 This 10th year of Daily Tech News show is made possible by you, the listener, maybe your Hector Bones, or Tim Ashman, or Johnny Hernandez, but whoever you are, we thank you for making this show possible. Coming up on DTNS, Google gives a big boost to password-free logins, a way to use an MRI to log the words you hear in your mind, man. And is it T-Mobile's fault they got breached nine times in five years? Where's the line, T-Mobile? Come on. This is the Daily Tech News for Wednesday, May 3rd, 2023 in Los Angeles. I'm Tom Merritt. And from Studio Rebit, I'm Sarah Lane. In Salt Lake City, I'm Scott Johnson. And I'm the show's producer, Roger J. Oh, my friends, we are going to talk about your brain today and how you can stick it in an MRI and not really find out what you're thinking, but kind of find out what you're thinking. We'll explain. Let's start with the quick hits. AMD announced four new CPUs for ultra-portable notebooks ranging from four to eight Zencore cores with integrated RDNA 3 graphics and an FPGA AI engine. AMD claims its Ryzen 7040U chips are faster than Apple's M2 system on a chip, but we don't have word on when we'll see these laptops or any laptops that are running on these new chips. This comes as AMD reported its client chip sales, including consumer PC chips, fell 65% on the year in Q1. Twitter created a new free API access tier for verified government and publicly owned services that use it for critical purposes like transport or emergency notifications, stuff like that. If this new tier had not been created, many of those services would have had to use a very expensive enterprise-level tier if they wanted to keep operating those alerts. Would you like a machine to write your next cover letter? Well, now you can. LinkedIn has a new feature for premium subscribers to let AI draft a message to the hiring team. This would use your own profile and the information on it as well as information from the company and information on the hiring manager and what they're looking for to create a personalized message from you. I see you like golf. I too like golf. Please hire me. Spotting fake product reviews is going to get easier all the time. Tools to help you spot those fake reviews have been around for a while, and Mozilla once in on the game. So it acquired Fakespot, one of those tools that has been around for a while. Mozilla plans to keep supporting Fakespot's existing site. If you use that, it's not going away. Mozilla is going to keep supporting Fakespot's Chrome plugin. But one of the reasons they acquired it is they want to integrate it into the Firefox browser. The U.S. Federal Trade Commission found that Meta has repeatedly violated privacy promises that it made in a 2019 settlement. Among the violations were failure to cut off developers' access to data if the user did not use the developer's app for more than 90 days. It also determined that contact controls in messenger kids were not adequate. The FTC proposes that Meta should be prevented from making money off of data collected from users younger than 18 years of age and limit its use of facial recognition. Meta has 30 days to respond to the proposed findings. Also, this is like the settlement of a previous breach of a previous settlement. Like, read the TechCrunch article on that because the history is almost too hilarious. Passkeys are a cryptographically sound way to sign in securely without needing a password. We have a great episode to know a little more on that. They are as secure as the device you store them on. So as long as you are properly securing your phone or computer, they're the best security you can have. Yeah, and so now Google, which helped develop passkeys through the Fido Alliance, supports them for Google account logins. That means if you choose and you can choose, you can replace passwords and multiple factors with this instead. Google's passkeys work on iOS and Android 9 and can be shared across devices using password managers like Dashlane or OnePassword or cloud services like iCloud or Google Cloud. But they're never shared with Google and Google wants to stress that. So there's no risk of your passkey getting phished or taken from a Google database leak or hack if that were to happen. You can even sign in from a device that isn't yours. Maybe you're wanting to watch YouTube on a hotel TV, for example. Without storing the passkey on that device, which you should not do, you can also revoke passkeys in Google account settings if you happen to lose a device. Now Scott, pretty much everybody in the DTNS audience understands passkeys and can choose to use them in many do. But can we convince our friends and family of their importance? Because I think that's where we all get more secure. Sure. I feel like we're back to where the importance of two-factor authentication was before that text-based verification. These various ways of trying to add layers of security to your account are sometimes a little hard to tell people how they work. It's just an education process. For example, if I'm going to try to explain what passkey is to my mom, it's probably going to be difficult actually having her use passkey probably be simple, which is what I like about it. You don't really need to know that much. You just kind of need to know to get it. And now that there's a company as big as Google who was already involved, like you said in the Fido Alliance, finally saying, look, this is how we're going to move forward. Now you can do it. Get your passkey and let's go. That to me says they're locked in. And that probably means more will follow. Big names are going to follow. And then the websites we all sub to that are smaller or weirder or whatever will end up with passkey support as well. So I hope this takes off because this is just one more step toward a direction that is nothing is ever perfect, right? I don't know if we ever get to perfect, but this is a far cry better than having stuff stored in some other database, something somebody could breach even with crazy security and encryption in play. So I'm really stoked about this. And I hope that the education process goes well because that's been proven to be a little hard in the past. Well, the education process is different for passkeys. And the barrier, I think, is different with multi factor authentication. The barrier was having to do something, you know, having to teach someone how to use off. There's an authenticator. You got to go copy paste. Whereas the barrier to entry with passkeys is trust because like you said, Scott, it's dead simple. You say, yes, I want to do passkeys and they say, great, it's now stored on this device and you can log into your account using this device. We're not to the point where they're going to take away your password. So you'll always have that as a fallback. But even someday, if you get to that point, as long as you are logging in with an email address that you can access elsewhere. You'll be able to recover your passkeys using your email address. So I think this is simple to explain like, oh, this is you just do this. And then every time you want to log in, you'll tap a button on your phone or in some cases, if you're on your phone, you won't even have to tap a button. It'll just do it automatically. That's where you're going to get people saying like, well, hold on, how is that secure? I don't know if I want to do that. And that's when it becomes harder to explain because you have to explain the FIDO to and web off and all of that to really understand it and public key cryptography. Which again, we have a little more episode about, but I don't know if that's the most efficient way to convince a family member to trust pasties. Yeah, I pulled a couple of folks who I will not mention by name, but you know, people who I feel like this is not these terms are not super familiar to them. The question I got three times in a row was, well, what if somebody steals my phone? Then they can just get in anywhere. And that is that is the right question to ask, which is that is why you need to make sure you secure the device your past key is on. So your phone should be protected not just by biometrics, not just by face ID or touch ID, but it should be protected by a sufficiently complex password so that people can't hack into the phone. Now the other thing to realize is that you can deauthorize the past key remotely. So if you can get into your account, say on a laptop and you've lost your phone, you can deauthorize the past key on that phone. So that gives you a little extra protection too. But it's still way less likely that you're going to lose your phone and someone will figure out how to crack in and take your past keys. Then it is that someone is going to crack into a database at T-Mobile and get your password. Yeah, no, that's true. Stay for the rest of the show to find out more about that. Yeah, right. It just seems like there's a real opportunity here for security to go in a, I don't know, a better way overall. And I know they're competing standards of other standards that would like to get in there and stuff. So I'm still a little worried about that, like which one are people going to stick with. What I am happiest about is things that you already like and use. Like I really like and use one password. I think they're awesome. It's nice to know that they will be there to let me share across devices using that manager. And if others have managers, they prefer same thing. I mean, ultimately, the goal will be password list. We don't have to think about it. Our devices just have our thing and we're good. I think that is the future. But, you know, hopefully this goes smooth. Yeah, the two week spots are like making sure people have proper device security. Because I know a lot of people have one, two, three, four or zero, zero, zero as their passcode on a phone because that's easy, right? Or mom's birthday or something that's easily found out by somebody else. I found out by mom's passcode this weekend and I was like, mom, no. But anyway, that's a separate thing. The other issue is going to be that idea that the passcodes are shared across platforms isn't going to work perfectly until probably next year. Because Windows hasn't fully rolled it out. And yes, you can store it in iCloud, but when you store it in iCloud, that's not going to work in non-Apple devices. Like if you're on a Windows machine or something, Linux still needs to make some work to bring support in as well. So in a couple of years, that's going to happen. It's all going to be taken care of. Probably by the end of this year, you'll get most of it taken care of. But that's the other roadblock to people adopting it is getting on it and then going, well, wait, why isn't it working over here? Well, this isn't easy. I have to use a password over there. Yeah. And then there's just the whole transition of smaller. We talked about this morning on TMS, smaller sites getting in line with it. And that's just going to take a long tail on this. And that's that'll all work out in the end. But at least your past keys can be stored in, well, one password in Dashlane. I know last pass wants to do it, but I don't think they're doing it yet. But they can be stored in the password manager along with the password. So as the sites convert, you can use the same manager to manage that stuff. In fact, speaking of Dashlane real quickly, you may see some news that Dashlane does not support past key. That's confusing. I know Dashlane will let you store past keys in its password manager, but it is not supporting past key for logging into Dashlane itself, at least not yet. Dashlane, however, is rolling out its own device based password list login in the coming months, which replaces passwords with cryptographic keys that use a pin or biometrics on a mobile device. So you may go, well, wait, why not just use past key instead of making their own thing that's almost the same as past key? CEO John Bennett said that right now past keys tend to get stuck in a single ecosystem. So they want to wait until it's fully rolled out across all the platforms. Dashlane plans to open source some aspects of the password list tech. It did develop to get more eyes on it and plug any potential vulnerabilities there. All right, let me throw out a term for y'all and see who has heard of semantic decoders. Okay. Nope. Nope. Nope. I don't blame you because it's new. It's a term for a new system, at least a term for a system that could turn a person's brain activity into text when they listen to a person speak, or maybe they imagine a person speaking. You might say, okay, so now robots are reading our minds. Not quite yet. Let me explain a little bit more. Scientists at the University of Texas at Austin published a study about the system in the journal Nature Neuroscience. Here's how it works. A person listens to hours of podcasts while in an fMRI scanner. The measurements from the MRI are then used to train a large language model LOM. Then that model can take the image scanner output and decode what words the individual is hearing because there's patterns there. That also worked when the individual imagined a story. So, Scott, how well did it actually work? Well, Sarah, not all that precisely. Fortunately or unfortunately, depending on how you feel about what I'm going to say next, it could generate text that was either the same, or at least close to the intended meaning of what the individual was imagining or hearing about half the time. So we're about 50% there. But as this gets better, of course, semantic decoders could help people who are mentally conscious yet unable to physically speak. For example, somebody after having a stroke is a good example. Tom, is this a surprise and delight or freak you out? Like, where are we at percentage-wise about how Tom feels about this thing? Let's see. Surprise, 8%, delight, 22%, freak out, 12%, the rest dead inside, I guess. I don't know why I'm so much left over with that. I know. The percentages, you have a lot of room for other feelings. A lot of room for emotions. Very complex in that way. The brain itself. I'm not surprised at all that you would be able to take some patterns and relate it to some text. In fact, maybe I'm surprised that it's as good as 50%. I'm not surprised that it's not near 90% or 100%. Because that's difficult. We don't understand enough about the brain as it is. And so you might not be using the right parts of the brain to do this. We're just kind of taking a scattershot approach and saying, look at all these brain waves in there somewhere. Are the ones related to these words? And the machine learning is like, yeah, I think I see these. These seem to correlate. So none of that surprises me. I thought what was most interesting about this study was the fact that it was able to get the gist so often. So there was one example here that was mostly the gist. The actual words that the person was hearing was, the night I went upstairs to what had been our bedroom and not knowing what else to do, I turned out the lights and lay down on the floor. The only thing it got right was lay down on the floor. What the machine decoded was, we got back to my dorm room. I had no idea where my bed was. I just assumed I would sleep on it, but instead I lay down on the floor. Now, even though those are totally different stories, the laying down on the floor is very specific. And it got that part right. That might point to further research of like, okay, can we isolate what part of the scanner was seeing that gets you those exacts and maybe narrow in on what part of the brain we should be scanning, right? I like this one. A participant listened to a speaker say, I don't have my driver's license yet. And then had their thoughts translated as, quote, she has not even started to learn to drive yet. They got very parental for some reason. It's the jest. Again, like I'm not sure if the participant was male or female, but it's not incorrect. It's just not verbatim, right? But like, can a thought ever be verbatim to a sentence? Maybe, I mean, 50% feels like this is a huge leap and this is insane and we may get to 100% one day. And if we do, we're talking about a lot of applications potentially for this thing. Hold on to, we keep saying thoughts. These aren't thoughts. These are things you hear. So, and yes, they are things you can imagine. But you have to, you have to imagine hearing it for it to translate. Just thinking doesn't show up here because we're always thinking. And that does it is simply what goes through the auditory processing of our brain that gets matched up here. So it isn't as good as being able to read your thoughts, even though every headline wants to say that. It also requires you to be in an MRI machine and be trained. And someone who can't speak could still do that. You could play things for them and train on that. But then you don't really know how good, we'd have to get this really good to be able to have that be a reliable way for someone to communicate. Otherwise, we could be thinking they're saying things that they're not quite. Yeah, and if you're stuck in a, here's an example for me. You put me in an MRI tube, here's what happens. The voice says, drink your cup of coffee and my brain translates back. Get me out of this stupid tube. Like I feel like that if we ever get to the true, what are we thinking? We're in trouble because the stuff I think inside of a tiny tube is not good. I want out. I don't like MRIs either. Not my most fun hours of the day. No. But yeah, you know, I practical applications. Listen, if, you know, Scott, the example used somebody who maybe had a stroke and was having a hard time communicating normally. You know, or, you know, verbally. Right. This is great. Yeah. But, you know, but, you know, going a little bit more, I don't know, just kind of sci-fi with it. It's like translating dreams in some sense, you know, how, you know, maybe there's some sort of reoccurring thing that's really bothering you or you're trying to make sense of or is going to help you in your less subconscious state. That's where this all gets really interesting. Like a real, like a real lie detector, you know, like one that can really hear what you're thinking. This is one of those situations where it could get better. We don't know if it will get better because we don't know if the data we're working with from the brain because we don't know enough about how the brain works is good enough to get better. And the large language models are probably getting better. But there's some dispute about that as well. So I don't know. What do you think about this kind of story, folks? There was another one kicking around about a mouse. Being able to decode the visual processor in mice. Do you like these stories? Let us know. Get in touch with us on The Socials. We're at DTNS Show on Twitter and Mastodon, mstdn.social, at Daily Tech News Show on TikTok, and at DTNS Picks on Instagram. On April 28th, just a day before my sister's birthday, T-Mobile notified affected customers that it discovered a data breach on March 27th that had been going on since February. T-Mobile filed a breach notification estimating that it impacted 836 customers, not a lot in this case, though previous breaches at T-Mobile had affected more people. The attackers in this case accessed full names, dates of birth, addresses, contact info, government IDs, social security numbers, and T-Mobile account pins. Those are the pins used to make changes to your account, something that would be a boon for SIM swappers. T-Mobile says no personal financial information or call records were accessed, but Sarah, this is not the first time this has happened, right? Tom, it is not. This is the second breach of T-Mobile announced just this year, but it's the 9th since 2018. Josh wrote into DTNS on the story. Josh observed T-Mobile's past breaches have seemingly had no lasting impact on their reputation as evidenced by their recent successful quarter. T-Mobile reported $19.63 billion in revenue last quarter with the earnings of $1.58 per share. Now, Josh is suggesting we need new laws to address this, but do we? I mean, I don't know if we need new jobs or, sorry, laws for this. Laws. Somebody needs new jobs. We don't need new jobs. You were jumping to firing people at T-Mobile, weren't you? I mean, Tom, you're a T-Mobile user. You've been through this now and then. I guess the, you know, Josh saying we need new laws to address this is addressing the, this has happened a lot to T-Mobile. You know, from 2018 to 2023, we've got nine rather major data breaches. You know, at what point do customers say, nope, no more. I'm going elsewhere. Tom, you used T-Mobile. I mean, you're still there. So what's up? I understand Josh's frustration. And where my head is usually at is T-Mobile. I know they're a company and it's not fashionable to like companies these days, but they're the victim of attacks here. Let's not lose sight of that. They aren't asking to be attacked. And nor do I think they're leaving the doors wide open. Hackers and attackers are getting very sophisticated and finding ways to get into systems that involve humans. They have not detailed what happened in this last breach, but a lot of times it's somebody gets tricked and that's how they get into the network. And those are very hard to defend against. Why is T-Mobile having more of these than usual is a very good question. Is there something they're not doing well enough? I think more transparency on that are their part would help us evaluate that as customers. On the other hand, I probably should be concerned that it's this many in this amount of time, but all that stuff we mentioned, address, government ID, contact info, all of us have had that leaked at other places besides T-Mobile. I mean, the big hacks of the credit reporting agencies, there's a breach every other day. It's not like T-Mobile is unique in having this sort of stuff accessed. So to me, the question is bigger than T-Mobile. Is there something we can do better as an industry to stop me from feeling like, yeah, that kind of information just isn't protected anywhere. Why should I be upset about T-Mobile any more than anywhere else? So I will add that I was one of the people that T-Mobile contacted when they had a date to breach four or five years ago. I got a little text message telling me, yeah, your number was one of them. Sorry. And they gave me a free year of McAfee, and I already had Equifax at that time. Oh, yeah. We're all on permanent free credit monitoring these days with the number of breaches out there. Because I count five times, one from my old company that Tom knows, and then one from T-Mobile, one from an internet company that I have. Yeah, I think we all... I've got one from Comcast that just happened that is allowing me to continue. And this is what's dangerous. I've gotten numb to it. I was just like, well, you know, it's out there. I mean, there's only so many things I can do. And I'm wondering to Josh's particular sentiment, would it make sense to have kind of a broad standard in the same way that we have, for example, we stress test banks to make sure that they have enough funds to see them through a banking crisis? Would it make sense for companies that store your personal data to have reached some level of security that a pen tester or a company that does pen testing will do and just say, okay, you meet this level of security. You can put this on your site saying you meet class A level of data security for your customers and maybe kind of have sort of a thing around that. Because right now, it's still kind of a hodgepodge. Some companies do great. Some companies do less great. But it's just a giant mishmash of, you know, various standards and efficacies. I don't even know if there's standards per se, right? I was calling it standards. It's a little bit harsh. Now, the US government has tried to put in more security policies, especially around the solar winds attack and that kind of stuff. But it doesn't seem to really protect this kind of information because that kind of information is not that valuable anymore because it's so easily gotten out there. What these attackers are doing is trying to find a few juicy targets, right? They don't care about me and you so much as like, who else they might be able to get when they go in there and try. And it's cheap to try. So I don't know if there is anything short of mandating a more expensive encryption if you're a company of a certain size that would change this. And that's sad. I tend to think, and this is just me beating the same old drum, that providing secure personal ID management would help. So you don't have this stuff stored in so many databases all over. You can do what they're doing with Passkey where they're like, hey, that data is on your device and so it's almost impossible to get because we're not storing it in a database that can be breached. You could do that with personal information as well. I will bring out Tim Berners-Lee's Inrupt as an example, but there are other people working on that sort of thing where you could do data ID management that doesn't keep it all in databases. I feel like that, and maybe there could be some laws that encourage that, but that would be a better way than just passing a law or doing audits because that's so cumbersome and costly. All right. Well. You know what isn't cumbersome and costly, Tom? No, no. I was going to say, if people have thoughts on this, they should send us an email. Feedback at DailyTechNewsShow.com where we will read it on the mailbag. Indeed. This one comes from Mattia. And back on Monday's show, we had mentioned that AI pioneer Jeffrey Hinton had left Google in order to freely express his concerns about AI and he has them. Mattia said, could one reason why Jeffrey Hinton is speaking out be sour grapes? Mattia says, if I recall, recently Google joined two internal AI teams that reportedly didn't like each other, Brain and DeepMind AI Research Labs. These team mergers often create intense political battles as the mergers impact the roles and responsibilities of top management. It's a reasonable question. A lot of times when teams are merged, there can be a little culture battle that's not unreasonable to wonder. I would say, Mattia, is there any evidence of that in anything Jeffrey Hinton has done? And I don't see it. He has been very complimentary of Google, which, yeah, even if you have sour grapes, you might say that just so, you know, a spoonful of sugar makes the medicine go down. But he's not picking on Google. He's saying, you know what, I couldn't talk about anything because it was a conflict of interest. So I'm 75. I left Google so that I could talk about the fact that we need to have control of these systems. We need to figure out how to control them while we're developing them before we develop them to a point where they're out of control. And that's something I could say internally at Google, but I couldn't say it as widely without leaving Google. And maybe just felt it was time to leave Google yet. So if there's any evidence of sour grapes, I don't see it. Yeah, I tend to agree. Also, I think that if you come out of that thing with some misgivings about where it's headed, even if you help pioneer it or you're considered, you know, I've heard people refer to him as the grandfather of this entire AI movement. If you start running into issues where you're like, this isn't what I meant or this is what I want and this genie's out of the bottle, but I just can't in good conscience like all those things, I don't know. I feel like we should celebrate that a little and then look at it. I don't think he has misgivings. I don't think he regrets anything he did. I don't see any evidence of that in what he's saying. What I see is him saying, hey, things are starting to speed up now and we need to make sure that we keep pace with the speed before it gets out of control. That's not misgivings or why did I do this. That is like, I feel like the entire industry, not just the part that I was working in, needs to have a parallel effort of controlling these systems. It does feel like we want to assign Oppenheimer status to him and make it so as like, what have I done or whatever. It's just from a dramatic standpoint it's tempting, but I think you're ultimately right about that. I don't know. I wish him the best. I hope he's, you know, take some time with your grandkids and be happy. His grandkids are all AI. Oh, no. Real quickly, an employee of Samsung's subsidiary in Austin wanted to speak to the company's ban on AI tools. We were wondering, well, now that Samsung has put a pause on using ChatGPT, won't people just find a workaround? This employee says, well, overall it's banned. Most of us have moved to just using our phone to get the answers we need and forwarding via email or through our chat app. This does prevent us from uploading potentially sensitive code, but still allows me to ask generic questions. Personally, I use it several times a week to write scripts, utilizing scripting languages that I am far from expert on, like VBS scripts. It's really good at write a script to find the oldest files in a directory and delete them, type scripts. Hmm. Hmm. That's good info, Samsung employee. Thanks for letting us know. Yeah. And letting us know that there are workarounds. Yes, they did find a workaround pretty fast. You know what can never get a workaround is having Scott Johnson on the show. No AI could ever be you, Scott. Never. Never until it is, but until then. Until it reveals that it's been an AI. Until then, you were one unique individual. Let folks know or they can keep up with everything that you do. Well, we can do that. I'm very excited because last week in the middle of a Vegas event as a helping host, I announced the finally ready Kickstarter for my new tabletop card game called Dungeon Murder at DungeonMurder.com. That URL will take you straight to the Kickstarter now. Kickstarter is live up and going. We blew past our first goal and are well on our way to a bunch of stretch goals. Very happy about it. But if you're hearing this for the first time or heard me talk about it before and you're like, I might want to see what the hubbub's about. Go check it out. There's a whole video about the game, how it works, and I can't wait for you to try the game. Again, that is over at DungeonMurder.com. Well, congrats on the launch. Thank you. This will be fun. Yeah, thanks a lot. I appreciate it. Also, congrats to us on getting a brand new boss. That boss's name is Todd. Todd just started backing us on Patreon. Thank you, Todd. Glad to have you along for the ride. Hey, patrons. Give Todd a big old pat on the back and tell him to stick around for the extended show, Good Day Internet. Writer Hugh Howie thinks in a year or two, we'll be able to go from a film script to a full video produced by a machine in less than a day. Just feed in the script, instant film. Do we want that? We're going to talk about that on Good Day Internet. But just a reminder, DTNS is live Monday through Friday. You can catch it at 4 p.m. Eastern, 20-hundred UTC. You can also find out more at dailytechnewshow.com. We're back doing it all again tomorrow with Justin Robert Young joining us. Talk to you then. This show is part of the Frog Pants Network. Get more at frogpants.com.