hello world [what’s up]

Hey there Cartomancers! It’s turned from freezing cold to a false spring that somehow sprung my allergies. The sunshine is a mood booster which is great, as I manually parse through a metric ton of articles on deepfakes. It is what it is, and what it is, isn’t real.

That said, what’s real is roadmaps. And budgets. So I have a little meditation on that to share with you, because - as much as I can’t stand the planning processes, I kind of love planning. Roadmaps forever, and don’t skimp on the metrics. <3

In today’s notes:

• Noodling in the Lab

  • A Very January Meditation on Strategy and Implementation

• News nuggets 

  • Taylor Swift gets DeepFaked, how can platforms (& Big Tech) keep everyone Safe & Sound? Or is this the End Game?

  • More insight into the human trafficking pipeline into scam supply chains - it’s bad news all around.

  • Oh my oh my, we’re not talking about where all of your data is going, but it’s going everywhere and sideways.

  • Why isn’t AI winning the war of defending it’s own home platforms? Goliath is a sitting duck.

  • TBH, thank goodness some AI bots are still a hot mess. It’s giving magic 8-ball vibes.

a noodle from the lab [what we’re working on]

Hello leaders, I see you. How’s your January going? After a few weeks of “what day is it” we’re back in offices trying to refocus on a new set of goals, deliverables, and plans to get us through the next four quarters. What we were thinking of as the future just a few short weeks ago we now get to think about in the present tense. With that in mind:

• How much of your team’s workload is still in a fuzzy state of funding?

• How many critical mandates are straight-up unfunded?

• How many of you have been asked to squeeze in some extra BAU (Business As Usual) or RTB (Run the Business) or operational workflows, despite the fact you have an execution plan that ALREADY assumes you can do more with less?

This is the dance, as we enter a new year, we exit a budget cycle and try to sort our what the resulting plans actually look like. I have a couple of thoughts to assist, having been through this at huge corporations as well as nimble startups, in many cases shouldering a lot of the burden of cross-organizational program plans. Let me tell you, as a yoga teacher with special training in therapeutic yoga, having some breathing exercises and somatic stress reduction techniques on tap comes in very handy heading into Q4. But we’re in Q1 now, so as you’re arriving to your offices or your zooms, let’s take a moment, take a breath, and figure out some better ways to move forward given the cards we’ve been dealt.

Read more

training data [what’s news]

Tay-Ception, Deepfakes, AI: In case you missed it over the weekend, Trolls have flooded X with graphic Taylor Swift AI fakes that Elude Safeguards while Swamping Social Media.

• 404 Media reported that the images of Ms. Swift jumped into mainstream social media after circulating on4chan and a “specific Telegram group dedicated to abusive images of women”. (The Telegram group members claimed they used Microsoft's generative-AI tool, Designer, to create the images, but this has not been verified).

• After jumping over to X, the Verge shared that one post (live for about 17 hours) garnered 45 million views, 24,000 reposts, and hundreds of thousands of likes and bookmarks before the policy-violating (but verified!) user's account was suspended.

• Swifties responded by flooding hashtags with authentic clips, in an attempt to drown out the fake images.

• Microsoft CEO responds to AI-generated Taylor Swift fake nude images with a statement AI needs guardrails and the company needs to “move fast” to combat nonconsensual, sexually explicit deepfakes…as well as law enforcement and tech platforms working together. 

Indeed, indeed – partnerships between Big Tech & Law Enforcement will be key. But the threat of deepfakes is now well out of the bag, Frank on Fraud reports that TikTok parent company ByteDance’s new software StreamVoice enables Instant (i.e. realtime) Voice Cloning - and unlike in the movie Sneakers, you won’t need to trick a target into saying pre-set keywords. It’s zero-shot voice conversion and 124 milliseconds of delay. The ultimate 0-Say (see what I did there?) which means your voice is no longer your passport. Bad news both in T&S and cyber on this one, as call-centers (including helpdesks) continue to struggle to find high-confidence authentication mechanisms over the phone.

Scams, Human Trafficking, Sextortion: A couple of weeks ago we talked about the relationship between criminal enterprises and trafficking, and the emergence of “Scam Camps”, especially in Myanmar (documented by the NY Times, CNN, Reuters, Radio Free Asia). It turns out this flow of trafficked labor into scam-focused enterprises is being replicated elsewhere. Al Jazeera provides insight into Cambodia’s Cyber Slaves.

Related to the criminal enterprise-side of the equation, research released by the Network Contagion Research Institute (NCRI) shows a non-organized group in West Africa called the Yahoo Boys are using social apps Instagram, Snapchat and Wizz to find and connect with their marks (children) in a growing sextortion scheme, and NBC news reports that training materials for would-be perpetrators can be found on TikTok, Instagram, Snapchat and YouTube. If a scam is successful, expect non-organized groups to become organized when criminal enterprises seek to scale. And given that the marks in these situations are children, expect impacts to victims to be not just financial, but harrowing.

AI, Cyberattacks, T&S at scale, AI vs AI: Gen AI can be used for much more than deepfakes, of course.

• We see in North Korean Hackers Employ Generative AI for Cyberattacks - North Korean hackers may be using Gen AI to identify targets, plant disinformation, and launch attacks.

• It seems the expansion of Gen AI is unstoppable, as new open source AI code generation tool (AlphaCodium) has already surpassed its inspiration (Google DeepMind’s AlphaCode).  “We are one step closer to having AI generate code better than humans!” posted @svpino on X.

• Impressive for sure, but how are the AI giants doing at leveraging AI to protect their own AI? Google and Meta Should Start With Their Own Ads says Rob Leathern, who would know – Leathern is a Google and Meta alum who worked on product integrity.

• Further, how about pointing that AI and plain old product quality? Sounds like Google is getting worse as it loses its fight against search engine spam - spam prevention being a canonical use case of ML/AI.

Privacy, Consumer Data: Consumers are used to snoopy apps and websites, and Consumer reports put Meta on blast in this regard, sharing Each Facebook User Is Monitored by Thousands of Companies. Their study shows that 2,230 different companies, on average, shared data on each of the 709 volunteer participants. Full report is here. 

• Study had participants download an archive of three years worth of the data from FB, and reveals not just pixel tracking, but more hidden server-to-server data exchange.

• Data brokers LiveRamp, Acxiom, and Experian topped the list.

• Findings make me wonder if we’ll see more consumer protection in this area via legislation or court cases, like this FTC Order Will Ban InMarket from Selling Precise Consumer Location Data.

Of course, this doesn’t prevent folks from sharing personal data with convenience (or safety) in mind, and How to keep track of friends and family on Android is, properly configured, still billed as a feature not a bug. 

But for those of you who’ve opted out of FB, and whip open incognito mode on Chrome to keep your browsing on the DL — take note, your paranoid friends were (mostly) right. Privacy hawks who are suspicious of major browsers finally got official confirmation that Google tracks you even in Chrome's incognito mode via a $5B settlement and an updated disclosure for Incognito mode.

Replacing a disclosure that says *Chrome* would not save their browsing data, the new language confirms that while the browser doesn’t store data - websites can…and do.  "Others who use this device won't see your activity…[but] this won't change how data is collected by websites you visit and the services they use, including Google…”. The new language appears in version 122 of Chrome Canary on Windows and Android - expect to see it rolled-out more broadly in future versions.

Phishing: So much of cyber and e-crime has come to rely on the salty waters of phishing - it’s been strange 20 years or so since phishing finally broke away from spam and became it’s own problem. Longtime phish-fighters will be sad to hear about Netcraft’s Mike Prettejohn’s retirement. His post “So long and thanks for all the phish” documents a bit about Prettejohn’s 30 years at the pioneering Netcraft, an early innovator crawling the internet and developing of some of the web’s first and best blocklists. Netcraft’s work has been leveraged for years by governments, banks, and internet giants to detect and stem the tide against persistent cyberscams.

Since Phishing and Social Engineering continue to dominate as the easy first step in the cybercrime chain, we’ve come to expect new variants and entry points emerging every day, like:  Apple Security Alert Issued As New Scam Drains Bank Accounts, Steals Personal Info. TL;DR if you get an SMS from iCloud that you weren’t expecting (threatening to terminate service, that you’re running out of storage, or your account is being suspended), do not click on the link as it takes you to not-iCloud. 

Dumb Bots: With all of the unnerving news about our AI overlords and how they are going to Fake Everything [new song by DeepFakeTay = “Fake it Off”], it’s nice to know there are still some really dumb bots and dumb AI implementations out there, as The Washington Post notes On Amazon, eBay and X, ChatGPT error messages give away AI writing. How much AI does it take to detect these AI-written bits of content? Not much, when Amazon Is Selling Products With AI-Generated Names Like "I Cannot Fulfill This Request It Goes Against OpenAI Use Policy". Editor's note: this newsletter is 100% human generated, and will be forever, or at least until I can figure out how to make the bots do it.

find more cartomancy [what’s out there]

ttyl [what’s next]

Thanks for reading to the end of this set of lab notes. I’m thrilled to have some fellow travelers mapping out where we’ve been, philosophizing about where we want to be, and building the paths to get us where we’re going.

If you’ve read to the end and you find this content helpful, I’d love feedback. My news feed is full of leads, but my personal algorithm loves learning about what interests the community, so that I can focus in on what will be most useful. Just hit reply and your comments will come whizzing into my inbox. (It’s also a good way to find me if you are interested in working with me or with Cartomancy Labs).

See you next time on the Futurecast!

Allison

@selenakyle