Technology

cross-posted from: https://lemmy.sdf.org/post/30517126

[...]

The start of a new government in Germany is accompanied by a turnaround in transatlantic relations and an unprecedented anti-democratic takeover of power by tech broligarchs in the United States. "Therefore, mass surveillance by tech companies is even more of a political issue than before, which a new government cannot ignore," the CCC writes on its site.

[...]

The CCC demands:

• A ban on biometric mass surveillance of public spaces and the untargeted biometric analysis of the Internet. In particular, any form of database that analyses images, videos, and audio files from the Internet for biometric characteristics in an untargeted manner will actively be dismantled. The corresponding powers of the Federal Office for Migration and Refugees will be revoked.
• Mass data retention without occasion will be rejected. Instead, more effective and rights-preserving law enforcement measures, such as the so-called ‘quick-freeze’-procedure and the ‘login trap’, should be pursued.
• Automated data analysis of information held by law enforcement agencies and any form of predictive policing or automated profiling of people are rejected. Cooperation between German and US intelligence services will be restricted, and any kind of automated mass exchange of content or metadata will be prevented.
• The full evaluation of surveillance programmes (‘Überwachungsgesamtrechnung’) will be published, continuously updated and legislation will adjust the scope of state surveillance powers accordingly.

[...]

[Edit title for clarity.]

Archived

Cybercriminals behind Zhong Stealer don’t rely on complex exploits or high-tech hacking tools to break into businesses. Instead, they use a low-effort but highly effective scam that plays on human nature: urgency, confusion, and frustration.

As noted by ANY.RUN researchers, the attack unfolds in a calculated, repetitive pattern designed to wear down customer support agents:

• A new support ticket appears but the sender’s account is brand new and completely empty. There’s no history, no past interactions, just a vague request for help.
• The attacker types in broken language, usually Chinese, making the conversation difficult to follow. This adds an element of confusion and makes the request seem more urgent.
• A ZIP file is attached, supposedly containing screenshots or other necessary details for the request. The attacker insists the support agent must open it to understand the issue.
• If the agent hesitates, the attacker becomes increasingly frustrated, pressuring them to act.

[...]

Bluesky is built on a protocol intended to mitigate this problem. The AT Protocol describes itself as “an open, decentralized network for building social applications”. The problem is that, [...] “A federatable service isn’t a federated one”. The intention to create a platform that users can leave at will, without losing their social connections, does not mean users can actually do this. It’s a technical possibility tied to an organisational promise, rather than a federated structure that enables people to move between services if they become frustrated by Bluesky.

[...]

The problem is that, as Doctorow observes, “The more effort we put into making Bluesky and Threads good, the more we tempt their managers to break their promises and never open up a federation”. If you were a venture capitalist putting millions into Bluesky in the hope of an eventual profit, how would you feel about designing the service in a way that reduces exit costs to near zero? This would mean that “An owner who makes a bad call – like removing the block function say, or opting every user into AI training – will lose a lot of users”. The developing social media landscape being tied in the Generative AI bubble means this example in particular is one we need to take extremely seriously.

[...]

cross-posted from: https://lemmy.sdf.org/post/30379477

The planned installation of 16 Chinese wind turbines off the German coast should be prevented on the grounds of public safety, business daily Handelsblatt reported based on an advisory paper from the German Institute for Defence and Strategic Studies (GIDS).

The analysis, commissioned by the defence ministry, warned of potential blackmail and said all legal options must be used to prevent plans to build the wind farm off the coast of Borkum in northwestern Germany. Hamburg-based asset manager Luxcara awarded the contract to a Chinese manufacturer.

"Unlike millions of solar panels, which today come almost exclusively from China, a single offshore wind farm with the capacity of an entire power plant in a strategically significant location is a much greater target for manipulation of the energy supply – and also for espionage," the business daily reported. The warning comes as wind farm operators increasingly turn to Chinese manufacturers amid tightening global supply chains.

[...]

GIDS warned of possible espionage through sensors, which could potentially track naval ships, submarines and aircraft. It also added that it could not be ruled out that the critical infrastructure would be unavailable in the event of a crisis or conflict. The European Commission has also expressed concerns over security and a growing dependence on China.

[...]

cross-posted from: https://lemmy.sdf.org/post/30367666

The UK data watchdog has launched what it calls a "major investigation" into TikTok's use of children's personal information.

The Information Commissioner's Office (ICO) will inspect the way in which the social media platform uses the data of 13 to 17-year-olds to recommend further content to them.

John Edwards, the Information Commissioner, said it would look at whether TikTok's data collection practices could lead to children experiencing harms, such as data being leaked or spending "more time than is healthy" on the platform.

TikTok told the BBC its recommender systems operated under "strict and comprehensive measures that protect the privacy and safety of teens".

It added that the platform also has "robust restrictions on the content allowed in teens' feeds".

Mr Edwards said TikTok's algorithm "feeds" on personal data gleaned from user profiles, preferences, links clicked and how long they spend watching a particular video - making it subject to UK rules.

In addition to the probe into TikTok, the ICO is also checking the age verification processes of Reddit and Imgur, an image-sharing platform.

The investigation will look into whether the companies are complying with both the UK's data protection laws, and the children's code.

The code is set to design principles for online platforms aimed at protecting children in the UK. Platforms which collect UK children's user data must minimise the amount they gather and take extra care when processing it.

[...]

Cross post from https://lemmy.sdf.org/post/30315054

Archived

The Belgian government opened a probe into a suspected Chinese espionage campaign targeting the country's civilian intelligence service.

Citing government sources, Le Soir reported Wednesday that Chinese hackers in November 2023 targeted the State Security Service by hacking email security appliances made by Barracuda Networks.

The hackers are suspected of accessing sensitive communications between the prosecutors' office, police and ministers, as well as staff information, Le Soir reported.

The Belgian prosecutor's office opened a probe into the hack on Wednesday.

[...]

The attack on the Belgian government aligns with the broader Chinese strategy of compromising edge devices for stealth espionage campaigns. Chinese hackers have targeted Sophos, Microsoft Exchange Server, FortiClient and Ivanti edge device flaws.

cross-posted from: https://lemmy.sdf.org/post/30015875

Archived

[...]

A new analysis of data on scanners drawn from AidData’s Global Chinese Development Finance Dataset reveals that China’s provision of aid and credit for the dissemination of customs inspection equipment abroad—from providers like Nuctech, a Chinese partially state-owned company—is extensive. Despite increasing scrutiny of Chinese equipment used in critical infrastructure like ports, scanners provided by Chinese companies and financed by Chinese donors and lenders are still being widely distributed around the globe. China’s global scanner distribution poses potential national security risks at global seaports, airports, and border crossings.

[...]

China’s provision of customs inspection equipment is far-reaching: at least 65 low- and middle-income countries received this equipment financed via grants and loans from China between 2000 and 2022. The scanners can be found in locations ranging from Serbia and Albania in Eastern Europe, to Cambodia and Laos in Southeast Asia, to countries in Central Asia, the Middle East, North Africa, and the Pacific. Over the past two decades, China provided at least $1.67 billion (constant 2021 USD) of aid and credit for customs inspection activities in recipient countries.

[...]

Donations and zero-interest loans appear to be a deliberate business strategy of Chinese government entities to facilitate the acquisition, installation, and use of customs inspection equipment produced by Chinese companies. Of the 108 customs inspection equipment-related activities tracked, 89 (or 82.4%) constituted donations, with the remainder provided through loans from Chinese agencies for recipients to purchase scanners from China. 44 of these donations were financed directly by China’s Ministry of Commerce (MOFCOM).

[...]

Nuctech Company Ltd. (同方威视技术股份有限公司) is one of the key companies involved in the provision of global inspection equipment, ranging from cargo and vehicle inspection to personnel screening. Its competitors include U.S.-based companies such as Rapiscan Systems, L3Harris Technologies, and Leidos, as well as European-based companies like Smiths Detection and Thales Group, among others.

Nuctech is a partially state-owned company that emerged from Tsinghua University in the 1990s. Its parent company is Tsinghua Tongfang (清华同方股份有限公司), a state-owned enterprise. China National Nuclear Corporation (中国核工业集团公司), an energy and defense conglomerate controlled by China’s State Council, is the controlling stakeholder of Tsinghua Tongfang and holds a 21 percent ownership stake in Nuctech. Nuctech is further connected to the state, as the company’s former chairman in the early 2000s now serves in the central government.

[...]

U.S. Federal Trade Commission urged to investigate Google’s RTB data in first ever complaint under new national security data law.

Google sends enormous quantities of sensitive data about Americans to China and other foreign adversaries, according to evidence in a major complaint filed today at the FTC by Enforce and EPIC. This is the first ever complaint under the new Protecting Americans’ Data from Foreign Adversaries Act.

The complaint (open pdf) targets a major part of Google’s business: Google’s Real-Time Bidding (RTB) system dominates online advertising, and operates on 33.7 million websites, 92% of Android apps, and 77% of iOS apps. Much of Google’s $237.9 billion advertising revenue is RTB.

Today’s complaint reveals that Google has known for at least a decade that its RTB technology broadcasts sensitive data without any security, according to internal Google discussions highlighted in today’s complaint.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls (example) to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers.

The complaint cites internal Google communications showing that Google CEO, Sundar Pichai, rejected or failed to act upon internal calls to reform the company’s dangerous RTB system in 2021. Instead, Google continued to expose sensitive American defense and industry personnel, and their institutions, to blackmail and compromise, in addition to causing grave privacy harm to consumers. Even Google’s so called “non personalized” data contains dangerous data.

[...]

cross-posted from: https://lemmy.sdf.org/post/29607342

Archived

Here is the data at Hugging Face.

A team of international researchers from leading academic institutions and tech companies upended the AI reasoning landscape on Wednesday with a new model that matched—and occasionally surpassed—one of China's most sophisticated AI systems: DeepSeek.

OpenThinker-32B, developed by the Open Thoughts consortium, achieved a 90.6% accuracy score on the MATH500 benchmark, edging past DeepSeek's 89.4%.

The model also outperformed DeepSeek on general problem-solving tasks, scoring 61.6 on the GPQA-Diamond benchmark compared to DeepSeek's 57.6. On the LCBv2 benchmark, it hit a solid 68.9, showing strong performance across diverse testing scenarios.

...

cross-posted from: https://lemmy.sdf.org/post/29606431

Archived (available only in Dutch)

Reijer Passchier, Assistant Professor in Constitutional Law, warns against copying the destructive tech-giant model that exists in the US and China. He proposes developing European tech companies to ensure that Europe retains its sovereignty, according to a commentary in the Dutch newspaper 'De Volkskrant' [only in Dutch, but you'll find a useful translation].

To limit the influence of US and Chinese tech giants, Europe will have to try to repel such companies while making plans for its own tech industry. According to Reijer Passchier, big tech in the US has led to unprecedented inequality of wealth and the state has little control over these companies. Tech giants are willing to innovate, but only when this is to their advantage. If not, they will go all out to stop competitors threatening their business model. Elon Musk is an example of their powerful position. At the same time, problems arise from mixing public and private interests and the interests of the companies often take precedence over those of society. In China, the state is able to control the tech giants through its authoritarian political system and strict control over internet access.

'Europe must avoid allowing such fundamental risks to arise.' Passchier says that Europe has the means to develop both technical and institutional opportunities that are both democratic and in line with the rule of law. As an example, Passchier mentions the messaging app Signal – a company that uses technology to serve society, without putting profits first. More information?

Cross-posted from: https://lemmy.sdf.org/post/29546494

Archived

Check Point is set to reveal a new Chinese cyber campaign targeting suppliers of manufacturers in “sensitive” domains in the US and across the globe.

In an exclusive interview with Infosecurity at the firm’s CPX 2025 conference, Lotem Finkelsteen, Check Point’s Director of Threat Intelligence & Research, said his team was working on a new investigation into a Chinese hacking group.

Finkelsteen confirmed his team had observed the threat group actively infiltrating the networks of firms that supply components for the manufacturing industry, including in “sensitive” domains, and many other sectors.

These primary targets include suppliers of chemical products and physical infrastructure components like pipes. Some are Check Point’s customers. Check Point plans to release a full report on the campaign in the next few weeks.

...

Targeted edge devices include operational relay boxes (ORBs), which are often either virtual private server (VPS) hosts or poorly secured Internet of Things (IoT) devices (e.g. routers) that intelligence services have traditionally used to infiltrate networks.

...

The approach shows similarities with the Volt Typhoon cyber espionage campaigns that targeted critical infrastructure and telecommunications organizations in the US and elsewhere in 2023 and 2024. These campaigns allowed Volt Typhoon to infiltrate some US government agencies in 2024.

...

cross-posted from: https://rss.ponder.cat/post/109565

cross-posted from: https://lemmy.sdf.org/post/29335160

Here is the original report.

The research firm SemiAnalysis has conducted an extensive analysis of what's actually behind DeepSeek in terms of training costs, refuting the narrative that R1 has become so efficient that the compute resources from NVIDIA and others are unnecessary. Before we dive into the actual hardware used by DeepSeek, let's take a look at what the industry initially perceived. It was claimed that DeepSeek only utilized "$5 million" for its R1 model, which is on par with OpenAI GPT's o1, and this triggered a retail panic, which was reflected in the US stock market; however, now that the dust has settled, let's take a look at the actual figures.

...

Archived

[The article shows very good examples I can't paraphrase here, but they are very illuminating.]

Is Taiwan an independent country? When pointing out DeepSeek’s propaganda problems, journalists and China watchers have tended to prompt the LLM with questions like these about the “Three T’s” (Tiananmen, Taiwan, and Tibet) — obvious political red lines that are bound to meet a stony wall of hedging and silence. “Let’s talk about something else,” DeepSeek tends to respond. Alternatively, questions of safety regarding DeepSeek tend to focus on whether data will be sent to China.

Experts say this is all easily fixable. Kevin Xu has pointed out that the earlier V3 version, released in December, will discuss topics such as Tiananmen and Xi Jinping when it is hosted on local computers — beyond the grasp of DeepSeek’s cloud software and servers.

[...]

But do coders and Silicon Valley denizens know what they should be looking for? As we have written at CMP, Chinese state propaganda is not about censorship per se, but about what the Party terms “guiding public opinion” (舆论导向). “Guidance,” which emerged in the aftermath of the Tiananmen Massacre in 1989, is a more comprehensive approach to narrative control that goes beyond simple censorship. While outright removal of unwanted information is one tactic, “guidance” involves a wide spectrum of methods to shape public discourse in the Party’s favor. These can include restricting journalists’ access to events, ordering media to emphasize certain facts and interpretations, deploying directed narrative campaigns, and drowning out unfavorable information with preferred content.

Those testing DeepSeek for propaganda shouldn’t simply be prompting the LLM to cross simple red lines or say things regarded as “sensitive.” They should be mindful of the full range of possible tactics to achieve “guidance.”

[...]

We tested DeepSeek R1 in three environments: locally on our computers — using “uncensored” versions downloaded from Hugging Face — on servers hosted by Hugging Face, and on the interface most people are using DeepSeek through: the app connected to Chinese servers. The DeepSeek models were not the same (R1 was too big to test locally, so we used a smaller version), but across all three categories, we identified tactics frequently used in Chinese public opinion guidance.

[...]

The “uncensored” version of DeepSeek’s software [...] puts official messaging first, treating the government as the sole source of accurate information on anything related to China. When we asked it in Chinese for the Wenchuan earthquake death toll and other politically sensitive data, the model searched exclusively for “official data” (官方统计数据) to obtain “accurate information.” As such, it could not find “accurate” statistics for Taiwanese identity — something that is regularly and extensively polled by a variety of institutions in Taiwan. All we got is boilerplate: Taiwan “has been an inalienable part of China since ancient times” and any move toward independent nationhood is illegal.

[...]

Tailored Propaganda?

DeepSeek R1 seems to modify its answers depending on what language is used and the location of the user’s device. DeepSeek R1 acted like a completely different model in English. It provided sources based in Western countries for facts about the Wenchuan earthquake and Taiwanese identity and addressed criticisms of the Chinese government.

Chinese academics are aware that AI has this potential. In a journal under the CCP’s Propaganda Department last month, a journalism professor at China’s prestigious Fudan University made the case that China “needs to think about how the generative artificial intelligence that is sweeping the world can provide an alternative narrative that is different from ‘Western-centrism’” — namely, by providing answers tailored to different foreign audiences.

[...]

DeepSeek’s answers have been subtly adapted to different languages and trained to reflect [Chinese] state-approved views.

[...]

cross-posted from: https://lemmy.sdf.org/post/28980151

cross-posted from: https://lemmy.sdf.org/post/28980041

Australia has banned DeepSeek from all government devices and systems over what it says is the security risk the Chinese artificial intelligence (AI) startup poses.

...

Growing - and familiar - concerns

Western countries have a track record of being suspicious of Chinese tech - notably telecoms firm Huawei and the social media platform, TikTok - both of which have been restricted on national security grounds.

...

An Australian science minister previously said in January that countries needed to be "very careful" about DeepSeek, citing "data and privacy" concerns.

The chatbot was removed from app stores after its privacy policy was questioned in Italy. The Italian goverment previously temporarily blocked ChatGPT over privacy concerns in March 2023.

Regulators in South Korea, Ireland and France have all begun investigations into how DeepSeek handles user data, which it stores in servers in China.

...

Generally, AI tools will analyse the prompts sent to them to improve their product.

This is true of apps such as ChatGPT and Google Gemini as much as it is DeepSeek.

All of them gather and keep information, including email addresses and dates of birth.

...

There’s an idea floating around that DeepSeek’s well-documented censorship only exists at its application layer but goes away if you run it locally (that means downloading its AI model to your computer).

But DeepSeek’s censorship is baked-in, according to a Wired investigation which found that the model is censored on both the application and training levels.

For example, a locally run version of DeepSeek revealed to Wired thanks to its reasoning feature that it should “avoid mentioning” events like the Cultural Revolution and focus only on the “positive” aspects of the Chinese Communist Party.

A quick check by TechCrunch of a locally run version of DeepSeek available via Groq also showed clear censorship: DeepSeek happily answered a question about the Kent State shootings in the U.S., but replied “I cannot answer” when asked about what happened in Tiananmen Square in 1989.

cross-posted from: https://lemmy.sdf.org/post/28971543

Archived

DeepSeek is said to have access to tens of thousands of GPU accelerators for the development of its own AI models, including H100 GPUs, which fall under the US export bans. The reported costs of just under 5.6 million US dollars for DeepSeek v3 probably only represent a small part of the total bill.

In the paper on the V3 model, DeepSeek writes of a comparatively small data center with 2048 H800 accelerators from Nvidia. The company calculates hypothetical rental costs of 2 US dollars per hour and H800 GPU. With a total of just under 2.8 million computing hours (distributed across 2048 GPUs), this comes to 5.6 million US dollars.

However, the developers themselves cite a caveat: "Please note that the above costs only include the official training of DeepSeek-V3 and not the costs associated with previous research and ablation experiments on architectures, algorithms or data."

...

Semianalysis has looked at a realistic cost breakdown. According to the analysts, DeepSeek has access to about 60,000 Nvidia accelerators through its parent company High-Flyer: 10,000 A100s from the Ampere generation before the US export restrictions came into effect, 10,000 H100s from the gray market, 10,000 H800s customized for China, and 30,000 H20s that Nvidia launched after more recent export restrictions.

...

Semianalysis calculates that the servers required for the 60,000 GPUs cost around 1.6 billion US dollars. The operating costs are on top of that. This does not include the salaries of the development teams.

According to DeepSeek, 96 percent of the 5.6 million US dollars quoted is for pre-training. This involves training the final underlying model. The paper ignores the previous development effort, including all the innovations incorporated into DeepSeek V2.

cross-posted from: https://slrpnk.net/post/17978607

Archived

...

A European alliance has emerged with an alternative to tech’s global order.

They call their project OpenEuroLLM. Like DeepSeek, they aim to develop next-generation open-source language models — but their agenda is very different. Their mission: forging European AI that will foster digital leaders and impactful public services across the continent.

To support these objectives, OpenEuroLLM is building a family of high-performing, multilingual large language foundation models. The models will be available for commercial, industrial, and public services.

Over 20 leading European research institutions, companies, and high-performance computing (HPC) centres have enlisted in the the project. Leading their alliance is Jan Hajič, a renowned computational linguist at Charles University, Czechia, and Peter Sarlin, the co-founder of Silo AI, Europe’s largest private AI lab, which was acquired last year by US chipmaker AMD for $665mn.

They’re joined by an array of European tech luminaries. Among them are Aleph Alpha, the leading light of Germany’s AI sector, Finland’s CSC, which hosts one of the world’s most powerful supercomputers., and France’s Lights On, which recently became Europe’s first publicly-traded GenAI company.

...

cross-posted from: https://lemmy.sdf.org/post/28910537

Archived

Researchers claim they had a ‘100% attack success rate’ on jailbreak attempts against Chinese AI DeepSeek

"DeepSeek R1 was purportedly trained with a fraction of the budgets that other frontier model providers spend on developing their models. However, it comes at a different cost: safety and security," researchers say.

A research team at Cisco managed to jailbreak DeepSeek R1 with a 100% attack success rate. This means that there was not a single prompt from the HarmBench set that did not obtain an affirmative answer from DeepSeek R1. This is in contrast to other frontier models, such as o1, which blocks a majority of adversarial attacks with its model guardrails.

...

In other related news, experts are cited by CNBC that DeepSeek’s privacy policy “isn’t worth the paper it is written on."

...

cross-posted from: https://lemmy.sdf.org/post/28777516

Archived

Bitdefender Labs warns of an active cyber-espionage campaign targeting organizations in Central Asia and European countries. The group, tracked as UAC-0063, employs sophisticated tactics to infiltrate high-value targets, including government entities and diplomatic missions, expanding their operations into Europe.

Since the start of the Ukraine war , the geopolitical landscape of Central Asia has undergone significant shifts, impacting the region's relationships with both Russia and China. Russia's influence, once dominant, has noticeably declined due to its actions in Ukraine, which have damaged its reputation as a regional security guarantor, with some Central Asian countries feeling that Russia doesn't respect their sovereignty.

In contrast, China's influence in Central Asia is growing, particularly in the economic sphere, as it seeks access to raw materials and prioritizes economic development as a path to stability. China's approach differs from Russia's; Beijing focuses on economic instruments such as the Belt and Road Initiative (BRI) to build infrastructure and trade links, while Moscow historically relied on military presence and formal alliances.

...

Based on the analyzed data, the UAC-0063 attacks likely targeted embassies in Germany, the Netherlands, Romania, Georgia, Kazakhstan, and Afghanistan. In some cases, there were attempts to reinfect previously compromised targets using the same known infection vector involving weaponized documents.

cross-posted from: https://beehaw.org/post/18210719

Archived

Facebook is banning posts that mention various Linux-related topics, sites, or groups. Some users may also see their accounts locked or limited when posting Linux topics. Major open-source operating system news, reviews, and discussion site DistroWatch is at the center of the controversy, as it seems to be the first to have noticed that Facebook's Community Standards had blackballed it.

[...]

DistroWatch says that the Facebook ban took effect on January 19. Readers have reported difficulty posting links to the site on this social media platform. Moreover, some have told DistroWatch that their Facebook accounts have been locked or limited after sharing posts mentioning Linux topics.

If you're wondering if there might be something specific to DistroWatch.com, something on the site that the owners/operators perhaps don't even know about, for example, then it seems pretty safe to rule out such a possibility. Reports show that "multiple groups associated with Linux and Linux discussions have either been shut down or had many of their posts removed." However, we tested a few other Facebook posts with mentions of Linux, and they didn't get blocked immediately.

[...]

cross-posted from: https://beehaw.org/post/18199612

Archived

China’s DeepSeek AI model represents a transformative development in China’s AI capabilities, and its implications for cyberattacks and data privacy are particularly alarming. By leveraging DeepSeek, China is on its way to revolutionizing its cyber-espionage, cyberwarfare, and information operations.

[...]

DeepSeek’s advanced AI architecture, built on access to vast datasets and cutting-edge processing capabilities, is particularly suited for offensive cybersecurity operations and large-scale exploitation of sensitive information. It is designed to operate in complex and dynamic environments, potentially making it superior in applications like military simulations, geopolitical analysis, and real-time decision-making.

DeepSeek was founded by Liang Wenfeng, co-founder of High-Flyer, a quantitative hedge fund [...] Wenfeng developed DeepSeek cheaper and faster than U.S. companies by exploiting China’s vast datasets [...]

[...]

Wenfeng’s close ties to the Chinese Communist Party (CCP) raises the specter of having had access to the fruits of CCP espionage, [...] Over the past decade, Chinese state-sponsored actors and affiliated individuals have come under heightened scrutiny for targeting U.S. AI startups, academic labs, and technology giants in attempts to acquire algorithms, source code, and proprietary data that power machine learning systems.

[...]

Within the U.S., several high-profile criminal cases have placed a spotlight on the theft of AI-related trade secrets. Although many investigations involve corporate espionage more generally, AI has become a particularly attractive prize due to its utility in strategic industries such as autonomous vehicles, facial recognition, cybersecurity, and advanced robotics.

One well-known incident involved alleged theft of autonomous vehicle technology at Apple’s secretive self-driving car project, where a Chinese-born engineer was accused of downloading large volumes of proprietary data shortly before planning to relocate to a Chinese competitor. In another case, a separate Apple employee was charged with attempting to smuggle similar self-driving car information out of the country. Both cases underscored the vulnerability of AI research to insider threats, as employees with privileged access to code or algorithms can quickly copy crucial files.

[...]

DeepSeek also poses a unique threat in the realm of advanced persistent threats (APTs) – long-term cyber-espionage campaigns often attributed to state actors. The model could be used to sift through massive volumes of encrypted or obfuscated data, correlating seemingly unrelated pieces of information to uncover sensitive intelligence. This might include classified government communications, corporate trade secrets, or personal data of high-ranking officials. DeepSeek’s ability to detect hidden patterns could supercharge such campaigns, enabling more precise targeting and greater success in exfiltrating valuable information.

DeepSeek’s generative capabilities add another layer of danger, particularly in the realm of social engineering and misinformation. For example, it could create hyper-realistic phishing emails or messages, tailored to individuals using insights derived from breached datasets. These communications could bypass traditional detection systems and manipulate individuals into revealing sensitive information, such as passwords or financial data. This is especially relevant given the growing use of AI in creating synthetic identities and deepfakes, which could further deceive targets into trusting malicious communications.

[...]

China’s already substantial surveillance infrastructure and relaxed data privacy laws give it a significant advantage in training AI models like DeepSeek. This includes access to domestic data sources as well as data acquired through cyber-espionage and partnerships with other nations.

[...]

DeepSeek has the potential to reshape the cyber-threat landscape in ways that disproportionately harm the U.S. and the West. Its ability to identify vulnerabilities, enhance social engineering, and exploit vast quantities of sensitive data represents a critical challenge to cybersecurity and privacy.

If left unchecked, DeepSeek could not only elevate China’s cyber capabilities but also redefine global norms around data privacy and security, with long-term consequences for democratic institutions and personal freedoms.

[...]

cross-posted from: https://beehaw.org/post/18197723

Archived

Although Beijing appeared to score a propaganda coup last week when hundreds of thousands of American TikTok users flooded to the social media app RedNote, observers say the Chinese Communist Party (CCP) is worried about any cross-cultural exchanges happening online.

The Chinese government blocks various U.S.-based platforms, including Facebook, YouTube, and X, which are only accessible via virtual personal network. The government also heavily censors topics considered sensitive to policymakers.

[...]

Dali Yang, William Claude Reavis political science professor at the University of Chicago, wrote on [social media]:

"Apparently Xiaohongshu is frantically trying to adapt to both accommodate these new American users but also reduce their interactions with Chinese domestic users. Haha, that sounds like going in the direction of what Bytedance did with Douyin/Tiktok."

Rush Doshi, senior fellow for China and director of the Initiative on China Strategy at the Council on Foreign Relations, wrote [on social media]:

"The PRC end game will be to bifurcate the app, as they did with Douyin, between a foreign and domestic version to avoid too much interaction between US and PRC users.

[...]

After indicating he would rescue TikTok, Trump on Monday signed an executive order postponing the TikTok ban for 75 days.

He has suggested, however, that the U.S. should acquire a 50 percent ownership in the company, telling reporters it is "worthless" if he doesn't approve a deal to keep it going in the country.

Evan Feigenbaum, vice president for studies at the Carnegie Endowment for International Peace, told CNBC such a joint venture is unlikely, given that China regulates the algorithms as national security property and that China is "basically being asked to force over its core intellectual property."

---

In a related article, The Diplomat reports that unlike TikTok, RedNote primarily operates in China. As a result, concerns over content censorship, data privacy, and CCP control are even greater.

RedNote imposes strict content censorship on the posts visible on the platform. Discussions on politics are generally limited and hidden. Similar to the situations in other Chinese-controlled websites and mobile applications, users need to use jargon, memes, acronyms, and intentionally mistyped words or characters to express limited opinions on public affairs in China. The platform [RedNote] has a notorious record of limiting LGBTQ-related topics. Media reports suggest that some U.S. users have already seen their posts taken down by RedNote as they are deemed “too sensitive.”

The significant number of U.S. users entering the app led to some unplanned pressure for RedNote to fulfill its censorship requirements imposed by the Chinese cyberspace administration officials. After the first wave of user influx, RedNote was reported to be urgently hiring English-language content moderation employees. The job posting has no prior job experience requirements for the new hires and offers the recruits paid training. Reports also suggest that RedNote is developing features that segregate users based on their IP address to minimize its political and content moderation risks.

[...]