Email or username:

Password:

Forgot your password?
16 posts total
Meredith Whittaker

📣 New Paper! w/@HeidyKhlaaf + @sarahbmyers

We put the narrative on AI risks & NatSec under a microscope, finding the focus on hypothetical AI bioweapons is warping policy and ignoring real & serious harms of current AI use in surveillance, targeting, etc.

Instead of crafting solutions for hypothetical harms, we advocate focusing on already existing and very significant safety issues--namely AI’s reliance on PII & the vulns created by foundation models' use in NatSec.

arxiv.org/abs/2410.14831

📣 New Paper! w/@HeidyKhlaaf + @sarahbmyers

We put the narrative on AI risks & NatSec under a microscope, finding the focus on hypothetical AI bioweapons is warping policy and ignoring real & serious harms of current AI use in surveillance, targeting, etc.

Instead of crafting solutions for hypothetical harms, we advocate focusing on already existing and very significant safety issues--namely AI’s reliance on PII & the vulns created by foundation models' use in NatSec.

Lasse Gismo - 🇮🇱🇺🇦🇸🇩 :nona:

@Mer__edith

What was it called in the Bundeswehr before:
camouflage, deceive, piss off - and fill their pockets.
A very old story.

Meredith Whittaker

Case in point: there's no way to build a backdoor that only the "good guys" can use.

When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.

wsj.com/tech/cybersecurity/u-s

Show previous comments
Brian Strouselhousen

@Mer__edith So clearly the answer is to use AI to encrypt it, then put it on the blockchain, and store a secret in an NFT that is then stored in a smart contract which is then stored in an offline (cold) wallet available only to the good guys. Sounds reasonable, right?

Jeff Codes 🤨

@Mer__edith it's almost like legislators have no idea how technology works...

Justin Scholz

@Mer__edith @matrix a back door is just the front door on the other street.

Meredith Whittaker

There’s been some chatter about Signal desktop recently, so let’s clear the air. Three points:

1. The reported issues rely on an attacker already having *full access to your device* — either physically, through a malware compromise, or via a malicious application running on the same device. This is not something that Signal, or any other app, can fully protect against. Nor do we ever claim to.

Show previous comments
Erica Marigold :vm:

@Mer__edith Well, the logic doesn't make sense as to why you encrypt local messages but not media then, does it?

AlexTECPlayz

@Mer__edith Yeah no, this post is a big miss and reeks of sh*t. Just because OSes already have disk encryption that can be enabled, doesn't mean Signal shouldn't also at the very least, give the option to also encrypt the files that are saved/cached/whatever.

Maybe some missed the option to encrypt their system and can't be arsed to reflash their entire OS again - like me, I didn't see any option in the Debian installer to encrypt the disk or the home folder, and forgot about it, so now I'm currently not in the mood to literally reinstall the system again to manually encrypt it.

I know very well that this is risky if someone had access to the hardware, but I would have felt better if Signal Desktop was also encrypting the files.

I stopped using Signal, mostly due to its centralised manner, and the phone number requirement, and this issue that apparently has been known for years and not getting fixed, is certainly not pushing me to use Signal again. Do better.

@Mer__edith Yeah no, this post is a big miss and reeks of sh*t. Just because OSes already have disk encryption that can be enabled, doesn't mean Signal shouldn't also at the very least, give the option to also encrypt the files that are saved/cached/whatever.

Maybe some missed the option to encrypt their system and can't be arsed to reflash their entire OS again - like me, I didn't see any option in the Debian installer to encrypt the disk or the home folder, and forgot about it, so now I'm currently...

blastoise

@Mer__edith This is a lie. You should honestly accept Signal took no action to fix a vulnerability reported 6 years ago.

Meredith Whittaker

📣Official statement: the new EU chat controls proposal for mass scanning is the same old surveillance with new branding.

Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities

signal.org/blog/pdfs/upload-mo

Show previous comments
Christian

@Mer__edith It's nothing but the same old surveillance tactics wrapped in a shiny new package. Whether they label it a backdoor, a front door, or disguise it as "upload moderation," this proposal is a direct threat to encryption. The audacity to push this under the false pretense of protecting children is beyond belief. The EU council must not let this pass. Our security and freedoms are at stake, and we must stand against this deception!

neo

@Mer__edith@mastodon.world They know & are hoping to induce "care fatigue"

Graydon

@Mer__edith And this shit is not going to go away until the institutional actors determined to enact it have been abolished.

It'd be appropriate to abruptly and comprehensively and completely defund whatever EU agencies keep insisting on authoritarian social controls.

Meredith Whittaker

Signal strongly opposes the newest #ChatControl proposal in Europe.

Let there be no doubt: we will leave the EU market rather than undermine our privacy guarantees.

This proposal--if passed and enforced against us--would require us to make this choice.

It's surveillance wine in safety bottles.

See more: patrick-breyer.de/en/majority- @echo_pbreyer

Show previous comments
cholling

@Mer__edith @echo_pbreyer When will your privacy guarantees include not tying Signal accounts to phone numbers and not scanning users' contacts?

Laxystem (Masto/Glitch)

@Mer__edith @echo_pbreyer not only is this privacy invasive af, it prevents the #Fediverse from supporting any form of image upload in the EU - fedi servers are small and cannot support running any form of UEC including AI, and will never rely on centralized corporate or government services to do so.

Kevin Karhan :verified:

@Mer__edith @echo_pbreyer then why does @signalapp not follow through on it's actions and cease operations not only in #cyberfacist regimes like #Russia and #Iran but also relocate out.of range of #CloudAct and completely #decentralize to the point it's not possible to shutdown?

- Why does #Signal still insist on collecting #PII like #PhoneNumbers which more often than not can't be acquired anonymously in an increasing amount of juristictions?

These questions remain unanswered, because Signal, like #ANØM and #CryptoAG before is a #Honeypot.

- Otherwise it would've been shutdown and not include concessions that enforce U.S. hegemony and sanctions!

infosec.space/@kkarhan/1125524

#InconvenientTruth

@Mer__edith @echo_pbreyer then why does @signalapp not follow through on it's actions and cease operations not only in #cyberfacist regimes like #Russia and #Iran but also relocate out.of range of #CloudAct and completely #decentralize to the point it's not possible to shutdown?

- Why does #Signal still insist on collecting #PII like #PhoneNumbers which more often than not can't be acquired anonymously in an increasing amount of juristictions?

Meredith Whittaker

📢 New from me!

On why "privacy for me but not for thee" amounts to "privacy for no one," and how a German Military comms leak demonstrates that mass private comms services, like Signal, are the only way to ensure privacy--for anyone and everyone.👇

netzpolitik.org/2024/taurus-le

Meredith Whittaker

Notable that this longstanding problem, which I and a few others have been naming for ~a decade, is now common sense.

It's true. AI is fundamentally a technology controlled by Big Tech. But the current 'solutions' to this problem would extend, not dilute, Big Tech control. 1/

washingtonpost.com/technology/

Meredith Whittaker

The issue: Big Tech has the $$ infrastructure, data, ability to pay talent, and access to market which no one else does. So as academics, you either pay retail for access, or get it discounted/free by yoking yourself to Big Tech (via dual affiliation, or just being hired). 2/

Meredith Whittaker

Usernames...for everyone!!!

Usernames are now out of beta and available for anyone using the latest version of the Signal app--≥7.0.

🎁❤️

Show previous comments
ex_06

@Mer__edith is it necessary to wait for everyone to get on 7.0 (those 90days) to avoid leaking the account to people that already have my number?

Sunshine

@Mer__edith Thank you @signalapp team! I have now sent reminders to all my Signal contacts about this, signing the message with "Signal's heiress". :ablobcatwink:

Meredith Whittaker

IT IS HAPPENING! Today, Signal launches phone number privacy & usernames! These features let you use Signal w/o sharing your phone number with the people you talk to

Proud to add more privacy to Signal, & proud of the smart, careful work the team did to make this happen ♥️

You can read more here: signal.org/blog/phone-number-p

Meredith Whittaker

MS--Open AI's ~parent company--already has massive US military contracts. This is the biz model.

This news is also one more alarm re. the current AI paradigm, its reliance on concentrated corp power, & the undemocratic decision making power this gives these (primarily) US-based corps.

theintercept.com/2024/01/12/op

Meredith Whittaker

...for anyone preparing to step to this post with arguments re. AI's potential efficiencies/precision leading to harm reduction in war, no. That's an unevidenced hope.

Where we do have insight (which is scarce, given the pernicious intersection of trade secrecy and classification), it points to AI enabling "Jevon's paradox, but for death."

See: 972mag.com/mass-assassination-

fool

@Mer__edith If all major military powers use AI to a similar extent, would it revert warfare back to primitive stage because nothing is reliable without naked eye confirmation?

Either that, or kill everyone and nuke everything.

Meredith Whittaker

I did not sign this statement, tho I agree “open” AI is not the enemy of “safe” AI

I can't endorse its premise that “openness” alone will “mitigate current+future harms from AI,” nor that it’s an antidote to concentrated power in the AI industry 1/

open.mozilla.org/letter/

Meredith Whittaker

This is esp true in an ecosystem where the term “open”, in the context of AI, has no clear definition, leaving it ripe for abuse + instrumentation by firms like Meta (who signed on + are currently brandishing this same statement to promo their ersatz "open" AI offerings). 2/

Meredith Whittaker

Confirming the EU law enforcement (& AI company) mass surveillance aspirations animating the EU push to scan everyone’s private messages. It’s critical that people understand what’s going on here.

balkaninsight.com/2023/09/29/e

Jos

"All data is useful and should be passed on to law enforcement, there should be no filtering by the [EU] Centre because even an innocent image might contain information that could at some point be useful to law enforcement,"

Brrr

@Mer__edith

Aliki Souma

@Mer__edith In addition to the obvious data privacy and surveillance dangers of #CSAR, it should also be noted that the proposed law is harmful because it disorients the public discourse about what measures should ACTUALLY be taken to effectively protect children and minors from online violence and abuse. The imposition of chat scanning could create a false sense of security, which in turn could potentially lead to children using social media uncontrollably, without any parental guidance or supervision.

Meredith Whittaker

SO good -- the best follow the money reporting on who's behind the global attack on digital privacy yet.

TLDR: it's law enforcement x AI companies posing as NGOs w a commercial interest in selling scammy mass scanning tech. Deeply cynical, deeply shady.

balkaninsight.com/2023/09/25/w

Meredith Whittaker

I don't know if it could be any clearer...

hnapel

@Mer__edith

I hope the public and legislators will soon understand that #AI is not the solution to the exploitation of children but much more part of the problem.

businessinsider.com/fake-naked

Meredith Whittaker

This is the real, human cost of mass surveillance of everyone's private digital communications.

If we actually care about keeping people safe, we need more end-to-end encryption not less.

Show previous comments
maddie (:goodfortrout:) :QueerCat: :verifiedtrans:
@Mer__edith sure, you may have "nothing to hide", but these people do, and therefore we need less surveillance.
Trash Panda

@Mer__edith@mastodon.world
My fucking god, of all places sharing that kind of things on facebook takes a special type of stupid.

Vefhtagn

@Mer__edith this is WHY we don't want META on the fediverse

Meredith Whittaker

Early 2000s profitable startups gave their handful of workers novel perks/freedom. These cos/their workplace culture got big. Late 2010s tech labor gained power + made demands. Now a hint of recession = excuse to break promises/reestablish dominance over workers. It's not about $

Meredith Whittaker

Climate change is already threatening the data centers required to power large scale tech, like "AI".

Or, accounting for climate we see a tech future that's patchier & less always-on + ubiquitous, NOT larger and more powerful.

This doesn't mean that those with power to shape and control tech will themselves grow less powerful. But it does mean that the colloquial Moore's law fantasies of tech, particularly popular in "AI", will face a series of hard stops. @mel_hogan

Nadia/Надя/नाडिया/娜迪亚/ نادية

@Mer__edith @mel_hogan

It might degrade the quality & performance of new parts more than shut things down in itself, but some materials used to build computers (hafnium noted in the article) are dwindling:

engineering.com/story/what-raw

Go Up