 Daily Tech News show is made possible by you listening right now. Thank you. That might be Chris Benito or are you Steve Aderola or Jeffrey Zilx or brand new patron Elizabeth? Welcome Elizabeth. We call you Elizabeth. The great cause you're great on this episode of DTNS Apple teams up with Walmart to keep old Max alive. The US Supreme court will decide how much the government is allowed to talk to social media companies and a fascinating vulnerability that lets an attacker find out what an AI chat bot says, even when it's end to end decrypted. What did they break encryption? This is the Daily Tech News for Friday, March 15th, the literal Ides of March 2024 in Los Angeles, October. From Studio Animal House, I'm Sarah Lane. And I'm the show's producer, Roger Chang. We are happy to have you along with us today. We've got some great stuff to bust some fud and explain things and maybe save you a little money. So let's start with the quick kits. Google sent out invitations for Google IO today. That's the company's annual developer conference, which is set for May 14th and 15th at Shoreline Amphitheater in Mountain View, California. IO is generally aimed at developers, but all attendees can expect updates to Android, Wear OS, Gmail, and more along with some consumer hardware. Hopefully, we can also expect to hear more about Gemini and Google's other AI offerings. Oh, we will hear about Gemini and Gemini and Gemini is my guess. According to the 2023 African tech startups funding report from Disrupt Africa, there was a 28% decrease in investments in tech startups across the entire continent. And it's a big continent. That's totals $2.4 billion less in investment for the year. The report also detailed the number of startups that received funding dropped from 633 in 2022 down to 406 last year. That's a drop of 36%. However, it's worth noting that the funding situation is not just a problem in Africa. It stems from a global economic downturn. So this is just reflecting wider trends. Gabriela Mulligan, co-founder of Disrupt Africa says that 2023 is likely to be a minor setback in growth trajectory. A little more Google news. The company added real-time browsing protection to Chrome designed to block 25% more phishing attacks and better protect consumer privacy. For years, Chrome's safe browsing feature has automatically added potentially unsafe URLs to a list that stored on your device, but was opt in because of the level of security related data had to be provided to Google for full protection. The new version of safe browsing solves this problem with an API that hides the URLs of visited sites from Google, allows safe browsing to do real-time checks without you having to know both your IP address without them rather having to know your IP address and visited URLs, giving you full protection while preserving your privacy. Three sources with direct knowledge of classified operations told Reuters that in 2018 the US government authorized the CIA to launch a campaign to try to affect public opinion in China. Not to make them more positive about China either as you might have guessed. Starting in 2019, a small team created false accounts on Chinese social media to spread negative narratives about the government while also leaking disparaging intelligence to international news media. One goal of the effort was to force Chinese government officials to waste time trying to identify and suppress the sources of this information within the country. You know, kind of making it seem like there were citizens saying this and then they run out trying to who broke through the firewall sort of situation. China has also alleged to have engaged in similar covert operations against the United States and Europe, as is Russia. The US Federal Communications Commission, the FCC, has changed its definition of what it considers high speed broadband internet. The agency upgraded the definition of high speed from 25 megabits per second down and three up to 100 megabits per second down and 20 megabits per second up. The standard is based on what is generally available from ISPs in the US overall. The standard will also be used to assess how much of the country has access to broadband speeds. And to that one person out there who's like, I don't live in the US. I don't care what your Federal Communications Commission does. You know what? For good or ill, the US FCC tends to get imitated a lot around the world. So what it does will often trickle down to other places. So it might affect what you do. Who knows? US Supreme Court will hear the case of Murthy versus Missouri on Monday. An issue is whether a whether it is a violation of free speech protections for the US government to directly identify social media posts, it thinks are harmful to companies that host those posts. So for example, is it okay for the White House or an official from the White House to send Facebook a list of posts that it thinks should be labeled as misinformation? The violation alleged in that case is coercion of speech, basically forcing a company to say something like putting a label on a harmful post. The government has not been accused of ordering social media companies to label post, but it has directly communicated about all kinds of posts, including health information like COVID saying like these are disinformation we'd appreciate it if you labeled them as such. So the issue is about whether that communication because it comes from a government official carries a sort of implication that you know what we're not saying you have to, but you should follow our advice, even if it isn't technically in order. Yeah, so the states of Missouri and also Louisiana sued the US government in May of 2022, alleging that communications with social media companies amounted to coercion. The government through the Centers for Disease Control and the Cyber Security and Infrastructure Security Agency or CSI had been providing social media companies with posts. The suit says was misinformation regarding both COVID-19 and elections. Aha, two hot button issues in the political world. So in July 2023, a federal district court found that parts of the communication from the government, not every single communication, but some of these communications could be interpreted as coercion. And so that district court issued a preliminary injunction to stop the administration from communicating with social media companies in those ways, as well as telling it, it should not communicate with that checking companies like Stanford Internet Observatory and election integrity partnerships. So as you can imagine, that was specifically around elections in that last case. The Fifth Circuit Court of Appeals upheld that injunction, but narrowed it, giving a lot more exceptions. They said, you know, what if if even if it's about elections or COVID or something, if it also relates to criminal activity or a national security threat, or it's government speech and a matter of public concern or public safety, if you're trying to stop cybersecurity things from happening, then then that's okay. So they tightened it up and said there's only a narrow number of these messages we think amount to coercion. However, that got appealed to the Supreme Court, the Supreme Court looked at this and said, you know what, we don't think there's call for an injunction yet. It's not obvious that this is going to pass. So we're going to lift the injunction while we consider the case. The Verge has an excellent analysis of all this written by Lauren Finer. I recommend if you really want to understand it, go read that. But she notes two precedents in law, Sarah, that are likely to be invoked during the arguments. One is called Bantam books versus Sullivan, and the other is Blum versus Yuretsky. All right. So where are the where are the connections here? Yeah, Bantam books is from 1963. And that's the one that bears most obviously on this. In that case, a government commission in Rhode Island was charged with advising publishers on books that might be harmful to minors or inappropriate for minors. This is 1963. So you can imagine it was, you know, low lead. Yeah, for sure, inappropriate for minors, possibly inappropriate for all of us who knows. No, I like. Anyway, what the court found was not that it was inappropriate for the government to issue this kind of advice, but that the way the Rhode Island commission had expressed its advice amounted to coercion. In other words, they were kind of bullying about it saying like, these books are inappropriate for children. Are you really going to allow them to be distributed in place? You know, that kind of thing. And so that became sort of the standard of, okay, it's not wrong for a government to advise, but at a certain point, that advice becomes pushy. And when it becomes pushy, it's coercion, and that's not allowed. Okay. Yeah. All right. I get that so far. I mean, my, I guess my first question is, and we're talking about the US government specifically in this case, but, you know, okay, if they don't like what's going on on social media, would there be a place where you can get like the real story from the US government as it's told by the US government? Well, no, the answer is no, right? No, there is. Who's going to go there? Yeah, exactly. Right? Like, they could post that information and they do post that information, but the problem is no one goes to those websites. Yeah. Yeah. So, so this, what it what it is, is it's a First Amendment case. So in the United States, the First Amendment says Congress shall make no law abridging the freedom of speech or the press or of religion. And in this case, this is about freedom of speech. Is is it effectively the government saying, you have to say this courts have found that compelling someone to say something is just as much of a violation is restricting them from saying it. Sure. Yeah. And, and so what the courts have found in the past was, the government can tell folks like, Hey, we'd really like you to pass along this information. But at a certain point, because it's the government, they have to be careful about how they advise that. And what the lower courts found in this case was, you know what, it's actually a problem that the government was communicating about this because they implied that these social media companies would be derelict in their duties if they didn't add this this information. And that's coercion. We'll see if the Supreme Court agrees with them or not. Well, you might be looking for a new MacBook Air. And you might say, ah, if only it was a little bit cheaper than you know, where, you know, anything that would be on Apple.com. Apple is not selling its M one MacBook Air, um, the, the, the, uh, the lower level for $699, 700 bucks. You might be saying, well, wait a second, how is that possible? Didn't Apple discontinue the M one air? You are right. Apple did discontinue it in its own store. But now Walmart is selling the base model M one MacBook Air online and in select Walmart stores for that $699 price. This is new, not refurbished. Uh, Walmart has sold Apple devices like the iPhone, the iPad, Apple watches in the past, but not max directly. You might say, well, no, I might have seen a Mac, you know, available on Walmart, not directly through Walmart itself, maybe a third party. Apple introduced the M three MacBook Air starting at, uh, $1,099 last week. Drop the price of the M two MacBook Air to $999 and sunsetted the M one, uh, as a M one, uh, MacBook Air user who, uh, loves it very much and has treated me well. Tom, I wish it had been $700 at the time. Yeah. I bet so. Uh, this is a really interesting move. And again, some people may not realize that Walmart does the same thing Amazon does. They allow third parties to sell things through their website. So yeah, you've seen a MacBook Air at walmart.com, but it wasn't sold by Walmart and even more. So now you'll be able to walk into a Walmart store and see a MacBook Air on the shelf, which you have not been able to see before. The really interesting thing about this is Apple discontinued this device and only sells it as a refurbished device. The implication with refurbished is someone has returned this and maybe they've actually refurbished it, or maybe it's just an open box and they can't sell it as new, but either way, they're selling it as a discount. Even refurbished, they're selling it at $749. So Walmart is undercutting the lowest price you could get it from Apple by 50 bucks. Yeah. Uh, Walmart, uh, executive vice president of merchandising Julie Barber said of this move, we're working hard to bring premium brands to our physical and virtual shelves and we're excited to work with Apple to do just that. Now, I know that sounds like, you know. I was going to say, is there any meaning in that sentence? Because I'm having a hard time finding it. It sounds like they're saying, we want to bring good things to our store. Well, of course. Yeah, I would have guessed that. But I think, I think the Apple move is, it's not just Apple, but there are certain brands that carry some cash. You know, whether it's because they're expensive or hard to get or whatever. You know, Walmart is sort of like a, you know, store for the people. You know, get whatever you want at Walmart. Um, maybe not everything you want at Walmart, but the, you know, the goods and services. And I think what Barber's point was is we are still going to be that store, but we're also going to have real nice things. And we want you to equate us with a place that you can get nice things. Uh, so you're focusing on the word premium and that is a little unusual for Walmart to be talking about premium stuff. Although they like to say their stuff's premium, but yeah, they're usually focusing on discounts. So that, that, that's interesting. It's a little bit of a, of a change of pace. Also interesting to see Apple allow someone to sell a discontinued item, which is kind of an outlet store move, right? Like, uh, in the past, I imagine Apple takes whatever stock of a discontinued item it has and just sells them as refurbished. Even though they're technically not refurbished, they're just going to sell them at that discount and no one's the wiser. If you get a MacBook Air refurbished for cheap and it comes and it's, you know, shrink wrapped and looks brand new, well, great, you're not going to complain, right? So why is the question, would they want Walmart to do this? Uh, my guess is Apple doesn't make any less money off this. They're probably getting their profit margin, uh, from Walmart. Walmart is possibly selling, selling these at cost and saying, you know, what, this will bring people into the store because they, they do that all the time. Um, I, I, I do think it's really, really interesting and I don't know if Apple's doing this on purpose, but it is interesting in combating the idea that Apple, to the opposite of what you're saying, the idea that Apple is, you know, oh, that's, that's for rich people, right? I can't afford an Apple. Well, gee, you can go to Walmart, walk in, somebody's going to see this for $699 and go, well, that, that, that Apple laptop isn't bad. That, that doesn't seem ridiculously expensive. I mean, Walmart is all red and, you know, uh, caveat. I have never been inside of Walmart. So I only know Walmart online. Um, but, uh, I feel like whatever Walmart has, electronics wise, you know, it, it feels like a Best Buy move. Yeah, it's sort of like, okay, well, you know, what do people want? You want the most like crazy expensive thing. Okay, maybe we don't carry that. But an M1 MacBook Air is a very nice computer. And again, I have one. I use it daily. I mean, that's, that's, that's great for $700. That is a great price for a really nice computer, especially if you're starting from scratch. You know, you haven't, um, you know, made it a road warrior, um, as I have with mine. But, um, but yeah, I, I think this is a really good play for Walmart. I think there are a lot of folks out there, myself included, who used to say like, oh yeah, Walmart, like you go there for like cheap t-shirts or I don't know, you know, that kind of stuff. And Walmart has, um, very specifically moved out of that arena. Um, Walmart is a very different company than it used to be, you know, like, like a Kmart alternative. That's what it used to be. It is not that anymore. Um, that it is, it is more of an Amazon competitor than ever, especially online. Yeah, especially online. Uh, and they're, they're getting a lot of, a lot of attention, uh, by doing this. I think the other interesting thing about this is, uh, that what you just said, the, the Apple M1 is still a very good, uh, processor. So even though you're selling a discontinued item, when you buy it, it's not going to feel like it. I'm running an M1 on, on a MacBook Pro right here and it's great. I never feel like, ah, I really need to upgrade eventually and get a new processor. So you know, that is a benefit of Apple Silicon is that these, these devices hold their value and their performance advantage even longer. Now, Sarah. Yes, Tom. I know that there are a lot of people who advance technology, but if you ask people who's advanced technology, you're probably going to hear things like, what, Steve Jobs or perhaps the, the guys who founded Intel or Hewlett and Packard, you don't hear as much about the women who advanced technology. So this week, uh, at Rogers behest, we count down the top five women who advanced technology. You can catch it all at our YouTube channel, youtube.com slash daily tech news show. And these are short. These are 60 seconds. So we're able to put them up on Instagram, dtnspix, dtnspix, and on tiktok. Uh, while tiktok lasts at daily tech news show on tiktok. Uh, so go check these out. Tom's top five wherever fine short videos are sold or given for free. There is a story published by ours Technica on Thursday called hackers can read private AI assisted assistant chats even though they're encrypted. It's got all the hallmarks of a viral story that every tech blog would pick up and run with it's a security breach. It's AI. It's from a reputable source, but ours Technica's Dan Gooden reporting on research by security Richards at Ben Grand University seems to kind of be you know, the only one carrying the torch here. It does not seem to have taken off the way some news stories do. So Tom, why do you think that is and let's talk about it? Yeah, it finally made it on detecting me, but even lower down. So I'm not sure why this this isn't getting picked up more. It's a solid piece of reporting. Dan Gooden does the Lord's work. Been doing it for a couple of decades. Really good at it. I highly recommend you go read it at ours Technica. There are two main reasons I think it's worth talking about. One, it will help us understand a little more how large language models work. And two, it's a fascinating example of what's called a side channel attack because it's from researchers not malicious actors. This is a fun example that we can actually defend against rather than something to be afraid of. All right. So let's talk about what the attack actually is and where the where the fear comes from. The short version is that security researchers figured out a cool method of deciphering what a chatbot is saying to people even when what the chatbot is saying is end to end encrypted. Ooh, okay. So my initial reaction is this is bad. I should be alarmed. It can decipher encrypted communications. That seems like something that companies are supposed to not let bad actors do. Did they break the encryption? Because that would be a real, you know, a bad word. The word you're looking for is a cog in the whatever. Yes, bad. Yeah. No, no, they did not break encryption. Do you do not need to be that alarmed? The methods depend on a quirk in the way large language models work. So don't worry. This is not going to affect your messenger app or signal or anything like that. In fact, it doesn't even affect your prompts to a chatbot. This only can be used for the responses coming from the chatbot. So how are they able to read encrypted text and why only from the chatbot? Without going too far into it, you need to understand that large language models don't think they don't look up answers in a database. They predict what the next word should be given the previous words. That's it. And it's I know it's very impressive, but at the heart of it, that's really what they do. I explain this as words, but it's actually in more technical terms something called tokens. You can think of a token as maybe a syllable, if that helps. Sometimes it's even part of words that aren't syllables. But the important part is that each token is a little different than each other token based on what part of the word it represents. So the token for sorry is going to be a little bigger. It's going to take up a little more data than a token for just the exclamation point, for example. Okay. So if I'm understanding this, the side channel is figuring out those tokens. Yeah, exactly. Side channel attacks take information from outside the channel and then deduce what's in the channel. So if you've ever heard of these studies and we've talked about them on DTS before, where you could read key strokes based on the sound of typing or the interval between key strokes just by having a microphone in the room or ways to determine bits by listening to changes in the hard drive motors, those are examples of side channel attacks. In this case, the side channel attack is looking at the size of the packets, not what's in them. Well, okay. But how do they do it? Like how? Yeah, so it stopped very in the lead, Merritt, to conduct the side channel attack on a large language models and cryptic communication, you need to see the traffic between the user and the large language models server. So you can do that in lots of different ways. That's what used to be called ban on the middle attack. They often call it an adversary in the middle attack these days. But it's the classic get on the public Wi-Fi hotspot at Starbucks and start sniffing traffic. A VPN is going to protect you against that, but there's lots of other ways to do it too. Whatever way you do it, that has to be done first and then the attacker can monitor the size of the packets coming from the large language model. They're encrypted, so you won't be able to see what's in them, but you can see how big they are. And that will work against almost every chatbot except Google's Gemini. Google's Gemini does not send each token in a separate packet. There's all do that, and that lets you see the answer in real time. If you've wondered like, why does chat GPT look like it's typing the answer? Because it's sending each token separately, so it can slowly reveal the answer to you, and that makes it feel faster. Well, okay. So how then do they figure out how the size of packets correspond to words? Yeah. In this exploit, they taught their own large language model to guess what the likely words would be based on the sequence of different sized packets. And one of the things that made that easy is that LLMs tend to start their responses in similar ways. There's fewer different ways that a chatbot starts its response. It then diverges into more unique responses the more it responds. Once they had a model that could actually accurately predict the opening sentence, they then trained their own second model to use the context of that first sentence. And that is a method of being able to decode things as like, well, if we know this, it makes it easier to decode the rest when you're analyzing those packet sizes. And again, all they were doing this was the sequence of different sized packets, but they used LLMs to fight LLMs. Okay. So how good was this method because it couldn't read everything, right? No, it could not. The models could only match specific words 29% of the time. However, they could accurately guess the topic of the conversation. So, you know, they may have not got all the words right, but it was enough words in the sentence that you could tell what was being talked about. They could do that 55% of the time. Now, that's not a majority of the time. So you're right. It's you're not going to get all the conversations. But if you're a target of some kind, you're a dissident or a journalist or a politician or you work in security, that's enough for you to worry that some of your sensitive information could be spied on. Now, you mentioned that Gemini not vulnerable to this attack, but it sounds like all the chat bots should be able to defend against it because we know what's going on, right? Yeah, that's the good news. Both Google's Gemini and Github's instance of co-pilot, although not other instances of co-pilot, don't send the tokens in individual packets. So they were not vulnerable to this. Sending the entire response in one packet would make this almost impossible, but researchers know like, I know the idea of sending individual packets is to speed things up or make it look like it's faster. So you could also just add padding to the packets to make them appear to be the same size. So in my earlier example, we had sorry and an exclamation point. You could pad out the packet that had the exclamation point, so it looked like it was about the same size. That would slow down some things more than if you didn't do it, but it would let you still mimic the real-time response and reduce the success of this attack again to near zero. Cloudflare has implemented padding on its workers AI service and in true Cloudflare style, wrote a detailed blog post about it that you can read. OpenAI also seems to have implemented padding, but in true open AI style hasn't said anything about it, has not been open about what they've done, but yeah, the good news is this is easy to mitigate against. I mean, you know, I know we're just a humble little tech show, but to be as open as possible of what we know about how these LLMs and models in general work, you know, it blows my mind. It really does. You know, just sort of knowing like what is possible, what is good, what is vulnerable, you know, it's all, you know, again, wild west. Yeah, it's fascinating what you can glean from just a little bit of information out there, just packet sizes. And the other part of this is it made it easier to glean it because they had large language models of their own. So we always talk about like, oh, it's going to be an arms race. We, you know, the bad folks will use large language models and the good folks will use use them as well. And that's exactly what we're, what we're seeing here. All right. Let's check out the mailbag. Let's do it. This one comes in from Brian who wrote, I keep hearing everyone talk about how heavy the Apple Vision Pro is, but as one who has worn a helmet, O2 mask, night vision goggles, and other things while flying four hours at night, I can say it's always about how you wear the weight on your head. We would put the batteries on the back of our helmets to balance the weight of the VGs on the front of the helmet. As for the Apple vision, I would suggest moving the battery to the back of the strap and shorten the supple court. The weight is not usually the issue. It's the balance. It would be interesting to see Sarah tape the battery pack to the back of the strap and see if balance changed for the better. All right, Brian, challenge accepted. Nice. Yeah. Yeah. Are you going to report back on the Apple vision show about this? 100%. I'll do it over the weekend. I mean, one of the things, the battery pack, like it's one of my sticking points because I'm like, but other VR slash AR headsets don't have to, you don't have to have that thing with you and it kind of sucks. Yeah. But maybe a balance thing if it was on the head could be a benefit and not a detriment. Yeah. Weirdly adding some weight in the right place might make it feel. It might make it feel less heavy. Yeah. You know Apple thought of this. You know Apple tried it. I'm curious why they decided not to do it that way. And I'm going to guess Apple would say, no, no, no. If you just do the strap right, it won't feel heavy. You need to come back to the store. You're strapping it wrong. Yeah, exactly. You're totally strapping it wrong as I have been all my life. Well patrons, stick around for the extended show Good Day Internet. It's time again for the great GDI debates. It's Friday. We like to do fun stuff in GDI on Fridays. So we're going to talk about dynamic or flat pricing. You know, with the Wendy's thing, that's a hot topic. We're going to talk about whether the nine to five workday should be thrown away and savory or sweet for breakfast. Huh? Yeah, you might say, oh, that's an obvious one. But is it? Stick around. Oh, it's obvious to me. I know my answer. Do stick around for that because I'm going to go nuclear. You can also catch the show live Monday through Friday at 4 p.m. Eastern, 2100 UTC. Daily Tech News show is live. We'd love to have you join us if you can. DailyTechnewshow.com slash live is where you can find out more about that. We're back on Monday with an overview of big announcements from GDC with Scott Johnson. Talk to you then. This week's episodes of Daily Tech News Show are created by the following people, host producer and writer, Tom Merritt, host producer and writer, Sarah Lane, executive producer and booker, Roger Chang, producer, writer and co-host, Rob Dunwood, video producer and Twitch producer, Joe Coons, technical producer, Anthony Lemos, Spanish language, host, writer and producer, Dan Campos, science correspondent, Dr. Nikki Ackermans, social media producer and moderator, Zoe Dutterding. Our mods, Beatmaster, W. Scottus 1, BioCow, Captain Kipper, Steve Guadorama, Paul Reese, Matthew J. Stevens, a.k.a. Gadget Virtuoso and J.D. Galloway. Modern video hosting by Dan Christensen. Music and Art provided by Martin Bell, Dan Looters, Mustafa A., Acast and Len Peralta. Acast adds support from Tatiana Matias, Patreon support from Tom McNeil. Contributors for this week's shows include Shannon Morse, Scott Johnson and Justin Robert Young. And thanks to all our patrons who make the show possible. Show is part of the Frog Pants Network. Get more at frogpants.com.