calls it a “step backwards for European innovation”.

The decision does not change the handling of data from users outside of the European Union. Meta will use public data from these users to train its AI systems.

Meta said that it hopes that the data protection authorities chance their stance on the issue. The company said previously that it would use public posts and comments from users over the age of 18 only for AI training. European users were the only ones to get an opt-out option.

While Meta said that it remains committed to bringing AI functionality to users from the European Union, it added that the lack of local information would make it a “second-rate experience”.

Here is an interesting idea: how about making the training opt-in? Giving Facebook and Instagram users the option to give Meta permission to use their data for AI training.

The main issue here, at least for Meta, is that it would gain access to a fraction of the data only. Opt-in systems are favored by users, as they give them full control over a feature. They are disliked by companies, as it limits the reach significantly.

Meta could counter this by giving users incentives to share their data. It will be interesting to see how this will turn out in the end. Meta said that it will “continue to work collaboratively” with the Irish Data Protection Commission.

Would you allow companies to use your public data for AI training?

AI is now capable of exploiting 0-Day vulnerabilities without description

Posted on June 10, 2024June 10, 2024 by Martin Brinkmann

A team of security researchers at the University of Illinois published a study back in April 2024 that demonstrated the hacking capabilities of AI.

Using OpenAI’s GPT-4 model, they discovered that exploit code could be generated for 87% of the tested 0-day vulnerabilities.

This figure dropped to 7% if the CVE description was not provided.

Good to known: 0-day vulnerabilities refer to security issues that are very recent. Patches may not be available in all cases, and systems that are not updated are vulnerable to attacks that target these vulnerabilities.

The same research team has now published a new research document: Teams of LLM Agents can Exploit Zero-Day Vulnerabilities

It builds on the previous research. This time, the researchers wanted to find a way to improve the exploiting capabilities of AI if no description of 0-day vulnerabilities was provided.

They managed to create a system that bumped the success rate to 53% using real-world 0-day vulnerabilities that were discovered after the AI model’s data cut-off date.

Using GPT-4, the researchers switched to a team-based approach to compartmentalize attacks. Instead of relying on a single GPT-4 instance for attacks, they developed an architecture that assigned AI agents with different tasks.

The tasks are assigned by a planner AI and controlled by a manager AI. The planner AI launches other AI instances, including the manager AI and AIs for specific tasks.

This approach worked well, as it improved the the capabilities of the AI attacker. The chance of success rose from 7% when using a single AI instance to 53% under the new team-based approach.

Closing Words

AI research that focuses on security is important. Besides demonstrating the capabilities of different AI models, it may also highlight future dangers. Well-funded hackers and criminals may use AI models for illegal activities. These may range from finding new exploits to creating exploits for existing vulnerabilities.

Web-based and App-based AI interactions prevent certain activities, including hacking. This is not the case, however, for self-hosted or created AI models.

What is your take on this? Will we see more exploits that are more widely used in attacks in the future? Or will we see the rise of AI-based Anti-hacking solutions that try to counter their breathren?

Microsoft announces changes to Recall in Windows 11 after backlash

Posted on June 8, 2024June 8, 2024 by Martin Brinkmann

When Microsoft announced the AI feature Recall in May, it felt confidence in its AI strategy. Recall, a feature that takes snapshots of the PC screen every five seconds, was designed to be the selling point for a new breed of PCs, that Microsoft calls Copilot+ PCs.

A lot depended on Recall. It was the first major AI feature that Microsoft designed exclusively for this new PC type.

The reveal and the days that followed turned out different. Recall was criticized left and right.

Core points were:

Windows 11 activated Recall for users automatically and there was no opt-out option.
The Recall database was not properly secured.

This would have made Recall one of the most lucrative target in computing history.

Tip: you can disable Recall in Windows 11 in several ways.

Microsoft announces changes to Recall

Today, Microsoft announced a series of changes to Recall that “improve privacy and security safeguards”.

The setup experience is changed. Users need to make a decision now to activate Recall or keep it disabled.
Windows Hello enrollment is required to enable Recall.
Proof of presence is required before users may interact with Recall’s database.
Additional security layers, including “just in time” decryption, is also enabled.

Closing words

Microsoft plans to ship the updated version of Recall on June 18th to Windows 11 Insider devices. By then, tinkerers will have another go at the feature to see if it is still possible to gain access to the database.

For a company that announced its new “security first” motto shortly before the reveal of Recall, feedback has been disastrous.

To end on a personal note. I still cannot find a use case for Recall. I do not see how it could help me improve my productivity on Windows PCs. Then again, I’m probably not the target audience for the feature.

What about you? Would you use the safer version of Recall?

DuckDuckGo AI Chat: promises anonymous access to AI models

Posted on June 7, 2024June 7, 2024 by Martin Brinkmann

DuckDuckGo has launched AI Chat officially. The feature promises anonymous interactions with several AIs, including GPT 3.5 , Claude 3, or Llama 3.

DuckDuckGo claims that access is free and that all chats are private. The company says that it is anonymizing interactions with the AI models. Furthermore, interactions are not used “for any AI model training”.

Users may communicate with all AIs free of charge. Interactions are, however, limited at this point. DuckDuckGo considers introducing paid plans in the future that increase limits and may give paying customers access to advanced models.

Using DuckDuckGo AI Chat is simple. Visit the startpage of the service and pick one of the available chat models to communicate with. Accept the privacy policy and terms of use on the next page.

The essential points are these:

DuckDuckGo is not saving or storing user prompts or outputs.
The company says it has agreements with model providers “to further protect” user privacy.

DuckDuckGo says that chats are anonymous and cannot be traced back to individuals. It achieves this by acting as a proxy. The AI communicates with DuckDuckGo, and thus also a DuckDuckGo IP address, and not the user directly.

Using DuckDuckGo AI Chat

AI Chat works as expected. You type and send the typed text to the AI. It will respond to it and DuckDuckGo shows the output from the AI in the interface.

Options to start the chat over and switch to another of the supported AI models are provided on the chat page.

The current limit is not highlighted on the AI Chat page. This means that you never know when you reach such a limit. You could switch to another AI model then to continue your interaction.

Closing Words

DuckDuckGo AI Chat gives you access to four different AI models at the time. If you trust the company’s claims, you get to interact with all of them anonymously. It is an interesting option to test the different AIs.

What about you? Do you use AI models already? If so, which is your favorite and why?

TotalRecall: search Windows 11 Recall data and return results

Posted on June 5, 2024June 5, 2024 by Martin Brinkmann

TotalRecall is a new open source tool for Windows that can be used to run searches across the entire Recall database.

Recall is a new feature of Windows 11 that takes snapshots of the screen every five seconds. It stores them locally and makes them available for processing by the user.

Recall is enabled by default on supported systems. Users may disable Recall, but only after the initial setup. While that may change before public release, and Microsoft would do good to make the change, it is on by default right now.

The feature is officially available only for a batch of ARM64 devices at the time of writing, but it will expand to Intel and AMD hardware soon as well. Plus, there are tools available already to make it work on older ARM devices that do not have a NPU chip.

The data is protected, but unlocked once the user logs in. It is then accessible by the user, but also by System or Admin accounts. In other words, any process that runs as System or Admin may be used to access the data.

It does not take an Einstein to connect the dots here to spot the elephant in the room: malware and spyware will target Recall data. It reveals any activity of the user, with the exception of activity in certain private browsing windows.

Forget tracking, you get a clear picture of a user’s likes, dislikes, webpages, apps, games, documents, financial transactions, online banking, private and public messages on forums and chats, and much more, when you gain access to that data.

TotalRecall

TotalRecall is a third-party tool that makes the data searchable via the command line. Run a search for password, and the tool runs a query to return any user activity associated with the term password.

It saves the search results to a text document on the system. This file provides details on the “captured windows, images, and search results”.

You can limit the search to a specific data range or run it across the entire data.

Here is what the tool does:

TotalRecall copies the databases and screenshots and then parses the database for potentially interesting artifacts. You can define dates to limit the extraction as well as search for strings (that were extracted via Recall OCR) of interest. There is no rocket science behind all this. It’s very basic SQLite parsing.

Closing Words

Microsoft, probably, did not expect to receive that much backlash for Recall. It is anyone’s guess whether Microsoft is going to make adjustments to Recall.

Windows 11 users who buy a laptop that is Recall capable, may want to strongly consider turning it off. While it may be a useful tool in very specific work scenarios, the chance of Recall turning into a nightmare for many Windows users is a real one.

You can now chat with Microsoft Copilot on Telegram

Posted on May 27, 2024May 27, 2024 by Martin Brinkmann

Microsoft has identified another service that its AI Copilot has not been available on. Today, Microsoft launched Copilot officially for the messaging service Telegram.

Word of warning: while you do not need a Microsoft account to communicate with the AI, it is necessary to part with your mobile phone number for verification purposes.

Here is how it works:

Open the Telegram app and search for Microsoft Copilot, or, open the official Microsoft Copilot Telegram page here.
Select I Accept when asked to do so to continue.
Provide Copilot with the device’s phone number for verification.

Once that is out of the way, you may interact with Copilot using text messages or by selecting one of the displayed ideas.

Note: Copilot limits interactions to 30 per day. This is not much and there is no option currently to increase the limit.

The bot accepts a few commands:

/restart to end the current chat and start over.
/ideas to display examples.
/share to get invites for friends.

The most important command is restart, as it erases the previous chat so that you can start a new one.

Interactions work as you expect them to work. Type a message and submit it to get an answer.

As is the case with all Copilot interactions, messages are send to Microsoft servers. They are processed there and then returned to Telegram.

The process was quick during tests. It is unclear whether that is going to change as the bot’s popularity may increase on the platform.

All in all, you do get the same experience that you get on other platforms that Copilot is available on. The experience is limited, because of the 30 chat turns limit and the inability to generate images at this point.

Verdict

Considering that you can interact with Copilot on other platforms as well, without handing over your phone number, most of you will probably shy away from the Telegram bot experience.

Have you interacted with Copilot or another AI before? Did you like it or find it useful?