A horrifying new AI app swaps women into porn videos with a click

The website is eye-catching for its simplicity. Against a white backdrop, a giant blue button invites visitors to upload a picture of a face. Below the button, four AI-generated faces allow you to test the service. Above it, the tag line boldly proclaims the purpose: turn anyone into a porn star by using deepfake technology to swap the person’s face into an adult video. All it requires is the picture and the push of a button.

MIT Technology Review has chosen not to name the service, which we will call Y, or use any direct quotes and screenshots of its contents, to avoid driving traffic to the site. It was discovered and brought to our attention by deepfake researcher Henry Ajder, who has been tracking the evolution and rise of synthetic media online.

¿Qué es peor: un sistema de reconocimiento facial que no funciona o uno que sí lo hace?

La semana pasada, el portal América Transparente publicó un reportaje realizado por María Fernanda Leiva y Tamara Silva, donde se denuncia una inversión millonaria realizada por dos municipalidades del sector oriente de la ciudad de Santiago de Chile por un sistema de reconocimiento facial que no funciona.

En total, la investigación consigna el pago de USD $582.880 (aproximadamente 390 millones de pesos chilenos) por el software de la empresa francesa INDEMIA, uno de los principales proveedores de esta tecnología en la región. Del total, la comuna de Las Condes habría aportado USD $517.880 y Lo Barnechea USD $65.000.

By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

The UpGuard Research team can now disclose multiple data leaks resulting from Microsoft Power Apps portals configured to allow public access – a new vector of data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses. UpGuard notified 47 entities of exposures involving personal information, including governmental bodies like Indiana, Maryland, and New York City, and private companies like American Airlines, J.B. Hunt, and Microsoft, for a total of 38 million records across all portals. This research presents an example of a larger theme, which is how to manage third-party risks (and exposures) posed by platforms that don’t slot neatly into vulnerability disclosure programs as we know them today, but still present as security issues.

What Does It Actually Mean When a Company Says, “We Do Not Sell Your Data”?

You’ve likely run into this claim from tech giants before: “We do not sell your personal data.” 

Companies from Facebook to Google to Twitter repeat versions of this statement in their privacy policies, public statements, and congressional testimony. And when taken very literally, the promise is true: Despite gathering masses of personal data on their users and converting that data into billions of dollars in profits, these tech giants do not directly sell their users’ information the same way data brokers directly sell data in bulk to advertisers.

Apple taking pause after civil society calls to shelve on-device image hash scanning

Apple confirmed it would “take additional time over the coming months to collect input and make improvements” before releasing features it announced in August that raised serious privacy concerns among activists, technologists, and even Apple’s own employees.

Designed with the intention to combat distribution of child sexual abuse material (CSAM), one of the planned features would have introduced a system for comparing the hashes of all images set to be uploaded to iCloud against a database of hashes for known CSAM, stored in the device operating system.

Netherlands: Mass Damage & Consumer Foundation files €6 billion claim against TikTok

The Mass Damage & Consumer Foundation announced, on 7 September 2021, that it had started a collective action against TikTok Inc. for its violations of the fundamental rights of consumers in the Netherlands on a large scale. In particular, the Foundation noted that through the collective action, it seeks to stand up for all users of TikTok, not just minors, and that it was seeking the Amsterdam Court to order TikTok to pay more than €6 billion.

Comissão aprova proposta que insere proteção de dados pessoais na Constituição

Fonte: Agência Câmara de Notícias

A Comissão Especial sobre Dados Pessoais aprovou a Proposta de Emenda à Constituição (PEC) 17/19, que que insere a proteção de dados, incluindo os digitalizados, na lista de garantias individuais da Constituição.

O texto aprovado foi um substitutivo apresentado pelo relator, deputado Orlando Silva (PCdoB-SP). A proposta segue agora para o Plenário, onde precisa ser votada em dois turnos.

Além de incluir a proteção de dados pessoais como garantia constitucional, a proposta também insere na Constituição o órgão responsável por regular o setor, com as mesmas atribuições das agências reguladoras.

Ao justificar a aprovação do texto, Orlando Silva considerou a proteção de dados pessoais um direito fundamental de qualquer pessoa e deu como exemplo a União Europeia, que incluiu a “proteção dos dados de caráter pessoal” em sua Carta de Direitos Fundamentais.

A PEC determina ainda que compete privativamente à União legislar sobre o assunto, uma maneira de acabar com o risco de insegurança jurídica causado por eventual aprovação de legislações estaduais e municipais sobre o assunto.

O texto de Orlando Silva também acrescenta na Constituição o órgão regulador do setor. De acordo com a PEC, este órgão regulador será uma “entidade independente, integrante da administração pública federal indireta, submetida a regime autárquico especial”.

A presidente da comissão, deputada Bruna Furlan (PSDB-SP), comemorou a aprovação da proposta e destacou o apoio de deputados de diversos partidos e correntes ideológicas.

A Autoridade Nacional de Proteção de Dados (ANPD) foi criada no ano passado por meio da Medida Provisória 869/18.

Orlando Silva criticou o fato de o órgão não ter sido instalado até hoje. “Nossa expectativa é que o governo ande mais rápido, para que a autoridade regule os aspectos não tratados na Legislação”, disse.

A Lei Geral de Proteção dos Dados Pessoais, aprovada no ano passado, deve entrar em vigor em agosto de 2020, com sanções para quem compartilhar dados sem autorização.

Study finds growing government use of sensitive data to ‘nudge’ behaviour

A new form of “influence government”, which uses sensitive personal data to craft campaigns aimed at altering behaviour has been “supercharged” by the rise of big tech firms, researchers have warned.

National and local governments have turned to targeted advertisements on search engines and social media platforms to try to “nudge” the behaviour of the country at large, the academics found.

“While it’s usually good for the government to achieve goals like reducing house fires or preventing cybercrime, Collier and his colleagues warn that the rise of “influence government” could cause harm. Not only does it encourage departments to play fast and loose with personal data – using notes from an interview under caution to build a profile of a typical cybercriminal, for instance – it can also focus negative attention on vulnerable and disadvantaged groups in ways that could be counterproductive.”

Beijing drafts rules to rein in the algorithms used by Big Tech to push videos and popular apps in widespread crackdown

China’s internet watchdog has drafted new rules to rein in the algorithms that technology companies like ByteDance and Tencent Holdings use to recommend videos and popular apps, in a widespread crackdown that set off the unintended consequence of snaring several celebrities, causing the Chinese star Zhao Wei’s presence to be scrubbed from the internet.

The Cyberspace Administration of China (CAC), which released the 30-point draft proposal on Friday, is soliciting public feedback until September 26. The new rules will “regulate algorithm-empowered recommendation activities on the internet” – including content aggregation, personalised recommendation and search rankings – amid Beijing’s efforts to redirect people’s attention to online content that the state deems fit for broad public consumption.

This is the real story of the Afghan biometric databases abandoned to the Taliban

As the Taliban swept through Afghanistan in mid-August, declaring the end of two decades of war, reports quickly circulated that they had also captured US military biometric devices used to collect data such as iris scans, fingerprints, and facial images.Some feared that the machines, known as HIIDE, could be used to help identify Afghans who had supported coalition forces.

According to experts speaking to MIT Technology Review, however, these devices actually provide only limited access to biometric data, which is held remotely on secure servers. But our reporting shows that there is a greater threat from Afghan government databases containing sensitive personal information that could be used to identify millions of people around the country.