Dyslexic Privacy & Foss advocate, and Linux user.

Ace 🖤🩶🤍💜

Anti Commercial-AI license (CC BY-NC-SA 4.0)

  • 15 Posts
  • 546 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle











  • However, to process more sophisticated requests, Apple Intelligence needs to be able to enlist help from larger, more complex models in the cloud. For these cloud requests to live up to the security and privacy guarantees that our users expect from our devices, the traditional cloud service security model isn’t a viable starting point. Instead, we need to bring our industry-leading device security model, for the first time ever, to the cloud.

    As stated above, Private cloud compute has nothing to do with the OS level AI itself. ರ⁠_⁠ರ That’s in the cloud not on device.

    While we’re publishing the binary images of every production PCC build, to further aid research we will periodically also publish a subset of the security-critical PCC source code.

    As stated here, it still has the same issue of not being 100% verifiable, they only publish a few code snippets they deam “security-critical”, it doesn’t allow us to verify the handling of user data.

    • It’s difficult to provide runtime transparency for AI in the cloud.
      Cloud AI services are opaque: providers do not typically specify details of the software stack they are using to run their services, and those details are often considered proprietary. Even if a cloud AI service relied only on open source software, which is inspectable by security researchers, there is no widely deployed way for a user device (or browser) to confirm that the service it’s connecting to is running an unmodified version of the software that it purports to run, or to detect that the software running on the service has changed.

    Adding to what it says here, if the on device AI is compromised in anyway, be it from an attacker or Apple themselves then PCC is rendered irrelevant regardless if PCC were open source or not.

    Additionally, I’ll raise the issue that this entire blog is nothing but just that a blog, nothing stated here is legally binding, so any claims of how they handled user data is irrelevant and can easily be dismissed as marketing.



  • Their keynotes are irrelevant, their official privacy policies and legal disclosures take precedence over marketing claims or statements made in keynotes or presentations. Apple’s privacy policy states that the company collects data necessary to provide and improve its products and services. The OS-level AI would fall under this category, allowing Apple to collect data processed by the AI for improving its functionality and models. Apple’s keynotes and marketing materials do not carry legal weight when it comes to their data practices. With the AI system operating at the OS level, it likely has access to a wide range of user data, including text inputs, conversations, and potentially other sensitive information.


  • Apple claimed that their privacy could be independently audited and verified.

    How? The only way to truly be able to do that to a 100% verifiable degree is if it were open source, and I highly doubt Apple would do that, especially considering it’s OS level integration. At best, they’d probably only have a self-report mechanism which would also likely be proprietary and therefore not verifiable in itself.


    • Malicious actors could potentially exploit vulnerabilities in the AI system to gain unauthorized access or control over device functions and data, potentially leading to severe privacy breaches, unauthorized data access, or even the ability to inject malicious content or commands through the AI system.
    • Privacy breaches are possible if the AI system is compromised, exposing user data, activities, and conversations processed by the AI.
    • Integrating AI functionality deeply into the operating system increases the overall attack surface, providing more potential entry points for malicious actors to exploit vulnerabilities and gain unauthorized access or control.
    • Human reviewers have access to annotate and process user conversations for improving the AI models. To effectively train and improve the AI models powering the OS-level integration, Apple would likely need to collect and process user data, such as text inputs, conversations, and interactions with the AI.
    • Apple’s privacy policy states that the company collects data necessary to provide and improve its products and services. The OS-level AI would fall under this category, allowing Apple to collect data processed by the AI for improving its functionality and models.
    • Despite privacy claims, Apple has a history of collecting various types of user data, including device usage, location, health data, and more, as outlined in their privacy policies.
    • If Apple partners with third-party AI providers, there is a possibility of user data being shared or accessed by those entities, as permitted by Apple’s privacy policy.
    • With the AI system operating at the OS level, it likely has access to a wide range of user data, including text inputs, conversations, and potentially other sensitive information. This raises privacy concerns about how this data is handled, stored, and potentially shared or accessed by the AI provider or other parties.
    • Lack of transparency for users about when and how their data is being processed by the AI system & users not being fully informed about data collection related to the AI. Additionally, if the AI integration is controlled solely at the OS level, users may have limited control over enabling or disabling this functionality.



  • Rustmilian@lemmy.worldtoLinux@lemmy.mlHow bad is Microsoft?
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    5 months ago

    1. Monopolistic business practices to crush competition (Netscape, Java, web browsers, etc.).

    • Microsoft was found guilty of maintaining an illegal monopoly and engaging in anti-competitive tactics against competitors like Netscape Navigator and Java in the 1990s antitrust case.

    2. Illegal bundling of Internet Explorer with Windows to eliminate browser rivals.

    • The U.S. government accused Microsoft of illegally bundling Internet Explorer with Windows to crush competition from other web browsers. Microsoft was found guilty of this tying arrangement.

    3. Keeping useful Windows APIs secret from third-party developers to disadvantage competitors.

    • Microsoft allegedly kept useful Windows APIs secret from third-party developers to give an advantage to their own applications, though this was not a central part of the antitrust case.

    4. Embracing proprietary software and vendor lock-in tactics to prevent users from switching.

    • Microsoft has been criticized for embracing proprietary software and vendor lock-in tactics that make it difficult for users to switch to alternatives, such as their failed attempts to establish OOXML as an open standard for Office documents.

    5. “Embrace, Extend, Extinguish” strategy against open source software.

    • Microsoft has been accused of using the “Embrace, Extend, Extinguish” strategy against open source software to undermine adoption of open standards. This is also shown in the leaked Halloween documents.

    6. Privacy violations through excessive data collection, user tracking, and sharing data with third parties.

    • Microsoft has faced scrutiny over privacy issues, such as the NSA surveillance scandal and their handling of user data with Windows 10.

    7. Complicity in enabling government surveillance and spying on user data (PRISM scandal).

    • The PRISM surveillance scandal revealed Microsoft’s complicity in enabling government spying on user data.

    8. Deliberately making hardware/software incompatible with open source alternatives.

    • Microsoft has been accused of deliberately making hardware and software incompatible with open source alternatives through restrictive licensing requirements.

    9. Anti-competitive acquisitions to eliminate rivals or control key technologies (GitHub, LinkedIn, etc.).

    • Microsoft has acquired many companies over the years, sometimes in an effort to eliminate competition or gain control over key technologies and platforms.

    10. Unethical contracts providing military technology like HoloLens for warfare applications.

    • Microsoft’s $480 million contract to provide HoloLens augmented reality tech for the military drew protests from employees and criticism over aiding warfare.

    11. Failing to address workplace issues like sexual harassment at acquired companies.

    • Microsoft’s failed acquisition of gaming company Activision Blizzard raised concerns about ignoring workplace issues like sexual harassment at the acquired company.

    12. Forced automatic Windows updates that override user control and cause system issues.

    • Microsoft has faced backlash for forcing automatic updates on Windows users, including major updates that have caused issues like deleted files and crashed systems. Users have little control over when updates install.

    13. Maintaining monopolistic dominance in productivity software and operating systems.

    • Microsoft has maintained its dominance in areas like productivity software (Office) and operating systems (Windows), making it difficult for competitors to gain market share. This monopolistic position allows them to exert control over the industry.

    14. Vague and toothless AI ethics principles while pursuing lucrative military AI contracts.

    • Microsoft’s AI ethics principles have been criticized as vague and toothless in light of their pursuit of lucrative military AI contracts.

    15. Continued excessive privacy violations and treating users as products with Windows.

    • Windows 10 has been criticized for excessive data collection and lack of user privacy controls, essentially treating users as products to be monetized.

    16. Restrictive proprietary licensing that stifles open source adoption.

    • Microsoft’s proprietary software licensing makes it difficult for open source alternatives to be adopted widely, as they have a history of undermining open source software and interoperability with Windows.

    This isn’t even anywhere near everything.