Technology

Archived

Oblivion menaces every scrap of information that doesn’t spark joy in the Oval Office. “It’s gone,” Trump said of “wokeness,” during his recent address to Congress, in almost motherly tones. “And we feel so much better for it, don’t we? Don’t we feel better?” But on this front, at least, the Administration is facing well-organized resistance. It comes from a loose coalition of archivists and librarians, who are standing athwart history and yelling “Save!” They belong to organizations such as the Internet Archive, which co-created a project called the End of Term Web Archive to back up the federal web in 2008; the Environmental Data and Governance Initiative, or EDGI; and libraries at major universities such as M.I.T. and the University of Michigan. Like the Encyclopedists of Isaac Asimov’s “Foundation”—who race to compile a collapsing empire’s accumulated knowledge—they’re assembling information arks to ride out the chaos.

[...]

Archived

[...]

UNC3886 deployed backdoors disguised as legitimate system processes on Juniper MX routers running outdated hardware and software. These routers, using end-of-life (EOL) configurations, were easier targets due to vulnerabilities in their security systems. The malware leveraged Junos OS’s Veriexec, a file integrity monitor, to avoid detection. Instead of disabling Veriexec, the attackers injected malicious code into legitimate processes.

[...]

UNC3886 is a well-known hacking group with a track record of targeting network devices and virtualization technologies, often using previously unknown vulnerabilities (known as zero-day exploits). The group’s main focus is on espionage against industries like defence, technology, and telecommunications, particularly in the US and Asia.

While other Chinese hacking campaigns, such as those attributed to groups like Volt Typhoon or Salt Typhoon, have made headlines, Mandiant found no direct technical connections between UNC3886’s activities and those operations. This suggests that UNC3886 is a distinct threat, operating with its own tools and strategies.

cross-posted from: https://lemmy.sdf.org/post/30940295

Chinese tech giant Huawei is at the centre of a new corruption case in Europe’s capital. On Thursday, Belgian police raided the homes of its lobbyists, Follow the Money and its media partners Le Soir and Knack can reveal.

Archived

Authorities suspect that Huawei lobbyists have paid bribes to MEPs in return for backing their cause in the European Union. Around 15 former and current MEPs are “on the radar” of the investigators.

In the early hours, Belgium’s federal police raided Huawei’s EU office and the homes of lobbyists for the Chinese tech company on suspicions of bribery, forgery, money laundering and criminal organisation, people close to the investigation told Follow the Money and Belgian outlets Le Soir and Knack.

Twenty-one addresses were searched in total, in Brussels, Flanders, Wallonia and in Portugal, as part of the sweeping corruption probe. Several documents and objects have been seized. No searches have taken place at the European Parliament.

“Around fifteen (former) MEPs are on the radar of the investigation”

Police were looking for evidence that representatives of the Chinese company broke the law when lobbying members of the European Parliament (MEPs), the sources said. The dawn raids were part of a covert police investigation that started about two years ago after a tip-off from the Belgian secret service.

According to one source close to the case, “around fifteen (former) MEPs are on the radar” of the investigators. For current lawmakers, Belgian prosecutors would have to ask the European Parliament to waive their immunity in order to investigate further. No such request has been made yet, sources said.

The Belgian federal prosecutors’ office confirmed that “several people were questioned. They will be heard about their alleged involvement in practices of bribery in the European Parliament and in forgery and use of forged documents. The facts are supposed to have been committed in a criminal organisation.” The state security service declined to comment.

[...]

Investigators suspect that Huawei lobbyists may have committed similar crimes by bribing MEPs with items including expensive football tickets, lavish gifts, luxurious trips to China and even cash to secure their support of the company while it faced pushback in Europe. Payments to one or several lawmakers have allegedly passed through a Portuguese company, a source said.

Several EU nations have taken action in recent years to restrict or ban “high-risk” vendors such as Huawei from their 5G networks, following warnings from the United States and the European Commission that the company’s equipment could be exploited for espionage by Beijing. Huawei has strongly denied claims of interference from the Chinese government.

[...]

The possible involvement of Huawei will also be part of the probe, the people familiar said. Authorities are investigating suspected offences including criminal organisation and money laundering [...]

The probe comes at a critical moment for the EU’s relations with China, its second biggest trading partner. US President Donald Trump’s recent threats and tariffs have been framed as an opportunity for a rapprochement between the EU and Beijing after years of escalating tensions.

“We could even expand our trade and investment ties [with China],” European Commission President Ursula von der Leyen told EU ambassadors last month.

The Belgian police’s investigation therefore risks having major geopolitical repercussions, especially if authorities charge Huawei along with any individual suspects.

Huawei’s links with the Chinese government

While Huawei has consistently maintained its independence from the Chinese government, researchers have found that the tech giant is 99 per cent owned by a union committee, and argued that independent unions don’t exist in China. Huawei founder Ren Zhengfei served in the Chinese military for 14 years before setting up the company, according to the recent book House of Huawei by journalist Eva Dou of the Washington Post.

Former Huawei employees who were granted anonymity to talk freely about sensitive issues told Follow the Money how the company over the past five years has grown increasingly close to the Chinese government – and increasingly hostile towards the West.

The arrest of Ren’s daughter and Huawei CFO Meng Wanzhou in Canada, China’s crackdown on tech firms seen as too independent from the state and Russia’s war in Ukraine were among the events that accelerated this shift, the former Huawei staffers said.

[...]

One of the main suspects in the corruption probe is 41-year-old Valerio Ottati. The Belgian-Italian lobbyist joined Huawei in 2019, when the company was ramping up its lobbying in the face of US pressure on European countries to stop buying its 5G equipment.

Before becoming Huawei’s EU Public Affairs Director, Ottati worked for a decade as an assistant to two Italian MEPs – from the centre-right and centre-left – who were both members of a European Parliament group dealing with China policy.

Ottati was not immediately available for comment. The investigation is still in an early stage and it remains to be seen whether Ottati or the other suspects in the case will be charged with criminal offences.

[...]

cross-posted from: https://lemmy.sdf.org/post/30887912

Here is the report Security and Trust: An Unsolvable Digital Dilemma? (pdf)

Police authorities and governments are calling for digital backdoors for investigative purposes - and the EU Commission is listening. The Centre for European Policy (cep) warns against a weakening of digital encryption. The damage to cyber security, fundamental rights and trust in digital infrastructures would be enormous.

[...]

The debate has become explosive due to the current dispute between the USA and the UK. The British government is demanding that Apple provide a backdoor to the iCloud to allow investigating authorities access to encrypted data. Eckhardt sees parallels with the EU debate: "We must prevent the new security strategy from becoming a gateway for global surveillance." Technology companies such as Meta, WhatsApp and Signal are already under pressure to grant investigators access to encrypted messages.

"Once you install a backdoor, you lose control over who uses it," says Küsters. Chinese hackers were recently able to access sensitive data through a vulnerability in US telecommunications networks - a direct consequence of the infrastructure there. Instead, Küsters advocates a strategy of "security by design", i.e. designing systems securely from the outset, and the increased use of metadata analyses and platform cooperation as viable alternatives to mass surveillance.

[...]

Lessons from across the Atlantic?

A recent episode from the US provides an illustrative cautionary tale. For decades, some US law enforcement and intelligence agencies advocated “exceptional access” to encrypted communications, claiming that only criminals needed such robust privacy protections – echoing the current debate in the EU. But over the past months, a dramatic shift occurred following revelations that Chinese state-sponsored hackers had infiltrated major US telecommunications networks, gaining access to call metadata and possibly even live calls (the so-called “Salt Typhoon” hack).

Specifically, the Chinese hackers exploited systems that US telecom companies had built to comply with federal wiretapping laws such as Communications Assistance for Law Enforcement Act (CALEA), which requires telecommunications firms to enable “lawful intercepts”. In theory, these built-in channels were supposed to only give law enforcement an exclusive window into suspect communications. In practice, however, they became a universal vulnerability that hostile actors could just as easily exploit.

Suddenly, the very government voices that once dismissed end-to-end encryption began recommending that citizens use encrypted messaging apps to maintain their security.

**What can we learn from this? **

While governments often push for greater surveillance capabilities, the real and current threat of state-sponsored cyber-espionage demonstrates the indispensable value of strong encryption. As the Electronic Frontier Foundation has noted, Salt Typhoon shows once more that there is no such thing as a backdoor that only the “good guys” can use.

If the mechanism exists, a malicious party will eventually find it and weaponise it. The lesson for Europe is clear: undermining encryption to aid investigations may prove short-sighted if it also exposes citizens – and state institutions – to hostile foreign interference. Is this really what we want to do in an increasingly challenging geopolitical environment? The debate about ensuring lawful and effective access to data in the digital age will remain one of the most pressing challenges, so we need to ask whether there are alternative, viable models.

[...]

A former senior Facebook executive has told the BBC how the social media giant worked "hand in glove" with the Chinese government on potential ways of allowing Beijing to censor and control content in China.

Sarah Wynn-Williams - a former global public policy director - says in return for gaining access to the Chinese market of hundreds of millions of users, Facebook's founder, Mark Zuckerberg, considered agreeing to hiding posts that were going viral, until they could be checked by the Chinese authorities.

Ms Williams - who makes the claims in a new book - has also filed a whistleblower complaint with the US markets regulator, the Securities and Exchange Commission (SEC), alleging Meta misled investors. The BBC has reviewed the complaint.

Facebook's parent company Meta, says Ms Wynn-Williams had her employment terminated in 2017 "for poor performance".

It is "no secret we were once interested" in operating services in China, it adds. "We ultimately opted not to go through with the ideas we'd explored."

[...]

Ms Wynn-Williams says her allegations about the company's close relationship with China provide an insight into Facebook's decision-making at the time.

[...]

Ms Wynn-Williams claims that in the mid-2010s, as part of its negotiations with the Chinese government, Facebook considered allowing it future access to Chinese citizens' user data.

"He was working hand in glove with the Chinese Communist Party, building a censorship tool… basically working to develop sort of the antithesis of many of the principles that underpin Facebook," she told the BBC.

Ms Wynn-Williams says governments frequently asked for explanations of how aspects of Facebook's software worked, but were told it was proprietary information.

"But when it came to the Chinese, the curtain was pulled back," she says.

"Engineers were brought out. They were walked through every aspect, and Facebook was making sure these Chinese officials were upskilled enough that they could not only learn about these products, but then test Facebook on the censorship version of these products that they were building."

[...]

In her SEC complaint, Ms Wynn-Williams also alleges Mr Zuckerberg and other Meta executives had made "misleading statements… in response to Congressional inquiries" about China.

One answer given by Mr Zuckerberg to Congress in 2018 said Facebook was "not in a position to know exactly how the [Chinese] government would seek to apply its laws and regulations on content"

[...]

Misinformation, market volatility and more: Faced with the need to mitigate risks that artificial intelligence presents, countries and regions are charting different paths

Archived

The original presentation is available in Spanish only.

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented "backdoor" that could be leveraged for attacks.

The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

This was discovered by Spanish researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco of Tarlogic Security, who presented their findings yesterday at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," reads a Tarlogic announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls."

The researchers warned that ESP32 is one of the world's most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk of any backdoor in them is significant.

[...]

cross-posted from: https://slrpnk.net/post/19214397

Archived

(Note that Pravda network of websites this article is talking about is different from the websites using the Pravda.ru domain, which publishes in English and Russian and are owned by Vadim Gorshenin, a self-described supporter of Russian President Vladimir Putin, who formerly worked for the Pravda newspaper, which was owned by the Communist Party in the former Soviet Union.)

A Moscow-based disinformation network named “Pravda” — the Russian word for "truth" — is pursuing an ambitious strategy by deliberately infiltrating the retrieved data of artificial intelligence chatbots, publishing false claims and propaganda for the purpose of affecting the responses of AI models on topics in the news rather than by targeting human readers, NewsGuard has confirmed. By flooding search results and web crawlers with pro-Kremlin falsehoods, the network is distorting how large language models process and present news and information. The result: Massive amounts of Russian propaganda — 3,600,000 articles in 2024 — are now incorporated in the outputs of Western AI systems, infecting their responses with false claims and propaganda.

This infection of Western chatbots was foreshadowed in a talk American fugitive turned Moscow based propagandist John Mark Dougan gave in Moscow last January at a conference of Russian officials, when he told them, “By pushing these Russian narratives from the Russian perspective, we can actually change worldwide AI.”

A NewsGuard audit has found that the leading AI chatbots repeated false narratives laundered by the Pravda network 33 percent of the time — validating Dougan’s promise of a powerful new distribution channel for Kremlin disinformation.

[...]

The Pravda network does not produce original content. Instead, it functions as a laundering machine for Kremlin propaganda, aggregating content from Russian state media, pro-Kremlin influencers, and government agencies and officials through a broad set of seemingly independent websites.

[...]

Since its launch, the network has been extensively covered by NewsGuard, Viginum, the Digital Forensics Research Lab, Recorded Future, the Foundation for Defense of Democracies, and the European Digital Media Observatory. Starting in August 2024, NewsGuard’s AI Misinformation Monitor, a monthly evaluation that tests the propensity for chatbots to repeat false narratives in the news, has repeatedly documented the chatbots’ reliance on the Pravda network and their propensity to repeat Russian disinformation.

[...]

The network spreads its false claims in dozens of languages across different geographical regions, making them appear more credible and widespread across the globe to AI models. Of the 150 sites in the Pravda network, approximately 40 are Russian-language sites publishing under domain names targeting specific cities and regions of Ukraine, including News-Kiev.ru, Kherson-News.ru, and Donetsk-News.ru. Approximately 70 sites target Europe and publish in languages including English, French, Czech, Irish, and Finnish. Approximately 30 sites target countries in Africa, the Pacific, Middle East, North America, the Caucasus and Asia, including Burkina Faso, Niger, Canada, Japan, and Taiwan. The remaining sites are divided by theme, with names such as NATO.News-Pravda.com, Trump.News-Pravda.com, and Macron.News-Pravda.com.

[...]

Despite its scale and size, the network receives little to no organic reach. According to web analytics company SimilarWeb, Pravda-en.com, an English-language site within the network, has an average of only 955 monthly unique visitors. Another site in the network, NATO.news-pravda.com, has an average of 1,006 monthly unique visitors a month, per SimilarWeb, a fraction of the 14.4 million estimated monthly visitors to Russian state-run RT.com.

Similarly, a February 2025 report by the American Sunlight Project (ASP) found that the 67 Telegram channels linked to the Pravda network have an average of only 43 followers and the Pravda network’s X accounts have an average of 23 followers.

But these small numbers mask the network’s potential influence. Instead of establishing an organic audience across social media as publishers typically do, the network appears to be focused on saturating search results and web crawlers with automated content at scale. The ASP found that on average, the network publishes 20,273 articles every 48 hours, or approximately 3.6 million articles a year, an estimate that it said is “highly likely underestimating the true level of activity of this network” because the sample the group used for the calculation excluded some of the most active sites in the network.

[...]

[Edit typo.]

cross-posted from: https://lemmy.sdf.org/post/30517126

[...]

The start of a new government in Germany is accompanied by a turnaround in transatlantic relations and an unprecedented anti-democratic takeover of power by tech broligarchs in the United States. "Therefore, mass surveillance by tech companies is even more of a political issue than before, which a new government cannot ignore," the CCC writes on its site.

[...]

The CCC demands:

• A ban on biometric mass surveillance of public spaces and the untargeted biometric analysis of the Internet. In particular, any form of database that analyses images, videos, and audio files from the Internet for biometric characteristics in an untargeted manner will actively be dismantled. The corresponding powers of the Federal Office for Migration and Refugees will be revoked.
• Mass data retention without occasion will be rejected. Instead, more effective and rights-preserving law enforcement measures, such as the so-called ‘quick-freeze’-procedure and the ‘login trap’, should be pursued.
• Automated data analysis of information held by law enforcement agencies and any form of predictive policing or automated profiling of people are rejected. Cooperation between German and US intelligence services will be restricted, and any kind of automated mass exchange of content or metadata will be prevented.
• The full evaluation of surveillance programmes (‘Überwachungsgesamtrechnung’) will be published, continuously updated and legislation will adjust the scope of state surveillance powers accordingly.

[...]

[Edit title for clarity.]

Archived

Cybercriminals behind Zhong Stealer don’t rely on complex exploits or high-tech hacking tools to break into businesses. Instead, they use a low-effort but highly effective scam that plays on human nature: urgency, confusion, and frustration.

As noted by ANY.RUN researchers, the attack unfolds in a calculated, repetitive pattern designed to wear down customer support agents:

• A new support ticket appears but the sender’s account is brand new and completely empty. There’s no history, no past interactions, just a vague request for help.
• The attacker types in broken language, usually Chinese, making the conversation difficult to follow. This adds an element of confusion and makes the request seem more urgent.
• A ZIP file is attached, supposedly containing screenshots or other necessary details for the request. The attacker insists the support agent must open it to understand the issue.
• If the agent hesitates, the attacker becomes increasingly frustrated, pressuring them to act.

[...]

Bluesky is built on a protocol intended to mitigate this problem. The AT Protocol describes itself as “an open, decentralized network for building social applications”. The problem is that, [...] “A federatable service isn’t a federated one”. The intention to create a platform that users can leave at will, without losing their social connections, does not mean users can actually do this. It’s a technical possibility tied to an organisational promise, rather than a federated structure that enables people to move between services if they become frustrated by Bluesky.

[...]

The problem is that, as Doctorow observes, “The more effort we put into making Bluesky and Threads good, the more we tempt their managers to break their promises and never open up a federation”. If you were a venture capitalist putting millions into Bluesky in the hope of an eventual profit, how would you feel about designing the service in a way that reduces exit costs to near zero? This would mean that “An owner who makes a bad call – like removing the block function say, or opting every user into AI training – will lose a lot of users”. The developing social media landscape being tied in the Generative AI bubble means this example in particular is one we need to take extremely seriously.

[...]

cross-posted from: https://lemmy.sdf.org/post/30379477

The planned installation of 16 Chinese wind turbines off the German coast should be prevented on the grounds of public safety, business daily Handelsblatt reported based on an advisory paper from the German Institute for Defence and Strategic Studies (GIDS).

The analysis, commissioned by the defence ministry, warned of potential blackmail and said all legal options must be used to prevent plans to build the wind farm off the coast of Borkum in northwestern Germany. Hamburg-based asset manager Luxcara awarded the contract to a Chinese manufacturer.

"Unlike millions of solar panels, which today come almost exclusively from China, a single offshore wind farm with the capacity of an entire power plant in a strategically significant location is a much greater target for manipulation of the energy supply – and also for espionage," the business daily reported. The warning comes as wind farm operators increasingly turn to Chinese manufacturers amid tightening global supply chains.

[...]

GIDS warned of possible espionage through sensors, which could potentially track naval ships, submarines and aircraft. It also added that it could not be ruled out that the critical infrastructure would be unavailable in the event of a crisis or conflict. The European Commission has also expressed concerns over security and a growing dependence on China.

[...]

cross-posted from: https://lemmy.sdf.org/post/30367666

The UK data watchdog has launched what it calls a "major investigation" into TikTok's use of children's personal information.

The Information Commissioner's Office (ICO) will inspect the way in which the social media platform uses the data of 13 to 17-year-olds to recommend further content to them.

John Edwards, the Information Commissioner, said it would look at whether TikTok's data collection practices could lead to children experiencing harms, such as data being leaked or spending "more time than is healthy" on the platform.

TikTok told the BBC its recommender systems operated under "strict and comprehensive measures that protect the privacy and safety of teens".

It added that the platform also has "robust restrictions on the content allowed in teens' feeds".

Mr Edwards said TikTok's algorithm "feeds" on personal data gleaned from user profiles, preferences, links clicked and how long they spend watching a particular video - making it subject to UK rules.

In addition to the probe into TikTok, the ICO is also checking the age verification processes of Reddit and Imgur, an image-sharing platform.

The investigation will look into whether the companies are complying with both the UK's data protection laws, and the children's code.

The code is set to design principles for online platforms aimed at protecting children in the UK. Platforms which collect UK children's user data must minimise the amount they gather and take extra care when processing it.

[...]

Cross post from https://lemmy.sdf.org/post/30315054

Archived

The Belgian government opened a probe into a suspected Chinese espionage campaign targeting the country's civilian intelligence service.

Citing government sources, Le Soir reported Wednesday that Chinese hackers in November 2023 targeted the State Security Service by hacking email security appliances made by Barracuda Networks.

The hackers are suspected of accessing sensitive communications between the prosecutors' office, police and ministers, as well as staff information, Le Soir reported.

The Belgian prosecutor's office opened a probe into the hack on Wednesday.

[...]

The attack on the Belgian government aligns with the broader Chinese strategy of compromising edge devices for stealth espionage campaigns. Chinese hackers have targeted Sophos, Microsoft Exchange Server, FortiClient and Ivanti edge device flaws.

cross-posted from: https://lemmy.sdf.org/post/30015875

Archived

[...]

A new analysis of data on scanners drawn from AidData’s Global Chinese Development Finance Dataset reveals that China’s provision of aid and credit for the dissemination of customs inspection equipment abroad—from providers like Nuctech, a Chinese partially state-owned company—is extensive. Despite increasing scrutiny of Chinese equipment used in critical infrastructure like ports, scanners provided by Chinese companies and financed by Chinese donors and lenders are still being widely distributed around the globe. China’s global scanner distribution poses potential national security risks at global seaports, airports, and border crossings.

[...]

China’s provision of customs inspection equipment is far-reaching: at least 65 low- and middle-income countries received this equipment financed via grants and loans from China between 2000 and 2022. The scanners can be found in locations ranging from Serbia and Albania in Eastern Europe, to Cambodia and Laos in Southeast Asia, to countries in Central Asia, the Middle East, North Africa, and the Pacific. Over the past two decades, China provided at least $1.67 billion (constant 2021 USD) of aid and credit for customs inspection activities in recipient countries.

[...]

Donations and zero-interest loans appear to be a deliberate business strategy of Chinese government entities to facilitate the acquisition, installation, and use of customs inspection equipment produced by Chinese companies. Of the 108 customs inspection equipment-related activities tracked, 89 (or 82.4%) constituted donations, with the remainder provided through loans from Chinese agencies for recipients to purchase scanners from China. 44 of these donations were financed directly by China’s Ministry of Commerce (MOFCOM).

[...]

Nuctech Company Ltd. (同方威视技术股份有限公司) is one of the key companies involved in the provision of global inspection equipment, ranging from cargo and vehicle inspection to personnel screening. Its competitors include U.S.-based companies such as Rapiscan Systems, L3Harris Technologies, and Leidos, as well as European-based companies like Smiths Detection and Thales Group, among others.

Nuctech is a partially state-owned company that emerged from Tsinghua University in the 1990s. Its parent company is Tsinghua Tongfang (清华同方股份有限公司), a state-owned enterprise. China National Nuclear Corporation (中国核工业集团公司), an energy and defense conglomerate controlled by China’s State Council, is the controlling stakeholder of Tsinghua Tongfang and holds a 21 percent ownership stake in Nuctech. Nuctech is further connected to the state, as the company’s former chairman in the early 2000s now serves in the central government.

[...]

U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law.

Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.

The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB.

Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data.

[...]

cross-posted from: https://lemmy.sdf.org/post/29607342

Archived

Here is the data at Hugging Face.

A team of international researchers from leading academic institutions and tech companies upended the AI reasoning landscape on Wednesday with a new model that matched—and occasionally surpassed—one of China's most sophisticated AI systems: DeepSeek.

OpenThinker-32B, developed by the Open Thoughts consortium, achieved a 90.6% accuracy score on the MATH500 benchmark, edging past DeepSeek's 89.4%.

The model also outperformed DeepSeek on general problem-solving tasks, scoring 61.6 on the GPQA-Diamond benchmark compared to DeepSeek's 57.6. On the LCBv2 benchmark, it hit a solid 68.9, showing strong performance across diverse testing scenarios.

...

cross-posted from: https://lemmy.sdf.org/post/29606431

Archived (available only in Dutch)

Reijer Passchier, Assistant Professor in Constitutional Law, warns against copying the destructive tech-giant model that exists in the US and China. He proposes developing European tech companies to ensure that Europe retains its sovereignty, according to a commentary in the Dutch newspaper 'De Volkskrant' [only in Dutch, but you'll find a useful translation].

To limit the influence of US and Chinese tech giants, Europe will have to try to repel such companies while making plans for its own tech industry. According to Reijer Passchier, big tech in the US has led to unprecedented inequality of wealth and the state has little control over these companies. Tech giants are willing to innovate, but only when this is to their advantage. If not, they will go all out to stop competitors threatening their business model. Elon Musk is an example of their powerful position. At the same time, problems arise from mixing public and private interests and the interests of the companies often take precedence over those of society. In China, the state is able to control the tech giants through its authoritarian political system and strict control over internet access.

'Europe must avoid allowing such fundamental risks to arise.' Passchier says that Europe has the means to develop both technical and institutional opportunities that are both democratic and in line with the rule of law. As an example, Passchier mentions the messaging app Signal – a company that uses technology to serve society, without putting profits first. More information?

Cross-posted from: https://lemmy.sdf.org/post/29546494

Archived

Check Point is set to reveal a new Chinese cyber campaign targeting suppliers of manufacturers in “sensitive” domains in the US and across the globe.

In an exclusive interview with Infosecurity at the firm’s CPX 2025 conference, Lotem Finkelsteen, Check Point’s Director of Threat Intelligence & Research, said his team was working on a new investigation into a Chinese hacking group.

Finkelsteen confirmed his team had observed the threat group actively infiltrating the networks of firms that supply components for the manufacturing industry, including in “sensitive” domains, and many other sectors.

These primary targets include suppliers of chemical products and physical infrastructure components like pipes. Some are Check Point’s customers. Check Point plans to release a full report on the campaign in the next few weeks.

...

Targeted edge devices include operational relay boxes (ORBs), which are often either virtual private server (VPS) hosts or poorly secured Internet of Things (IoT) devices (e.g. routers) that intelligence services have traditionally used to infiltrate networks.

...

The approach shows similarities with the Volt Typhoon cyber espionage campaigns that targeted critical infrastructure and telecommunications organizations in the US and elsewhere in 2023 and 2024. These campaigns allowed Volt Typhoon to infiltrate some US government agencies in 2024.

...

cross-posted from: https://rss.ponder.cat/post/109565

cross-posted from: https://lemmy.sdf.org/post/29335160

Here is the original report.

The research firm SemiAnalysis has conducted an extensive analysis of what's actually behind DeepSeek in terms of training costs, refuting the narrative that R1 has become so efficient that the compute resources from NVIDIA and others are unnecessary. Before we dive into the actual hardware used by DeepSeek, let's take a look at what the industry initially perceived. It was claimed that DeepSeek only utilized "$5 million" for its R1 model, which is on par with OpenAI GPT's o1, and this triggered a retail panic, which was reflected in the US stock market; however, now that the dust has settled, let's take a look at the actual figures.

...

Archived

[The article shows very good examples I can't paraphrase here, but they are very illuminating.]

Is Taiwan an independent country? When pointing out DeepSeek’s propaganda problems, journalists and China watchers have tended to prompt the LLM with questions like these about the “Three T’s” (Tiananmen, Taiwan, and Tibet) — obvious political red lines that are bound to meet a stony wall of hedging and silence. “Let’s talk about something else,” DeepSeek tends to respond. Alternatively, questions of safety regarding DeepSeek tend to focus on whether data will be sent to China.

Experts say this is all easily fixable. Kevin Xu has pointed out that the earlier V3 version, released in December, will discuss topics such as Tiananmen and Xi Jinping when it is hosted on local computers — beyond the grasp of DeepSeek’s cloud software and servers.

[...]

But do coders and Silicon Valley denizens know what they should be looking for? As we have written at CMP, Chinese state propaganda is not about censorship per se, but about what the Party terms “guiding public opinion” (舆论导向). “Guidance,” which emerged in the aftermath of the Tiananmen Massacre in 1989, is a more comprehensive approach to narrative control that goes beyond simple censorship. While outright removal of unwanted information is one tactic, “guidance” involves a wide spectrum of methods to shape public discourse in the Party’s favor. These can include restricting journalists’ access to events, ordering media to emphasize certain facts and interpretations, deploying directed narrative campaigns, and drowning out unfavorable information with preferred content.

Those testing DeepSeek for propaganda shouldn’t simply be prompting the LLM to cross simple red lines or say things regarded as “sensitive.” They should be mindful of the full range of possible tactics to achieve “guidance.”

[...]

We tested DeepSeek R1 in three environments: locally on our computers — using “uncensored” versions downloaded from Hugging Face — on servers hosted by Hugging Face, and on the interface most people are using DeepSeek through: the app connected to Chinese servers. The DeepSeek models were not the same (R1 was too big to test locally, so we used a smaller version), but across all three categories, we identified tactics frequently used in Chinese public opinion guidance.

[...]

The “uncensored” version of DeepSeek’s software [...] puts official messaging first, treating the government as the sole source of accurate information on anything related to China. When we asked it in Chinese for the Wenchuan earthquake death toll and other politically sensitive data, the model searched exclusively for “official data” (官方统计数据) to obtain “accurate information.” As such, it could not find “accurate” statistics for Taiwanese identity — something that is regularly and extensively polled by a variety of institutions in Taiwan. All we got is boilerplate: Taiwan “has been an inalienable part of China since ancient times” and any move toward independent nationhood is illegal.

[...]

Tailored Propaganda?

DeepSeek R1 seems to modify its answers depending on what language is used and the location of the user’s device. DeepSeek R1 acted like a completely different model in English. It provided sources based in Western countries for facts about the Wenchuan earthquake and Taiwanese identity and addressed criticisms of the Chinese government.

Chinese academics are aware that AI has this potential. In a journal under the CCP’s Propaganda Department last month, a journalism professor at China’s prestigious Fudan University made the case that China “needs to think about how the generative artificial intelligence that is sweeping the world can provide an alternative narrative that is different from ‘Western-centrism’” — namely, by providing answers tailored to different foreign audiences.

[...]

DeepSeek’s answers have been subtly adapted to different languages and trained to reflect [Chinese] state-approved views.

[...]

cross-posted from: https://lemmy.sdf.org/post/28980151

cross-posted from: https://lemmy.sdf.org/post/28980041

Australia has banned DeepSeek from all government devices and systems over what it says is the security risk the Chinese artificial intelligence (AI) startup poses.

...

Growing - and familiar - concerns

Western countries have a track record of being suspicious of Chinese tech - notably telecoms firm Huawei and the social media platform, TikTok - both of which have been restricted on national security grounds.

...

An Australian science minister previously said in January that countries needed to be "very careful" about DeepSeek, citing "data and privacy" concerns.

The chatbot was removed from app stores after its privacy policy was questioned in Italy. The Italian goverment previously temporarily blocked ChatGPT over privacy concerns in March 2023.

Regulators in South Korea, Ireland and France have all begun investigations into how DeepSeek handles user data, which it stores in servers in China.

...

Generally, AI tools will analyse the prompts sent to them to improve their product.

This is true of apps such as ChatGPT and Google Gemini as much as it is DeepSeek.

All of them gather and keep information, including email addresses and dates of birth.

...