 This 10th year of Daily Tech News show is made possible by its wonderful listeners like Howard Yermish, John Atwood, Pat, our new patrons, we've got Daniel, we've got David, we've got Sondayou back, and Michael, thanks to all of you for making the show possible. On this episode of DTNS, using an AI to read your keyboard sounds, facial recognition keeps leading to mistaken arrest of black people, and what is delaying matter from making the smart home easy. This is the Daily Tech News for Monday, August 7th, 2023 in Los Angeles on Tom Merritt. From the Atlanta area, I'm Nika Mofford. From deep in the heart of Texas, I'm Justin Robert Young. And I'm the show's producer, Roger Chang. Welcome everyone to a new week of technology news in August. Just an idea off the top of my head. Should we start with the quick hits? Yeah, I think so. Let's do it. PayPal announced its own stablecoin called PayPalUSD, or if you're looking for the funky acronyms PYUSD, issued by a company called Paxos, that's who they're partnering with, on an Ethereum blockchain, and backed by US dollars, treasury certificates, and cash equivalents. But it's a stablecoin. So one PayPalUSD should equal one dollar. PayPal, if you recall, paused work on PYUSD back in February, but will now gradually roll it out to customers in the United States. CEO Dan Schulman says the technology should allow instant and low cost transfers without needing an essential intermediary. PYUSD will also be redeemable for dollars, but it can be exchanged for other cryptocurrencies as well on PayPal's network with Venmo support yet to come. A site called the Stack Diary noticed that Zoom updated its terms of service to say that it can use, quote, service-generated data for any purpose, including training AI. In practice, Zoom AI features are made available on a trial basis and require you to turn them on. Also, each feature requires the user to give informed consent to use any data for training. Also, Zoom points out that any data will be used for that feature and not to train on third-party models. Zoom says the terms of service are written that way because it also states that your data is owned by you and not them. So it needs to clearly state it has the license to provide its features. So it seems to me, it may be another example of overboard terms of service. Yeah, they can do it. They promise they won't. That always makes me think that. Believe us. On December 13th of 2022, Dr. Nicky told us right here on DTNS about an advance in fusion power that showed a process that got more energy out of a fusion reactor than we put in, which is a big step forward. The downside, of course, is that while the experiment itself produced more energy than went into it, it took more energy to set up the experiment than it got out. Basically, the lasers added 2.05 megajoules to the experiment, got 3.15 megajoules out, a big deal, but it also took 300 megajoules to get the lasers going all together. So it was still a loss on balance, even if an experimental positive. And they're doing it again. Scientists at Lawrence Livermore Lab reproduced their results on July 30th, and while it still hasn't solved the overall energy imbalance, the ability to do it again means that, yeah, it wasn't a fluke. They can make it happen whenever they want, and that'll make it easier to start working on making that effect bigger. Monday, Microsoft officially announced that Bing Chat is coming to third-party browsers soon, both on the web and in mobile browsers. Microsoft says even though Bing Chat will work in various browsers, the best experience would be found in Microsoft Edge. And testing Bing Chat third-party browsers supported fewer messages per conversation and a smaller character count per message. And the U.S. Department of Justice and a coalition of U.S. State's attorneys general have been pursuing an antitrust case against Alphabet's Google. Since 2009, they've been pursuing this. Friday, a U.S. District Court judge dismissed several claims making the suit a lot smaller. Judge Amit Mehta said the claim of anti-competitive behavior in search against competitors was based on opinion, not evidence, so he dismissed that one. And the judge also dropped the accusations related to agreements between Google and Android developers and phone makers because the government abandoned those allegations. That leaves just a few other allegations. The most significant left are the ones that making Google the default search engine on mobile browsers was anti-competitive. The trial will begin on September 12th. All right, let's talk a little bit more about an AI security attack that you'll probably see in the headlines as all manner of AI models become easier for people to use. It means that they can be used by people for malicious purposes. And as with any security risk, one of the keys to defending against attacks is to discover potential attacks before the bad folks do. So consider this a good news story. A team of scientists from several UK universities trained a deep learning model to extract data from a recording of your keyboard clicks. It's what's called an acoustic attack. And when the mic was in the room, it had a 95% accuracy. Over Zoom, it had a 93% accuracy. What did I just type? Well, you don't know because you haven't figured out how to do the attack. Yeah, no, you can't say that on the air. You can't for anybody who heard that. Well, apparently Justin has figured out how to do it. Here's it. Here's how it will work. You could do it over Zoom, right? Like they said, but that's less effective. One way to get a mic in somebody's room without them really noticing would be to infect their phone with some malicious software that would then record over their phone and hear the keyboard clicks that way. The attacker would then need to match the recordings with what is being typed to train an algorithm for the target's method of typing. So you're not only going to have to get the mic in the room, you're also going to have to know what they're typing sometimes, which is why a Zoom call might work because you can see what they're typing in chat and then match up the recordings. That method then creates a waveform of each keystroke. So they're not actually processing the audio. They're processing the waveform and using an image classifier called CoatNet to identify the waveform images. For the experiment they did in the lab, they pressed each key 25 times. So you are going to need quite a bit of chat if you're going to get all the keys 25 times. Now, mitigations can include white noise, false keyboard sounds or audio filters, biometric authentication like what is used with past key would not be vulnerable to this attack. It's a lot of hoops to get over. It's very impressive. It's good to know about. Nika, does it worry you? At this point, pretty much everything around AI worries me because it's a space that is just so vast and it's moving faster than we can keep up with. And when that happens, that allows malicious intent to go in because if you're behind the gun, so to speak, you can't get ahead of it. So yeah. You work with it, too. You're not just somebody on the outside. So yeah. Yeah, this reminds me of a lot of the stories that we got around the time that FaceTime and Touch ID came out for the iPhone where they were new-ish technologies at least on the level that Apple put them in and the kind of fame that is associated with any kind of Apple feature. And so we got a lot of very highly touted stories of people that were hacking Touch ID and hacking Face ID. And it's not to say that they are impossible to do if it exists. It is hackable. But it was very impractical. Now, what is going to be interesting about stuff like this is that I suspect with Black Hat happening now and Defcon happening this weekend and the fact that it's going to be the first time for both of those conventions where the world's hackers come to share their exploits with each other on the grandest scale, we're probably going to see a lot of AI-enabled hacking things that will make their way out over the next week. Just know it's better we're hearing about it. The hacks you hear about be happy about them, be thrilled about them. Yes, they're a little scary. That's fine. What you don't want are the hacks you don't know about because those are the ones that will actually materially affect your life. Yeah, this is your road. And every hack has to start somewhere, right? So right now, it's like, you know, we don't have the full scope of each of the clicks, but we're just at the beginning of it. So as people work with this more, they back hack it, they find slicker ways to implement these types of, for lack of a better term, workarounds to get the information needed for the waveforms. Then yeah, it's coming. And again, as Justin mentioned, the sooner you know about it, the better you can start to put some sort of safeguards or guardrails around it. Just to know that it's coming and this is the path that they're taking. You can kind of start to prepare a little bit better for it. And also to know like, oh, they would have to do this first and then that first and then that first and that's a lot of trouble. Am I a high enough target for that? This is all good information to have. Also toss your mechanical keyboard, you hipster. But I like it. All right. In January, we talked about an Atlanta area man who was arrested on the basis of a warrant issued by Louisiana's Jefferson Parish Sheriff's Office. The warrant was issued based on a facial recognition match from security cameras showing a theft. However, it was not the right person. And he spent six days in jail until the matter was cleared up. This week, the New York Times reports that a woman is suing the city of Detroit after she was arrested in February on suspicion of carjacking. She was eight months pregnant at the time of the arrest. That mistaken arrest was also based partially on facial recognition. Please don't use facial recognition matches alone to make these decisions to request a warrant. The judge is going to require more than just the facial recognition, and it has informed at minimum hundreds of warrants that were not inaccurate. And yet six cases are known where the facial recognition clearly identified the wrong person, and every one of those six people was black. Most facial recognition systems are better at accurately matching images of light skin than they are at matching images of dark skin. This could be because training data doesn't include enough images of black people. Also mugshot databases over represent images of black people causing systems to be more likely to mark a dark skin face as possibly criminal. Now, Nika, you're a developer. As I mentioned earlier, you work with AI. You're more familiar than most of us with the subtleties of dealing with percentages of accuracy in order to get usable results, like with automobiles. Is there a situation where you think facial recognition could eventually be used to aid criminal investigations responsibly? I would say yes, but we are not there yet. We are nowhere near close to this, because the first thing is to point out in each of these instances, it was a black person. Black people in this country are not the only people that have dark skin or brown skin. So that's kind of the first thing to kind of take note of, that it is all-encompassing. Yes, the tech is important, but the people behind the tech really do set up how we use this. They set up the application. Typically when you're using an AI model and you're training the data and you're trying to productionize it into an application, there are a couple of things that you have to keep in mind. One is the dataset that you're training on. It mentioned in the article that many of the mugshots were based on images of black people. The folks, the developers, the product managers, the testers who are working on these type of products, need to make sure that they have an informed basis on the tools that they are creating. A lot of times developers specifically, they create things based on their own experience, based on what they know, based on what they see. So you have unconscious bias included in there, and you probably have some implicit bias included in there as well. So we have to make sure that not only are we using the proper dataset that includes a variety of data points, but we also need to make sure that product managers, again, engineers, that they are really thinking through the applications that we are creating to best fit the society as a whole and not just narrow our views. A lot of times when you are validating your models, you have a threshold of what's acceptable or what's not. Plus or minus 5% is good. So if you run your model, you run the training set, and you get your metrics off of that, does it fall within that threshold? Is a threshold that you set, is it acceptable to ensure that you are actually putting forth a product that is responsible, and it takes into account the full range of skin tones from the lightest to the darkest? So there's a lot of more work definitely that needs to be done on this before it's used. I know people may say, oh, it's only six people. Well, that's six people who've had to spend time in jail, who've had to have their life upended, and these are just the ones that we know from one specific municipality. When you probably think of this on a larger scale, if you think about this across the country, then this number will likely increase. And again, people need to use some common sense when you're using this facial wreck, because I think in both of these instances, it was obvious that the people that they arrested were not the people that were the matches. Well, Anika, they have to use more than just common sense. They have to operate within a framework of the law that avoids the kinds of lawsuits that they're going to face from these six people. At the end of the day, these AI recognitions are only a tool, a tool for law enforcement for which is in human hands, and they are going to trust this at their own peril if it is not to the level that would make sense and bring more clarity to a situation as opposed to more confusion. New technology and law enforcement is nothing new. It still remains a game of a human trial and error, which means you are going to get good decisions that help save lives and you're going to get bad decisions that ruin lives. In this particular case, the onus is on the human operators of these AI tools to make things right and to use them responsibly. And that is something that I think we are going to see only more and more with AI in all walks of life. Yeah. I think, Anika, you laid out what needs to be done for the technology to improve very well. It's not like it's a mystery. It's not. It's pretty clear stuff. So let's do that. But also, just need your blaming the technology gives the humans an out. And your point that these are not Indians or dark-skinned Filipinos. These are all African Americans shows that there is more than just a failure of the technology going on here, that there's something else involved. And you need to get to the bottom of that as well when you talk about evaluating the use of facial recognition. So there's a technological, and as Justin, I think, put it very well, there's a human aspect of this as well. Absolutely. All right, folks. Next week is our third annual DTNS Experiment Week. We're swapping out our normal DTNS schedule. As you know, August is the time when people are going on vacations. There's a little less news around. We're going to try out some new ideas in previous years. We've launched shows like Barbecue and Tech and The Tech John. This year, we have Nicole Li with a show about online life. Roger Chang went and interviewed some of our old colleagues from Tech TV to talk about the things that helped made that network possible. Those are just a couple of the shows we're going to be trying out next week right here on This Feed. So you don't have to do anything. We're just letting you know it's going to happen starting Monday, August 14, right here. So matter, let's talk matter. It's the smart home protocol that promises to make it easy to set up your smart home devices by letting all of them talk to each other no matter who made them. All the big players are there, Apple, Google, Amazon, Samsung. Thread is the networking protocol that was created to support matter, kind of a mesh network meant to make it easier for matter devices to communicate with each other. So, does it work? Well, that matters because The Verge's Jennifer Pattison Tui has an excellent article called Why Thread Is Matter's Biggest Problem Right Now. If you are really looking to understand the issue, read her article, but here's the short version. All right. Thread is a protocol, right? It's a communication protocol so that you don't have to use Bluetooth and Wi-Fi and ZigBee and Z-Wave and all of that. And to run Thread, you need at least one border router. That doesn't mean you have to buy a router. It just means a device that will manage how all the other devices communicate over Thread. And border routers can be built into any Wi-Fi device. So if you have a router, it can be a border router, obviously. But if you've got a smart speaker that connects over Wi-Fi, that can be a border router. If you have a smart fridge or a smart dryer, those can be border routers. You can have more than one border router on the protocol. The protocol only encourages that because when the border routers work together, it helps the Thread network remain resilient and improves the coverage. That's a feature, not a bug. However, the protocol does not define a standard way to securely share credentials. You're not expected, this is what makes Thread good, to type in 27 characters to register a device on the network. But the way the border router does it automatically isn't standardized, meaning different border routers from different companies might not talk to each other well. That means border routers may not join each other's networks because they have differing authentication schemes. And if you have two devices that have two different border routers, you might suddenly have two Thread networks. You often also, this is worth knowing, add a device on your phone, which may be iOS or Android. Save that thought, it's going to play in in a second. Here's the problem that all of that causes. Manufacturers decide if their devices should join existing Thread networks or set up their own. And each manufacturer is doing it differently. The whole point of a standard is that the manufacturers don't do something differently. But because we have this one little part of the standard that's not defined, Amazon only works on networks set up by other Amazon devices. Amazon says it's fixing this, but it hasn't yet. Samsung SmartThing shares its credentials through the phone, but will not join existing Thread networks. It'll let everything join its, but it doesn't join any others yet. And here's the kicker. Android and iOS do not share Thread credentials with each other. Actually, I think Android shares them with iOS, but iOS doesn't share them with Android. That's the bigger problem. Border router set up through iOS won't talk to those set up first on Android. So you need to, if you're using both operating, if you only use an Android, it doesn't matter. But if you use iOS or you plan to ever use iOS, you need to set up all your border routers on iOS first if you want to use iOS and Android. And there's no spec for merging networks. Not that it can't be done, but there's no spec for it. So there's no standard way and therefore nobody has developed it. So for now, you get a great unified Thread network for all your matter devices. If you use Apple and Google devices and set them up on iOS first, or use only Samsung smart thing hubs, or use only Amazon devices for your border routers, which is kind of not the point of matter, which is supposed to make you not have to think about this sort of stuff. So you want to know what, Tom, let me give you a real world example, because you've been to my house here in Austin. We decided recently to take out our lights in our kitchen and put in new lights. And the only problem is that the fixtures that we are using have a lot more light. So to put hue bulbs in, which is what we have for the rest of our house would be prohibitively expensive. And I keep telling my wife is calm down, calm down, calm down. They're making a protocol for which we can we can get cheaper, just the regular, they don't have to be colored, like just a regular black and white bulbs there in our kitchen. And now I am more terrified than ever to try this. As much as I hate, we have regular light bulbs in there. And to be honest, friends, I might as well have candles. I might as well light candles every night and blow them out for as archaic as I feel. Well, the good news is, if your Wi-Fi connected devices, your border router devices, don't have a problem, those bulbs will work with whatever, like as long as they're matter standard, because the matter standard is fine. There's no problem with the matter standard. The problem is with the thread standard. And you could actually use matter without thread. The thread is the thing that makes it possibly magical. If all the border routers will connect with each other, it's just getting everybody to fix all this stuff. And all the companies have like, yeah, yeah, you know, we're working on allowing other border routers, but they've been saying that since it launched nine months ago. And we haven't seen a lot of progress on that. So it seems to me that they spend a lot of time on making sure that matter was compatible and standardized between all of the big tech companies. And it doesn't seem as if they spend a whole lot of time on making sure that linking all of this together will work, because, you know, the different options that you're giving, if you're this, if you're that, it seems as if someone may have dropped the ball on how to interconnect all of these different devices on all these different OSs. Yeah, I'd be curious if anybody is involved in that standard. And, you know, on the download, you want to say like, oh, this is why that little part wasn't included, because it seems like in retrospect, it seems obvious, well, you should also define a way for these to all talk to each other. Because you can in the standard have multiple thread networks connect to each other over the internet. And so it might not be a problem to have multiple thread networks, except that takes away one of the advantages, right? Well, yeah, it takes away one of the advantages of the resiliency. Because then if you accidentally unplug one network, it might knock out half your devices, but not the other half. And that's again, that's the kind of complexity that matter and threads are supposed to solve. Doesn't matter. Yeah. Let's talk about something that is actually more simple than it appears. The verges at a Robertson noticed that a mastodon user called net spooky posted about buying a very inexpensive HP printer that was Wi-Fi only, no USB. Well, it turns out that all they did to make this printer Wi-Fi only was to put a sticker over the USB port and net spooky removed their sticker and plugged in a USB cable and printed just fine. That's the way around it. I get it. I get it. This is basically charging for heated seats, right? This is HP going, you know, the price of making this printer went down. Let's sell it as Wi-Fi only. And we can keep the price higher for USB. But to do that it would be more expensive to remove USB from their manufacturing process to do that. So they just put a sticker over it and said, oh, that's the discounted one. I think, yeah, or these are just units for which they weren't able to move. So either you junk them or you slap some stickers on and sell them at a cut rate price because you just need to get out the door. Why not just sell them at a cut rate price? Why do you have to go through the dance? Then that affects what you can sell the device at going forward. You don't want to sell them higher all that way. Yes, either because you don't want to damage your price point on the unit itself. And from what I've seen with printers, you always sell them very competitively because you know, you're locking dopes into ink. Yes, exactly. So they want to, their price to move anyway, these were probably priced to move faster because they just need to get them the heck out of there. But the only way that they can do it without damaging the price point is to slap a sticker and say, oh, it's feature locked with sticking power. But my thing, if they're going to use something to cover it, how much more would it be just to print a little plastic, you know, little cover and just pop it on? If you're taking the time to peel off a sticker and put a sticker over it, can't you just put a little plastic something to kind of? Somebody ran the numbers on that and it was cheaper to do the sticker. Yeah, exactly. I'm sure it was tenths of a tenths of a tenths of a cent. Yeah. And that was enough to make sure that they would go with the stickers. No one's going to pull this sticker off. I know they could have just they could have just super glued the USB port. That too. That would have been that would have been one of the numbers on that if they ran the numbers on a little plastic thingy on it. Yeah. Superglue was even more. I just love that the what the stickers has the Wi-Fi symbol and then the USB symbol with a crossout on it. Yeah. To be like, don't even try it. There's no USB behind this sticker. It's on it. Do you don't want to plug it in? But now you know, you might be able to find yourself a cheap USB inkjet if you're still using inkjet computers, which I gave up on a long time ago. All right, let's check out the mailbag. First, we like the high will light when people write in with positives. So so thanks to Jamie in Ireland, who wrote kudos, Sarah, you pronounced Glasgow properly. Bravo. Well done, Sarah Lane. I noticed that too. Glasgow. I'm pretty sure I've mispronounced Jamie's name now. So I'll just I'll just apologize for that right. Apologies to high name. And then Friday during our extended show, we were talking about room temperature superconductivity, and I kept wanting to say semiconductor instead of superconductor. Superconductors need to be extremely cooled to work. But semiconductors do not. And John wrote in, Tom, I know you all kept saying the more common word semiconductors versus superconductors the other day just because. But I came across this XKCD comic and thought of you. And it's a comic of the caption is no one is impressed by my discovery of room temperature semiconductors, because all semiconductors are room temperature. Once again, XKCD wins at the internet. Thank you for that. And thanks for sending that along. John, appreciate that. Also, thanks to you, Nika Monford, for being with us today. What you got going on these days? Um, pretty much you can follow me at tech savvy diva everywhere on the internet. You can also check out snob a West, which is a podcast where we talk all things Apple and then some where I'm joined by cohost Terrence Gaines. We record on Wednesdays, but we air the show on Fridays. So tune into that. Go check it out. Justin, Robbie Young, what about yourself? Oh, baby, we are barreling toward the brand new season of know a little more. And let me tell you, friends, it's pretty good. I've heard some of it. You haven't. You'll be like me soon though. Go ahead and subscribe to know a little more on the podcast player of your choice. Isn't that right, Tom? Indeed. Indeed. We are going to be doing a bunch of episodes related around the mother of all demos. Oh yeah, I saw you. Yeah, you tip the, you tip the season somewhere so we can talk about it now. Yeah. An exceptional moment in tech history. If you are familiar with it, you're going to love the way that we cover it. If you are not familiar with it, then what if I told you that the entirety of our tech present, not even future, our tech present was all demonstrated in one demo 20 years before it became household reality. It is an extraordinary story. Go check it out. It's coming September 6th at know a little more.com. Patrons, stick around for the extended show, Good Day Internet. Dungeons and Dragons says it won't let artists use AI tools to help them make art for Dungeons and Dragons books. But should they? Maybe they should. We're going to talk about it. You can also catch the show live Monday through Friday, 4pm Eastern, 200 UTC. Find out more at DailyTechNewShow.com slash live. We'll see you tomorrow, folks. This show is part of the Frog Pants Network. Get more at frogpants.com.