3. OpenAI has identified that ChatGPT has being used from networks associated with CCP headquarters, and fabricates a plausible story for the press to show how useful their data can be for US military intelligence.

The timing of this news story is too good to not be an attempt to get hold one of those Pentagon contracts Anthropic has been offered (and might lose), with all means necessary.

Regardless of the actual truth, I am just curious about the overall optics of this. Why would OpenAI (implicitly) admit that they are spying on their users, and show that they are willing to share it with the press?

While I completely agree with you on all arguments about the dangers of algorithm-based platforms where eyeball count and time spent in apps (ad revenue) are the primary reasons behind their very existence, I disagree on your definition for the term social media.

I tried to find some sources for your definition, but for example the Wikipedia article on social graphs define Facebook as an online social network (although it also calls it a social media platform).

Judging by the list of social networking services, the definition (at least on Wikipedia) seems to lean towards “any site where you can add people as friends” (thus building the social graph you refer to).

Personally, I think that term fits better with your description (platforms based entirely on a social graph), while online social media is a broader term describing any online medium on which we socialize with other people - graph-based or not. Old-school forums and chat rooms included, even if we didn’t call them that back then.

I keep falling into the same trap as well, when telling people I quit using “social media” but am very much active on social media platforms - just not the ones controlled by big tech.

Maybe we need a shorthand for “profit-driven algorithm-controlled influencer cesspools” so we can separate it from “non-profit decentralized social media platforms” like Lemmy and Mastodon?

Yeah, I looked at the screenshots again and it looks like it is only in the age verification flow Persona is asking for consent to collect data.

Following the announcement of Discord’s new age verification policy - already in force in the UK and Australia, with a global rollout beginning in early March - social media users shared screengrabs of prompts to consent to Persona collecting their data over the weekend.

As I understood the above paragraph from the article, two things are happening that Persona is involved in:

1. The implementation of an age verification system, that may or may not be required for all servers.

2. Users are being asked about consent on mining their data, that may (according to the FAQ) be kept for up to a week.

And from the FAQ:

If you’re located in the UK, you may be part of an experiment where your information will be processed by an age-assurance vendor, Persona. The information you submit will be temporarily stored for up to 7 days, then deleted.

It sounds to me that these are two separate things currently happening, even if the data from #2 might be used in the execution of #1 when verification is required.

If I read the article correctly, even if only some servers require age verification Persona still seems to ask for consent to mine your data. Considering how jaded most people are when it comes to cookie prompts, it would be understandable if kids just clicked yes on this consent screen to continue chatting with their friends, unaware that they just gave away their current and future data to this Palantir-linked company, even if they haven’t shared (or will ever need to share) their ID.

An ID verification scheme will always be broken by design due to the sensitive information that is shared and needs to be (cough) securely processed by some company, but at least it’s a more explicit decision and action of multiple steps required by you.

Allowing continous data mining, however, is just a simple click and something you will have forgotten about in a few hours or days.

Pegasus is a SaaS-style platform sold to nation state actors, criminal groups and other evil conspirators that want to spy on victim targets. NSO Group (or whatever they are called at the moment) acquires a variety of 0-day exploits for different phone vendors and models, both by developing their own but also buying them from black hats that make a living on developing these and selling to the highest bidder.

There is not a single “Pegasus exploit” but a whole array of them where the one that is used is selected based on the victim and target device. Naturally, when one exploit is discovered and fixed by the phone vendor, it cannot be used again on patched devices and new exploits have to be acquired.

One of the exploits that are known to have been used with Pegasus is indeed the iMessage 0-click vulnerability reported by the Google Zero initiative, but it didn’t require any user interaction. You only needed the victim device to receive the message with the exploit payload.

Sometimes, nation states themselves buy or develop 0-day exploits that are not reported to the software vendor, in hope that it can be weaponized instead. See for example the “Stuxnet” attack against Iran, which was carried out by USA and Israel using a critical vulnerability in Windows that had been unknown to the public for about a decade (which means that anybody else who found it during this time could use it against the general public as a consequence of it being kept as a secret).

It’s not like nation state actors (or APT:s working for them) would ever need to black-box hack their way into a network made up by cameras from a domestic company. They’d just put a gag order on the company and force them into handing over silent backdoor access. In order of preference: using an existing backdoor for LEO:s, adding a new one in a firmware update, or requesting all source code so they can develop an exploit on their own.

The problem is not when and what it is recording based on how it is configured. The problem is that law enforcement can (by design) use a backdoor and gain access to these cameras for real-time surveillance, at will. Since they have access to the feed, they can also record it all.

Additionally, these cameras get hacked all the times.

The point being - if the cameras are up, they will be abused by others. If you really need cameras, put them inside your house. That way you’ll only invade your own privacy, and you won’t enable criminals to misuse it for spying on anybody else than yourself.

Ouch! Sorry to hear that. Where did you order the duds from?

Cool. I accidently broke the display on my LilyGo pager, but have a LoRa ESP32 devkit that I should get going with… Probably a good fit for meshcore.

Yes, and immediately become subject for closer surveillance by doing so.

My take, as mentioned in another reply: Retain plausible deniability by communicating in plain sight and use good old codebooks or similar techniques for the secret parts of your messages.

You could also resort to good old code books and hide your communication in plain sight, instead of trying to evade surveillance with technical tricks that are easily detected.

What’s your antenna setup for that kind of coverage?

Are people forgetting there are GenAI tools for this now? He could sure as well have done this by prompting Grok or whatever.

I think they are referring to the fact that, ignoring the personalities who hold this kind of wealth, it’s just not a viable investment strategy for a project/organization as large as society to have all that wealth tied up with only a few assets (the billionaires).

Economics tells us that diversifying the investments (equality, if you will) is a safer bet for society in the long run.

I probably misread GP but hey, at least I tried!

Here is an archived version of the link, as the original seems to be dead: https://archive.ph/aDmgK