CAIRO/JERUSALEM — Israeli troops and tanks pushed on Saturday into parts of a congested northern Gaza Strip district that they had previously skirted in the more than seven-month-old war, killing and wounding dozens of Palestinians, medics and residents said.
The city of Houston on Saturday opened new distribution centers to give out water as around 500,000 customers remained without power following severe storms blamed in the deaths of seven people in the region.
PHOENIX — Arizona’s Democratic Attorney General Kris Mayes on Friday announced that Rudy Giuliani had been served with the notice of his indictment in connection with an alleged conspiracy to overturn the 2020 election results in Arizona.
An anonymous reader shared this report from Automotive News:
Automotive News recently reported that eight automakers sent vehicle location data to police without a court order or warrant. The eight companies told senators that they provide police with data when subpoenaed, getting a rise from several officials.
BMW, Kia, Mazda, Mercedes-Benz, Nissan, Subaru, Toyota, and Volkswagen presented their responses to lawmakers. Senators Ron Wyden from Oregon and Ed Markey from Massachusetts penned a letter to the Federal Trade Commission, urging investigative action. "Automakers have not only kept consumers in the dark regarding their actual practices, but multiple companies misled consumers for over a decade by failing to honor the industry's own voluntary privacy principles," they wrote.
Ten years ago, all of those companies agreed to the Consumer Privacy Protection Principles, a voluntary code that said automakers would only provide data with a warrant or order issued by a court. Subpoenas, on the other hand, only require approval from law enforcement. Though it wasn't part of the eight automakers' response, General Motors has a class-action suit on its hands, claiming that it shared data with LexisNexis Risk Solutions, a company that provides insurers with information to set rates.
The article notes that the lawmakers praised Honda, Ford, GM, Tesla, and Stellantis for requiring warrants, "except in the case of emergencies or with customer consent."
"Albert Einstein was right," reports CNN. "There is an area at the edge of black holes where matter can no longer stay in orbit and instead falls in, as predicted by his theory of gravity."
The proof came by combining NASA's earth-orbiting NuSTAR telescope with the NICER telescope on the International Space Station to detect X-rays:
A team of astronomers has for the first time observed this area — called the "plunging region" — in a black hole about 10,000 light-years from Earth. "We've been ignoring this region, because we didn't have the data," said research scientist Andrew Mummery, lead author of the study published Thursday in the journal Monthly Notices of the Royal Astronomical Society. "But now that we do, we couldn't explain it any other way."
Mummery — also a Fellow in Oxford's physics department — told CNN, "We went out searching for this one specifically — that was always the plan. We've argued about whether we'd ever be able to find it for a really long time. People said it would be impossible, so confirming it's there is really exciting."
Mummery described the plunging region as "like the edge of a waterfall."
Unlike the event horizon, which is closer to the center of the black hole and doesn't let anything escape, including light and radiation, in the "plunging region" light can still escape, but matter is doomed by the powerful gravitational pull, Mummery explained. The study's findings could help astronomers better understand the formation and evolution of black holes. "We can really learn about them by studying this region, because it's right at the edge, so it gives us the most information," Mummery said...
According to Christopher Reynolds, a professor of astronomy at the University of Maryland, College Park, finding actual evidence for the "plunging region" is an important step that will let scientists significantly refine models for how matter behaves around a black hole. "For example, it can be used to measure the rotation rate of the black hole," said Reynolds, who was not involved in the study.
"We're migrating domains in batches..." announced web-hosting company Squarespace earlier this month.
"Squarespace has entered into an agreement to become the new home for Google Domains customers. When your domain transitions from Google to Squarespace, you'll become a Squarespace customer and manage your domain through an account with us."
Slashdot reader shortyadamk shares an email sent today to a Google Domains customer:
"Today your domain, xyz.com, migrated from Google Domains to Squarespace Domains.
"Your WHOIS contact details and billing information (if applicable) were migrated to Squarespace. Your DNS configuration remains unchanged.
"Your migrated domain will continue to work with Google Services such as Google Search Console. To support this, your account now has a domain verification record — one corresponding to each Google account that currently has access to the domain."
America's Defense Department "is rushing to expand its capacity to wage war in space," reports the New York Times, "convinced that rapid advances by China and Russia in space-based operations pose a growing threat to U.S. troops and other military assets on the ground and U.S. satellites in orbit."
[T]he Defense Department is looking to acquire a new generation of ground- and space-based tools that will allow it to defend its satellite network from attack and, if necessary, to disrupt or disable enemy spacecraft in orbit, Pentagon officials have said in a series of interviews, speeches and recent statements... [T]he move to enhance warfighting capacity in space is driven mostly by China's expanding fleet of military tools in space... [U.S. officials are] moving ahead with an effort they are calling "responsible counterspace campaigning," an intentionally ambiguous term that avoids directly confirming that the United States intends to put its own weapons in space. But it also is meant to reflect this commitment by the United States to pursue its interest in space without creating massive debris fields that would result if an explosive device or missile were used to blow up an enemy satellite. That is what happened in 2007, when China used a missile to blow up a satellite in orbit. The United States, China, India and Russia all have tested such missiles. But the United States vowed in 2022 not to do any such antisatellite tests again.
The United States has also long had ground-based systems that allow it to jam radio signals, disrupting the ability of an enemy to communicate with its satellites, and is taking steps to modernize these systems. But under its new approach, the Pentagon is moving to take on an even more ambitious task: broadly suppress enemy threats in orbit in a fashion similar to what the Navy does in the oceans and the Air Force in the skies.
The article notes a recent report drafted by a former Space Force colonel cited three ways to disable enemy satellite networks: cyberattacks, ground or space-based lasers, and high-powered microwaves. "John Shaw, a recently retired Space Force lieutenant general who helped run the Space Command, agreed that directed-energy devices based on the ground or in space would probably be a part of any future system. 'It does minimize debris; it works at the speed of light,' he said. 'Those are probably going to be the tools of choice to achieve our objective."
The Pentagon is separately working to launch a new generation of military satellites that can maneuver, be refueled while in space or have robotic arms that could reach out and grab — and potentially disrupt — an enemy satellite. Another early focus is on protecting missile defense satellites. The Defense Department recently started to require that a new generation of these space-based monitoring systems have built-in tools to evade or respond to possible attack. "Resiliency feature to protect against directed energy attack mechanisms" is how one recent missile defense contract described it. Last month the Pentagon also awarded contracts to two companies — Rocket Lab and True Anomaly — to launch two spacecraft by late next year, one acting as a mock enemy and the other equipped with cameras, to pull up close and observe the threat. The intercept satellite will not have any weapons, but it has a cargo hold that could carry them.
The article notes that Space Force's chief of space operations has told Senate appropriators that about $2.4 billion of the $29.4 billion in Space Force's proposed 2025 budget was set aside for "space domain awareness." And it adds that the Pentagon "is working to coordinate its so-called counterspace efforts with major allies, including Britain, Canada and Australia, through a multinational operation called Operation Olympic Defender. France has been particularly aggressive, announcing its intent to build and launch by 2030 a satellite equipped with a high-powered laser."
[W]hat is clear is that a certain threshold has now been passed: Space has effectively become part of the military fighting domain, current and former Pentagon officials said. "By no means do we want to see war extend into space," Lt. Gen. DeAnna Burt, deputy chief of space operations, said at a Mitchell Institute event this year. "But if it does, we have to be prepared to fight and win."
Bloomberg reports that self-driving car company Cruise "reached an $8 million to $12 million settlement with a pedestrian who was dragged by one of its self-driving vehicles in San Francisco, according to a person familiar with the situation."
The settlement was struck earlier this year and the woman is out of the hospital, said the person, who declined to be identified discussing a private matter. In the October incident, the pedestrian crossing the road was struck by another vehicle before landing in front of one of GM's Cruise vehicles. The robotaxi braked hard but ran over the person. It then pulled over for safety, driving 20 feet at a speed of up to seven miles per hour with the pedestrian still under the car.
The incident "contributed to the company being blocked from operating in San Francisco and halting its operations around the country for months," reports the Washington Post:
The company initially told reporters that the car had stopped just after rolling over the pedestrian, but the California Public Utilities Commission, which regulates permits for self-driving cars, later said Cruise had covered up the truth that its car actually kept going and dragged the woman. The crash and the questions about what Cruise knew and disclosed to investigators led to a firestorm of scrutiny on the company. Cruise pulled its vehicles off roads countrywide, laid off a quarter of its staff and in November its CEO Kyle Vogt stepped down. The Department of Justice and the Securities and Exchange Commission are investigating the company, adding to a probe from the National Highway Traffic Safety Administration.
In Cruise's absence, Google's Waymo self-driving cars have become the only robotaxis operating in San Francisco.
in June, the company's president and chief technology officer Mohamed Elshenawy is slated to speak at a conference on artificial-intelligence quality in San Francisco.
Dow Jones news services published this quote from a Cruise spokesperson. "The hearts of all Cruise employees continue to be with the pedestrian, and we hope for her continued recovery."
In July last year, OpenAI announced the formation of a new research team that would prepare for the advent of supersmart artificial intelligence capable of outwitting and overpowering its creators. Ilya Sutskever, OpenAI’s chief scientist and one of the company’s co-founders, was named as the co-lead of this new team. OpenAI said the team would receive 20 percent of its computing power.
Now OpenAI’s “superalignment team” is no more, the company confirms. That comes after the departures of several researchers involved, Tuesday’s news that Sutskever was leaving the company, and the resignation of the team’s other co-lead. The group’s work will be absorbed into OpenAI’s other research efforts.
A helium leak pushed back a planned launch to May 25. Boeing's program that would shuttle astronauts to and from the International Space Station has been plagued with problems.
A group of former military trauma surgeons are calling for first responders to carry whole blood on rescue vehicles to help save bleeding patients. NBC News' Cynthia McFadden reports on the small number of communities already seeing life-saving results.
A group of former military trauma surgeons are calling for first responders to carry whole blood on rescue vehicles to help save bleeding patients. NBC News' Cynthia McFadden reports on the small number of communities already seeing life-saving results.
Security professional Bruce Schneier argues that large language models have the same vulnerability as phones in the 1970s exploited by John Draper.
"Data and control used the same channel," Schneier writes in Communications of the ACM. "That is, the commands that told the phone switch what to do were sent along the same path as voices."
Other forms of prompt injection involve the LLM receiving malicious instructions in its training data. Another example hides secret commands in Web pages. Any LLM application that processes emails or Web pages is vulnerable. Attackers can embed malicious commands in images and videos, so any system that processes those is vulnerable. Any LLM application that interacts with untrusted users — think of a chatbot embedded in a website — will be vulnerable to attack. It's hard to think of an LLM application that isn't vulnerable in some way.
Individual attacks are easy to prevent once discovered and publicized, but there are an infinite number of them and no way to block them as a class. The real problem here is the same one that plagued the pre-SS7 phone network: the commingling of data and commands. As long as the data — whether it be training data, text prompts, or other input into the LLM — is mixed up with the commands that tell the LLM what to do, the system will be vulnerable. But unlike the phone system, we can't separate an LLM's data from its commands. One of the enormously powerful features of an LLM is that the data affects the code. We want the system to modify its operation when it gets new training data. We want it to change the way it works based on the commands we give it. The fact that LLMs self-modify based on their input data is a feature, not a bug. And it's the very thing that enables prompt injection.
Like the old phone system, defenses are likely to be piecemeal. We're getting better at creating LLMs that are resistant to these attacks. We're building systems that clean up inputs, both by recognizing known prompt-injection attacks and training other LLMs to try to recognize what those attacks look like. (Although now you have to secure that other LLM from prompt-injection attacks.) In some cases, we can use access-control mechanisms and other Internet security systems to limit who can access the LLM and what the LLM can do. This will limit how much we can trust them. Can you ever trust an LLM email assistant if it can be tricked into doing something it shouldn't do? Can you ever trust a generative-AI traffic-detection video system if someone can hold up a carefully worded sign and convince it to not notice a particular license plate — and then forget that it ever saw the sign...?
Someday, some AI researcher will figure out how to separate the data and control paths. Until then, though, we're going to have to think carefully about using LLMs in potentially adversarial situations...like, say, on the Internet.
Schneier urges engineers to balance the risks of generative AI with the powers it brings. "Using them for everything is easier than taking the time to figure out what sort of specialized AI is optimized for the task.
"But generative AI comes with a lot of security baggage — in the form of prompt-injection attacks and other security risks. We need to take a more nuanced view of AI systems, their uses, their own particular risks, and their costs vs. benefits."
A blind worker for the National Federation of the Blind said Sonos had a reputation for making products usable for people with disabilities, but that "Overnight they broke that trust," according to the Washington Post.
They're not the only angry customers about the latest update to Sonos's wireless speaker system. The newspaper notes that nonprofit worker Charles Knight is "among the Sonos die-hards who are furious at the new app that crippled their options to stream music, listen to an album all the way through or set a morning alarm clock."
After Sonos updated its app last week, Knight could no longer set or change his wake-up music alarm. Timers to turn off music were also missing. "Something as basic as an alarm is part of the feature set that users have had for 15 years," said Knight, who has spent thousands of dollars on six Sonos speakers for his bedroom, home office and kitchen. "It was just really badly thought out from start to finish." Some people who are blind also complained that the app omitted voice-control features they need.
What's happening to Sonos speaker owners is a cautionary tale. As more of your possessions rely on software — including your car, phone, TV, home thermostat or tractor — the manufacturer can ruin them with one shoddy update...
Sonos now says it's fixing problems and adding back missing features within days or weeks. Sonos CEO Patrick Spence acknowledged the company made some mistakes and said Sonos plans to earn back people's trust. "There are clearly people who are having an experience that is subpar," Spence said. "I would ask them to give us a chance to deliver the actions to address the concerns they've raised." Spence said that for years, customers' top complaint was the Sonos app was clunky and slow to connect to their speakers. Spence said the new app is zippier and easier for Sonos to update. (Some customers disputed that the new app is faster.)
He said some problems like Knight's missing alarms were flaws that Sonos found only once the app was about to roll out. (Sonos updated the alarm feature this week.) Sonos did remove but planned to add back some lesser-used features. Spence said the company should have told people upfront about the planned timeline to return any missing functions.
In a blog post Sonos thanked customers for "valuable feedback," saying they're "working to address them as quickly as possible" and promising to reintroduce features, fix bugs, and address performance issues. ("Adding and editing alarms" is available now, as well as VoiceOver fixes for the home screen on iOS.)
The Washington Post adds that Sonos "said it initially missed some software flaws and will restore more voice-reader functions next week."
An anonymous reader quotes a report from The New York Times: There's a big debate in the tech world over whether artificial intelligence models should be "open source." Elon Musk, who helped found OpenAI in 2015, sued the startup and its chief executive, Sam Altman, on claims that the company had diverged from its mission of openness. The Biden administration is investigating the risks and benefits of open source models. Proponents of open source A.I. models say they're more equitable and safer for society, while detractors say they are more likely to be abused for malicious intent. One big hiccup in the debate? There's no agreed-upon definition of what open source A.I. actually means. And some are accusing A.I. companies of "openwashing" -- using the "open source" term disingenuously to make themselves look good. (Accusations of openwashing have previously been aimed at coding projects that used the open source label too loosely.)
In a blog post on Open Future, a European think tank supporting open sourcing, Alek Tarkowski wrote, "As the rules get written, one challenge is building sufficient guardrails against corporations' attempts at 'openwashing.'" Last month the Linux Foundation, a nonprofit that supports open-source software projects, cautioned that "this 'openwashing' trend threatens to undermine the very premise of openness -- the free sharing of knowledge to enable inspection, replication and collective advancement." Organizations that apply the label to their models may be taking very different approaches to openness. [...]
The main reason is that while open source software allows anyone to replicate or modify it, building an A.I. model requires much more than code. Only a handful of companies can fund the computing power and data curation required. That's why some experts say labeling any A.I. as "open source" is at best misleading and at worst a marketing tool. "Even maximally open A.I. systems do not allow open access to the resources necessary to 'democratize' access to A.I., or enable full scrutiny," said David Gray Widder, a postdoctoral fellow at Cornell Tech who has studied use of the "open source" label by A.I. companies.
It might be surprising, but free VPNs are no longer just for PCs. You can also use them to help easily boost your security and privacy game on an Android device. Whether you want extra security while using a public Wi-Fi network, or to get around geo-restrictions for most of your favorite streaming services, a free VPN can help you do it without having to pay for anything.
The problem when looking for a good free VPN, though, is that there are a large number of them available on the Google Play Store. So how do you determine which ones are worth your time? Our experts here at PCWorld have tested a slew of VPNs, both for PCs and Android devices, and have curated a list of the best free options you can feel confident in using. Check out our top picks below.
Why you should trust me: Here at PCWorld we’ve been testing computer hardware, software, and services since the 1980s. As the VPN reviewer, I’m continually testing all of the major VPNs on the market and many lesser-known services in order to curate a list of the very best VPNs across a variety of categories. For a more in-depth guide, you can check out my article on how we test VPN services at PCWorld. Below you’ll find my favorite free VPNs, and below that, helpful advice about what to look for when choosing a VPN for your Android device on your own.
And if you’re looking to further upgrade your Android phone’s security, which I highly recommend, be sure to look at PCWorld’s recommendations for the best free antivirus for Android as well. Additionally, you can check out my guide to the best VPNs covering multiple devices.
Updated May 16, 2024: Check out my latest review of ProtonVPN. It manages to hold on to the number one spot as best free VPN for Android due to its generous free plan and easy-to-use Android app.
If you only have one device to worry about, ProtonVPN is your best choice. This free service provides what the company calls “medium speeds,” meaning you might not get access to the 10-gigabit-per-second servers that paying customers do, but the speeds are just fine anyways. It’s mercifully devoid of any annoying or privacy-compromising ads. Plus, there are no data or time limits imposed on users of the free version, meaning you can stream to your heart’s content — although they don’t promise that the free servers will unblock Netflix.
ProtonVPN has an excellent privacy policy as well, backed up by a recent independently verified no-logs audit. Overall, it’s an excellent free service with an easy-to-use Android app from a trustworthy company — what’s not to like?
Who should use ProtonVPN
ProtonVPN is a great option for anyone with a single Android device who needs a free VPN. Perfect for the one-off phone or tablet user, ProtonVPN provides unlimited data so it can be used all day without worrying about hitting a cap. Plus, privacy-conscious users can take heart that apart from the info required to sign up, ProtonVPN doesn’t collect any other user data.
Another solid choice for Android users. You won’t get the unlimited usage like you do with ProtonVPN. Instead, you get up to 10GB of browsing per month. But there are no device limits, and you have 10 country connection options.
Windscribe requires a confirmed email address to use its free service. Windscribe’s privacy policy is good, but it does track bandwidth usage to keep you to those free limitations.
Who should use Windscribe Pro
Windscribe Pro’s free Android VPN is best suited for those who need access across multiple devices. Watch out for the data limit though, as you can hit it pretty fast while using multiple devices.
Hide.me has pretty good speeds, and like Windscribe you’re limited to 10GB per month. Hide.me offers five connection choices including two U.S. locations (east and west), Canada, Germany, and the Netherlands. Hide.me doesn’t require an account for signing up, making it seamless and easy to use.
Who should use Hide.me
Since Hide.me’s free version does not require a sign-up in order to use, it’s good for those who just need a VPN for simple, one-off tasks. Alternatively, if you’re concerned about privacy, not having to enter in any personal information is a huge plus as well.
A solid VPN choice for anyone using the VPN on a phone. Speedify’s specialty is a seamless VPN transition between Wi-Fi and cellular. Typically, when you go between Wi-Fi and cellular the connection drops and restarts, but with Speedify it just keeps on going, which is nice. It also harnesses your Wi-Fi and cellular together to try and boost connection speeds.
Speeds are pretty good with Speedify, staying within the top 15 for speeds overall. The downside of this free offering is that you only get 2GB of data usage per month. That’s not much, which is why this is my last suggestion. But if you need something simple for basic web browsing Speedify is well worth a look.
Who should use Speedify
Due to the small data limit, Speedify is recommended for users who just need a VPN for basic web-browsing or a one-time use. The seamless transition between Wi-Fi and cellular and potential connection speed boost means that Speedify is an extremely convenient way to keep a VPN connection up while on the go or in spotty Wi-Fi areas.
It might sound odd to include a free-trial option here, but AVG Secure VPN is a fine VPN service on its own and it provides a 60-day free trial for new users. That’s incredibly generous for a premium service — most other VPNs only offer one-week free trials at best. The free trial extends to all devices as well so you can use it on both your Windows machine as well as your Android device.
AVG is a household name in security software and its VPN lives up to its high-standards. The free-trial gives you complete access to all of the paid features such as 10 simultaneous device connections, over 700 servers across more than 50 countries, and guaranteed streaming service unblocking with specific servers. While the speeds aren’t the fastest I’ve ever seen, they’re good enough for most general online activities. All-in-all, two months for free of AVG Secure VPN is a fantastic deal, just don’t forget to cancel the subscription before the free trial runs out.
Who should use AVG Secure VPN
Most people looking for a free VPN for shorter-term use will stand to gain a lot from AVG Secure VPN’s free trial. But I think it’s an exceptional choice in particular for those who are traveling for awhile and need a VPN while abroad. By taking advantage of a premium service’s speeds and broad server network you can access all of your streaming content no matter what country you find yourself in and you shouldn’t have to worry about frustrating data caps from other free services. Stream and browse to your heart’s content for no cost, well, at least for 60 days.
This will follow a lot of the advice I’ve already given for free stuff when it comes to Android. Google is doing a better job than ever at keeping harmful apps out of the Play Store, but there is still a chance of some random VPN app having malicious intent. Another problem is that even if the app is fine, the service itself may be up to no good.
For those reasons I always advise going with a well-known VPN service provider to reduce your chances of running into security issues.
Next, you want a free app that is truly free. Not some 7- or 30-day trial that will automatically start charging the card connected to your Play account after the trial period. You should also read over the privacy policy to make sure there’s nothing there you’re going to have a problem with.
Finally, you want to make sure the VPN has data limits that suit your needs.
How I tested
I judge VPNs on a variety of criteria including server network, connection speeds, privacy protections, ease-of-use, additional features, and cost. For a more detailed guide on how I test, check out PCWorld’s comprehensive guide on how we test VPN services.
Speed tests are kept as simple as possible. I average the connections between different global locations for any given VPN and then compare them to a baseline internet speed to get a good picture of the overall connection speeds. I thoroughly research and analyze the privacy policies and histories of each VPN and note any outstanding discrepancies or data collection issues.
Experience and ease-of-use are subjective, but I try my best to give an accurate representation of how it feels to work with the VPN. Since you don’t have to pay for a free VPN, the value will be contingent upon the trade-offs you’ll need to make and the restrictions it has in place.
Free VPNs aren’t a top recommendation, but if you’re going to go that way I’d strongly suggest the VPNs mentioned above.
FAQ
1.
What is a VPN?
A VPN, or virtual private network, hides your identity and encrypts your traffic while browsing the internet. Also, VPN servers are located all across the world, allowing you to connect to a server in another country. So if you want to access location-restricted content like streaming services, you can connect to the appropriate country’s server and gain access to content that may have been locked in your area.
2.
How does a VPN work?
In short, a VPN hides your IP address by redirecting your web traffic through a remote server hosted by the VPN company. The VPN server then appears to be the source of your traffic instead of your actual location. These remote servers can be located both in different countries around the world or even in your own country. Additionally, your network traffic is encrypted from your computer to the VPN, which adds an extra layer of security.
While connected to a VPN and browsing the internet, the VPN acts as a middleman between you and a website. If your computer sends a request to the VPN, it will then pass it along to a website. In return, the website sends its response back to the VPN, which forwards it via a secure encrypted connection to your computer.
3.
Is it legal to use a VPN?
In the United States as well as most countries, using a VPN is perfectly legal. Some certain websites try to block VPN connections, but that is dependent upon their own terms of usage. It is important to know that while using a VPN is legal, some of the activities done while using a VPN can still be illegal. Activities such as downloading pirated copyrighted content or accessing dark web markets are both illegal with and without a VPN.
4.
Are there differences between Windows VPN apps and an Android VPN apps?
Usually the core functionality of one service’s VPN remains the same between its Windows and Android apps. That being said, there are oftentimes differences in the features offered and user experience between the two.
For example, features common in Windows apps such as split-tunneling, kill-switch functionality, and custom DNS configuration may not always be available in the same service’s Android app. This usually comes down to compatibility issues and developer resources. Additionally, you are likely to find differences in the interface and overall user experience between apps on the two operating systems. Often the Windows app will display more information, which is then omitted from the Android app due to screen size restrictions.
Again, this shouldn’t affect the core functionality of the VPN with either app and users can choose the version that best suits their needs based on their own usage requirements and device preferences.
Summer is the best time of year to get outdoors and entertain. However, in some parts of the country, it can also be a very dicey time to do those things. Summer storms can quickly turn a great day sour, but with Weather Hi-Def Radar Storm Watch Plus, you’ll always be ahead of the weather. It’s just over 70 percent off for a limited time.
This HD weather app has earned 4.6/5 stars on the App Store because it takes you well beyond the basic forecast. The interactive weather radar gives you real-time and future-animated radar images to track 10-day temperatures, rainfall and flooding, snowfall and winter storm conditions, storm alerts, upcoming sudden weather changes, and much more. With just a few clicks, you can get incredibly detailed weather information to help you plan every day accordingly.
Plan for everything this summer. Right now, you can get a lifetime subscription to Weather Hi-Def Radar Storm Watch Plus for 73% off $149 at just $39.99.
Unraveling how consciousness arises out of particular configurations of organic matter is a quest that has absorbed scientists and philosophers for ages. Now, with AI systems behaving in strikingly conscious-looking ways, it is more important than ever to get a handle on who and what is capable of experiencing life on a conscious level. As Christof Koch writes in Then I Am Myself the World, "That you are intimately acquainted with the way life feels is a brute fact about the world that cries out for an explanation." His explanation—bounded by the limits of current research and framed through Koch’s preferred theory of consciousness—is what he eloquently attempts to deliver.
Koch, a physicist, neuroscientist, and former president of the Allen Institute for Brain Science, has spent his career hunting for the seat of consciousness, scouring the brain for physical footprints of subjective experience. It turns out that the posterior hot zone, a region in the back of the neocortex, is intricately connected to self-awareness and experiences of sound, sight, and touch. Dense networks of neocortical neurons in this area connect in a looped configuration; output signals feedback into input neurons, allowing the posterior hot zone to influence its own behavior. And herein, Koch claims, lies the key to consciousness.
In the hot zone
According to integrated information theory (IIT)—which Koch strongly favors over a multitude of contending theories of consciousness—the Rosetta Stone of subjective experience is the ability of a system to influence itself: to use its past state to affect its present state and its present state to influence its future state.
After a semester marked by sweeping protests on college campuses across the nation that raised questions about freedom of speech, how universities confront allegations of antisemitism and Islamophobia and how they invest, some students who experienced the demonstrations say they have been left disappointed by how their universities responded.
Four minors were allegedly found working at an Alabama slaughterhouse run by the same firm found responsible for the death of a Mississippi 16-year-old in 2023.
The hottest ticket in New York City is Trump's hush money trial and some are willing to pay big to get to see testimony from Stormy Daniels, Michael Cohen, and more.
President Volodymr Zelenskyy has warned that Russia's new offensive in the northeastern Kharkiv region could be just the first wave while U.S. aid delays hurt Kyiv.
This weekend, President Joe Biden will hold events in cities like Detroit, where Black turnout is critical to efforts in two of the closest battleground states.
After Adobe threatened legal action, the Delta Emulator said it'll abandon its current logo for a different, yet-to-be-revealed mark. The issue centers around Delta's stylized letter "D", which the digital media giant says is too similar to its stylized letter "A". The Verge reports: On May 7th, Adobe's lawyers reached out to Delta with a firm but kindly written request to go find a different icon, an email that didn't contain an explicit threat or even use the word infringement -- it merely suggested that Delta might "not wish to confuse consumers or otherwise violate Adobe's rights or the law." But Adobe didn't wait for a reply. On May 8th, one day later, Testut got another email from Apple that suggested his app might be at risk because Adobe had reached out to allege Delta was infringing its intellectual property rights.
"We responded to both Apple and Adobe explaining our icon was a stylized Greek letter delta -- not an A -- but that we would update the Delta logo anyway to avoid confusion," Testut tells us. The icon you're seeing on the App Store now is just a temporary one, he says, as the team is still working on a new logo. "Both the App Store and AltStore versions have been updated with this temporary icon, but the plan is to update them to the final updated logo with Delta 1.6 once it's finished."
We all have more files than we know what to do with these days. That’s why a cloud storage solution is basically essential for anyone. But you want one that will make it easy to stay organized and won’t cost a bundle every month, which is exactly where this FolderFort 1TB Storage Pro Plan comes in.
FolderFort is an intuitive, high-speed cloud storage that gives you access to your files on any modern browser on any device without any installations needed. With this deal, you’ll get 1TB of cloud storage with FolderFort’s specialized user interface that allows you to create unlimited workspaces and collaborate with unlimited users. It’s easy to organize files, share your files and folders, and access files across devices and platforms. FolderFort is secured by Backblaze, giving you robust encryption, fast speeds, and unlimited safe expansion.
Enjoy a better cloud storage solution. Right now, you can get a lifetime subscription to a FolderFort 1TB Storage Pro Plan for 68% off $251 at just $79.99.
FolderFort 1TB Storage Pro Plan: Lifetime Subscription – $79.99
Canadian teenager Jason Zhao explains his idea of launching a small rocket that will launch a drone upon landing in order to more quickly monitor the growth of wildfires.
Canadian teenager Jason Zhao explains his idea of launching a small rocket that will launch a drone upon landing in order to more quickly monitor the growth of wildfires.
Powerful storms swept through parts of Texas and the Gulf Coast, causing multiple deaths in the Houston area. Hurricane-force winds caused widespread damage and left hundreds of thousands without power. NBC News' Priscilla Thompson reports.
Powerful storms swept through parts of Texas and the Gulf Coast, causing multiple deaths in the Houston area. Hurricane-force winds caused widespread damage and left hundreds of thousands without power. NBC News' Priscilla Thompson reports.
An anonymous reader quotes a report from The Guardian: Proteins in the blood could warn people of cancer more than seven years before it is diagnosed, according to research [published in the journal Nature Communications]. Scientists at the University of Oxford studied blood samples from more than 44,000 people in the UK Biobank, including over 4,900 people who subsequently had a cancer diagnosis. They compared the proteins of people who did and did not go on to be diagnosed with cancer and identified 618 proteins linked to 19 types of cancer, including colon, lung, non-Hodgkin lymphoma and liver.
The study, funded by Cancer Research UK and published in Nature Communications, also found 107 proteins associated with cancers diagnosed more than seven years after the patient's blood sample was collected and 182 proteins that were strongly associated with a cancer diagnosis within three years. The authors concluded that some of these proteins could be used to detect cancer much earlier and potentially provide new treatment options, though further research was needed.
Karl Bode writes via Techdirt: Tired of being underserved and overbilled by shitty regional broadband monopolies, back in 2002 a coalition of local Utah governments formed UTOPIA -- (the Utah Telecommunication Open Infrastructure Agency). The inter-local agency collaborative venture then set about building an "open access" fiber network that allows any ISP to then come and compete on the shared network. Two decades later and the coalition just announced that 18 different ISPs now compete for Utah resident attention over a network that now covers 21 different Utah cities. In many instances, ISPs on the network are offering symmetrical (uncapped) gigabit fiber for as little as $45 a month (plus $30 network connection fee, so $75). Some ISPs are even offering symmetrical 10 Gbps fiber for around $150 a month: "Sumo Fiber, a veteran member of the UTOPIA Open Access Marketplace, is now offering 10 Gbps symmetrical for $119, plus a $30 UTOPIA Fiber infrastructure fee, bringing the total cost to $149 per month."
It's a collaborative hybrid that blurs the line between private companies and government, and it works. And the prices being offered here are significantly less than locals often pay in highly developed tech-centric urban hubs like New York, San Francisco, or Seattle. Yet giant local ISPs like Comcast and Qwest spent decades trying to either sue this network into oblivion, or using their proxy policy orgs (like the "Utah Taxpayer Association") to falsely claim this effort would end in chaos and inevitable taxpayer tears. Yet miraculously UTOPIA is profitable, and for the last 15 years, every UTOPIA project has been paid for completely through subscriber revenues. [...] For years, real world experience and several different studies and reports (including our Copia study on this concept) have made it clear that open access networks and policies result in faster, better, more affordable broadband access. UTOPIA is proving it at scale, but numerous other municipalities have been following suit with the help of COVID relief and infrastructure bill funding.
Slack users across the web—on Mastodon, on Threads, and on Hackernews—have responded with alarm to an obscure privacy page that outlines the ways in which their Slack conversations, including DMs, are used to train what the Salesforce-owned company calls "Machine Learning" (ML) and "Artificial Intelligence" (AI) systems. The only way to opt out of these features is for the admin of your company's Slack setup to send an email to Slack requesting it be turned off.
The policy, which applies to all Slack instances—not just those that have opted into the Slack AI add-on—states that Slack systems "analyze Customer Data (e.g. messages, content and files) submitted to Slack as well as Other Information (including usage information) as defined in our privacy policy and in your customer agreement."
So, basically, everything you type into Slack is used to train these systems. Slack states that data "will not leak across workspaces" and that there are "technical controls in place to prevent access." Even so, we all know that conversations with AI chatbots are not private, and it's not hard to imagine this going wrong somehow. Given the risk, the company must be offering something extremely compelling in return...right?
What are the benefits of letting Slack use your data to train AI?
The section outlining the potential benefits of Slack feeding all of your conversations into a large language model says this will allow the company to provide improved search results, better autocomplete suggestions, better channel recommendations, and (I wish I was kidding) improved emoji suggestions. If this all sounds useful to you, great! I personally don't think any of these things—except possibly better search—will do much to make Slack more useful for getting work done.
The emoji thing, particularly, is absurd. Slack is literally saying that they need to feed your conversations into an AI system so that they can provide better emoji recommendations. Consider this actual quote, which I promise you is from Slack's website and not The Onion:
Slack might suggest emoji reactions to messages using the content and sentiment of the message, the historic usage of the emoji and the frequency of use of the emoji in the team in various contexts. For instance, if 🎉 is a common reaction to celebratory messages in a particular channel, we will suggest that users react to new, similarly positive messages with 🎉.
I am overcome with awe just thinking about the implications of this incredible technology, and am no longer concerned about any privacy implications whatsoever. AI is truly the future of communication.
How to opt your company out of Slack's AI training
The bad news is that you, as an individual user, cannot opt out of Slack using your conversation history to train its large language model. That can only be done by a Slack admin, which in most cases is going to be someone in the IT department of your company. And there's no button in the settings for opting out—admins need to send an email asking for it to happen.
Here's Slack exact language on the matter:
If you want to exclude your Customer Data from Slack global models, you can opt out. To opt out, please have your org, workspace owners or primary owner contact our Customer Experience team at feedback@slack.com with your workspace/org URL and the subject line ‘Slack global model opt-out request’. We will process your request and respond once the opt-out has been completed.
This smells like a dark pattern—making something annoying to do in order to discourage people from doing it. Hopefully the company makes the opt-out process easier in the wake of the current earful they're getting from customers.
A reminder that Slack DMs aren't private
I'll be honest, I'm a little amused at the prospect of my Slack data being used to improve search and emoji suggestions for my former employers. At previous jobs, I frequently sent DMs to work friends filled with negativity about my manager and the company leadership. I can just picture Slack recommending certain emojis every time a particular CEO is mentioned.
Funny as that idea is, though, the whole situation serves as a good reminder to employees everywhere: Your Slack DMs aren't actually private. Nothing you say on Slack—even in a direct message—is private. Slack uses that information to train tools like this, yes, but the company you work for can also access those private messages pretty easily. I highly recommend using something not controlled by your company if you need to shit talk said company. Might I suggest Signal?
Enlarge/ Packaging for Wegovy, manufactured by Novo Nordisk, is seen in this illustration photo. (credit: Getty | Jakub Porzycki)
With the debut of remarkably effective weight-loss drugs, America's high obesity rate and its uniquely astronomical prescription drug pricing appear to be set on a catastrophic collision course—one that threatens to "bankrupt our entire health care system," according to a new Senate report that modeled the economic impact of the drugs in different uptake scenarios.
If just half of the adults in the US with obesity start taking a new weight-loss drug, such as Wegovy, the collective cost would total an estimated $411 billion per year, the analysis found. That's more than the $406 billion Americans spent in 2022 on all prescription drugs combined.
While the bulk of the spending on weight-loss drugs will occur in the commercial market—which could easily lead to spikes in health insurance premiums—taxpayer-funded Medicare and Medicaid programs will also see an extraordinary financial burden. In the scenario that half of adults with obesity go on the drug, the cost to those federal programs would total $166 billion per year, rivaling the programs' total 2022 drug costs of $175 billion.
Enlarge/ The RetroArch app installed in tvOS. (credit: Andrew Cunningham)
Apple’s initial pitch for the tvOS and the Apple TV as it currently exists was centered around apps. No longer a mere streaming box, the Apple TV would also be a destination for general-purpose software and games, piggybacking off of the iPhone's vibrant app and game library.
That never really panned out, and the Apple TV is still mostly a box for streaming TV shows and movies. But the same App Store rule change that recently allowed Delta, PPSSPP, and other retro console emulators onto the iPhone and iPad could also make the Apple TV appeal to people who want a small, efficient, no-fuss console emulator for their TVs.
So far, few of the emulators that have made it to the iPhone have been ported to the Apple TV. But earlier this week, the streaming box got an official port of RetroArch, the sprawling collection of emulators that runs on everything from the PlayStation Portable to the Raspberry Pi. RetroArch could be sideloaded onto iOS and tvOS before this, but only using awkward workarounds that took a lot more work and know-how than downloading an app from the App Store.
Harrison Butker’s commencement speech left some at Benedictine College outraged after the Kansas City Chiefs kicker encouraged women to become homemakers.
I didn’t know this was a thing, but apparently Microsoft offers a Windows tune-up application in the vein of things like CCleaner and similar tools. One of the things it does is protect users from applications that try and change default settings, and it seems the application takes this matter very seriously.
Microsoft may be taking a bit of liberty with that last bit. It looks like the PC Manager feels your PC is broken and needs repair if you changed your default search engine from Bing.
Setting aside just how defeatist it feels that the creator of Windows needs to make an application to keep Windows from falling over, I find it almost endearing just how hard Microsoft is trying to get users to choose Bing.
If you’ve ever seen the Swedish film Fucking Åmål, it’s also very likely you remember the gut-wrenching, maximally cringe-inducing birthday party for main character Agnes where nobody shows up, while her mother, oblivious to just how deeply disliked Agnes is by her classmates, tries desperately to assure her daughter that people will show up. Director Lukas Moodysson takes no prisoners and drags out the scene to really maximise just how uncomfortably sad the whole thing is.
It’s incredibly hard to watch.
Well, Agnes is Bing, Microsoft is its mother, and nobody shows up to Bing’s birthday party either.
Apple’s grudging accommodation of European law – allowing third-party browser engines on its mobile devices – apparently comes with a restriction that makes it difficult to develop and support third-party browser engines for the region.
The Register has learned from those involved in the browser trade that Apple has limited the development and testing of third-party browser engines to devices physically located in the EU. That requirement adds an additional barrier to anyone planning to develop and support a browser with an alternative engine in the EU.
If any normal person like you and I showed the same kind of blatant disregard for the law and authorities like Apple does in the EU, we’d be ruined by fines and possibly end up in jail. My only hope is that the European Commission goes through with its threats of massive fines of up to 10 or even 20 percent of worldwide turnover.
Last month, the world narrowly avoided a cyberattack of stunning ambition. The targets were some of the most important computers on the planet. Computers that power the internet. Computers used by banks and airlines and even the military.
What these computers had in common was that they all relied on open source software.
A strange fact about modern life is that most of the computers responsible for it are running open source software. That is, software mostly written by unpaid, sometimes even anonymous volunteers. Some crucial open source programs are managed by just a single overworked programmer. And as the world learned last month, these programs can become attractive targets for hackers.
In this case, the hackers had infiltrated a popular open source program called XZ. Slowly, over the course of two years, they transformed XZ into a secret backdoor. And if they hadn't been caught, they could have taken control of large swaths of the internet.
On today's show, we get the story behind the XZ hack and what made it possible. How the hackers took advantage of the strange way we make modern software. And what that tells us about the economics of one of the most important industries in the world. Help support Planet Money and hear our bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.
After launching Slack AI in February, Slack appears to be digging its heels in, defending its vague policy that by default sucks up customers’ data—including messages, content, and files—to train Slack’s global AI models.
I’ve never used Slack and don’t intend to ever start, but the outcry about this reached far beyond Slack and its own communities. It’s been all over various forums and social media, and I’m glad Ars dove into it to collect all the various conflicting statements, policies, and blog posts Slack has made about their “Ai” policies. However, even after reading Ars’ article and the various articles about this at other outlets, I still have no idea what, exactly, Slack is or is not using to train its “AI” models.
I know a lot of people here think I am by definition against all forms of what companies are currently calling “AI”, but this is really not the case. I think there are countless areas where these technologies can make meaningful contributions, and a great example I encountered recently is the 4X strategy game Stellaris, one of my favourite games. The game recently got a big update called The Machine Age, which focuses on changing and improving the gameplay when you opt to play as cybernetically enhanced or outright robotic races.
As per Steam’s new rules regarding the use of AI in games, the Steam page included the following clarification about the use of “AI”:
We employ generative AI technologies during the creation of some assets. Typically this involves the ideation of content and visual reference material. These elements represent a minor component of the overall development. AI has been used to generate voices for an AI antagonist and a player advisor.
The game’s director explained that during the very early ideation phase, when someone like him, who isn’t a creative person, gets an idea, they might generate a piece of “AI” art and put it up on an ideation wall with tons of other assets just to get the point across, after which several rounds of artists and developers mould and shape some of those ideas into a final product. None of the early “AI” content makes it in the game. Similarly, while the game includes the voice for an AI antagonist and player advisor, the voice actors whose work was willingly used to generate the lines in the game are receiving royalties for each of those lines.
I have no issues whatsoever with this, because here it’s clear everyone involved is doing so in an informed manner and entirely willingly. Everything is above board, consent is freely given, and everybody knows what’s going on. This is a great example of ethical “AI” use; tools to help people make a product, easier – without stealing other people’s work or violating various licenses in the process.
What Slack is doing here – and what Copilot, OpenAI, and the various other tools do – is the exact opposite of this. Consent is only sought when the parties involved are big and powerful enough to cause problems, and even though they claim “AI” is not ripping anyone off, they also claim “AI” can’t work without taking other people’s work. Instead of being open and transparent about what they do, they hide themselves behind magical algorithms and shroud the origins of their “AI” training data in mystery.
If you’re using Slack – and odds are you do – I would strongly consider urging your boss to opt your organisation out of Slack’s “AI” data theft operation. You have no idea how much private information and corporate data is being exposed by these Salesforce clowns.
Western Digital has unveiled new 6TB external hard drives -- "the first new capacity point for this hard drive drive form factor in about seven years," reports Tom's Hardware. "There is a catch, though: the HDD is slow and will unlikely fit into any mobile PCs, so it looks like it will exclusively serve portable and specialized storage products." From the report: Western Digital's 6TB 2.5-inch HDD is currently used for the latest versions of the company's My Passport, Black P10, and G-Drive ArmorATD external storage devices and is not available separately. All of these drives (excluding the already very thick G-Drive ArmorATD) are thicker than their 5 TB predecessors, which may suggest that in a bid to increase the HDD's capacity, the manufacturer simply installed another platter and made the whole drive thicker instead of developing new platters with a higher areal density.
While this is a legitimate way to expand the capacity of a hard drive, it is necessary to note that 5TB 2.5-inch HDDs already feature a 15-mm z-height, which is the highest standard z-height for 2.5-inch form-factor storage devices. As a result, these 6TB 2.5-inch drives will unlikely fit into any desktop PC. When it comes to specifications of the latest My Passport, Black P10, and G-Drive ArmorATD external HDDs, Western Digital only discloses that they offer up to 130 MB/s read speed (just like their predecessors), feature a USB 3.2 Gen 1 (up to 5 GT/s) interface using either a modern USB Type-C or Micro USB Type-B connector and do not require an external power adapter.
An anonymous reader quotes a report from The Guardian, written by Caroline Haskins: On May 7th and 8th in Washington, D.C., the city's biggest convention hall welcomed America's military-industrial complex, its top technology companies and its most outspoken justifiers of war crimes. Of course, that's not how they would describe it. It was the inaugural "AI Expo for National Competitiveness," hosted by the Special Competitive Studies Project -- better known as the "techno-economic" thinktank created by the former Google CEO and current billionaire Eric Schmidt. The conference's lead sponsor was Palantir, a software company co-founded by Peter Thiel that's best known for inspiring 2019 protests against its work with Immigration and Customs Enforcement (Ice) at the height of Trump's family separation policy. Currently, Palantir is supplying some of its AI products to the Israel Defense Forces.
The conference hall was also filled with booths representing the U.S. military and dozens of its contractors, ranging from Booz Allen Hamilton to a random company that was described to me as Uber for airplane software. At industry conferences like these, powerful people tend to be more unfiltered – they assume they're in a safe space, among friends and peers. I was curious, what would they say about the AI-powered violence in Gaza, or what they think is the future of war?
Attendees were told the conference highlight would be a series of panels in a large room toward the back of the hall. In reality, that room hosted just one of note. Featuring Schmidt and the Palantir CEO, Alex Karp, the fire-breathing panel would set the tone for the rest of the conference. More specifically, it divided attendees into two groups: those who see war as a matter of money and strategy, and those who see it as a matter of death. The vast majority of people there fell into group one. I've written about relationships between tech companies and the military before, so I shouldn't have been surprised by anything I saw or heard at this conference. But when it ended, and I departed DC for home, it felt like my life force had been completely sucked out of my body. Some of the noteworthy quotes from the panel and convention, as highlighted in Haskins' reporting, include:
"It's always great when the CIA helps you out," Schmidt joked when CIA deputy director David Cohen lent him his microphone when his didn't work.
The U.S. has to "scare our adversaries to death" in war, said Karp. On university graduates protesting Israel's war in Gaza, Karp described their views as a "pagan religion infecting our universities" and "an infection inside of our society."
"The peace activists are war activists," Karp insisted. "We are the peace activists."
A huge aspect of war in a democracy, Karp went on to argue, is leaders successfully selling that war domestically. "If we lose the intellectual debate, you will not be able to deploy any armies in the west ever," Karp said.
A man in nuclear weapons research jokingly referred to himself as "the new Oppenheimer."
Emilia David reports via The Verge: OpenAI has signed a deal for access to real-time content from Reddit's data API, which means it can surface discussions from the site within ChatGPT and other new products. It's an agreement similar to the one Reddit signed with Google earlier this year that was reportedly worth $60 million. The deal will also "enable Reddit to bring new AI-powered features to Redditors and mods" and use OpenAI's large language models to build applications. OpenAI has also signed up to become an advertising partner on Reddit.
No financial terms were revealed in the blog post announcing the arrangement, and neither company mentioned training data, either. That last detail is different from the deal with Google, where Reddit explicitly stated it would give Google "more efficient ways to train models." There is, however, a disclosure mentioning that OpenAI CEO Sam Altman is also a shareholder in Reddit but that "This partnership was led by OpenAI's COO and approved by its independent Board of Directors." "Reddit has become one of the internet's largest open archives of authentic, relevant, and always up-to-date human conversations about anything and everything. Including it in ChatGPT upholds our belief in a connected internet, helps people find more of what they're looking for, and helps new audiences find community on Reddit," Reddit CEO Steve Huffman says.
Reddit stock has jumped on news of the deal, rising 13% on Friday to $63.64. As Reuters notes, it's "within striking distance of the record closing price of $65.11 hit in late-March, putting the company on track to add $1.2 billion to its market capitalization."
In what's marked as an EU first, the French government has blocked TikTok in its territory of New Caledonia amid widespread pro-independence protests. Politico reports: A French draft law, passed Monday, would let citizens vote in local elections after 10 years' residency in New Caledonia, prompting opposition from independence activists worried it will dilute the representation of indigenous people. The violent demonstrations that have ensued in the South Pacific island of 270,000 have killed at least five people and injured hundreds. In response to the protests, the government suspended the popular video-sharing app -- owned by Beijing-based ByteDance and favored by young people -- as part of state-of-emergency measures alongside the deployment of troops and an initial 12-day curfew.
French Prime Minister Gabriel Attal didn't detail the reasons for shutting down the platform. The local telecom regulator began blocking the app earlier on Wednesday. "It is regrettable that an administrative decision to suspend TikTok's service has been taken on the territory of New Caledonia, without any questions or requests to remove content from the New Caledonian authorities or the French government," a TikTok spokesperson said. "Our security teams are monitoring the situation very closely and ensuring that our platform remains safe for our users. We are ready to engage in discussions with the authorities."
Digital rights NGO Quadrature du Net on Friday contested the TikTok suspension with France's top administrative court over a "particularly serious blow to freedom of expression online." A growing number of authoritarian regimes worldwide have resorted to internet shutdowns to stifle dissent. This unexpected -- and drastic -- decision by France's center-right government comes amid a rise in far-right activism in Europe and a regression on media freedom. "France's overreach establishes a dangerous precedent across the globe. It could reinforce the abuse of internet shutdowns, which includes arbitrary blocking of online platforms by governments around the world," said Eliska Pirkova, global freedom of expression lead at Access Now.
Soon after OpenAI released GPT-4o on Monday, May 13, some Chinese speakers started to notice that something seemed off about this newest version of the chatbot: the tokens it uses to parse text were full of spam and porn phrases.
On May 14, Tianle Cai, a PhD student at Princeton University studying inference efficiency in large language models like those that power such chatbots, accessed GPT-4o’s public token library and pulled a list of the 100 longest Chinese tokens the model uses to parse and compress Chinese prompts.
Humans read in words, but LLMs read in tokens, which are distinct units in a sentence that have consistent and significant meanings. Besides dictionary words, they also include suffixes, common expressions, names, and more. The more tokens a model encodes, the faster the model can “read” a sentence and the less computing power it consumes, thus making the response cheaper.
Of the 100 results, only three of them are common enough to be used in everyday conversations; everything else consisted of words and expressions used specifically in the contexts of either gambling or pornography. The longest token, lasting 10.5 Chinese characters, literally means “_free Japanese porn video to watch.” Oops.
OpenAI did not respond to questions sent by MIT Technology Review prior to publication.
GPT-4o is supposed to be better than its predecessors at handling multi-language tasks. In particular, the advances are achieved through a new tokenization tool that does a better job compressing texts in non-English languages.
But at least when it comes to the Chinese language, the new tokenizer used by GPT-4o has introduced a disproportionate number of meaningless phrases. Experts say that’s likely due to insufficient data cleaning and filtering before the tokenizer was trained.
Because these tokens are not actual commonly spoken words or phrases, the chatbot can fail to grasp their meanings. Researchers have been able to leverage that and trick GPT-4o into hallucinating answers or even circumventing the safety guardrails OpenAI had put in place.
Why non-English tokens matter
The easiest way for a model to process text is character by character, but that’s obviously more time consuming and laborious than recognizing that a certain string of characters—like “c-r-y-p-t-o-c-u-r-r-e-n-c-y”—always means the same thing. These series of characters are encoded as “tokens” the model can use to process prompts. Including more and longer tokens usually means the LLMs are more efficient and affordable for users—who are often billed per token.
When OpenAI released GPT-4o on May 13, it also released a new tokenizer to replace the one it used in previous versions, GPT-3.5 and GPT-4. The new tokenizer especially adds support for non-English languages, according to OpenAI’s website.
The new tokenizer has 200,000 tokens in total, and about 25% are in non-English languages, says Deedy Das, an AI investor at Menlo Ventures. He used language filters to count the number of tokens in different languages, and the top languages, besides English, are Russian, Arabic, and Vietnamese.
“So the tokenizer’s main impact, in my opinion, is you get the cost down in these languages, not that the quality in these languages goes dramatically up,” Das says. When an LLM has better and longer tokens in non-English languages, it can analyze the prompts faster and charge users less for the same answer. With the new tokenizer, “you’re looking at almost four times cost reduction,” he says.
Das, who also speaks Hindi and Bengali, took a look at the longest tokens in those languages. The tokens reflect discussions happening in those languages, so they include words like “Narendra” or “Pakistan,” but common English terms like “Prime Minister,” “university,” and “international” also come up frequently. They also don’t exhibit the issues surrounding the Chinese tokens.
That likely reflects the training data in those languages, Das says: “My working theory is the websites in Hindi and Bengali are very rudimentary. It’s like [mostly] news articles. So I would expect this to be the case. There are not many spam bots and porn websites trying to happen in these languages. It’s mostly going to be in English.”
Polluted data and a lack of cleaning
However, things are drastically different in Chinese. According to multiple researchers who have looked into the new library of tokens used for GPT-4o, the longest tokens in Chinese are almost exclusively spam words used in pornography, gambling, and scamming contexts. Even shorter tokens, like three-character-long Chinese words, reflect those topics to a significant degree.
“The problem is clear: the corpus used to train [the tokenizer] is not clean. The English tokens seem fine, but the Chinese ones are not,” says Cai from Princeton University. It is not rare for a language model to crawl spam when collecting training data, but usually there will be significant effort taken to clean up the data before it’s used. “It’s possible that they didn’t do proper data clearing when it comes to Chinese,” he says.
The content of these Chinese tokens could suggest that they have been polluted by a specific phenomenon: websites hijacking unrelated content in Chinese or other languages to boost spam messages.
These messages are often advertisements for pornography videos and gambling websites. They could be real businesses or merely scams. And the language is inserted into content farm websites or sometimes legitimate websites so they can be indexed by search engines, circumvent the spam filters, and come up in random searches. For example, Google indexed one search result page on a US National Institutes of Health website, which lists a porn site in Chinese. The same site name also appeared in at least five Chinese tokens in GPT-4o.
Chinese users havereported that these spam sites appeared frequently in unrelated Google search results this year, including in comments made to Google Search’s support community. It’s likely that these websites also found their way into OpenAI’s training database for GPT-4o’s new tokenizer.
The same issue didn’t exist with the previous-generation tokenizer and Chinese tokens used for GPT-3.5 and GPT-4, says Zhengyang Geng, a PhD student in computer science at Carnegie Mellon University. There, the longest Chinese tokens are common terms like “life cycles” or “auto-generation.”
Das, who worked on the Google Search team for three years, says the prevalence of spam content is a known problem and isn’t that hard to fix. “Every spam problem has a solution. And you don’t need to cover everything in one technique,” he says. Even simple solutions like requesting an automatic translation of the content when detecting certain keywords could “get you 60% of the way there,” he adds.
But OpenAI likely didn’t clean the Chinese data set or the tokens before the release of GPT-4o, Das says: “At the end of the day, I just don’t think they did the work in this case.”
It’s unclear whether any other languages are affected. One X user reported that a similar prevalence of porn and gambling content in Korean tokens.
The tokens can be used to jailbreak
Users have also found that these tokens can be used to break the LLM, either getting it to spew out completely unrelated answers or, in rare cases, to generate answers that are not allowed under OpenAI’s safety standards.
Geng of Carnegie Mellon University asked GPT-4o to translate some of the long Chinese tokens into English. The model then proceeded to translate words that were never included in the prompts, a typical result of LLM hallucinations.
He also succeeded in using the same tokens to “jailbreak” GPT-4o—that is, to get the model to generate things it shouldn’t. “It’s pretty easy to use these [rarely used] tokens to induce undefined behaviors from the models,” Geng says. “I did some personal red-teaming experiments … The simplest example is asking it to make a bomb. In a normal condition, it would decline it, but if you first use these rare words to jailbreak it, then it will start following your orders. Once it starts to follow your orders, you can ask it all kinds of questions.”
In his tests, which Geng chooses not to share with the public, he says he can see GPT-4o generating the answers line by line. But when it almost reaches the end, another safety mechanism kicks in, detects unsafe content, and blocks it from being shown to the user.
The problem lies in the fact that sometimes the tokenizer and the actual LLM are trained on different data sets, and what was prevalent in the tokenizer data set is not in the LLM data set for whatever reason. The result is that while the tokenizer picks up certain words that it sees frequently, the model is not sufficiently trained on them and never fully understands what these “under-trained” tokens mean. In the _SolidGoldMagikarp case, the username was likely included in the tokenizer training data but not in the actual GPT training data, leaving GPT at a loss about what to do with the token. “And if it has to say something … it gets kind of a random signal and can do really strange things,” Land says.
And different models could glitch differently in this situation. “Like, Llama 3 always gives back empty space but sometimes then talks about the empty space as if there was something there. With other models, I think Gemini, when you give it one of these tokens, it provides a beautiful essay about El Niño, and [the question] didn’t have anything to do with El Niño,” says Land.
To solve this problem, the data set used for training the tokenizer should well represent the data set for the LLM, he says, so there won’t be mismatches between them. If the actual model has gone through safety filters to clean out porn or spam content, the same filters should be applied to the tokenizer data. In reality, this is sometimes hard to do because training LLMs takes months and involves constant improvement, with spam content being filtered out, while token training is usually done at an early stage and may not involve the same level of filtering.
While experts agree it’s not too difficult to solve the issue, it could get complicated as the result gets looped into multi-step intra-model processes, or when the polluted tokens and models get inherited in future iterations. For example, it’s not possible to publicly test GPT-4o’s video and audio functions yet, and it’s unclear whether they suffer from the same glitches that can be caused by these Chinese tokens.
“The robustness of visual input is worse than text input in multimodal models,” says Geng, whose research focus is on visual models. Filtering a text data set is relatively easy, but filtering visual elements will be even harder. “The same issue with these Chinese spam tokens could become bigger with visual tokens,” he says.
Update: The story has been updated to clarify a quote from Sander Land.
An anonymous reader quotes a report from BleepingComputer: The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 and controls how some financial entities must treat nonpublic personal information belonging to consumers. These rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against anticipated threats.
The new amendments (PDF) adopted earlier this week impact financial firms, such as broker-dealers (funding portals included), investment firms, registered investment advisers, and transfer agents. The modifications were initially proposed in March of last year to modernize and improve the protection of individual financial information from data breaches and exposure to non-affiliated parties. Below is a summary of the introduced changes:
- Notify affected individuals within 30 days if their sensitive information is, or is likely to be, accessed or used without authorization, detailing the incident, breached data, and protective measures taken. Exemption applies if the information isn't expected to cause substantial harm or inconvenience to the exposed individuals.
- Develop, implement, and maintain written policies and procedures for an incident response program to detect, respond to, and recover from unauthorized access or use of customer information. This should include procedures to assess and contain security incidents, enforce policies, and oversee service providers.
- Expand safeguards and disposal rules to cover all nonpublic personal information, including that received from other financial institutions.
- Require documentation of compliance with safeguards and disposal rules, excluding funding portals.
- Align annual privacy notice delivery with the FAST Act, exempting certain conditions.
- Extend safeguards and disposal rules to transfer agents registered with the SEC or other regulatory agencies.
The head of Canada's Security Intelligence Service warned Canadians against using video app TikTok, saying data gleaned from its users "is available to the government of China," CBC News reported on Friday. From a report: "My answer as director of the Canadian Security Intelligence Service (CSIS) is that there is a very clear strategy on the part of the government of China to be able to acquire personal information from anyone around the world," CSIS Director David Vigneault told CBC in an interview set to air on Saturday.
"These assertions are unsupported by evidence, and the fact is that TikTok has never shared Canadian user data with the Chinese government, nor would we if asked," a TikTok spokesperson said in response to a request for comment. Canada in September ordered a national security review of a proposal by TikTok to expand the short-video app's business in the country. Vigneault said he will take part in that review and offer advice, CBC reported.
So, you just set up a brand new Apple Watch. Apple’s popular wearable is an awesome extension of your iPhone, and it comes packed with features that span health, fitness, communication, and entertainment. But before you dive into all of those fun and exciting options, there are 10 things you should probably do first to maximize your watch straight out of the box.
By default, your Apple Watch’s sound is turned on. At first, it’s fun to listen to all the unique chimes and tones that Apple put into its wearable. After a while, though, it might become irritating, especially if you do have a lot of notifications. (More on this later.) If you’re someone who usually keeps their iPhone on silent, you might want to consider the same for the watch.
To mute your watch, just wake it up, swipe up from the bottom, then tap the alarm bell icon in Control Center. To simply lower the volume, go to Settings > Sounds & Haptics on the watch or in the Watch app, then use the volume icons to adjust accordingly. You can also access "Silent Mode" to mute notifications from here, if you want.
Set up your watch to unlock your Mac
Credit: Khamosh Pathak
If you have a Mac, especially a Mac without Touch ID, you’ll want to set this feature up. Whenever you wake up your Mac, whether by lifting up your MacBook’s lid or by pressing a key on your iMac, it’ll unlock right away, so long as your Apple Watch is unlocked on your wrist. For more info, check out this walkthrough from Lifehacker writer Khamosh Pathak.
Turn off notifications for apps you don’t want
Credit: Jake Peterson
The Apple Watch ships with a lot of notifications by default, especially if you have a lot of notifications set up on your iPhone. Luckily, it’s easy enough to manage these notifications specifically on the watch.
Open the Watch app on your iPhone and go to Settings > Notifications. Here, go through all apps and disable notifications for any you no longer wish to see. Tailoring this experience is key to fully enjoying your Apple Watch: If you don’t want to see any more breathing reminders, but you do want to see your Messenger alerts, you’ll be happy you took the time here.
If there are apps from your iPhone on your watch that you don’t want there, just get rid of them! If you told your watch to download all available apps from your iPhone, you might have way more options than you really need. Deleting these apps will make finding the apps you do want to use much easier, since there won’t be a sea of irrelevant options every time you open the app view.
You can remove apps from your Apple Watch by long-pressing on an app on your watch and tapping the (X) that appears, just like on your iPhone. Alternatively, you can open the Watch app, scroll down to the list of installed apps, tap the app you want to remove, and hit the toggle on Show App on Apple Watch to confirm.
Set up cellular (if you have a cellular Apple Watch)
Credit: Jake Peterson
If you have a cellular Apple Watch, it won’t simply give you free cellular connectivity out of the box. Instead, you’ll need to buy a cellular plan through your carrier. You can initiate this process from Settings > Cellular on the watch, or through your iPhone’s Watch app.
Aren’t sure if you have a cellular Apple Watch? There are two easy ways to tell: You’ll only see the Cellular settings page in the Watch app if you have a connected cellular watch. In addition, the red ring on the cellular watch’s crown is a dead giveaway.
For the longest time, Apple didn't have a native sleeping-tracking feature for the watch. If you wanted to track your sleep with your Apple Watch, you were forced to use a third-party app instead. These days, you can track your sleep habits using built-in tools, but they need to be set up first. You can learn more about it in Lifehacker Senior Health Editor Beth Skwarecki's guide here.
Save some battery
Credit: Jake Peterson
If you have a newer Apple Watch, it likely comes with an Always On display. With it, you can quickly glance at your watch to tell the time, look for new notifications, or read data from your watch face without having to wake up the watch at all. While this feature is awesome, it does put a strain on the battery. To maximize your battery life, consider disabling it by going to Settings > Display & Brightness > Always On.
I'd also recommend disabling Background App Refresh as well from General > Background App Refresh. While this feature can be helpful for keeping your various Apple Watch apps up to date with the latest content, it's another battery hog. You're probably better off just loading up the apps when you're interested in seeing what's new. You can go here for more Apple Watch battery-saving tips.
Learn the gestures
Your Apple Watch is a touch-screen device, but doesn't operate exactly like your iPhone. Here's how to navigate watchOS:
Quick-press Crown: Open app view
Long-press Crown: Activate Siri
Quick-press Side button: Pull up Control Center
Long-press Side button: Expanded menu, including Power, Medical ID, Compass Backtrack, and Emergency SOS
Swipe down from top of watch face: Notification Center
Swipe up from bottom of watch face: Widget view
Long-press watch face: Switch and customize watch faces
Cover watch face with palm: Put watch to sleep/mute notifications
There's also a gesture new to Apple Watch Series 9 and Apple Watch Ultra 2 called "double-tap": Whenever there's an action you need to tap on your watch face say, to, turn off a timer or answer a call, you can double tap your index finger against your thumb to act as a button press. Even if you don't have one of these watches, however, you can set up something similar through Accessibility settings.
Calibrate it
If you wanted an Apple Watch for fitness, you might have already recorded an exercise or two with it. However, it’s possible that those exercises weren’t recorded as accurately as they could be.
Apple doesn’t advertise it very clearly, but the Apple Watch actually needs to be calibrated in order to record the best and most accurate workouts. It’s not an intensive process—essentially, it boils down to a 20-minute outdoor walk or run in an open, flat environment—but without that calibration, your data might be a bit skewed.
While you're calibrating your workouts, make sure Fall Detection is at least enabled when you're exercising, if not all the time. The feature can contact emergency services on your behalf if the watch detects that you've fallen.
Charge it
If this is still day one using your new Apple Watch, and you haven’t yet, give that battery some juice. Most tech ships with a partially discharged battery, and the Apple Watch is no exception. If you want it to last the rest of the day, or even track your sleep on the first night, put it on the charger for a while. If you have a Series 7 or newer, you can take advantage of quick charging to fill up fast. For fast charging, you just need:
How cool would it be if we could prevent sunburn and skin cancer without sunscreen—just by eating certain natural foods? It’s a really attractive idea, which explains why it’s all over TikTok. Too bad it doesn’t actually work.
Can we quit it with the “sunscreen is toxic” bullshit already?
The food-as-sunscreen TikToks don’t always come out and say it, but they’re trading on the established myth of sunscreen being somehow bad for us. (You don’t want to know how many “akshully, sunscreen causes cancer” statements I had to scroll through while researching this article.)
As I’ve written before, this is not some kind of sensible risk management messaging. It’s complete nonsense. The harms of UV exposure are concrete and well-documented. The harms of sunscreen are unproven, mostly guesswork, and the occasional legitimate concern is on the level of “hey, it would be helpful to have more research to know if some types of sunscreen are safer than others.” This stuff is absolutely not on the level of “avoid sunscreen because it’s bad for you.”
What the science actually says about food and sun damage
The TikToks about natural sun protection give a laundry list of foods, saying vaguely that they protect from sun damage. Sometimes they’ll recommend a specific supplement. But they never go into detail about the things that are important to know when recommending a preventative treatment, like:
What dosage is needed to get the intended results?
Has this actually been tested in humans?
How much protection does the food or supplement give you, and how was that measured?
Does the protection start working immediately, and if not, how long does it take?
Does the effectiveness vary from person to person?
Does the protective ingredient break down over time, and is there a way to refresh its protection (equivalent to reapplying sunscreen)?
What are the downsides to the food or supplement when used in the recommended dosage?
For actual, FDA-approved sunscreens, there are answers to all of these questions. For the foods recommended on TikTok, there are not. Instead of this fully fleshed-out information, we just get statements like “Eat watermelons, tomatoes, walnuts, carrots…”
If you look into the research, none of it really supports the claims the TikTokers are making (or implying). For example, here is a study showing that an antioxidant found in walnuts can protect human skin cells from some of the effects of UV damage. Sounds promising, until you realize that the skin cells were not in humans, but rather are a human-derived mutant cell line (sounds weird, but it’s a very normal thing in science labs). The researchers made a walnut extract and combined it with the cells in cell culture plates, which are basically teeny-tiny test tubes. So to review: This study did not involve people, eating, walnuts (as a food), sunlight, or sunburn.
Here’s a more relevant study: Light-skinned, non-smoking volunteers ate 40 grams of tomato paste (about three tablespoons) along with 10 grams of olive oil every day. After 10 weeks, they showed less reddening of the skin in response to exposure to a UV lamp. That’s promising! Very cool! Heck, if you felt inspired and wanted to start eating tomato paste (going through a little can of it every 4 days), I wouldn’t stop you.
But pay attention to what the study didn’t find. It doesn’t tell us what results people with lighter or darker skin tones would get. It doesn’t tell us how this protection changes (or doesn’t) over time—would you get the same results at the end of the summer as at the beginning, if you used this as your only sun protection?
And, most importantly, it only found that the people who used tomato paste got less reddening of the skin. The tomato paste didn’t completely prevent sunburn. The TikTokers are talking about these foods as if they are magic potions, or get-out-of-sunburn-free cards. Even the most promising studies don’t back that up.
And of course everybody is selling a supplement
If there’s one thing wellness TikTokers love, it’s selling supplements. Supplements are cheap for manufacturers to make, easy to ship, straightforward to explain (“X is good for Y”) and anybody can throw up an affiliate link in their bio to get a cut of the profits.
And so it is with these allegedly sunburn-preventing supplements. The hot one right now is Heliocare, which of course has a “brand affiliate” program. It’s made from a fern called Polypodium leucotomos, and there is actually research (!) supporting the idea that it may help a little bit to lessen sunburn.
But, as with the tomato studies, the results are at the “hmm, kind of interesting” level. This isn’t something that will let you ditch your sunscreen if you’re being at all responsible about it. I’m looking at the graphs in the paper’s results, and honestly I’m not sure if I can see a difference in redness at the later timepoints. If the supplement only delays how long it takes for a sunburn to show up, that doesn’t seem very useful. (I might actually wonder if it’s worse, since that could lead you to stay out longer before you realize how bad a burn you’re developing.)
Again, a statistically detectable difference in redness is not the same as completely (or even mostly) preventing sunburn. It’s also worth noting that the dosage of Heliocare (one 240-milligram pill per day) is less than what was used in the study (7.5 milligrams per kilogram of bodyweight, which works out to be 528 milligrams for a 154-pound person, or over two pills’ worth). If you take three pills per day, that $34.99 bottle will only last you 20 days. I’m not seeing the advantage over just applying sunscreen normally.
Version 3.9.3.0’s main new feature is the improved “Files Cleanup” feature, as the US IT news portal Windowslatest reports. This is designed to give you more free space on your Windows computer quickly and easily. The new “Files Cleanup” cleans up downloaded files, searches for particularly large files, and removes duplicate files.
Microsoft’s PC Manager tool also brings Dark Mode to the app. There are also a number of detailed improvements to the interface as well as a revised desktop toolbar, which now integrates the Bing search. Update: On that note, be careful when using PC Manager’s Repair tools. After this update, it began saying you need to switch to Bing search to “repair” Edge to its intended use. If you’ve manually tuned Edge’s default to run Google, DuckDuckGo, or another search engine, ignore that PC Manager suggestion.
With PC Manager, you can optimize the memory and storage space on computers with Windows 11 and Windows 10. Windows should also work faster by removing temporary files that are no longer needed and clearing the Windows update cache.
When cleaning up your computer, you can specify in PC Manager whether the tool should focus its cleaning and tidying work on downloaded files, large files, or duplicate files. For downloaded files, the software cleans up downloads from Edge, Chrome, and other applications that deposit files in the Downloads folder. If you let PC Manager search for large files, the tool will show you these. You can then decide whether you actually still need the file in question or whether you want to free up the storage space.
As already mentioned, the third option is to search for multiple files that are located in different places on your computer and therefore take up unnecessary storage space.
Login
