Collaborate Disseminate
RoT: element within a system that is trusted and must always behave as expected because any misbehavior cannot be detected at runtime. It’s part of the TCB.
TCB: the smallest set of hardware, firmware, software, and other resources (e.g.,… Continue reading What is the difference between Root of Trust and Trusted Computing Base (TCB)?
Generative AI for enterprises can help or hurt. Here’s how to maintain trust in the age of AI. Continue reading AI Is Changing the Way Enterprises Look at Trust: Deloitte & SAP Weigh In
Microsoft is trying to create a personal digital assistant:
At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research. Despite encryption and local storage, the new feature raises privacy concerns for certain Windows users.
Context
I’m designing a P2P network with a central Discovery Service (providing core info about every platform in the network) but no centralised Auth server.
OAuth 2.0 and OpenID Connect will be used for authorisation between platforms in… Continue reading Discovery Service as a Trust Anchor for P2P Network?
The debate over professionalizing software engineers is decades old. (The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers.) Here’s a law journal article recommending the same idea for AI engineers.
This Article proposes another way: professionalizing AI engineering. Require AI engineers to obtain licenses to build commercial AI products, push them to collaborate on scientifically-supported, domain-specific technical standards, and charge them with policing themselves. This Article’s proposal addresses AI harms at their inception, influencing the very engineering decisions that give rise to them in the first place. By wresting control over information and system design away from companies and handing it to AI engineers, professionalization engenders trustworthy AI by design. Beyond recommending the specific policy solution of professionalization, this Article seeks to shift the discourse on AI away from an emphasis on light-touch, ex post solutions that address already-created products to a greater focus on ex ante controls that precede AI development. We’ve used this playbook before in fields requiring a high level of expertise where a duty to the public welfare must trump business motivations. What if, like doctors, AI engineers also vowed to do no harm?…
As I was listening to an interview yesterday, the journalist claimed that his Signal communications were being spied on by the NSA. Whether to believe him or not is subjective. Still, it is an objective truth that nation-states can break i… Continue reading Minimizing trust assumptions in Messaging Protocols
I’m building a tool and users will run it by downloading a binary. What I’m considering is good ways to secure this for the user. There’s for me easy ways like "Recommend running this on a new temporary VM without internet access"… Continue reading Increasing trust in a downloaded binary
At work, we are deploying a new VoIP solution, and as part of that, we are supposed to install a custom root certificate on our computers and mobile devices. The manufacturer of that VoIP solution has the private key to that. The certif… Continue reading Is it common practice that vendors put own root certificates on customer devices?
For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language.
This is beginning to change. Large language models—the technology undergirding modern chatbots—allow users to interact with computers through natural conversation, an innovation that introduces some baggage from human-to-human exchanges. Early on in our respective explorations of ChatGPT, the two of us found ourselves typing a word that we’d never said to a computer before: “Please.” The syntax of civility has crept into nearly every aspect of our encounters; we speak to this algebraic assemblage as if it were a person—even when we know that …
There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents.
Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a lot of confusion.
It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI. We don’t trust tech corporations. And—to be fair—corporations in general. We have no reason to.
Simon Willison nails it in a tweet:
“OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.”…
Continue reading OpenAI Is Not Training on Your Dropbox Documents—Today