So with AI agents coming, the cost of surveillance is going to drop to 0. My prediction is that services like slack and others will eventually default to "presence" being disabled - it's just an increasingly bad idea to have your online status beaconing out on public networks, given the falling costs of surveillance. My recommendation: tell your friends and family to turn off presence features
The "online status" information is extremely dirty, I don't think it can be relied on at all. On Slack especially because it doesn't mark you as "away" automatically, as far as I'm aware. I have no easy way of checking, but I assume that I'm "online" 100% of the time just because I have Slack pop-ups on my phone enabled. The incredibly more informative bit of information is when someone answers or is typing. And you can only mitigate those by going anonymous. AI agents are not that useful for gathering public information - we already have that, it's already dirt cheap. IMO AI agents are extremely troublesome when it comes to social engineering. And you cannot do anything about that either, except for going so hard-core anonymous that your close ones will start questioning your sanity.
"dear my-local-chatgpt-agent, I don't know how to program, but please find all of @p-himik's public accounts and check his status on all those platforms every 5 minutes. Build me a schedule of the average times he's visible on each platform so I can get a general idea of his daily schedule"
Why wouldn't China, and various international companies, just start hoovering that data from everybody?
Did you read what I wrote? :) I'm already 100% online, just because of how mobile clients with notifications work. "Yes, dear John, p-himik is online 24/7, seems he never leaves his PC. What else can I help you with?"
As someone who wants to sell you something, my first objective is building a theory of mind about you
Lol true
My UTC+3 gives you much, much more information about my daily schedule than my noisy "online status".
Unless you drive under a bridge every day at the same time, that causes your phone connectivity to show that every day
Etc
> As someone who wants to sell you something, my first objective is building a theory of mind about you That's what social engineering is for. Instead of gathering dirty info, a proper AI agent can schedule a call with me for some reason that would sound very helpful to me, and then it would social-engineer the crap out of me. I'd like to think that "no, not out of me - I'm clever, I'll notice", but the chances are that it's probably not the case.
> Unless you drive under a bridge every day at the same time Do you know how cheap and easy it is to get your location based on your phone number?
Ping data is allegedly anonymized when purchased by the public iiuc
But you could easily deanonymize someone if you buy enough data and just follow their ping out of their house
But that costs money
Your presence is free
I don't know what "ping data" means, but it doesn't cost that much to get into SS7 and then you can not only get the location of a phone but also spoof it to your heart's content (well, almost).
> But that costs money It's dirt cheap. And it's in bulk - not per person.
You can buy publicly available ping data from cell phones from a company like this https://fogdatascience.com/
With that you can basically triangulate on anybody
And you can buy access into SS7 from other companies. :) A bit less "public", but open to anyone with money nonetheless. And it's not millions - it's thousands or tens of thousands.
(Well, at least as I'm aware - maybe I misunderstand or misremember some things, it's not my area of expertise.)
Interesting
Found it: "a few thousand $ per month".
The most recent video on the topic that I've seen: https://www.youtube.com/watch?v=wVyu7NB7W6Y Not that much groundbreaking stuff in there - it's all old info. Just in a neat easy-to-consume package.
Yeah device security is a joke
So online status here is just like telling people the ice cream you like is off-white in color, when everyone already knows you like vanilla ice cream. :)
Well you call it noise, but what's noise to a human can be very much moreso signal to an AI. But yeah it's a threat model and not everyone will care
You don't need AI at all here to separate the wheat from the chaff. Algorithms for noise reduction and finding signals have been around for decades. Humans haven't looked at data since the day we got computers. You're walking around with a sign that says "the end is nigh", I'm saying your sign has already been stolen, you just didn't notice. In terms of the amount of data, it will not get worse because it's already as bad as it gets. The only thing that can get worse is if people start actively participating in their own doom - via social engineering.
Okay, you have a daughter. Her ex boyfriend is stalking her. He can't program but he knows how to get a local LLM to help him stalk your daughter. Is that going to change your cost benefit analysis at all?
Being able to program has nothing to do with it. What you advocate for is akin to security via obscurity. It does not reduce the attack surface, it just removes lazy attackers. And I would worry about my hypothetical daughter just the same, regardless whether LLMs exist or not. And my steps would also be the same, because LLMs offer only quantitative advantage, not qualitative.
Hmm, perhaps. Yeah, it's just a prediction, that presence beaconing will become less popular. But maybe not. I do agree that the most effective security against a large adversary is to just be a minnow among a million minnows