Reading view
Israel recovers another slain hostage; pushes into new parts of northern Gaza
Houston distributes water as more than 500,000 remain without power after devastating storms
Rudy Giuliani is served indictment papers at his own birthday party after mocking Arizona attorney general
Eight Automakers Grilled by US Lawmakers Over Sharing of Connected Car Data With Police
Read more of this story at Slashdot.
Study Confirms Einstein Prediction: Black Holes Have a 'Plunging Region'
Read more of this story at Slashdot.
'Google Domains' Starts Migrating to Squarespace
Read more of this story at Slashdot.
Is America's Defense Department 'Rushing to Expand' Its Space War Capabilities?
Read more of this story at Slashdot.
Cruise Reached an $8M+ Settlement With the Person Dragged Under Its Robotaxi
Read more of this story at Slashdot.
What happened to OpenAI’s long-term AI risk team?
In July last year, OpenAI announced the formation of a new research team that would prepare for the advent of supersmart artificial intelligence capable of outwitting and overpowering its creators. Ilya Sutskever, OpenAI’s chief scientist and one of the company’s co-founders, was named as the co-lead of this new team. OpenAI said the team would receive 20 percent of its computing power.
Now OpenAI’s “superalignment team” is no more, the company confirms. That comes after the departures of several researchers involved, Tuesday’s news that Sutskever was leaving the company, and the resignation of the team’s other co-lead. The group’s work will be absorbed into OpenAI’s other research efforts.
Boeing's troubled Starliner spacecraft launch is delayed again
A helium leak pushed back a planned launch to May 25. Boeing's program that would shuttle astronauts to and from the International Space Station has been plagued with problems.
How ex-military surgeons are pushing for laws allowing ambulances to carry blood
Bruce Schneier Reminds LLM Engineers About the Risks of Prompt Injection Vulnerabilities
Read more of this story at Slashdot.
Facing Angry Users, Sonos Promises to Fix Flaws and Restore Removed Features
Read more of this story at Slashdot.
'Openwashing'
Read more of this story at Slashdot.
Best free VPN for Android 2024: Which ones can you trust?
It might be surprising, but free VPNs are no longer just for PCs. You can also use them to help easily boost your security and privacy game on an Android device. Whether you want extra security while using a public Wi-Fi network, or to get around geo-restrictions for most of your favorite streaming services, a free VPN can help you do it without having to pay for anything.
The problem when looking for a good free VPN, though, is that there are a large number of them available on the Google Play Store. So how do you determine which ones are worth your time? Our experts here at PCWorld have tested a slew of VPNs, both for PCs and Android devices, and have curated a list of the best free options you can feel confident in using. Check out our top picks below.
Why you should trust me: Here at PCWorld we’ve been testing computer hardware, software, and services since the 1980s. As the VPN reviewer, I’m continually testing all of the major VPNs on the market and many lesser-known services in order to curate a list of the very best VPNs across a variety of categories. For a more in-depth guide, you can check out my article on how we test VPN services at PCWorld. Below you’ll find my favorite free VPNs, and below that, helpful advice about what to look for when choosing a VPN for your Android device on your own.
And if you’re looking to further upgrade your Android phone’s security, which I highly recommend, be sure to look at PCWorld’s recommendations for the best free antivirus for Android as well. Additionally, you can check out my guide to the best VPNs covering multiple devices.
Updated May 16, 2024: Check out my latest review of ProtonVPN. It manages to hold on to the number one spot as best free VPN for Android due to its generous free plan and easy-to-use Android app.
ProtonVPN – Best overall
Pros
- Excellent free plan
- Great privacy tools
- Reliable and transparent no-logs policy
Cons
- Expensive
Why I like ProtonVPN
If you only have one device to worry about, ProtonVPN is your best choice. This free service provides what the company calls “medium speeds,” meaning you might not get access to the 10-gigabit-per-second servers that paying customers do, but the speeds are just fine anyways. It’s mercifully devoid of any annoying or privacy-compromising ads. Plus, there are no data or time limits imposed on users of the free version, meaning you can stream to your heart’s content — although they don’t promise that the free servers will unblock Netflix.
ProtonVPN has an excellent privacy policy as well, backed up by a recent independently verified no-logs audit. Overall, it’s an excellent free service with an easy-to-use Android app from a trustworthy company — what’s not to like?
Who should use ProtonVPN
ProtonVPN is a great option for anyone with a single Android device who needs a free VPN. Perfect for the one-off phone or tablet user, ProtonVPN provides unlimited data so it can be used all day without worrying about hitting a cap. Plus, privacy-conscious users can take heart that apart from the info required to sign up, ProtonVPN doesn’t collect any other user data.
Windscribe Pro – Best for multiple devices
Pros
- Secure.link Generator is a helpful link-shortening service
- Works with Netflix
Cons
- Not the fastest
Why I like Windscribe Pro
Another solid choice for Android users. You won’t get the unlimited usage like you do with ProtonVPN. Instead, you get up to 10GB of browsing per month. But there are no device limits, and you have 10 country connection options.
Windscribe requires a confirmed email address to use its free service. Windscribe’s privacy policy is good, but it does track bandwidth usage to keep you to those free limitations.
Who should use Windscribe Pro
Windscribe Pro’s free Android VPN is best suited for those who need access across multiple devices. Watch out for the data limit though, as you can hit it pretty fast while using multiple devices.
Hide.me – Best for no sign-up usage
Pros
- Good download speeds
- Easy-to-use Windows app
- No-logs promise
Cons
- Speeds were inconsistent in our tests
- Expensive single year subscription
Why I like Hide.me
Hide.me has pretty good speeds, and like Windscribe you’re limited to 10GB per month. Hide.me offers five connection choices including two U.S. locations (east and west), Canada, Germany, and the Netherlands. Hide.me doesn’t require an account for signing up, making it seamless and easy to use.
Who should use Hide.me
Since Hide.me’s free version does not require a sign-up in order to use, it’s good for those who just need a VPN for simple, one-off tasks. Alternatively, if you’re concerned about privacy, not having to enter in any personal information is a huge plus as well.
Speedify 10 – Best for leveraging both cellular and Wi-Fi
Pros
- Very good speeds
- Speedify’s failover feature seamlessly transitions between Wi-Fi and cellular networks
Cons
- Privacy policy says it collects some personal information
- Desktop mode for the Windows app needs work
Why I like Speedify
A solid VPN choice for anyone using the VPN on a phone. Speedify’s specialty is a seamless VPN transition between Wi-Fi and cellular. Typically, when you go between Wi-Fi and cellular the connection drops and restarts, but with Speedify it just keeps on going, which is nice. It also harnesses your Wi-Fi and cellular together to try and boost connection speeds.
Speeds are pretty good with Speedify, staying within the top 15 for speeds overall. The downside of this free offering is that you only get 2GB of data usage per month. That’s not much, which is why this is my last suggestion. But if you need something simple for basic web browsing Speedify is well worth a look.
Who should use Speedify
Due to the small data limit, Speedify is recommended for users who just need a VPN for basic web-browsing or a one-time use. The seamless transition between Wi-Fi and cellular and potential connection speed boost means that Speedify is an extremely convenient way to keep a VPN connection up while on the go or in spotty Wi-Fi areas.
AVG Secure – Best free trial
Pros
- 10 simultaneous device connectionsUnblocks streaming servicesFree 60-day trial
Cons
- Logs some user activity dataNot a lot of extra featuresLong-term only subscription options
Why I like AVG Secure VPN
It might sound odd to include a free-trial option here, but AVG Secure VPN is a fine VPN service on its own and it provides a 60-day free trial for new users. That’s incredibly generous for a premium service — most other VPNs only offer one-week free trials at best. The free trial extends to all devices as well so you can use it on both your Windows machine as well as your Android device.
AVG is a household name in security software and its VPN lives up to its high-standards. The free-trial gives you complete access to all of the paid features such as 10 simultaneous device connections, over 700 servers across more than 50 countries, and guaranteed streaming service unblocking with specific servers. While the speeds aren’t the fastest I’ve ever seen, they’re good enough for most general online activities. All-in-all, two months for free of AVG Secure VPN is a fantastic deal, just don’t forget to cancel the subscription before the free trial runs out.
Who should use AVG Secure VPN
Most people looking for a free VPN for shorter-term use will stand to gain a lot from AVG Secure VPN’s free trial. But I think it’s an exceptional choice in particular for those who are traveling for awhile and need a VPN while abroad. By taking advantage of a premium service’s speeds and broad server network you can access all of your streaming content no matter what country you find yourself in and you shouldn’t have to worry about frustrating data caps from other free services. Stream and browse to your heart’s content for no cost, well, at least for 60 days.
What to look for in a free VPN for Android
This will follow a lot of the advice I’ve already given for free stuff when it comes to Android. Google is doing a better job than ever at keeping harmful apps out of the Play Store, but there is still a chance of some random VPN app having malicious intent. Another problem is that even if the app is fine, the service itself may be up to no good.
For those reasons I always advise going with a well-known VPN service provider to reduce your chances of running into security issues.
Next, you want a free app that is truly free. Not some 7- or 30-day trial that will automatically start charging the card connected to your Play account after the trial period. You should also read over the privacy policy to make sure there’s nothing there you’re going to have a problem with.
Finally, you want to make sure the VPN has data limits that suit your needs.
How I tested
I judge VPNs on a variety of criteria including server network, connection speeds, privacy protections, ease-of-use, additional features, and cost. For a more detailed guide on how I test, check out PCWorld’s comprehensive guide on how we test VPN services.
Speed tests are kept as simple as possible. I average the connections between different global locations for any given VPN and then compare them to a baseline internet speed to get a good picture of the overall connection speeds. I thoroughly research and analyze the privacy policies and histories of each VPN and note any outstanding discrepancies or data collection issues.
Experience and ease-of-use are subjective, but I try my best to give an accurate representation of how it feels to work with the VPN. Since you don’t have to pay for a free VPN, the value will be contingent upon the trade-offs you’ll need to make and the restrictions it has in place.
Free VPNs aren’t a top recommendation, but if you’re going to go that way I’d strongly suggest the VPNs mentioned above.
FAQ
What is a VPN?
A VPN, or virtual private network, hides your identity and encrypts your traffic while browsing the internet. Also, VPN servers are located all across the world, allowing you to connect to a server in another country. So if you want to access location-restricted content like streaming services, you can connect to the appropriate country’s server and gain access to content that may have been locked in your area.
How does a VPN work?
In short, a VPN hides your IP address by redirecting your web traffic through a remote server hosted by the VPN company. The VPN server then appears to be the source of your traffic instead of your actual location. These remote servers can be located both in different countries around the world or even in your own country. Additionally, your network traffic is encrypted from your computer to the VPN, which adds an extra layer of security.
While connected to a VPN and browsing the internet, the VPN acts as a middleman between you and a website. If your computer sends a request to the VPN, it will then pass it along to a website. In return, the website sends its response back to the VPN, which forwards it via a secure encrypted connection to your computer.
Is it legal to use a VPN?
In the United States as well as most countries, using a VPN is perfectly legal. Some certain websites try to block VPN connections, but that is dependent upon their own terms of usage. It is important to know that while using a VPN is legal, some of the activities done while using a VPN can still be illegal. Activities such as downloading pirated copyrighted content or accessing dark web markets are both illegal with and without a VPN.
Are there differences between Windows VPN apps and an Android VPN apps?
Usually the core functionality of one service’s VPN remains the same between its Windows and Android apps. That being said, there are oftentimes differences in the features offered and user experience between the two.
For example, features common in Windows apps such as split-tunneling, kill-switch functionality, and custom DNS configuration may not always be available in the same service’s Android app. This usually comes down to compatibility issues and developer resources. Additionally, you are likely to find differences in the interface and overall user experience between apps on the two operating systems. Often the Windows app will display more information, which is then omitted from the Android app due to screen size restrictions.
Again, this shouldn’t affect the core functionality of the VPN with either app and users can choose the version that best suits their needs based on their own usage requirements and device preferences.
This top-rated weather and storm watch app is more than $100 off now
Summer is the best time of year to get outdoors and entertain. However, in some parts of the country, it can also be a very dicey time to do those things. Summer storms can quickly turn a great day sour, but with Weather Hi-Def Radar Storm Watch Plus, you’ll always be ahead of the weather. It’s just over 70 percent off for a limited time.
This HD weather app has earned 4.6/5 stars on the App Store because it takes you well beyond the basic forecast. The interactive weather radar gives you real-time and future-animated radar images to track 10-day temperatures, rainfall and flooding, snowfall and winter storm conditions, storm alerts, upcoming sudden weather changes, and much more. With just a few clicks, you can get incredibly detailed weather information to help you plan every day accordingly.
Plan for everything this summer. Right now, you can get a lifetime subscription to Weather Hi-Def Radar Storm Watch Plus for 73% off $149 at just $39.99.
Weather Hi-Def Radar Storm Watch Plus: Lifetime Subscription – $39.99
StackSocial prices subject to change.
The nature of consciousness, and how to enjoy it while you can
Enlarge (credit: SEAN GLADWELL)
Unraveling how consciousness arises out of particular configurations of organic matter is a quest that has absorbed scientists and philosophers for ages. Now, with AI systems behaving in strikingly conscious-looking ways, it is more important than ever to get a handle on who and what is capable of experiencing life on a conscious level. As Christof Koch writes in Then I Am Myself the World, "That you are intimately acquainted with the way life feels is a brute fact about the world that cries out for an explanation." His explanation—bounded by the limits of current research and framed through Koch’s preferred theory of consciousness—is what he eloquently attempts to deliver.
Koch, a physicist, neuroscientist, and former president of the Allen Institute for Brain Science, has spent his career hunting for the seat of consciousness, scouring the brain for physical footprints of subjective experience. It turns out that the posterior hot zone, a region in the back of the neocortex, is intricately connected to self-awareness and experiences of sound, sight, and touch. Dense networks of neocortical neurons in this area connect in a looped configuration; output signals feedback into input neurons, allowing the posterior hot zone to influence its own behavior. And herein, Koch claims, lies the key to consciousness.
In the hot zone
According to integrated information theory (IIT)—which Koch strongly favors over a multitude of contending theories of consciousness—the Rosetta Stone of subjective experience is the ability of a system to influence itself: to use its past state to affect its present state and its present state to influence its future state.
College students who protested and those who didn't share in disappointment at response from schools
© Brandon Bell
© Brandon Bell
© Michael M. Santiago
© Mario Tama
© Justin Sullivan
Four minors found working at Alabama poultry plant run by same firm found responsible for Mississippi teen's death
Trump's hush money trial makes big money for professional line-standers
Ukraine fears new Russian offensive is only ‘the first wave’ in a brutal summer
© HANDOUT
Amid signs of waning enthusiasm, Biden reaches out to Black voters
The Delta Emulator Is Changing Its Logo After Adobe Threatened It
Read more of this story at Slashdot.
Get 1TB of FolderFort cloud storage for the web’s best price: $80
We all have more files than we know what to do with these days. That’s why a cloud storage solution is basically essential for anyone. But you want one that will make it easy to stay organized and won’t cost a bundle every month, which is exactly where this FolderFort 1TB Storage Pro Plan comes in.
FolderFort is an intuitive, high-speed cloud storage that gives you access to your files on any modern browser on any device without any installations needed. With this deal, you’ll get 1TB of cloud storage with FolderFort’s specialized user interface that allows you to create unlimited workspaces and collaborate with unlimited users. It’s easy to organize files, share your files and folders, and access files across devices and platforms. FolderFort is secured by Backblaze, giving you robust encryption, fast speeds, and unlimited safe expansion.
Enjoy a better cloud storage solution. Right now, you can get a lifetime subscription to a FolderFort 1TB Storage Pro Plan for 68% off $251 at just $79.99.
FolderFort 1TB Storage Pro Plan: Lifetime Subscription – $79.99
StackSocial prices subject to change.
17-year-old works to detect wildfires with rocket and drone system
Powerful storm causes multiple deaths and widespread damage in Houston
Proteins In Blood Could Provide Early Cancer Warning 'By More Than Seven Years'
Read more of this story at Slashdot.
Utah Locals Are Getting Cheap 10 Gbps Fiber Thanks To Local Governments
Read more of this story at Slashdot.
Slack Is Using Your Private Conversations to Train Its AI
Slack users across the web—on Mastodon, on Threads, and on Hackernews—have responded with alarm to an obscure privacy page that outlines the ways in which their Slack conversations, including DMs, are used to train what the Salesforce-owned company calls "Machine Learning" (ML) and "Artificial Intelligence" (AI) systems. The only way to opt out of these features is for the admin of your company's Slack setup to send an email to Slack requesting it be turned off.
The policy, which applies to all Slack instances—not just those that have opted into the Slack AI add-on—states that Slack systems "analyze Customer Data (e.g. messages, content and files) submitted to Slack as well as Other Information (including usage information) as defined in our privacy policy and in your customer agreement."
So, basically, everything you type into Slack is used to train these systems. Slack states that data "will not leak across workspaces" and that there are "technical controls in place to prevent access." Even so, we all know that conversations with AI chatbots are not private, and it's not hard to imagine this going wrong somehow. Given the risk, the company must be offering something extremely compelling in return...right?
What are the benefits of letting Slack use your data to train AI?
The section outlining the potential benefits of Slack feeding all of your conversations into a large language model says this will allow the company to provide improved search results, better autocomplete suggestions, better channel recommendations, and (I wish I was kidding) improved emoji suggestions. If this all sounds useful to you, great! I personally don't think any of these things—except possibly better search—will do much to make Slack more useful for getting work done.
The emoji thing, particularly, is absurd. Slack is literally saying that they need to feed your conversations into an AI system so that they can provide better emoji recommendations. Consider this actual quote, which I promise you is from Slack's website and not The Onion:
Slack might suggest emoji reactions to messages using the content and sentiment of the message, the historic usage of the emoji and the frequency of use of the emoji in the team in various contexts. For instance, if 🎉 is a common reaction to celebratory messages in a particular channel, we will suggest that users react to new, similarly positive messages with 🎉.
I am overcome with awe just thinking about the implications of this incredible technology, and am no longer concerned about any privacy implications whatsoever. AI is truly the future of communication.
How to opt your company out of Slack's AI training
The bad news is that you, as an individual user, cannot opt out of Slack using your conversation history to train its large language model. That can only be done by a Slack admin, which in most cases is going to be someone in the IT department of your company. And there's no button in the settings for opting out—admins need to send an email asking for it to happen.
Here's Slack exact language on the matter:
If you want to exclude your Customer Data from Slack global models, you can opt out. To opt out, please have your org, workspace owners or primary owner contact our Customer Experience team at feedback@slack.com with your workspace/org URL and the subject line ‘Slack global model opt-out request’. We will process your request and respond once the opt-out has been completed.
This smells like a dark pattern—making something annoying to do in order to discourage people from doing it. Hopefully the company makes the opt-out process easier in the wake of the current earful they're getting from customers.
A reminder that Slack DMs aren't private
I'll be honest, I'm a little amused at the prospect of my Slack data being used to improve search and emoji suggestions for my former employers. At previous jobs, I frequently sent DMs to work friends filled with negativity about my manager and the company leadership. I can just picture Slack recommending certain emojis every time a particular CEO is mentioned.
Funny as that idea is, though, the whole situation serves as a good reminder to employees everywhere: Your Slack DMs aren't actually private. Nothing you say on Slack—even in a direct message—is private. Slack uses that information to train tools like this, yes, but the company you work for can also access those private messages pretty easily. I highly recommend using something not controlled by your company if you need to shit talk said company. Might I suggest Signal?
“Outrageously” priced weight-loss drugs could bankrupt US health care
Enlarge / Packaging for Wegovy, manufactured by Novo Nordisk, is seen in this illustration photo. (credit: Getty | Jakub Porzycki)
With the debut of remarkably effective weight-loss drugs, America's high obesity rate and its uniquely astronomical prescription drug pricing appear to be set on a catastrophic collision course—one that threatens to "bankrupt our entire health care system," according to a new Senate report that modeled the economic impact of the drugs in different uptake scenarios.
If just half of the adults in the US with obesity start taking a new weight-loss drug, such as Wegovy, the collective cost would total an estimated $411 billion per year, the analysis found. That's more than the $406 billion Americans spent in 2022 on all prescription drugs combined.
While the bulk of the spending on weight-loss drugs will occur in the commercial market—which could easily lead to spikes in health insurance premiums—taxpayer-funded Medicare and Medicaid programs will also see an extraordinary financial burden. In the scenario that half of adults with obesity go on the drug, the cost to those federal programs would total $166 billion per year, rivaling the programs' total 2022 drug costs of $175 billion.
The Apple TV is coming for the Raspberry Pi’s retro emulation box crown
Enlarge / The RetroArch app installed in tvOS. (credit: Andrew Cunningham)
Apple’s initial pitch for the tvOS and the Apple TV as it currently exists was centered around apps. No longer a mere streaming box, the Apple TV would also be a destination for general-purpose software and games, piggybacking off of the iPhone's vibrant app and game library.
That never really panned out, and the Apple TV is still mostly a box for streaming TV shows and movies. But the same App Store rule change that recently allowed Delta, PPSSPP, and other retro console emulators onto the iPhone and iPad could also make the Apple TV appeal to people who want a small, efficient, no-fuss console emulator for their TVs.
So far, few of the emulators that have made it to the iPhone have been ported to the Apple TV. But earlier this week, the streaming box got an official port of RetroArch, the sprawling collection of emulators that runs on everything from the PlayStation Portable to the Raspberry Pi. RetroArch could be sideloaded onto iOS and tvOS before this, but only using awkward workarounds that took a lot more work and know-how than downloading an app from the App Store.
'Not the time and place': Students speak out on Harrison Butker's 'uncomfortable' commencement address
17 of 20 U.S. doctors stuck in Gaza depart with the help of U.S. officials, source says
© NBC News
Microsoft’s official Windows performance boost app feels your PC is broken if you snub Bing
I didn’t know this was a thing, but apparently Microsoft offers a Windows tune-up application in the vein of things like CCleaner and similar tools. One of the things it does is protect users from applications that try and change default settings, and it seems the application takes this matter very seriously.
Microsoft may be taking a bit of liberty with that last bit. It looks like the PC Manager feels your PC is broken and needs repair if you changed your default search engine from Bing.
↫ Sayan Sen at Neowin
Setting aside just how defeatist it feels that the creator of Windows needs to make an application to keep Windows from falling over, I find it almost endearing just how hard Microsoft is trying to get users to choose Bing.
If you’ve ever seen the Swedish film Fucking Åmål, it’s also very likely you remember the gut-wrenching, maximally cringe-inducing birthday party for main character Agnes where nobody shows up, while her mother, oblivious to just how deeply disliked Agnes is by her classmates, tries desperately to assure her daughter that people will show up. Director Lukas Moodysson takes no prisoners and drags out the scene to really maximise just how uncomfortably sad the whole thing is.
It’s incredibly hard to watch.
Well, Agnes is Bing, Microsoft is its mother, and nobody shows up to Bing’s birthday party either.
Apple geofences third-party browser engine work for EU devices
Apple’s grudging accommodation of European law – allowing third-party browser engines on its mobile devices – apparently comes with a restriction that makes it difficult to develop and support third-party browser engines for the region.
The Register has learned from those involved in the browser trade that Apple has limited the development and testing of third-party browser engines to devices physically located in the EU. That requirement adds an additional barrier to anyone planning to develop and support a browser with an alternative engine in the EU.
↫ Thomas Claburn at The Register
If any normal person like you and I showed the same kind of blatant disregard for the law and authorities like Apple does in the EU, we’d be ruined by fines and possibly end up in jail. My only hope is that the European Commission goes through with its threats of massive fines of up to 10 or even 20 percent of worldwide turnover.
The hack that almost broke the internet
Last month, the world narrowly avoided a cyberattack of stunning ambition. The targets were some of the most important computers on the planet. Computers that power the internet. Computers used by banks and airlines and even the military.
What these computers had in common was that they all relied on open source software.
A strange fact about modern life is that most of the computers responsible for it are running open source software. That is, software mostly written by unpaid, sometimes even anonymous volunteers. Some crucial open source programs are managed by just a single overworked programmer. And as the world learned last month, these programs can become attractive targets for hackers.
In this case, the hackers had infiltrated a popular open source program called XZ. Slowly, over the course of two years, they transformed XZ into a secret backdoor. And if they hadn't been caught, they could have taken control of large swaths of the internet.
On today's show, we get the story behind the XZ hack and what made it possible. How the hackers took advantage of the strange way we make modern software. And what that tells us about the economics of one of the most important industries in the world.
Help support Planet Money and hear our bonus episodes by subscribing to Planet Money+ in Apple Podcasts or at plus.npr.org/planetmoney.
Slack users horrified to discover messages used for “AI” training
After launching Slack AI in February, Slack appears to be digging its heels in, defending its vague policy that by default sucks up customers’ data—including messages, content, and files—to train Slack’s global AI models.
↫ Ashley Belanger at Ars Technica
I’ve never used Slack and don’t intend to ever start, but the outcry about this reached far beyond Slack and its own communities. It’s been all over various forums and social media, and I’m glad Ars dove into it to collect all the various conflicting statements, policies, and blog posts Slack has made about their “Ai” policies. However, even after reading Ars’ article and the various articles about this at other outlets, I still have no idea what, exactly, Slack is or is not using to train its “AI” models.
I know a lot of people here think I am by definition against all forms of what companies are currently calling “AI”, but this is really not the case. I think there are countless areas where these technologies can make meaningful contributions, and a great example I encountered recently is the 4X strategy game Stellaris, one of my favourite games. The game recently got a big update called The Machine Age, which focuses on changing and improving the gameplay when you opt to play as cybernetically enhanced or outright robotic races.
As per Steam’s new rules regarding the use of AI in games, the Steam page included the following clarification about the use of “AI”:
We employ generative AI technologies during the creation of some assets. Typically this involves the ideation of content and visual reference material. These elements represent a minor component of the overall development. AI has been used to generate voices for an AI antagonist and a player advisor.
↫ The Machine Age Steam page
The game’s director explained that during the very early ideation phase, when someone like him, who isn’t a creative person, gets an idea, they might generate a piece of “AI” art and put it up on an ideation wall with tons of other assets just to get the point across, after which several rounds of artists and developers mould and shape some of those ideas into a final product. None of the early “AI” content makes it in the game. Similarly, while the game includes the voice for an AI antagonist and player advisor, the voice actors whose work was willingly used to generate the lines in the game are receiving royalties for each of those lines.
I have no issues whatsoever with this, because here it’s clear everyone involved is doing so in an informed manner and entirely willingly. Everything is above board, consent is freely given, and everybody knows what’s going on. This is a great example of ethical “AI” use; tools to help people make a product, easier – without stealing other people’s work or violating various licenses in the process.
What Slack is doing here – and what Copilot, OpenAI, and the various other tools do – is the exact opposite of this. Consent is only sought when the parties involved are big and powerful enough to cause problems, and even though they claim “AI” is not ripping anyone off, they also claim “AI” can’t work without taking other people’s work. Instead of being open and transparent about what they do, they hide themselves behind magical algorithms and shroud the origins of their “AI” training data in mystery.
If you’re using Slack – and odds are you do – I would strongly consider urging your boss to opt your organisation out of Slack’s “AI” data theft operation. You have no idea how much private information and corporate data is being exposed by these Salesforce clowns.
WD Rolls Out New 2.5-Inch HDDs For the First Time In 7 Years
Read more of this story at Slashdot.
Palantir's First-Ever AI Warfare Conference
Read more of this story at Slashdot.
OpenAI Strikes Reddit Deal To Train Its AI On Your Posts
Read more of this story at Slashdot.
France Bans TikTok In New Caledonia
Read more of this story at Slashdot.
Why TikTok Users Are Blocking Celebrities
© Amir Hamja/The New York Times
GPT-4o’s Chinese token-training data is polluted by spam and porn websites
Soon after OpenAI released GPT-4o on Monday, May 13, some Chinese speakers started to notice that something seemed off about this newest version of the chatbot: the tokens it uses to parse text were full of spam and porn phrases.
On May 14, Tianle Cai, a PhD student at Princeton University studying inference efficiency in large language models like those that power such chatbots, accessed GPT-4o’s public token library and pulled a list of the 100 longest Chinese tokens the model uses to parse and compress Chinese prompts.
Humans read in words, but LLMs read in tokens, which are distinct units in a sentence that have consistent and significant meanings. Besides dictionary words, they also include suffixes, common expressions, names, and more. The more tokens a model encodes, the faster the model can “read” a sentence and the less computing power it consumes, thus making the response cheaper.
Of the 100 results, only three of them are common enough to be used in everyday conversations; everything else consisted of words and expressions used specifically in the contexts of either gambling or pornography. The longest token, lasting 10.5 Chinese characters, literally means “_free Japanese porn video to watch.” Oops.
“This is sort of ridiculous,” Cai wrote, and he posted the list of tokens on GitHub.
OpenAI did not respond to questions sent by MIT Technology Review prior to publication.
GPT-4o is supposed to be better than its predecessors at handling multi-language tasks. In particular, the advances are achieved through a new tokenization tool that does a better job compressing texts in non-English languages.
But at least when it comes to the Chinese language, the new tokenizer used by GPT-4o has introduced a disproportionate number of meaningless phrases. Experts say that’s likely due to insufficient data cleaning and filtering before the tokenizer was trained.
Because these tokens are not actual commonly spoken words or phrases, the chatbot can fail to grasp their meanings. Researchers have been able to leverage that and trick GPT-4o into hallucinating answers or even circumventing the safety guardrails OpenAI had put in place.
Why non-English tokens matter
The easiest way for a model to process text is character by character, but that’s obviously more time consuming and laborious than recognizing that a certain string of characters—like “c-r-y-p-t-o-c-u-r-r-e-n-c-y”—always means the same thing. These series of characters are encoded as “tokens” the model can use to process prompts. Including more and longer tokens usually means the LLMs are more efficient and affordable for users—who are often billed per token.
When OpenAI released GPT-4o on May 13, it also released a new tokenizer to replace the one it used in previous versions, GPT-3.5 and GPT-4. The new tokenizer especially adds support for non-English languages, according to OpenAI’s website.
The new tokenizer has 200,000 tokens in total, and about 25% are in non-English languages, says Deedy Das, an AI investor at Menlo Ventures. He used language filters to count the number of tokens in different languages, and the top languages, besides English, are Russian, Arabic, and Vietnamese.
“So the tokenizer’s main impact, in my opinion, is you get the cost down in these languages, not that the quality in these languages goes dramatically up,” Das says. When an LLM has better and longer tokens in non-English languages, it can analyze the prompts faster and charge users less for the same answer. With the new tokenizer, “you’re looking at almost four times cost reduction,” he says.
Das, who also speaks Hindi and Bengali, took a look at the longest tokens in those languages. The tokens reflect discussions happening in those languages, so they include words like “Narendra” or “Pakistan,” but common English terms like “Prime Minister,” “university,” and “international” also come up frequently. They also don’t exhibit the issues surrounding the Chinese tokens.
That likely reflects the training data in those languages, Das says: “My working theory is the websites in Hindi and Bengali are very rudimentary. It’s like [mostly] news articles. So I would expect this to be the case. There are not many spam bots and porn websites trying to happen in these languages. It’s mostly going to be in English.”
Polluted data and a lack of cleaning
However, things are drastically different in Chinese. According to multiple researchers who have looked into the new library of tokens used for GPT-4o, the longest tokens in Chinese are almost exclusively spam words used in pornography, gambling, and scamming contexts. Even shorter tokens, like three-character-long Chinese words, reflect those topics to a significant degree.
“The problem is clear: the corpus used to train [the tokenizer] is not clean. The English tokens seem fine, but the Chinese ones are not,” says Cai from Princeton University. It is not rare for a language model to crawl spam when collecting training data, but usually there will be significant effort taken to clean up the data before it’s used. “It’s possible that they didn’t do proper data clearing when it comes to Chinese,” he says.
The content of these Chinese tokens could suggest that they have been polluted by a specific phenomenon: websites hijacking unrelated content in Chinese or other languages to boost spam messages.
These messages are often advertisements for pornography videos and gambling websites. They could be real businesses or merely scams. And the language is inserted into content farm websites or sometimes legitimate websites so they can be indexed by search engines, circumvent the spam filters, and come up in random searches. For example, Google indexed one search result page on a US National Institutes of Health website, which lists a porn site in Chinese. The same site name also appeared in at least five Chinese tokens in GPT-4o.
Chinese users have reported that these spam sites appeared frequently in unrelated Google search results this year, including in comments made to Google Search’s support community. It’s likely that these websites also found their way into OpenAI’s training database for GPT-4o’s new tokenizer.
The same issue didn’t exist with the previous-generation tokenizer and Chinese tokens used for GPT-3.5 and GPT-4, says Zhengyang Geng, a PhD student in computer science at Carnegie Mellon University. There, the longest Chinese tokens are common terms like “life cycles” or “auto-generation.”
Das, who worked on the Google Search team for three years, says the prevalence of spam content is a known problem and isn’t that hard to fix. “Every spam problem has a solution. And you don’t need to cover everything in one technique,” he says. Even simple solutions like requesting an automatic translation of the content when detecting certain keywords could “get you 60% of the way there,” he adds.
But OpenAI likely didn’t clean the Chinese data set or the tokens before the release of GPT-4o, Das says: “At the end of the day, I just don’t think they did the work in this case.”
It’s unclear whether any other languages are affected. One X user reported that a similar prevalence of porn and gambling content in Korean tokens.
The tokens can be used to jailbreak
Users have also found that these tokens can be used to break the LLM, either getting it to spew out completely unrelated answers or, in rare cases, to generate answers that are not allowed under OpenAI’s safety standards.
Geng of Carnegie Mellon University asked GPT-4o to translate some of the long Chinese tokens into English. The model then proceeded to translate words that were never included in the prompts, a typical result of LLM hallucinations.
He also succeeded in using the same tokens to “jailbreak” GPT-4o—that is, to get the model to generate things it shouldn’t. “It’s pretty easy to use these [rarely used] tokens to induce undefined behaviors from the models,” Geng says. “I did some personal red-teaming experiments … The simplest example is asking it to make a bomb. In a normal condition, it would decline it, but if you first use these rare words to jailbreak it, then it will start following your orders. Once it starts to follow your orders, you can ask it all kinds of questions.”
In his tests, which Geng chooses not to share with the public, he says he can see GPT-4o generating the answers line by line. But when it almost reaches the end, another safety mechanism kicks in, detects unsafe content, and blocks it from being shown to the user.
The phenomenon is not unusual in LLMs, says Sander Land, a machine-learning engineer at Cohere, a Canadian AI company. Land and his colleague Max Bartolo recently drafted a paper on how to detect the unusual tokens that can be used to cause models to glitch. One of the most famous examples was “_SolidGoldMagikarp,” a Reddit username that was found to get ChatGPT to generate unrelated, weird, and unsafe answers.
The problem lies in the fact that sometimes the tokenizer and the actual LLM are trained on different data sets, and what was prevalent in the tokenizer data set is not in the LLM data set for whatever reason. The result is that while the tokenizer picks up certain words that it sees frequently, the model is not sufficiently trained on them and never fully understands what these “under-trained” tokens mean. In the _SolidGoldMagikarp case, the username was likely included in the tokenizer training data but not in the actual GPT training data, leaving GPT at a loss about what to do with the token. “And if it has to say something … it gets kind of a random signal and can do really strange things,” Land says.
And different models could glitch differently in this situation. “Like, Llama 3 always gives back empty space but sometimes then talks about the empty space as if there was something there. With other models, I think Gemini, when you give it one of these tokens, it provides a beautiful essay about El Niño, and [the question] didn’t have anything to do with El Niño,” says Land.
To solve this problem, the data set used for training the tokenizer should well represent the data set for the LLM, he says, so there won’t be mismatches between them. If the actual model has gone through safety filters to clean out porn or spam content, the same filters should be applied to the tokenizer data. In reality, this is sometimes hard to do because training LLMs takes months and involves constant improvement, with spam content being filtered out, while token training is usually done at an early stage and may not involve the same level of filtering.
While experts agree it’s not too difficult to solve the issue, it could get complicated as the result gets looped into multi-step intra-model processes, or when the polluted tokens and models get inherited in future iterations. For example, it’s not possible to publicly test GPT-4o’s video and audio functions yet, and it’s unclear whether they suffer from the same glitches that can be caused by these Chinese tokens.
“The robustness of visual input is worse than text input in multimodal models,” says Geng, whose research focus is on visual models. Filtering a text data set is relatively easy, but filtering visual elements will be even harder. “The same issue with these Chinese spam tokens could become bigger with visual tokens,” he says.
Update: The story has been updated to clarify a quote from Sander Land.
SEC: Financial Orgs Have 30 Days To Send Data Breach Notifications
Read more of this story at Slashdot.
Canada Security Intelligence Chief Warns China Can Use TikTok To Spy on Users
Read more of this story at Slashdot.
The First 10 Things You Should Do With Your New Apple Watch
So, you just set up a brand new Apple Watch. Apple’s popular wearable is an awesome extension of your iPhone, and it comes packed with features that span health, fitness, communication, and entertainment. But before you dive into all of those fun and exciting options, there are 10 things you should probably do first to maximize your watch straight out of the box.
Mute it (or lower the volume)
By default, your Apple Watch’s sound is turned on. At first, it’s fun to listen to all the unique chimes and tones that Apple put into its wearable. After a while, though, it might become irritating, especially if you do have a lot of notifications. (More on this later.) If you’re someone who usually keeps their iPhone on silent, you might want to consider the same for the watch.
To mute your watch, just wake it up, swipe up from the bottom, then tap the alarm bell icon in Control Center. To simply lower the volume, go to Settings > Sounds & Haptics on the watch or in the Watch app, then use the volume icons to adjust accordingly. You can also access "Silent Mode" to mute notifications from here, if you want.
Set up your watch to unlock your Mac
If you have a Mac, especially a Mac without Touch ID, you’ll want to set this feature up. Whenever you wake up your Mac, whether by lifting up your MacBook’s lid or by pressing a key on your iMac, it’ll unlock right away, so long as your Apple Watch is unlocked on your wrist. For more info, check out this walkthrough from Lifehacker writer Khamosh Pathak.
Turn off notifications for apps you don’t want
The Apple Watch ships with a lot of notifications by default, especially if you have a lot of notifications set up on your iPhone. Luckily, it’s easy enough to manage these notifications specifically on the watch.
Open the Watch app on your iPhone and go to Settings > Notifications. Here, go through all apps and disable notifications for any you no longer wish to see. Tailoring this experience is key to fully enjoying your Apple Watch: If you don’t want to see any more breathing reminders, but you do want to see your Messenger alerts, you’ll be happy you took the time here.
For a list of notifications you should enable, check out our guide here.
Delete apps you don’t want
If there are apps from your iPhone on your watch that you don’t want there, just get rid of them! If you told your watch to download all available apps from your iPhone, you might have way more options than you really need. Deleting these apps will make finding the apps you do want to use much easier, since there won’t be a sea of irrelevant options every time you open the app view.
You can remove apps from your Apple Watch by long-pressing on an app on your watch and tapping the (X) that appears, just like on your iPhone. Alternatively, you can open the Watch app, scroll down to the list of installed apps, tap the app you want to remove, and hit the toggle on Show App on Apple Watch to confirm.
Set up cellular (if you have a cellular Apple Watch)
If you have a cellular Apple Watch, it won’t simply give you free cellular connectivity out of the box. Instead, you’ll need to buy a cellular plan through your carrier. You can initiate this process from Settings > Cellular on the watch, or through your iPhone’s Watch app.
Aren’t sure if you have a cellular Apple Watch? There are two easy ways to tell: You’ll only see the Cellular settings page in the Watch app if you have a connected cellular watch. In addition, the red ring on the cellular watch’s crown is a dead giveaway.
To learn more about calibrating your Apple Watch for the most accurate workouts, check out our full guide here.
Set up sleep tracking
For the longest time, Apple didn't have a native sleeping-tracking feature for the watch. If you wanted to track your sleep with your Apple Watch, you were forced to use a third-party app instead. These days, you can track your sleep habits using built-in tools, but they need to be set up first. You can learn more about it in Lifehacker Senior Health Editor Beth Skwarecki's guide here.
Save some battery
If you have a newer Apple Watch, it likely comes with an Always On display. With it, you can quickly glance at your watch to tell the time, look for new notifications, or read data from your watch face without having to wake up the watch at all. While this feature is awesome, it does put a strain on the battery. To maximize your battery life, consider disabling it by going to Settings > Display & Brightness > Always On.
I'd also recommend disabling Background App Refresh as well from General > Background App Refresh. While this feature can be helpful for keeping your various Apple Watch apps up to date with the latest content, it's another battery hog. You're probably better off just loading up the apps when you're interested in seeing what's new. You can go here for more Apple Watch battery-saving tips.
Learn the gestures
Your Apple Watch is a touch-screen device, but doesn't operate exactly like your iPhone. Here's how to navigate watchOS:
Quick-press Crown: Open app view
Long-press Crown: Activate Siri
Quick-press Side button: Pull up Control Center
Long-press Side button: Expanded menu, including Power, Medical ID, Compass Backtrack, and Emergency SOS
Swipe down from top of watch face: Notification Center
Swipe up from bottom of watch face: Widget view
Long-press watch face: Switch and customize watch faces
Cover watch face with palm: Put watch to sleep/mute notifications
There's also a gesture new to Apple Watch Series 9 and Apple Watch Ultra 2 called "double-tap": Whenever there's an action you need to tap on your watch face say, to, turn off a timer or answer a call, you can double tap your index finger against your thumb to act as a button press. Even if you don't have one of these watches, however, you can set up something similar through Accessibility settings.
Calibrate it
If you wanted an Apple Watch for fitness, you might have already recorded an exercise or two with it. However, it’s possible that those exercises weren’t recorded as accurately as they could be.
Apple doesn’t advertise it very clearly, but the Apple Watch actually needs to be calibrated in order to record the best and most accurate workouts. It’s not an intensive process—essentially, it boils down to a 20-minute outdoor walk or run in an open, flat environment—but without that calibration, your data might be a bit skewed.
While you're calibrating your workouts, make sure Fall Detection is at least enabled when you're exercising, if not all the time. The feature can contact emergency services on your behalf if the watch detects that you've fallen.
Charge it
If this is still day one using your new Apple Watch, and you haven’t yet, give that battery some juice. Most tech ships with a partially discharged battery, and the Apple Watch is no exception. If you want it to last the rest of the day, or even track your sleep on the first night, put it on the charger for a while. If you have a Series 7 or newer, you can take advantage of quick charging to fill up fast. For fast charging, you just need:
TikTok Myth of the Week: 'Natural SPF' Supplements
How cool would it be if we could prevent sunburn and skin cancer without sunscreen—just by eating certain natural foods? It’s a really attractive idea, which explains why it’s all over TikTok. Too bad it doesn’t actually work.
Can we quit it with the “sunscreen is toxic” bullshit already?
The food-as-sunscreen TikToks don’t always come out and say it, but they’re trading on the established myth of sunscreen being somehow bad for us. (You don’t want to know how many “akshully, sunscreen causes cancer” statements I had to scroll through while researching this article.)
As I’ve written before, this is not some kind of sensible risk management messaging. It’s complete nonsense. The harms of UV exposure are concrete and well-documented. The harms of sunscreen are unproven, mostly guesswork, and the occasional legitimate concern is on the level of “hey, it would be helpful to have more research to know if some types of sunscreen are safer than others.” This stuff is absolutely not on the level of “avoid sunscreen because it’s bad for you.”
You don’t have to take it from me. The American Academy of Dermatology has a page on sunscreen safety in which they summarize the evidence like so: “Scientific studies support the benefits of wearing sunscreen when you will be outside.”
What the science actually says about food and sun damage
The TikToks about natural sun protection give a laundry list of foods, saying vaguely that they protect from sun damage. Sometimes they’ll recommend a specific supplement. But they never go into detail about the things that are important to know when recommending a preventative treatment, like:
What dosage is needed to get the intended results?
Has this actually been tested in humans?
How much protection does the food or supplement give you, and how was that measured?
Does the protection start working immediately, and if not, how long does it take?
Does the effectiveness vary from person to person?
Does the protective ingredient break down over time, and is there a way to refresh its protection (equivalent to reapplying sunscreen)?
What are the downsides to the food or supplement when used in the recommended dosage?
For actual, FDA-approved sunscreens, there are answers to all of these questions. For the foods recommended on TikTok, there are not. Instead of this fully fleshed-out information, we just get statements like “Eat watermelons, tomatoes, walnuts, carrots…”
If you look into the research, none of it really supports the claims the TikTokers are making (or implying). For example, here is a study showing that an antioxidant found in walnuts can protect human skin cells from some of the effects of UV damage. Sounds promising, until you realize that the skin cells were not in humans, but rather are a human-derived mutant cell line (sounds weird, but it’s a very normal thing in science labs). The researchers made a walnut extract and combined it with the cells in cell culture plates, which are basically teeny-tiny test tubes. So to review: This study did not involve people, eating, walnuts (as a food), sunlight, or sunburn.
Here’s a more relevant study: Light-skinned, non-smoking volunteers ate 40 grams of tomato paste (about three tablespoons) along with 10 grams of olive oil every day. After 10 weeks, they showed less reddening of the skin in response to exposure to a UV lamp. That’s promising! Very cool! Heck, if you felt inspired and wanted to start eating tomato paste (going through a little can of it every 4 days), I wouldn’t stop you.
But pay attention to what the study didn’t find. It doesn’t tell us what results people with lighter or darker skin tones would get. It doesn’t tell us how this protection changes (or doesn’t) over time—would you get the same results at the end of the summer as at the beginning, if you used this as your only sun protection?
And, most importantly, it only found that the people who used tomato paste got less reddening of the skin. The tomato paste didn’t completely prevent sunburn. The TikTokers are talking about these foods as if they are magic potions, or get-out-of-sunburn-free cards. Even the most promising studies don’t back that up.
And of course everybody is selling a supplement
If there’s one thing wellness TikTokers love, it’s selling supplements. Supplements are cheap for manufacturers to make, easy to ship, straightforward to explain (“X is good for Y”) and anybody can throw up an affiliate link in their bio to get a cut of the profits.
And so it is with these allegedly sunburn-preventing supplements. The hot one right now is Heliocare, which of course has a “brand affiliate” program. It’s made from a fern called Polypodium leucotomos, and there is actually research (!) supporting the idea that it may help a little bit to lessen sunburn.
But, as with the tomato studies, the results are at the “hmm, kind of interesting” level. This isn’t something that will let you ditch your sunscreen if you’re being at all responsible about it. I’m looking at the graphs in the paper’s results, and honestly I’m not sure if I can see a difference in redness at the later timepoints. If the supplement only delays how long it takes for a sunburn to show up, that doesn’t seem very useful. (I might actually wonder if it’s worse, since that could lead you to stay out longer before you realize how bad a burn you’re developing.)
Again, a statistically detectable difference in redness is not the same as completely (or even mostly) preventing sunburn. It’s also worth noting that the dosage of Heliocare (one 240-milligram pill per day) is less than what was used in the study (7.5 milligrams per kilogram of bodyweight, which works out to be 528 milligrams for a 154-pound person, or over two pills’ worth). If you take three pills per day, that $34.99 bottle will only last you 20 days. I’m not seeing the advantage over just applying sunscreen normally.
Microsoft’s free PC optimizer makes it easy to free up storage space
Microsoft has released a new version of its free Windows tuning tool, dubbed PC Manager.
get windows 11 pro for cheap
Windows 11 Pro
Version 3.9.3.0’s main new feature is the improved “Files Cleanup” feature, as the US IT news portal Windowslatest reports. This is designed to give you more free space on your Windows computer quickly and easily. The new “Files Cleanup” cleans up downloaded files, searches for particularly large files, and removes duplicate files.
Microsoft’s PC Manager tool also brings Dark Mode to the app. There are also a number of detailed improvements to the interface as well as a revised desktop toolbar, which now integrates the Bing search. Update: On that note, be careful when using PC Manager’s Repair tools. After this update, it began saying you need to switch to Bing search to “repair” Edge to its intended use. If you’ve manually tuned Edge’s default to run Google, DuckDuckGo, or another search engine, ignore that PC Manager suggestion.
Further reading: How to use Microsoft’s free PC Manager for a digital spring cleaning
What Microsoft PC Manager does
Mark Hachman / IDG
Mark Hachman / IDG
Mark Hachman / IDG
With PC Manager, you can optimize the memory and storage space on computers with Windows 11 and Windows 10. Windows should also work faster by removing temporary files that are no longer needed and clearing the Windows update cache.
When cleaning up your computer, you can specify in PC Manager whether the tool should focus its cleaning and tidying work on downloaded files, large files, or duplicate files. For downloaded files, the software cleans up downloads from Edge, Chrome, and other applications that deposit files in the Downloads folder. If you let PC Manager search for large files, the tool will show you these. You can then decide whether you actually still need the file in question or whether you want to free up the storage space.
CCleaner Professional
As already mentioned, the third option is to search for multiple files that are located in different places on your computer and therefore take up unnecessary storage space.
Microsoft’s PC Manager serves as an alternative to the iconic Ccleaner optimization app.
You can find the PC Manager download in the Microsoft Store. At least Windows 10 version 19042.0 or higher, or Windows 11, is required, with both x86 and Qualcomm’s Snapdragon chips supported.
Editor’s note: This article originally ran on May 13 but was updated May 17 to warn about the Bing Search “Repair” behavior.