An anonymous reader quotes a report from TechCrunch: Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Thousands of once-public GitHub repositories from some of the world's biggest companies are affected, including Microsoft's, according to new findings from Lasso, an Israeli cybersecurity company focused on emerging generative AI threats.

Lasso co-founder Ophir Dror told TechCrunch that the company found content from its own GitHub repository appearing in Copilot because it had been indexed and cached by Microsoft's Bing search engine. Dror said the repository, which had been mistakenly made public for a brief period, had since been set to private, and accessing it on GitHub returned a "page not found" error. "On Copilot, surprisingly enough, we found one of our own private repositories," said Dror. "If I was to browse the web, I wouldn't see this data. But anyone in the world could ask Copilot the right question and get this data."

After it realized that any data on GitHub, even briefly, could be potentially exposed by tools like Copilot, Lasso investigated further. Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing's caching mechanism, the company found more than 20,000 since-private GitHub repositories still had data accessible through Copilot, affecting more than 16,000 organizations. Lasso told TechCrunch ahead of publishing its research that affected organizations include Amazon Web Services, Google, IBM, PayPal, Tencent, and Microsoft. [...] For some affected companies, Copilot could be prompted to return confidential GitHub archives that contain intellectual property, sensitive corporate data, access keys, and tokens, the company said.

New York City's Metropolitan Transportation Authority and Google have successfully tested technology that uses smartphone sensors to detect subway track defects, the MTA said Thursday. The four-month experiment, dubbed TrackInspect, mounted six Google Pixel phones on four A train subway cars traversing Manhattan and Queens. The phones' accelerometers, magnetometers, gyroscopes and external microphones collected 335 million sensor readings and 1,200 hours of audio data, which were processed through 200 prediction models.

The system identified 92% of defects later confirmed by human inspectors, including broken rails and loose bolts. "The goal with this [project] is to find issues before they become a major issue in terms of service," said Demetrius Crichlow, the agency's president. Following the successful trial, the MTA plans to expand to a full pilot where Google will build a production version for track inspectors.

Google has received FDA clearance for the Pixel Watch 3's Loss of Pulse Detection feature, which will start rolling out to U.S. devices around the end of March. The Verge reports: The Loss of Pulse Detection feature is exactly what it sounds like: if the Pixel Watch 3 senses that you've lost your pulse through an event like a heart attack or an overdose, it'll send you a prompt. If you don't respond, it'll automatically call emergency services on your behalf. Back in August, Sandeep Waraich, Google's senior director of product manager for Pixel wearables, told The Verge that the Pixel Watch 3 is capable of differentiating between a genuine loss-of-pulse event and a person simply taking the watch off.

Google has updated its Results About You tool with a redesigned hub, easier removal requests directly from Search, and the ability to refresh outdated results. Engadget reports: Today, the tech giant is announcing the latest changes, including a redesigned hub and the ability to update outdated search results to reflect the latest changes.

The redesign isn't only for show. You can now submit removal requests directly from Search with fewer actions by clicking or tapping the three dots beside a search result. If you manage to have content about you deleted or changed from a website but Google Search hasn't caught up, you can refresh the search, which will "recrawl the page and obtain the latest information." In other words, you can always see the most up-to-date results about you.

YouTube has surpassed 1 billion monthly active viewers of podcast content, the video platform announced on Wednesday, cementing its position as the most frequently used podcast service in the United States. The Google-owned platform reported viewers watched over 400 million hours of podcasts monthly on living room devices last year.

An anonymous reader quotes a report from 9to5Google: Starting with the Snapdragon 8 Elite, Qualcomm will offer device manufacturers (OEMs) the "ability to provide support for up to eight consecutive years of Android software and security updates." Qualcomm today announced a "program" in partnership with Google: "What this means is that support for platform software included in this program will be made available to OEMs for eight consecutive years, including both Android OS and kernel upgrades, without requiring significant changes or upgrades to the platform and OEM code on the device (a separation commonly referred as 'Project Treble' or the 'vendor implementation'). While kernel changes will require updating kernel mode drivers, the vendor code can remain unchanged while the software support is being provided."

This program specifically includes "two upgrades to the mobile platform's Android Common Kernel (ACK) to support the eight-year window." It's ultimately up to manufacturers to update their devices, but the bottleneck going forward won't be the chip. Qualcomm today notes how the extended software support it's providing can "lower costs for OEMs interested in supporting their devices longer." The first devices to benefit are Snapdragon 8 Elite-powered smartphones launching with Android 15. Notably, the program runs for the "next five generations" of SoCs, including Snapdragon 8 and 7-series chips launching "later this year." Older chipsets will not benefit from this program.

Google has launched a free version of Gemini Code Assist, offering developers substantially higher usage limits than competing services. From a report: The AI coding assistant, powered by the fine-tuned Gemini 2.0 model, allows up to 180,000 code completions monthly -- 90 times more than GitHub Copilot's free tier limit of 2,000. The release comes just one day after Anthropic introduced Claude Code, underscoring intensifying competition in AI-powered development tools.

Gemini Code Assist integrates with popular environments including Visual Studio Code, JetBrains IDEs, and GitHub, where it performs code reviews on both public and private repositories. Google's offering features a 128,000-token context window, enabling developers to work with larger codebases. The service supports all public domain programming languages and requires only a Gmail account to register, with no credit card needed.

According to Ryan Salva, Google Cloud's senior director of product management, more than 75% of developers now rely on AI in their daily work, with over 25% of new code at Google being AI-generated. For developers wanting advanced features like private repository integration or Google Cloud service connections, premium tiers remain available.

Chinese AI startup DeepSeek is speeding up the release of its R2 model following the success of January's R1, which outperformed many US competitors at a fraction of the cost and triggered a $1 trillion-plus market selloff. The Hangzhou-based firm had planned a May release but now wants R2 out "as early as possible," Reuters reported Tuesday.

The upcoming model promises improved coding capabilities and reasoning in multiple languages beyond English. DeepSeek's competitive advantage stems from its parent company High-Flyer's early investment in computing power, including two supercomputing clusters acquired before U.S. export bans on advanced Nvidia chips. The second cluster, Fire-Flyer II, comprised approximately 10,000 Nvidia A100 chips. DeepSeek's cost-efficiency comes from innovative architecture choices like Mixture-of-Experts (MoE) and multihead latent attention (MLA).

According to Bernstein analysts, DeepSeek's pricing was 20-40 times cheaper than OpenAI's equivalent models. The competitive pressure has already forced OpenAI to cut prices and release a scaled-down model, while Google's Gemini has introduced discounted access tiers.

Online-education company Chegg said it is conducting a business review and exploring alternatives such as selling the company or taking it private as it continues to lose subscribers to artificial-intelligence-enabled rivals. From a report: Chegg and other virtual-learning companies have ceded ground to generative-AI companies such as ChatGPT, which provides free alternatives to the homework help that Chegg charges $19.95 for to its subscribers. Although Chegg built its own AI products, the company has faced scores of canceled subscriptions. The business review comes as the company swung to a loss in the fourth quarter, with revenue falling 24%, and guided for lower-than-expected revenue for the first quarter. In November, Chegg said it would cut its workforce by an additional 21%. Chegg's shares have fallen 99% since its peak in 2021.

Chegg has filed a lawsuit against Google, accusing the tech giant of using AI-generated overviews to undermine publishers by reducing site traffic and eroding financial incentives for original content. Chegg claims this practice violates antitrust laws and threatens the integrity of the online information ecosystem. Reuters reports: This will eventually lead to a "hollowed-out information ecosystem of little use and unworthy of trust," the company said. The Santa Clara, California-based company has said Google's AI overviews have caused a drop in visitors and subscribers. Chegg was trading at around $1.63 on Monday, down more than 98% from its peak price in 2021.

The company announced it would lay off 21% of its staff in November. Nathan Schultz, CEO of Chegg, said on Monday that Google is profiting off the company's content for free. "Our lawsuit is about more than Chegg -- it's about the digital publishing industry, the future of internet search, and about students losing access to quality, step-by-step learning in favor of low-quality, unverified AI summaries," he said.

Publishers allow Google to crawl their websites to generate search results, which Google monetizes through advertising. In exchange, the publishers receive search traffic to their sites when users click on the results, Chegg said. But Google has started coercing publishers to let it use the information for AI overviews and other features that result in fewer site visitors, the company said. Chegg argued the conduct violates a law against conditioning the sale of one product on the customer selling or giving its supplier another product.

Google is preparing to abandon SMS verification codes for Gmail authentication in favor of QR codes, Gmail spokesperson Ross Richendrfer told Forbes. The move aims to address significant security vulnerabilities inherent in SMS-based verification while combating fraudulent exploitation of Google's messaging infrastructure, he said.

"Just like we want to move past passwords with the use of things like passkeys, we want to move away from sending SMS messages for authentication," Richendrfer said. The transition will target "rampant, global SMS abuse" that undermines security and enables criminal schemes. SMS verification currently serves dual purposes at Google: confirming user identity and preventing service abuse. However, these codes are vulnerable to phishing, dependent on carrier security practices, and frequently exploited in "traffic pumping" scams where fraudsters profit from artificially triggered SMS messages.

The forthcoming implementation will display QR codes that users scan with their phone cameras instead of entering six-digit codes. This approach eliminates shareable verification codes and reduces dependency on telecom carriers. The changes will roll out "over the next few months," the company said.

"Amazon has long allowed you to download its ebooks to your computer," notes PCMag.com, "where they can serve as a backup or be transferred to other devices.

"However, that feature will end on February 26, 2025, along with the ability to transfer books from your computer to your Kindle via USB." If you attempt to download your ebooks right now, a message says: "Starting February 26, 2025, the 'Download & Transfer via USB' option will no longer be available. You can still send Kindle books to your Wi-Fi-enabled devices by selecting the 'Deliver or Remove from Device' option." After February 26, you will still be able to download Kindle books [onto your Kindle] from the Kindle Store via Wi-Fi, and you can also use the Send to Kindle page on Amazon to send a variety of files to your Kindle.

Should you want to transfer your titles from your Kindle to your computer while you still can, go to Amazon.com, sign in, and click Accounts & Lists > Content Library > Books. Navigate to the book you want to download and click More actions > Download & transfer via USB.
Tom's Guide shares their reaction: Most people probably won't notice this latest example of an Amazon service getting worse, but the feature has existed for over a decade and is useful for backing up your purchases or converting them to formats compatible with other non-Kindle e-Readers or devices. It's also useful for those times when you don't have access to Wi-Fi, and of course, there's peace of mind knowing you have copies of your books... All in all it is a reminder that you don't actually own many or most of your digital purchases, as what you are typically actually "buying" are licenses to use content that can be revoked at any time.

If you find this decision annoying and want to find alternatives, here are a few. To start, might we recommend the Libby app which lets you borrow ebooks from your local library. You can also borrow audiobooks... You can also try purchasing books from places like Google Books and Apple Books, both of which offer a number of ebooks. eBooks.com offers DRM free books and EPUB formats. For those looking for free ebooks there is always Project Gutenberg which has over 75,000 free books largely those in the public domain though there are some more recent titles as well.

California sued to fine a data-harvesting company, reports the Washington Post, calling it "a rare step to put muscle behind one of the strongest online privacy laws in the United States." Even when states have tried to restrict data brokers, it has been tough to make those laws stick. That has generally been a problem for the 19 states that have passed broad laws to protect personal information, said Matt Schwartz, a policy analyst for Consumer Reports. He said there has been only 15 or so public enforcement actions by regulators overseeing all those laws. Partly because companies aren't held accountable, they're empowered to ignore the privacy standards. "Noncompliance is fairly widespread," Schwartz said. "It's a major problem."

That's why California is unusual with a data broker law that seems to have teeth. To make sure state residents can order all data brokers operating in the state to delete their personal records [with a single request], California is now requiring brokers to register with the state or face a fine of $200 a day. The state's privacy watchdog said Thursday that it filed litigation to force one data broker, National Public Data, to pay $46,000 for failing to comply with that initial phase of the data broker law. NPD declined to comment through an attorney... This first lawsuit for noncompliance, Schwartz said, shows that California is serious about making companies live up to their privacy obligations... "If they can successfully build it and show it works, it will create a blueprint for other states interested in this idea," he said.
Last summer NPD "spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online," according to the blog Krebs on Security, adding that another NPD data broker sharing access to the same consumer records "inadvertently published the passwords to its back-end database in a file that was freely available from its homepage..."

California's attempt to regulate the industry inspired the nonprofit Consumer Reports to create an app called Permission Slip that reveals what data companies collect and, for people in U.S. states, will "work with you to file a request, telling companies to stop selling your personal information."

Other data-protecting options suggested by The Washington Post:

• Use Firefox, Brave or DuckDuckGo, "which can automatically tell websites not to sell or share your data. Those demands from the web browsers are legally binding or will be soon in at least nine states."

• Use Privacy Badger, an EFF browser extension which the EFF says "automatically tells websites not to sell or share your data including where it's required by state law."

Google's Threat Intelligence Group notes "the growing threat to secure messaging applications." While specifically acknowledging "wide ranging efforts to compromise Signal accounts," they add that the threat "also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques.

"In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats."

Computer Weekly reports: Analysts predict it is only a matter of time before Russia starts deploying hacking techniques against non-military Signal users and users of other encrypted messaging services, including WhatsApp and Telegram. Dan Black, principal analyst at Google Threat Intelligence Group, said he would be "absolutely shocked" if he did not see attacks against Signal expand beyond the war in Ukraine and to other encrypted messaging platforms...

Russia-backed hackers are attempting to compromise Signal's "linked devices" capability, which allows Signal users to link their messaging account to multiple devices, including phones and laptops, using a quick response (QR) code. Google threat analysts report that Russia-linked threat actors have developed malicious QR codes that, when scanned, will give the threat actor real-time access to the victim's messages without having to compromise the victim's phone or computer. In one case, according to Black, a compromised Signal account led Russia to launch an artillery strike against a Ukrainian army brigade, resulting in a number of casualties... Google also warned that multiple threat actors have been observed using exploits to steal Signal database files from compromised Android and Windows devices.
The article notes that the attacks "are difficult to detect and when successful there is a high risk that compromised Signal accounts can go unnoticed for a long time." And it adds that "The warning follows disclosures that Russian intelligence created a spoof website for the Davos World Economic Forum in January 2025 to surreptitiously attempt to gain access to WhatsApp accounts used by Ukrainian government officials, diplomats and a former investigative journalist at Bellingcat."

Google's Threat Intelligence Group notes there's a variety of attack methods, though the "linked devices" technique is the most widely used. "We are grateful to the team at Signal for their close partnership in investigating this activity," Google's group says in their blog post, adding that "the latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features."

An anonymous reader quotes a report from The Register: On Saturday at the Silverstone Cafe in San Francisco, a smattering of activists gathered to discuss plans to stop the further advancement of artificial intelligence. The name of their non-violent civil resistance group, STOP AI, makes its mission clear. The organization wants to ban something that, by most accounts, doesn't yet exist -- artificial general intelligence, or AGI, defined by OpenAI as "highly autonomous systems that outperform humans at most economically valuable work."

STOP AI outlines a broader set of goals on its website. For example, "We want governments to force AI companies to shut down everything related to the creation of general-purpose AI models, destroy any existing general-purpose AI model, and permanently ban their development." In answer to the question "Does STOP AI want to ban all AI?", the group's answer is, "Not necessarily, just whatever is necessary to keep humanity alive." The group, which has held protests outside OpenAI's office and plans another outside the company's San Francisco HQ on February 22, has bold goal: rally support from 3.5 percent of the U.S. population, or 11 million people. That's the so-called "tipping point" needed for societal change, based on research by political scientist Erica Chenoweth.

"The implications of artificial general intelligence are so immense and dangerous that we just don't want that to come about ever," said Finn van der Velde, an AI safety advocate and activist with a technical background in computer science and AI specifically. "So what that will practically mean is that we will probably need an international treaty where the governments across the board agree that we don't build AGI. And so that means disbanding companies like OpenAI that specifically have the goal to build AGI." It also means regulating compute power so that no one will be able to train an AGI model.

A new AI tool developed by Google solved a decade-long superbug mystery in just two days, reaching the same conclusion as Professor Jose R Penades' unpublished research and even offering additional, promising hypotheses. The BBC reports: The researchers have been trying to find out how some superbugs - dangerous germs that are resistant to antibiotics - get created. Their hypothesis is that the superbugs can form a tail from different viruses which allows them to spread between species. Prof Penades likened it to the superbugs having "keys" which enabled them to move from home to home, or host species to host species.

Critically, this hypothesis was unique to the research team and had not been published anywhere else. Nobody in the team had shared their findings. So Mr Penades was happy to use this to test Google's new AI tool. Just two days later, the AI returned a few hypotheses - and its first thought, the top answer provided, suggested superbugs may take tails in exactly the way his research described.

Apple's Google Lens-like took called Visual Intelligence is coming to the iPhone 15 Pro, according to John Gruber of Daring Fireball. It's unclear which update will offer the feature but Gruber speculates it could arrive with iOS 18.4 in April. From a report: Visual Intelligence was originally introduced with the initial iPhone 16 lineup in September, and Apple showed it off as a feature that you launched from the Camera Control button. But yesterday, Apple announced that Visual Intelligence would be available on the iPhone 16E, which does not have the Camera Control button, through its Action Button.

That suggested that the feature could technically work with the iPhone 15 Pro, which also has an Action Button, and now Apple is confirming that Visual Intelligence will indeed come to that phone and be available via the Action Button. You'll also be able to launch Visual Intelligence from the Control Center on the iPhone 15 Pro, Apple told Gruber.

Amazon will discontinue its Android Appstore servicefrom August 20, 2025, ending its decade-long attempt to compete with Google's Play Store in the Android mobile ecosystem. The Amazon Appstore, launched in 2011, served as an alternative marketplace for Android users to download apps. The platform gained prominence in 2012 when Amazon began using it as the primary app store for its Kindle Fire tablets.

Palantir CEO Alex Karp warns of "coming swarms of autonomous robots" and urges Silicon Valley to support U.S. defense capabilities. In his book, "The Technological Republic: Hard Power, Soft Belief, and the Future of the West," Karp argues that America risks losing its military edge to geopolitical rivals who better harness commercial technology.

He calls for the "engineering elite of Silicon Valley" to work with the government on national defense. The message comes as Palantir's stock has surged more than 1,800% since early 2023, pushing its market value above $292 billion -- exceeding traditional defense contractors Lockheed Martin and RTX combined. The company has expanded its military AI work since 2018, when it took over a Pentagon contract after Google employees protested their company's defense work.

Murena has launched the Murena Pixel Tablet, a de-Googled version of the Pixel Tablet that removes Google's apps and services to enhance user privacy. Priced at $549, it offers /e/OS, an alternative app store, and privacy-focused productivity tools, but lacks Google's speaker dock and direct access to the Play Store. The Verge reports: First announced last December, the Murena Pixel Tablet is available now through the company's online store for $549. That's a steep premium given Google currently sells the same 128GB version of the Pixel Tablet for $399, or $479 as part of a bundle with the charging speaker dock that Murena isn't including. Part of Murena's de-Googling of the Pixel Tablet includes the removal of the Google Play Store. You can still download apps through /e/OS' App Lounge which acts as a front-end for the Play Store allowing you to browse and get free apps anonymously without Google knowing who you are. However, downloading paid apps requires a login to a Google account. Google's various productivity apps aren't included, but the Murena Pixel Tablet comes with privacy-minded alternatives for messaging, email, maps, browsing the web, calendar, contacts, notes, and even voice recordings. In 2022, Murena launched its first smartphone with no Google apps, Google Play Services, or even the Google Assistant.