Our weekly picks of digital trust-related articles

This article prompts reflection on what we mean by 'trust' when we talk about 'trustworthy' AI. There are many dimensions to trust, and the author helpfully breaks them down. In human-AI interactions, misalignments can occur when stakeholders interpret 'trust' differently. For example, companies might emphasize the epistemic aspect—reliance on knowledge and its acquisition—of trust, while users may view AI outputs through a moral, value-based lens. To develop genuinely trustworthy AI, it is essential to establish a common understanding among stakeholders of all the layers of trust

It often appears as if disinformation was spread by a large number of social media users. However, research suggests that it is a comparatively small percentage of the users that is primarily responsible for creating and widely sharing divisive content, with these voices being amplified by the platforms’ algorithms. As bleak as this may be, I find a silver lining in the experiments that showed that unfollowing such accounts lead to a substantial reduction in animosity towards other political groups.

An impressively large line-up of AI leaders and experts are advocating for more research into 'chain-of-thought' (CoT) monitoring of reasoning models. This technique, as the name implies, aims to understand how AI reasoning models work. It could become a key method for understanding how AI agents think and what their goals are, and could enhance AI safety by tracking alignment and flagging harmful interactions. Presently, visibility into these models’ 'thought processes' exists but, apparently, is not guaranteed, hence the call to arms before this window is closed.

With all the hype around agentic AI, the industry is rushing to embrace it. However, alarm bells have been sounded again and again concerning misaligned behaviour of LLMs and Large Reasoning Models (LRMs), ranging from 'harmless' misinformation to deliberately malicious actions. This raises serious questions whether the current technology is really mature enough to be entrusted with any level of autonomy, let alone replace human workers

From a cryptographer's point of view, the big breakthrough in quantum computing would be if it can successfully factorize numbers in the 1000-digit range. As it turns out, this is actually quite difficult. The record from 2012 of factorizing the number 21 is still unbeaten! And all reports of factorizing bigger numbers used very, very specific numbers, so specific that even a dog can factorize them! Progress in quantum computers is advancing, but we may have to wait one or more decades before we really start to reap their promise.

Severe floods in Texas sparked a wave of conspiracy theories, with claims circulating online that the disaster was caused by geoengineering or weather weapons. This highlights a growing tension between the speed at which formal institutions can communicate accurate information and the rapid spread of AI-fueled disinformation. The resulting vandalism of radar infrastructure and threats against meteorologists disrupted emergency services, showing just how vulnerable necessary communication channels are in times of emergencies.

A lot of cryptographic proofs rely on something called the 'random oracle model' and the 'Fiat-Shamir transformation'. Together, they can create a mathematical proof of the security of a specific zero knowledge protocol. However, the random oracle model is never used – in real algorithms, it is replaced by a hash function. What can go wrong? It turns out, a lot. You can create a zero knowledge proof of a lie, e.g., prove that you have the cryptocurrency funds necessary for a certain transaction, when in reality you have not!

As a software engineer, I'm looking at LLMs both as a tool for, but potentially also a danger to, my job: will it replace me one day? In this study, they measured the time that seasoned software needed to fix a bug, both with and without the aid of LLMs. The outcome in this specific study was surprising – it took longer to solve a problem with an LLM than without! There are a lot of caveats in the study, but it's interesting to see that it's not very clear if LLMs are even a help, let alone a danger to my job!

Am Beispiel deutscher Medien wird die Entwicklung des Online-Journalismus seit den 90ern bis heute nachvollzogen. Besonders interessant finde ich die Diskussion der jeweiligen Problematiken denen die Verlage im Web 1.0, in den sozialen Medien und heute mit generativer AI konfrontiert sind/waren.

Here’s an interesting take on what happens if security bugs are found in Open Source libraries. Now that more and more of Open Source libraries find their way into commercial products from Google, Microsoft, Amazon, and others, the problem of fixing security bugs in a timely manner is becoming a bigger problem. Open Source projects are very often maintained by a single person, and the company who uses the library often doesn't participate in its development. Effectively, the maintainer works for free for a company who makes money off his work!

Dieser Beitrag erläutert anschaulich am Beispiel des jüngsten Datenleaks der Schweizer Bundespolitiker:innen warum wir als Gesellschaft solche Leaks nicht bagatellisieren sollten.

There has been a lot of discussion about the high cost of cyber-attacks, and the recent announcement that the credentials of Swiss parliamentarians are circulating on the Darknet serves as a reminder of this. Interestingly, stolen access credential is the main intrusion vector (16%) in companies and remains undetected for the longest time (an average of 292 days). Therefore, secure, easy and fast authentication remains a matter of the utmost urgency.

Contrary to what the author posits, I don’t think there is anything to fix about social media: it gives people the adrenaline rush they want, and comforts VC money by showing exponential growth. What can be changed is the way we prioritize seeking spaces to hang out with people we like. Mastodon is one such space, but it will never be The Place to Be, nor have those attention-seeking features, as it does not optimize for user engagement or profits. I doubt very much I’ll see my kids there anyway.

This report reveals new vulnerabilities in the equipment used in solar power grids and smart homes. It shows that attackers can exploit flaws in the supply chain and insecure protocols to disrupt power generation or grid stability. Clear infographics illustrate the network structure, risks and the worldwide share of solar use. As solar energy continues to expand, securing these infrastructures is of paramount importance.

This article highlights the alarming reliance of critical infrastructure on outdated technology, exposing significant vulnerabilities in essential systems. The need for uninterrupted operation and compatibility requirements presents major challenges to the modernization of these legacy systems, and the costs to upgrade are steep. Yet the potential for catastrophic failure due to obsolete equipment underscores the urgent need to address this issue.

This essay stands out because it moves beyond sensational fears about AI replacing humans and instead offers a practical framework for understanding when AI genuinely outperforms humans and when human skills remain irreplaceable... (at least for now).

This article highlights significant flaws within the proposed NO FAKES Act, whose repercussions would extend far beyond U.S. borders. I found it particularly insightful because of the parallels it draws between this bill and existing mechanisms for addressing copyright infringement, outlining how the deficiencies within the latter are likely to be mirrored in the former.

Driven by ethical concerns about using existing artwork to train gen AI models, an artist created his own model that produces output untrained on any data at all. What was interesting to me is that, in exploring whether gen AI could create original art, he also demonstrated a potential path to better understanding how such models work in the first place. Could it be through art that we approach explainable AI?

As LLM agents become 'en vogue', we need to rethink the attacks they open to malicious third parties. Here Simon Willison describes a combination often seen in such agents that will put your private data at risk. Unfortunately, there is currently not much you can do, except be aware that all the data that agents touch could be sent to an attacker.

Cycle tracking apps are not only helpful for those trying to conceive, but also serve as important tools for keeping track of one’s general reproductive health. As this article discusses, however, such tools can quickly become a double-edged sword due to the high value of the data they collect, which can potentially end up in the wrong hands via the data market. Therefore, as with other health-related apps, it is critical to inform oneself and choose privacy-friendly alternatives.

I was intrigued by this article, as it highlights how war impacts a country’s digital assets - something that is very relevant, yet little discussed, in today's digitalized world.

This article underscores that neither digital policies nor technologies can be discussed in isolation. Using Indonesia as an example, it lays out how the country’s laws and regulations on internet content are actually implemented by the ISPs and examines how the combination of vaguely worded laws and sweeping filtering methods ultimately impacts citizens' access to information.

This article is interesting because it highlights the opportunities and challenges of personal data ownership. Although tools such as dWallet claim to empower users, they can encourage the poorest and least educated people to sell their data without understanding the risks, thereby widening the digital divide. True data empowerment means that everyone must have the knowledge and resources to make informed choices about privacy, not just the privileged few.

That is a very nice attack on privacy-protection in the mobile browsers: even if you don't allow any cookies and don't consent on being tracked, you're browsing behaviour is still tracked. The idea of communicating from the mobile browser to your locally installed app is technically very interesting, and seems to be difficult to avoid on Android devices. The article mentions Meta and Yandex as the main perpetrators using this technique.