Privacy and data protection Archives | Page 167 of 342

How local LLMs are changing AI access

As AI adoption rises, more users explore running large language models (LLMs) locally instead of relying on cloud providers.

Local deployment gives individuals control over data, reduces costs, and avoids limits imposed by AI-as-a-service companies. Users can now experiment with AI on their own hardware thanks to software and hardware capabilities.

Concerns over privacy and data sovereignty are driving interest. Many cloud AI services retain user data for years, even when privacy assurances are offered.

By running models locally, companies and hobbyists can ensure compliance with GDPR and maintain control over sensitive information while leveraging high-performance AI tools.

Hardware considerations like GPU memory and processing power are central to local LLM performance. Quantisation techniques allow models to run efficiently with reduced precision, enabling use on consumer-grade machines or enterprise hardware.

Software frameworks like llama.cpp, Jan, and LM Studio simplify deployment, making local AI accessible to non-engineers and professionals across industries.

Local models are suitable for personalised tasks, learning, coding assistance, and experimentation, although cloud models remain stronger for large-scale enterprise applications.

As tools and model quality improve, running AI on personal devices may become a standard alternative, giving users more control over cost, privacy, and performance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Salt Typhoon hack reveals fragility of global communications networks

The FBI has warned that Chinese hackers are exploiting structural weaknesses in global telecom infrastructure, following the Salt Typhoon incident that penetrated US networks on an unprecedented scale. Officials say the Beijing-linked group has compromised data from millions of Americans since 2019.

Unlike previous cyber campaigns focused narrowly on government targets, Salt Typhoon’s intrusions exposed how ordinary mobile users can be swept up in espionage. Call records, internet traffic, and even geolocation data were siphoned from carriers, with the operation spreading to more than 80 countries.

Investigators linked the campaign to three Chinese tech firms supplying products to intelligence agencies and China’s People’s Liberation Army. Experts warn that the attacks demonstrate the fragility of cross-border telecom systems, where a single compromised provider can expose entire networks.

US and allied agencies have urged providers to harden defences with encryption and stricter monitoring. Analysts caution that global telecoms will continue to be fertile ground for state-backed groups without structural reforms.

The revelations have intensified geopolitical tensions, with the FBI describing Salt Typhoon as one of the most reckless and far-reaching espionage operations ever detected.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Salesforce customers hit by OAuth token breach

Security researchers have warned Salesforce customers after hackers stole data by exploiting OAuth access tokens linked to the Salesloft Drift integration, highlighting critical cybersecurity flaws.

Google’s Threat Intelligence Group (GTIG) reported that the threat actor UNC6395 used the tokens to infiltrate hundreds of Salesforce environments, exporting large volumes of sensitive information. Stolen data included AWS keys, passwords, and Snowflake tokens.

Experts warn that compromised SaaS integrations pose a central blind spot, since attackers inherit the same permissions as trusted apps and can often bypass multifactor authentication. Investigations are ongoing to determine whether connected systems, such as AWS or VPNs, were also breached.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Noyb wins GDPR case against Youtube

Austrian digital rights ngo, noyb, has won a case against YouTube after a five-and-a-half-year battle, with the Austrian data protection authority ordering the platform to fully comply with a user’s data access request under Article 15 of the GDPR.

In 2019, privacy group noyb filed eight complaints against major streaming platforms, including YouTube, Spotify, Netflix, Amazon, and Apple Music, for not fully complying with the EU’s data protection law, the GDPR.

Under Article 15 of the GDPR, companies must provide users access to their personal data and explain how it is used, who it’s shared with, and how long it’s stored. But according to noyb, none of the companies responded appropriately.

The case against YouTube, owned by Google, stood out. A user requested their data in 2019 but received only part of it, with important details missing, such as why the data was being processed and who else had access to it.

It took the Austrian data protection authority (DSB) five and a half years to issue a ruling, finally ordering Google to hand over the complete information.

Martin Baumann, a lawyer at noyb, said these delays make it nearly impossible for users to exercise other rights, like correcting or deleting their data. The DSB confirmed that companies must fully answer access requests in a clear, easy-to-understand format.

Simply directing users to tools or privacy policies isn’t enough. Google has four weeks to comply, or it can appeal and continue delaying.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Claude chatbot misused in unprecedented cyber extortion case

A hacker exploited Anthropic’s Claude chatbot to automate one of the most extensive AI-driven cybercrime operations yet recorded, targeting at least 17 companies across multiple sectors, the firm revealed.

According to Anthropic’s report, the attacker used Claude Code to identify vulnerable organisations, generate malicious software, and extract sensitive files, including defence data, financial records, and patients’ medical information.

The chatbot then sorted the stolen material, identified leverage for extortion, calculated realistic bitcoin demands, and even drafted ransom notes and extortion emails on behalf of the hacker.

Victims included a defence contractor, a financial institution, and healthcare providers. Extortion demands reportedly ranged from $75,000 to over $500,000, although it remains unclear how much was actually paid.

Anthropic declined to disclose the companies affected but confirmed new safeguards are in place. The firm warned that AI lowers the barrier to entry for sophisticated cybercrime, making such misuse increasingly likely.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Fragmenting digital identities with aliases offers added security

People often treat their email address as harmless, just a digital ID for receipts and updates. In reality, it acts as a skeleton key linking behaviour, purchases, and personal data across platforms.

Using the same email everywhere makes tracking easy. Companies may encrypt addresses, but behavioural patterns remain intact. Aliases disrupt this chain by creating unique addresses that forward mail without revealing your true identity.

Each alias becomes a useful tracker. If one is compromised or starts receiving spam, it can simply be disabled, cutting off the problem at its source.

Aliases also reduce the fallout of data breaches. Instead of exposing your main email to countless third-party tools, scripts, and mailing platforms, an alias shields your core digital identity.

Beyond privacy, aliases encourage healthier habits. They force a pause before signing up, add structure through custom rules, and help fragment your identity, thereby lowering the risks associated with any single breach.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

TransUnion breach affects 4.5 million US consumers, highlighting rising third-party cyberattack threats

TransUnion, a US consumer credit reporting agency, has suffered a data breach, impacting the personal information of nearly 4.5 million Americans. The breach, detected on 30 July 2025, involved unauthorised access to a third-party application used in its US consumer support operations.

Although credit reports and core credit data were not exposed, specific personal details were compromised. TransUnion is offering affected customers free credit monitoring and fraud assistance. The agency highlighted its commitment to robust security measures and ongoing improvements. The incident follows previous breaches in 2022 and 2023, raising concerns about TransUnion’s overall data protection and third-party risks.

The recent TransUnion breach follows several high-profile data incidents involving third-party compromises. In June 2025, banking giant UBS was affected after its procurement provider Chain IQ was attacked.

In July, Allianz Life reported personal data theft from 1.4 million US customers via a third-party cloud-based CRM breach. Australian airline Qantas also disclosed a breach impacting nearly six million customers through a third-party service platform.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

China sets 10-year targets for mass AI adoption

China has set its most ambitious AI adoption targets yet, aiming to embed the technology across industries, governance, and daily life within the next decade.

According to a new State Council directive, AI use should reach 70% of the population by 2027 and 90% by 2030, with a complete shift to what it calls an ‘intelligent society’ by 2035.

The plan would mean nearly one billion Chinese citizens regularly using AI-powered services or devices within two years, a timeline compared to the rapid rise of smartphones.

Although officials acknowledge risks such as opaque models, hallucinations and algorithmic discrimination, the policy calls for frameworks to govern ‘natural persons, digital persons, and intelligent robots’.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US begins publishing economic data on public blockchains

The US Department of Commerce has begun a pilot to publish official economic data on public blockchains to boost transparency and integrity. The first release included GDP figures on nine networks, among them Bitcoin, Ethereum, Solana, and Polygon.

For the July 2025 update, the department issued a cryptographic proof confirming 3.3% annualised GDP growth. In some cases, the topline figure itself was also shared.

Major exchanges such as Coinbase, Gemini, and Kraken supported the rollout, while oracle providers Chainlink and Pyth made the data instantly available across hundreds of applications.

Commerce Secretary Howard Lutnick called the move practical and symbolic, highlighting the Trump administration’s aim to position America as a blockchain leader. He emphasised that putting government data on-chain ensures universal access and creates new opportunities for financial markets.

The pilot may expand to more chains, oracles, and market participants. Officials say future datasets may include inflation and other key metrics, potentially changing how public statistics are shared and used in decentralised finance.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Anthropic updates Claude’s policy with new data training choices

The US AI startup has announced an update to its data policy for Claude users, introducing an option to allow conversations and coding sessions to be used for training future AI models.

Anthropic stated that all Claude Free, Pro, and Max users, including those using Claude Code, will be asked to make a decision by September 28, 2025.

According to Anthropic, users who opt in will permit retention of their conversations for up to five years, with the data contributing to improvements in areas such as reasoning, coding, and analysis.

Those who choose not to participate will continue under the current policy, where conversations are deleted within thirty days unless flagged for legal or policy reasons.

The new policy does not extend to enterprise products, including Claude for Work, Claude Gov, Claude for Education, or API access through partners like Amazon Bedrock and Google Cloud Vertex AI. These remain governed by separate contractual agreements.

Anthropic noted that the choice will also apply to new users during sign-up, while existing users will be prompted through notifications to review their privacy settings.

The company emphasised that users remain in control of their data and that manually deleted conversations will not be used for training.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!