Tag:

data privacy

News

Fraud accusations fly as Hungarians vote in contentious election – POLITICO

by Rachel Morgan News Editor
written by Rachel Morgan News Editor

As Hungary’s election unfolded Sunday, both leading parties reported alleged electoral violations and accused each other of fraud. The Tisza party, led by Péter Magyar, established a system for voters to report irregularities, and Fidesz followed suit with a hotline and dedicated email address.

Accusations Fly

Fidesz MEP Csaba Dömötör stated, “The overwhelming majority of these violations are tied to Tisza. They cry fraud — but they are the ones committing it.” According to Dömötör, Fidesz has already established 639 cases of electoral violations based on submissions, with 74 police reports filed.

Did You Know? Fidesz has reported 639 alleged electoral violations based on citizen submissions.

Péter Magyar, however, stated he would accept the election results provided there was no “serious electoral fraud.” He urged voters to report any irregularities they observed. Magyar also asserted that if the election is fair, Tisza will win, while accusing the government of preparing actions to invalidate results in districts leaning towards Tisza.

Concerns Over Potential Escalation

Adding to the tense atmosphere, Zoltán Kovács, international spokesman for Prime Minister Orbán, accused Tisza of preparing to storm government buildings should they lose the election. Kovács highlighted the location of Tisza’s election watch party, noting its proximity to the prime minister’s residence.

Expert Insight: The accusations and counter-accusations, coupled with concerns about potential mobilization near key government locations, suggest a high degree of distrust in the electoral process and a possibility of post-election unrest.

Kovács warned that a short walk could turn a gathering of election observers into a demonstration, and that proximity to a sensitive location could lead to escalation in a tense moment.

Frequently Asked Questions

What is Fidesz doing to address alleged fraud?

Fidesz has established a “Democracy Centre” and is collecting reports of alleged election irregularities through a hotline and dedicated email address. They have reported 639 cases of violations and filed 74 police reports.

Frequently Asked Questions

What is Péter Magyar’s position on accepting the election results?

Péter Magyar stated he would accept the results as long as there is no serious electoral fraud, and he urged voters to report any irregularities. He also stated that Tisza will win if the election is fair.

What concerns has Orbán’s camp raised about the opposition’s plans?

Orbán’s international spokesman, Zoltán Kovács, accused Tisza of preparing to storm government buildings if they lose the election, and raised concerns about the location of Tisza’s election watch party near the prime minister’s residence.

As the votes are tallied, will the accusations of fraud and the heightened tensions surrounding this election impact the acceptance of the final results?

0 comments
0 FacebookTwitterPinterestEmail
News

Building trust in the algorithm: Indonesia’s emerging AI framework

by Rachel Morgan News Editor
written by Rachel Morgan News Editor

Indonesia is rapidly establishing itself as a key player in the regional digital economy and is increasingly focused on adopting artificial intelligence (AI). The Indonesian government outlined its long-term vision for AI with the Artificial Intelligence National Strategy for Indonesia 2020-2045: AI Towards Indonesia Vision 2045. A 2023 Kearney report projected that AI could contribute USD366 billion to Indonesia’s GDP by 2030.

Despite this ambition, Indonesia’s AI governance framework is still in its early stages, reflecting the challenges of aligning legal and institutional responses with the country’s rapid technological development. This gap in regulation presents both opportunities and challenges to strengthen accountability, enhance legal certainty and build public trust in AI technologies.

Framework and Governance

Currently, Indonesia does not have specific laws or regulations addressing AI. Instead, the operation and use of AI are governed by existing laws, including those related to electronic systems under the Electronic Information and Transactions Law, amended by Law No.1 of 2026 on Criminal Adjustment (EIT Law) and Government Regulation No.71 of 2019 on the Provision of Electronic Systems and Transactions. Under this framework, AI can be considered an “electronic agent,” defined as a device within an electronic system operated by a person.

However, this definition may be inadequate for modern AI systems, which often operate autonomously and exhibit complex problem-solving capabilities. In the absence of detailed AI-specific regulations, the Ministry of Communication and Digital Affairs (MOCD) issued Circular Letter No.9 of 2023 on Artificial Intelligence Ethics (CL9), providing general guidelines on the ethical values and control of AI-based activities.

These ethical values include inclusivity, security, accessibility, transparency, credibility, and accountability. AI operators are expected to safeguard society, prevent discrimination, and consider risk and crisis management. Sector-specific regulations also apply, such as the Financial Service Authority (OJK)’s Indonesian Banking Artificial Intelligence Governance, which focuses on reliability, accountability, and human oversight.

Did You Know? The MOCD published the National AI Roadmap White Paper in August 2025, which includes establishing a National AI Co-ordination Task Force to harmonize laws and regulations.

The OJK has also introduced a Code of Conduct for Responsible and Trustworthy Artificial Intelligence in the Financial Technology Industry, emphasizing fairness, transparency, and explainability.

Emerging AI-Specific Policies and Development

While a comprehensive legal framework is still under development, the MOCD published the National AI Roadmap White Paper in August 2025. This roadmap covers the conceptual framework of AI, issues analysis, and government policy direction, including establishing a National AI Co-ordination Task Force. It also introduces an AI lifecycle with principles to minimize risks at each stage and outlines key principles of AI governance, including dignity, justice, and accountability.

Complementing the roadmap, the MOCD also published AI Ethical Guidelines to strengthen the ethical framework in CL9, providing a self-assessment questionnaire for businesses. The government is also preparing a presidential regulation on AI to address accountability and security concerns and align AI initiatives across ministries and agencies.

Key Legal Challenges

Despite recent developments, several legal and institutional issues remain. Indonesia currently lacks a unified legal definition of AI, leading to uncertainty about how it should be regulated. The regulatory landscape is fragmented, potentially leading to overlapping authorities and inconsistent standards. This also raises concerns about personal data protection, as AI development often involves collecting and processing large datasets.

Indonesian law does not currently recognize AI as a separate legal subject, leaving liability for AI-related harm to be determined based on existing legal frameworks. To date, You’ll see no court decisions or specific legal provisions clarifying liability arising from the use of AI.

Expert Insight: Indonesia’s main challenge isn’t a lack of technological capability, but rather a need for governance readiness. Addressing the legal gaps and establishing clear frameworks for accountability and security will be crucial for realizing the full potential of AI in the country.

Frequently Asked Questions

What is Indonesia’s long-term vision for AI?

The Indonesian government set out its long-term AI vision through the Artificial Intelligence National Strategy for Indonesia 2020-2045: AI Towards Indonesia Vision 2045.

What is the role of the Ministry of Communication and Digital Affairs (MOCD) in AI governance?

The MOCD issued Circular Letter No.9 of 2023 on Artificial Intelligence Ethics (CL9) and published the National AI Roadmap White Paper in August 2025, indicating a growing policy-driven approach to AI governance.

What are some of the key legal challenges facing AI governance in Indonesia?

Key legal challenges include the lack of a unified legal definition of AI, a fragmented regulatory approach, privacy risks, and unclear liability and accountability frameworks.

As Indonesia continues to integrate AI across sectors, will the country be able to effectively balance innovation with the need for robust legal and ethical safeguards?

0 comments
0 FacebookTwitterPinterestEmail
Tech

Is this privacy-based phone operating system moving mainstream? – The Irish Times

by Chief Editor
written by Chief Editor

Motorola and GrapheneOS: A Modern Dawn for Smartphone Security

Motorola, a name synonymous with mobile phone innovation since 1983, is charting a new course in smartphone security. At Mobile World Congress in Barcelona, Lenovo-owned Motorola announced a partnership with GrapheneOS, a privacy-focused operating system, signaling a potential shift in how we feel about data protection on our mobile devices.

The Rise of Privacy-Focused Operating Systems

For users increasingly concerned about online privacy and data sovereignty, GrapheneOS offers a compelling alternative to mainstream operating systems. It’s a fork of Android, the world’s most popular mobile OS, but stripped back to its open-source origins with a focus on security. The GrapheneOS Foundation, a Canadian non-profit, aims to deliver a sleek, privacy-respecting experience.

Motorola has committed to manufacturing a new flagship smartphone that meets GrapheneOS’s stringent security specifications. While it’s not yet confirmed whether the OS will be pre-installed or available as a download, the partnership itself is a “significant milestone” for expanding GrapheneOS’s reach.

Why Motorola?

GrapheneOS chose to partner with Motorola, specifically leveraging Lenovo’s resources, due to the scale and capabilities Motorola can bring to the table. According to a GrapheneOS spokesperson, Motorola “approached us,” recognizing the marketing benefits of aligning with a leading privacy-focused OS. The partnership allows GrapheneOS to tap into Motorola’s in-house development teams and established supply chains.

The Appeal of De-Googling Your Phone

The GrapheneOS/Motorola announcement arrives at a time when concerns about data privacy are escalating. Recent events, such as sanctions impacting access to web services for staff at the International Criminal Court, highlight the vulnerabilities of relying on US-based tech giants. Finding alternatives to Google and Apple for smartphone operating systems is becoming increasingly key for some users.

While European alternatives like /e/OS and Sailfish exist, GrapheneOS is often praised by tech experts for its balance of security and usability. Currently, GrapheneOS runs exclusively on Google Pixel devices, a testament to the security hardware found in those phones.

The desire to “de-Google” one’s digital life isn’t new. Many users are actively seeking alternatives to Google’s services, like mailbox.org, a German email provider focused on privacy. Yet, Android traditionally requires Google Play Services, which collects extensive user data. GrapheneOS offers a way to run Android without this constant surveillance.

How GrapheneOS Works: A Sandboxed Approach

GrapheneOS addresses Google Play Services’ data collection by isolating it within a “sandbox.” This allows users to control permissions, limiting access to sensitive data like location, camera, and contacts. As one YouTube vlogger put it, GrapheneOS lets users “choose the trade-off between privacy and convenience.”

The installation process is surprisingly straightforward, thanks to a user-friendly web installer. However, transitioning to GrapheneOS requires patience and a willingness to learn. User forums and Reddit groups provide support for those navigating the change.

The GrapheneOS community, though small (around two dozen core members), is dedicated to creating an operating system that puts users back in control of their data. The team emphasizes the importance of diversifying digital infrastructure, warning against relying on a single provider.

Who is Using GrapheneOS?

GrapheneOS has attracted a dedicated following, including privacy advocates like Edward Snowden and online influencer Pewdiepie. While it appeals to those deeply concerned about surveillance, the developers aim to create an OS that benefits all users by prioritizing data ownership.

Future Trends in Mobile Security

The Motorola-GrapheneOS partnership signals a growing trend towards user-centric security in the mobile space. Several factors are driving this shift:

  • Increased Awareness: Consumers are becoming more aware of data privacy issues and demanding greater control over their personal information.
  • Geopolitical Concerns: Events like the ICC sanctions are highlighting the risks of relying on foreign technology providers.
  • AI and Data Collection: The rise of AI is exacerbating data collection practices, prompting a search for more privacy-respecting alternatives.

We can expect to witness more smartphone manufacturers exploring partnerships with privacy-focused OS developers. Advancements in hardware security, combined with software innovations like sandboxing, will continue to empower users to protect their data.

FAQ

What is GrapheneOS?
GrapheneOS is a privacy and security-focused mobile operating system based on Android.

Will GrapheneOS be pre-installed on Motorola phones?
It’s not yet confirmed, but that is the intention.

Is GrapheneOS difficult to install?
The installation process is relatively straightforward, but requires some technical knowledge and patience.

Can I still use Google apps on GrapheneOS?
Yes, but they are sandboxed, limiting their access to your data.

What phones currently support GrapheneOS?
Currently, only Google Pixel phones are supported.

Pro Tip: Back up your data before installing any new operating system. Consider running two phones simultaneously during the transition to minimize disruption.

Did you know? GrapheneOS developers use pseudonyms for personal security due to the potential for harassment.

Want to learn more about mobile security and privacy? Explore our other articles on digital security best practices and the future of data privacy.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Meta Confirms Major Privacy Change on Instagram—What Users Can Do

by Chief Editor
written by Chief Editor

Instagram DMs Are Losing Encryption: What It Means for Your Privacy

Meta has announced a significant shift in Instagram’s privacy landscape: end-to-end encrypted (E2EE) messaging will be discontinued after May 8, 2026. This decision impacts direct messages and calls that currently benefit from encryption, shielding user communications from access by third parties – including Meta itself.

Why Is Instagram Dropping Encryption?

According to a Meta spokesperson, the move stems from low user adoption. “Very few people were opting in to end-to-end encrypted messaging in DMs, so we’re removing this option from Instagram in the coming months,” the company stated. Meta suggests users seeking encrypted messaging can utilize WhatsApp, another platform under its ownership.

The Implications of Losing E2EE

End-to-end encryption ensures that only the sender and recipient can read messages, safeguarding content during transmission. With its removal, Instagram DMs will no longer have this layer of protection. This means Meta will have access to the content of direct messages, raising concerns about data privacy.

The decision arrives amidst ongoing debates about the balance between privacy and safety. While encryption protects user data from unauthorized access, some argue it can hinder the detection of harmful activities, such as child exploitation. TikTok recently stated it does not plan to introduce E2EE for similar reasons.

What Does This Signify for Instagram Users?

Users currently engaged in encrypted conversations will receive in-app notifications with instructions on how to download their data before the May 2026 deadline. Some users may require to update the Instagram app to access these download tools.

This change impacts how sensitive information is shared on the platform. Users who previously relied on Instagram’s encryption for confidential conversations will need to consider alternative, more secure messaging options.

The Broader Trend: Encryption in Messaging Apps

Instagram’s move contrasts with the broader trend toward increased encryption in messaging apps. WhatsApp has offered end-to-end encryption since 2016, and Meta initially envisioned a similar privacy-focused future for Messenger and Instagram. However, internal concerns about hindering the detection of illegal activities reportedly led to delays and, this reversal for Instagram.

The decision highlights the complex challenges tech companies face when balancing user privacy with safety and law enforcement needs. It also raises questions about the future of encryption in social media and the extent to which platforms will prioritize user privacy versus data access.

What People Are Saying

Online reactions to the announcement have been largely negative. On Reddit’s cybersecurity forum, commentators expressed concerns about data security and the potential for misuse of personal information. One user questioned, “Wow, so in a world where we are worried about ‘the children,’ we are making apps less safe for everyone?” Another stated, “Always abandon it up to Facebook/Meta to push the bar lower when it comes to selling people’s data, or when comes to respecting the privacy of people.”

Future Outlook: Privacy in Social Media

The removal of E2EE from Instagram DMs signals a potential shift in how social media platforms approach user privacy. While WhatsApp remains a haven for encrypted messaging within the Meta ecosystem, the future of encryption on other platforms remains uncertain. Users may increasingly seek out alternative messaging apps that prioritize privacy and offer robust encryption features.

The debate surrounding encryption is likely to continue, with ongoing discussions about the appropriate balance between privacy, safety, and law enforcement access. This situation underscores the importance of users being aware of the privacy implications of their chosen messaging platforms and taking steps to protect their sensitive information.

FAQ

What is end-to-end encryption? It’s a security method that ensures only the sender and recipient can read messages, preventing anyone else – including the platform provider – from accessing the content.

When will Instagram stop supporting encrypted DMs? End-to-end encrypted messaging will no longer be supported after May 8, 2026.

What should I do if I have encrypted chats on Instagram? You should download your encrypted conversations before the May 2026 deadline using the in-app tools provided by Instagram.

Will WhatsApp still offer encrypted messaging? Yes, WhatsApp will continue to offer end-to-end encrypted messaging.

Does this affect all Instagram DMs? No, this only affects DMs that were previously using end-to-end encryption. Most Instagram DMs were not encrypted.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Samsung Galaxy S26 Ultra refined flagship

by Chief Editor
written by Chief Editor

Samsung Galaxy S26 Ultra: A Deep Dive into Refinement and the Future of Flagship Phones

Samsung’s Galaxy S26 Ultra continues the evolution of the Ultra line, focusing on subtle improvements rather than radical redesigns. Whereas maintaining the core strengths of the series, the S26 Ultra introduces features like a refined design, enhanced display technology, and continued AI integration. This isn’t just about a new phone; it’s a glimpse into the future of flagship smartphones.

Design and Durability: A Focus on Comfort and Resilience

The S26 Ultra boasts a slightly thinner and lighter build compared to its predecessors, utilizing armour-grade aluminium and tougher front glass. The shift to softened edges improves ergonomics, making the large handset more comfortable to hold. A redesigned camera layout, featuring a raised island for the lenses, enhances durability, though introduces a minor wobble when placed on a flat surface. Water and dust resistance remains at IP68, ensuring robust protection.

Display Innovation: Introducing Privacy Display

The 6.9-inch Dynamic AMOLED display with a 3120 x 1440 resolution and adaptive 1-120Hz refresh rate remains a standout feature. Brightness is a key strength, providing excellent visibility even in strong sunlight. However, the most significant addition is the “Privacy Display” feature. This technology reduces visibility from side angles, protecting sensitive information in public spaces. While it slightly impacts contrast and colour vibrancy, it offers a valuable layer of privacy for users.

Camera Capabilities: Enhanced Light Capture and Versatility

The S26 Ultra retains the familiar four-camera arrangement, headlined by a 200-megapixel main sensor with a brighter lens. Alongside this are a 50-megapixel ultra-wide camera and dual telephoto lenses offering 3x and 5x optical zoom. Improvements focus on light capture, particularly in darker scenes. The camera app remains feature-rich, offering extensive control for both casual and professional photographers, with Expert RAW still available for those seeking maximum control.

Performance and Software: The Power of Snapdragon and AI

Powered by the Snapdragon 8 Elite Gen 5 processor, the S26 Ultra delivers strong performance across all tasks. Paired with either 12GB or 16GB of RAM, the phone handles demanding games and multitasking with ease. A redesigned vapour chamber cooling system improves thermal performance. The device runs Android 16 with Samsung’s One UI 8.5, integrating AI tools for content summarization, notification management, and everyday assistance. Samsung’s commitment to seven years of software and security updates provides long-term value.

Battery Life and Charging: Reliable Power for a Full Day

The 5,000mAh battery provides comfortable all-day battery life with heavy usage, and potentially a day and a half with moderate use. Wired charging speeds have been slightly improved to 60W, allowing for a substantial charge in just half an hour. Wireless charging remains available, though Samsung continues to exclude a charger from the box.

The Rise of Agentic AI in Smartphones

The Galaxy S26 Ultra, and the S26 line in general, emphasizes “Agentic AI” features. These aren’t simply voice assistants; they are designed to proactively understand user habits and provide assistance without explicit prompts. This represents a shift towards more intuitive and personalized smartphone experiences. This is a trend that will likely become standard across all flagship devices in the coming years.

Future Trends: What the S26 Ultra Signals for the Smartphone Industry

The S26 Ultra isn’t just about what’s new; it’s about what’s next. Several key trends are emerging:

  • Privacy-Focused Features: The Privacy Display is a clear indication that user privacy is becoming a major differentiator. Expect to see more smartphones incorporating similar technologies.
  • AI Integration: Agentic AI is poised to become a core component of the smartphone experience, moving beyond simple voice commands to proactive assistance.
  • Extended Software Support: Samsung’s seven-year software support commitment is setting a new standard. Consumers are increasingly demanding longer-lasting devices, and manufacturers are responding.
  • Incremental Refinement: The S26 Ultra demonstrates a move away from radical redesigns towards incremental improvements. Manufacturers are focusing on perfecting existing technologies rather than chasing disruptive innovations.

FAQ

Q: What is Agentic AI?
A: Agentic AI refers to AI features that proactively learn your habits and provide assistance without needing constant prompts.

Q: Does the Galaxy S26 Ultra reach with a charger?
A: No, Samsung does not include a charger in the box.

Q: What is the Privacy Display feature?
A: Privacy Display reduces the viewing angle of the screen, preventing others from seeing your content in public.

Q: How long will the Galaxy S26 Ultra receive software updates?
A: Samsung promises seven years of software and security updates.

Pro Tip: Explore the One UI 8.5 settings to customize the Privacy Display feature and tailor it to your specific needs.

Want to learn more about the latest smartphone innovations? Explore our other articles or subscribe to our newsletter for exclusive insights.

0 comments
0 FacebookTwitterPinterestEmail
Tech

myFirst expands kid-safe tech ecosystem with Circle app

by Chief Editor
written by Chief Editor

The Rise of ‘Safe Tech’ for Kids: MyFirst and the Future of Connected Families

Singapore-based myFirst is making waves in the kids’ tech space, expanding its ecosystem of connected devices – smartwatches, instant cameras, digital frames and headphones – all anchored by the myFirst Circle platform. This isn’t just about gadgets. it’s a response to growing parental concerns about child safety and responsible technology leverage, offering a compelling alternative to early smartphone adoption.

Beyond Parental Controls: Building Safety into the Architecture

Traditional social media platforms often tack on parental controls as an afterthought. MyFirst takes a different approach, building safety directly into the core of its system. The myFirst Circle app acts as a centralized control panel, allowing parents to manage contacts, monitor communications, and utilize features like Ghost Mode for privacy. This focus on proactive safety is a key differentiator, as highlighted by the company’s founder and CEO, G-Jay Yong.

The myFirst Circle Ecosystem: A Connected Family Hub

The latest iteration of the myFirst Circle app, version 4.0, introduces features like Circle Map 2.0 Group View, enhancing location sharing and safety settings. The platform restricts a child’s contact list to parent-approved individuals, a common feature in kid-focused wearables. This control extends across all myFirst devices. Apple Watch compatibility further expands the reach of the Circle platform.

Smartwatches and Instant Cameras: Communication and Creativity

myFirst’s Fone S4 and M1 smartwatches prioritize communication within a controlled environment, featuring GPS tracking and customizable safety settings. The Fone M1, designed for first-time smartwatch users, includes calling, video chat, and media features. Alongside communication, myFirst emphasizes creative outlets with its Insta Lux and Insta Prinx Mini instant cameras. These cameras allow children to capture, edit, and print photos without direct links to traditional social media, addressing concerns about online exposure.

The Family Frame and Safe Listening

The myFirst Frame Clario extends the ecosystem into the home, functioning as a 7-inch digital frame for video calls, photo sharing, and voice notes within the family group. It also includes practical features like a calendar, reminders, and weather updates. For audio, the CareBuds Max headphones offer dual volume limits (85dB and 94dB) and Smart Transparency Safety Mode, prioritizing safe listening habits.

Future Trends in Safe Tech for Kids

The Blurring Lines Between Physical and Digital Safety

myFirst’s approach signals a broader trend: the integration of physical and digital safety measures. Expect to see more devices incorporating GPS tracking, geofencing, and real-time location sharing, not just for wearables but also for everyday items like backpacks and lunchboxes. This will provide parents with a more comprehensive understanding of their child’s whereabouts and activities.

AI-Powered Content Moderation and Safety Features

Artificial intelligence will play an increasingly crucial role in identifying and filtering inappropriate content. AI-powered tools can analyze text, images, and videos to detect potential risks, such as cyberbullying, harmful language, and exposure to inappropriate material. This technology will be crucial for creating safer online environments for children.

The Rise of ‘Family Tech’ Platforms

The concept of a unified “family tech” platform, like myFirst Circle, is likely to gain traction. These platforms will integrate various devices and services, providing a seamless and secure experience for the entire family. Expect to see more features focused on family communication, collaboration, and shared experiences.

Focus on Digital Wellbeing and Balanced Screen Time

Beyond safety, there will be a growing emphasis on digital wellbeing and balanced screen time. Devices and platforms will incorporate features to help children develop healthy technology habits, such as time limits, usage tracking, and reminders to accept breaks. Educational content and activities will also be prioritized.

FAQ

Q: What is myFirst Circle?
A: myFirst Circle is a social media app and platform designed to provide a safe and protected environment for children to connect with family and friends, under parental supervision.

Q: How does myFirst ensure child safety?
A: myFirst Circle restricts a child’s contact list to parent-approved individuals and incorporates safety features like GPS tracking, location sharing, and content monitoring.

Q: What devices are compatible with myFirst Circle?
A: myFirst Circle is compatible with myFirst smartwatches, instant cameras, digital frames, headphones, and Apple Watch.

Q: Is myFirst Circle ad-free?
A: Yes, myFirst emphasizes ad-free educational content within the platform.

Q: What is Ghost Mode?
A: Ghost Mode is a privacy setting within the myFirst Circle app that allows children to have private time without being tracked.

Did you know? myFirst Insta Lux prints are waterproof, smudge-proof, and fingerprint-resistant!

Pro Tip: Regularly review your child’s contact list and activity within the myFirst Circle app to ensure their safety and wellbeing.

Want to learn more about creating a safe digital environment for your children? Explore our other articles on responsible technology use and online safety.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Shadow AI assistant Clawdbot raises workplace risks

by Chief Editor
written by Chief Editor

The Rise of ‘Shadow AI’: How Unsanctioned Tools Like Clawdbot Are Reshaping Corporate Security

A recent report from Token Security Labs has revealed a startling trend: employees are increasingly adopting personal AI assistants – often without IT’s knowledge. Their analysis found Clawdbot (also known as Moltbot) is currently active within 22% of their customer organizations. This isn’t an isolated incident; it’s a symptom of a larger shift towards “shadow AI,” where powerful AI tools operate outside traditional security perimeters.

What is ‘Shadow AI’ and Why is it a Problem?

Shadow AI refers to the use of AI applications and services within an organization that haven’t been vetted or approved by the IT or security teams. Clawdbot, a locally-run AI assistant connecting to popular messaging apps like Slack, WhatsApp, and Microsoft Teams, exemplifies this. While offering convenience – calendar management, email responses, file access – it introduces significant risks. The core issue? Broad access to sensitive data coupled with lax security practices.

Consider this scenario: an employee uses Clawdbot on their personal laptop, connecting it to corporate Slack. Suddenly, confidential internal discussions, files, and even credentials are potentially accessible outside the company’s secure network. This bypasses crucial data loss prevention (DLP) controls and audit trails, making it difficult to detect and respond to breaches.

Did you know? A 2023 Gartner report estimated that 30% of organizations will experience “shadow IT” related security incidents by 2024, and AI tools are rapidly becoming a major component of this risk.

The Security Risks: Plaintext Credentials and Exposed APIs

Token Security’s investigation uncovered alarming security vulnerabilities. Clawdbot stores credentials in plaintext, meaning anyone with access to the user’s device can easily view them. Furthermore, researchers like Jamieson O’Reilly have discovered hundreds of publicly accessible Clawdbot instances with open admin dashboards, exposing API keys, OAuth tokens, and conversation histories. In some cases, remote code execution was even possible.

The lack of default sandboxing – explicitly acknowledged in Clawdbot’s documentation – further exacerbates the problem. This means the AI assistant operates with significant system access, increasing the potential damage from a successful attack. Prompt injection, where malicious instructions are embedded within seemingly harmless inputs, also poses a threat when the tool processes emails, documents, and web pages.

Beyond Clawdbot: The Expanding Landscape of Personal AI

Clawdbot is just the tip of the iceberg. The proliferation of open-source Large Language Models (LLMs) and user-friendly interfaces is making it easier than ever for employees to deploy personal AI assistants. Tools like LM Studio and Ollama allow users to run powerful models locally, further blurring the lines between personal and corporate data.

This trend is fueled by a genuine desire for increased productivity. Employees are seeking ways to automate tasks, streamline workflows, and gain a competitive edge. However, without proper guidance and security measures, these efforts can inadvertently create significant vulnerabilities.

What Can Organizations Do? A Proactive Approach

Addressing the challenge of shadow AI requires a multi-faceted approach:

  • Discovery and Visibility: Monitor network traffic for patterns associated with AI assistant activity. Scan endpoints for the presence of directories like “.clawdbot”.
  • Permission and Access Control: Regularly review OAuth grants and API tokens connected to critical systems. Revoke unauthorized integrations.
  • Clear Policies: Establish clear policies regarding the use of personal AI agents, outlining acceptable use cases and security requirements.
  • Approved Alternatives: Provide employees with secure, enterprise-grade AI tools that offer the functionality they need while maintaining IT oversight.

Pro Tip: Implement a robust security awareness training program to educate employees about the risks associated with shadow AI and the importance of following security protocols.

The Future of AI Security: Zero Trust and Continuous Monitoring

Looking ahead, the rise of shadow AI will likely accelerate the adoption of zero-trust security models. This approach assumes that no user or device is inherently trustworthy and requires continuous verification before granting access to resources.

Continuous monitoring and threat detection will also become increasingly critical. Organizations will need to leverage AI-powered security tools to identify and respond to anomalous activity associated with shadow AI applications. The focus will shift from simply blocking these tools to understanding how they are being used and mitigating the associated risks.

Furthermore, expect to see increased collaboration between security vendors and AI developers to build more secure and responsible AI solutions. This includes incorporating privacy-preserving techniques, robust access controls, and comprehensive audit logging.

FAQ: Shadow AI and Your Organization

  • What is the biggest risk of shadow AI? The biggest risk is the potential for data breaches and unauthorized access to sensitive information due to lack of security controls and visibility.
  • How can I detect shadow AI in my organization? Monitor network traffic, scan endpoints, and review OAuth grants and API tokens.
  • Should I completely ban the use of personal AI assistants? A complete ban may not be practical or effective. Instead, focus on providing secure alternatives and establishing clear policies.
  • What is OAuth? OAuth (Open Authorization) is a standard protocol that allows users to grant third-party applications access to their data without sharing their passwords.

The emergence of shadow AI is a wake-up call for organizations. Ignoring this trend is not an option. By proactively addressing the risks and embracing a security-first approach, businesses can harness the power of AI while protecting their valuable assets.

Want to learn more about securing your organization against emerging AI threats? Explore our comprehensive security solutions or subscribe to our newsletter for the latest insights.

0 comments
0 FacebookTwitterPinterestEmail
World

xAI Restricts Grok Image Editing Amid Global Deepfake Crackdown

by Chief Editor
written by Chief Editor

The Deepfake Reckoning: How AI Image Manipulation is Reshaping Tech Regulation and Trust

The recent restrictions placed on xAI’s Grok chatbot, limiting its image editing capabilities to prevent the creation of non-consensual deepfakes, aren’t an isolated incident. They represent a pivotal moment in the ongoing struggle to balance technological innovation with ethical responsibility. This isn’t just about one chatbot; it’s a harbinger of stricter regulations and a fundamental shift in how AI developers approach content creation.

From “Spicy Mode” to Strict Scrutiny: The Grok Case Study

Grok’s initial launch, championed by Elon Musk as a challenge to “woke” orthodoxy, deliberately embraced minimal moderation. Features like “spicy mode” and “Grok Imagine” offered users unprecedented freedom, but quickly exposed the dark side of unrestricted AI. The platform became a breeding ground for harmful content, including antisemitic tropes, praise for Adolf Hitler, and, most disturbingly, the creation of deepfake pornography featuring real individuals. The Reuters investigation revealing over 100 requests for bikini-clad images of women in a mere ten minutes underscored the severity of the problem.

This rapid descent into misuse triggered a global backlash. Governments, advocacy groups, and victims alike demanded action. The incident highlighted a critical flaw: a lack of proactive safeguards. As Andrea Simon, Director of the End Violence Against Women Coalition, pointed out, platforms must prioritize prevention over reaction.

The Regulatory Tide is Turning: A Global Crackdown

The pressure on X Corp. and xAI isn’t unique. Across the globe, regulators are tightening their grip on AI-powered content generation. The UK’s Online Safety Act, now fully enforceable, carries potential fines of up to £9.2 million (approximately $11.6 million USD) or 10% of global revenue for non-compliance. Ofcom’s investigation into X Corp. could have significant financial and operational consequences, potentially even leading to a complete ban within the UK.

In the United States, California Attorney General Rob Bonta is investigating xAI specifically for the “large-scale production of non-consensual intimate images and deepfakes.” This demonstrates a growing willingness among authorities to hold AI developers legally accountable for the misuse of their technologies. Similar investigations are anticipated in other states and countries.

Did you know? The EU’s AI Act, expected to be fully implemented in 2026, will categorize AI systems based on risk, with high-risk applications – including those used for biometric identification and social scoring – facing stringent regulations.

Beyond Geoblocking: The Limits of Current Solutions

While xAI has implemented measures like restricting image generation to paid subscribers and collaborating with law enforcement, the effectiveness of these solutions is debatable. Geoblocking, for example, is easily circumvented using Virtual Private Networks (VPNs). The UK saw a surge in VPN downloads after implementing age verification requirements for adult websites, illustrating this point.

The focus is shifting towards more sophisticated technical solutions. These include:

  • Watermarking and Provenance Tracking: Embedding invisible digital signatures into AI-generated content to identify its origin and track its spread.
  • Adversarial Training: Developing AI models that can detect and resist attempts to manipulate them into generating harmful content.
  • Content Authentication Initiatives: Industry-wide collaborations, like the Content Authenticity Initiative (CAI), aimed at establishing standards for verifying the authenticity of digital media.

The Rise of Synthetic Media Forensics

As deepfakes become more sophisticated, so too must the tools used to detect them. Synthetic media forensics is a rapidly evolving field dedicated to identifying manipulated images, videos, and audio. Companies like Reality Defender and Truepic are developing AI-powered solutions that can analyze content for telltale signs of manipulation, such as inconsistencies in lighting, shadows, or facial expressions.

Pro Tip: Be skeptical of online content, especially if it seems too good (or too bad) to be true. Look for inconsistencies and cross-reference information with reputable sources.

The Future of AI and Content Creation: A Balancing Act

The future of AI-powered content creation hinges on finding a balance between innovation and responsibility. Developers will need to prioritize ethical considerations from the outset, incorporating robust safeguards into their models. This includes:

  • Bias Mitigation: Addressing biases in training data to prevent AI models from perpetuating harmful stereotypes.
  • Transparency and Explainability: Making AI decision-making processes more transparent and understandable.
  • User Education: Raising awareness among users about the risks of deepfakes and the importance of critical thinking.

The Grok controversy serves as a stark warning: unchecked AI innovation can have devastating consequences. The coming years will likely see a continued escalation of regulatory scrutiny and a growing demand for ethical AI practices. The companies that prioritize responsible development will be the ones that thrive in this new landscape.

FAQ: Deepfakes and AI Regulation

  • What is a deepfake? A deepfake is a synthetic media creation – typically a video or image – that has been manipulated to replace one person’s likeness with another.
  • Are deepfakes illegal? The legality of deepfakes varies depending on the jurisdiction and the specific context. Creating and distributing deepfakes without consent, especially those involving sexual content, is increasingly becoming illegal.
  • How can I tell if an image or video is a deepfake? Look for inconsistencies in lighting, shadows, and facial expressions. Pay attention to unnatural movements or speech patterns. Use deepfake detection tools.
  • What is the Online Safety Act? A UK law requiring platforms to protect users from illegal and harmful content, including non-consensual intimate images.

Want to learn more about the ethical implications of AI? Explore our Cloud and Data section for in-depth analysis and expert insights.

0 comments
0 FacebookTwitterPinterestEmail
Tech

NCLAT: WhatsApp must seek user consent before sharing data with Meta | Company News

by Chief Editor
written by Chief Editor

WhatsApp’s New Consent Rule: What It Means for the Future of Data Sharing

The National Company Law Appellate Tribunal (NCLAT) has clarified that WhatsApp cannot share user data with Meta or any of its affiliated entities without explicit, revocable consent. This ruling follows the Competition Commission of India’s (CCI) push for stronger privacy safeguards and overturns the previous five‑year advertising ban that threatened to upend WhatsApp’s business model.

Why Explicit Consent Is Now Mandatory

Under the latest NCLAT directive, WhatsApp must implement a clear, opt‑in mechanism that lets users decide whether their personal information can be shared with Facebook, Instagram, or any other Meta company. The Tribunal gave the messaging service a three‑month window to roll out this compliance framework.

Did you know? A 2023 Deloitte survey found that 71% of Indian app users would stop using a service if they felt their data was being shared without proper consent.

Potential Future Trends in Data Privacy and Competition Law

  • Granular Consent Management: Expect a rise in “privacy hubs” within apps, where users can toggle data sharing for specific purposes—advertising, analytics, or product improvement.
  • Regulatory Harmonisation: Indian privacy norms are likely to align more closely with the EU’s GDPR and Brazil’s LGPD, creating a more uniform global standard.
  • Shift Toward “Zero‑Party” Data: Companies may incentivise users to voluntarily provide data (e.g., surveys, preference quizzes) rather than relying on passive collection.
  • Increased Penalties: The CCI’s Rs 213.14 crore fine sets a precedent that could see higher monetary sanctions for future breaches.
  • Alternative Monetisation Models: With data sharing restrictions, platforms may explore subscription‑based services, premium features, or contextual advertising that doesn’t require personal identifiers.

Real‑World Example: Instagram’s “Data Download” Initiative

In 2022, Instagram launched a tool for users to download a complete archive of their data, boosting transparency and trust. After the NCLAT ruling, we can expect WhatsApp to introduce similar features—giving users a tangible “data audit” they can review before granting consent.

How Businesses Should Adapt

Marketers and app developers need to redesign data collection workflows:

  1. Implement clear consent banners at the first point of data capture.
  2. Provide easy opt‑out options in settings menus.
  3. Adopt privacy‑by‑design principles in product development.
  4. Maintain transparent logs of consent records to demonstrate compliance during audits.

Pro tip: Use a third‑party consent management platform (CMP) that integrates with your app’s SDK. This reduces development overhead and ensures you stay up‑to‑date with evolving regulations.

Related Topics You Might Want to Explore

Frequently Asked Questions

Will WhatsApp stop showing ads?
No. Advertisements can continue, but any sharing of personal data for ad targeting now requires explicit user consent.
What happens if a user revokes consent?
Meta entities must immediately cease using that user’s data for any purpose beyond the core messaging service.
How long does WhatsApp have to comply?
The Tribunal gave a three‑month deadline to implement the consent and transparency mechanisms.
Does the ruling affect other Meta apps?
Only WhatsApp is directly addressed, but the precedent may influence privacy policies across the Meta ecosystem.
Can Meta appeal the decision?
Yes, Meta can file an appeal in the Supreme Court, but the interim compliance order remains enforceable.

What’s Next for Users and Companies?

As regulators tighten the reins on data sharing, the industry is moving toward a more user‑centric model. Companies that proactively embrace transparent consent practices will not only avoid penalties but also build stronger brand loyalty.

Ready to future‑proof your data strategy? Share your thoughts in the comments below, explore our comprehensive data governance guide, or subscribe to our newsletter for weekly updates on privacy, competition law, and tech trends.

0 comments
0 FacebookTwitterPinterestEmail
Tech

Tollring secures Microsoft Teams compliance nod for Analytics 365 product

by Chief Editor
written by Chief Editor

Why Policy‑Based Recording Is the Next Big Thing for Microsoft Teams

Businesses that rely on Microsoft Teams for daily collaboration are racing to meet ever‑stricter data‑protection laws. The recent certification of Tollring’s Analytics 365 under Microsoft’s updated compliance‑recording standards signals a turning point: policy‑based recording combined with AI analytics is becoming the default safety net for voice, video, and chat data.

AI‑Powered Conversation Analytics – From Reactive to Proactive

Today, most compliance tools simply store recordings. Tomorrow’s solutions will understand them in real time, flagging risky language, detecting fraud patterns, and even suggesting corrective actions before a regulator knocks on the door.

  • Real‑life example: A UK‑based financial services firm used an AI‑driven analytics layer to spot a phishing attempt within a Teams call. The system automatically alerted the security team, preventing a potential $1.2 million loss.
  • Industry data: According to a Gartner 2023 survey, 68 % of enterprises plan to embed AI into their compliance workflows by 2025.

Zero‑Trust Encryption Meets Immutable Audits

Encryption at rest and in transit, combined with tamper‑evident timestamps, creates an audit trail that regulators can trust. Future standards will demand that every modification attempt be cryptographically recorded, effectively turning each file into a “blockchain‑like” ledger.

Pro tip: When evaluating a compliance solution, ask for a detailed description of its cryptographic hash algorithm (SHA‑256 or higher) and how audit logs are stored.

Granular Participant‑Level Access – A GDPR Game‑Changer

Policy‑based tools now let participants view only the sections of a recording they were part of. This granular control not only reduces data exposure but also aligns neatly with Article 30 of the GDPR, which requires “data minimisation” in processing.

In practice, a multinational tech firm reduced its GDPR‑related audit requests by 42 % after implementing participant‑level view restrictions, according to a case study published on Privacy International.

Seamless Integration with Microsoft’s Cloud Stack

Being an ISV (Independent Software Vendor) in Microsoft’s ecosystem means tighter integration with Azure, Teams policy engines, and the Graph API. The Microsoft Teams compliance recording framework now requires solutions to:

  1. Respect Teams’ policy controls (e.g., retention, geo‑restriction).
  2. Expose metadata through Graph for automated discovery.
  3. Pass a rigorous technical audit before being listed in the Marketplace.

Future trends point toward real‑time compliance dashboards that pull metadata directly from Teams, giving compliance officers a live view of risk exposure across the organisation.

Emerging Trends to Watch in 2024‑2026

1. Conversational LLMs for Automated Risk Classification

Large Language Models (LLMs) are being fine‑tuned on industry‑specific vocabularies. Expect solutions that can automatically categorise a conversation as “compliant”, “potential breach”, or “high‑risk” with confidence scores.

2. Multi‑Modal Analytics – Voice, Video, and Text United

Combining speech‑to‑text, video‑frame analysis, and chat logs creates a 360° view of each interaction. Companies like Verint already pilot multi‑modal AI to detect insider threats in real time.

3. Edge‑Based Recording for Data Sovereignty

Regulations such as the EU’s “Data Localisation” rules will push recording workloads to the edge (e.g., Azure Stack) rather than central cloud zones.

4. Automated Legal Hold & E‑Discovery

Future platforms will let legal teams set “hold” policies that instantly lock relevant recordings, generate export packages, and even redact non‑relevant content via AI before delivery.

What This Means for Your Business

Adopting a certified, AI‑enhanced compliance recorder like Analytics 365 can future‑proof your Teams environment. It delivers:

  • Reduced risk of fines (e.g., GDPR penalties up to €20 million or 4 % of global turnover).
  • Operational efficiency – investigators locate relevant calls in seconds using metadata filters.
  • Scalable security – the same solution works across a 22,000‑plus customer base, from SMBs to Fortune 500 enterprises.

Did you know? Organizations that automate compliance recording see a 30 % reduction in time spent on data‑request handling, according to a recent PwC compliance study.

FAQ

What is policy‑based compliance recording?
It is a method where recordings are captured, stored, and managed according to pre‑defined organisational policies (e.g., retention, access, encryption) rather than ad‑hoc manual processes.
How does AI improve compliance?
AI can transcribe speech, index content, detect keyword patterns, and assign risk scores, turning raw recordings into searchable, actionable evidence.
Is participant‑level access compatible with GDPR?
Yes. By limiting visibility to only the data a user is directly involved with, it satisfies GDPR’s data‑minimisation principle.
Do I need an Azure subscription to use Analytics 365?
No. While Azure integration enhances performance, the solution is available through the Microsoft Marketplace and can be purchased without an existing Azure contract.
Can I export recordings for legal hold?
Absolutely. Analytics 365 maintains immutable audit logs and lets you export recordings with full metadata, ready for e‑discovery.

Take the Next Step

Ready to safeguard your Teams conversations and unlock AI‑driven insights? Contact us today to schedule a free demo, or read our deep‑dive guide for more on building a compliant communication strategy.

Have thoughts or experiences with compliance recording? Join the conversation in the comments below and subscribe to our newsletter for the latest updates on AI, privacy, and unified communications.

0 comments
0 FacebookTwitterPinterestEmail
Newer Posts
Older Posts