spam-reports

john 2024-10-10T12:21:06.149739Z

So with AI agents coming, the cost of surveillance is going to drop to 0. My prediction is that services like slack and others will eventually default to "presence" being disabled - it's just an increasingly bad idea to have your online status beaconing out on public networks, given the falling costs of surveillance. My recommendation: tell your friends and family to turn off presence features

👍 1
➕ 1
p-himik 2024-10-10T13:32:23.387159Z

The "online status" information is extremely dirty, I don't think it can be relied on at all. On Slack especially because it doesn't mark you as "away" automatically, as far as I'm aware. I have no easy way of checking, but I assume that I'm "online" 100% of the time just because I have Slack pop-ups on my phone enabled. The incredibly more informative bit of information is when someone answers or is typing. And you can only mitigate those by going anonymous. AI agents are not that useful for gathering public information - we already have that, it's already dirt cheap. IMO AI agents are extremely troublesome when it comes to social engineering. And you cannot do anything about that either, except for going so hard-core anonymous that your close ones will start questioning your sanity.

john 2024-10-10T13:37:23.526629Z

"dear my-local-chatgpt-agent, I don't know how to program, but please find all of @p-himik's public accounts and check his status on all those platforms every 5 minutes. Build me a schedule of the average times he's visible on each platform so I can get a general idea of his daily schedule"

john 2024-10-10T13:38:15.728859Z

Why wouldn't China, and various international companies, just start hoovering that data from everybody?

p-himik 2024-10-10T13:40:30.411579Z

Did you read what I wrote? :) I'm already 100% online, just because of how mobile clients with notifications work. "Yes, dear John, p-himik is online 24/7, seems he never leaves his PC. What else can I help you with?"

john 2024-10-10T13:40:38.226829Z

As someone who wants to sell you something, my first objective is building a theory of mind about you

john 2024-10-10T13:40:55.911509Z

Lol true

p-himik 2024-10-10T13:40:59.302669Z

My UTC+3 gives you much, much more information about my daily schedule than my noisy "online status".

john 2024-10-10T13:41:37.369749Z

Unless you drive under a bridge every day at the same time, that causes your phone connectivity to show that every day

john 2024-10-10T13:41:39.235979Z

Etc

p-himik 2024-10-10T13:42:29.719449Z

> As someone who wants to sell you something, my first objective is building a theory of mind about you That's what social engineering is for. Instead of gathering dirty info, a proper AI agent can schedule a call with me for some reason that would sound very helpful to me, and then it would social-engineer the crap out of me. I'd like to think that "no, not out of me - I'm clever, I'll notice", but the chances are that it's probably not the case.

p-himik 2024-10-10T13:42:59.506109Z

> Unless you drive under a bridge every day at the same time Do you know how cheap and easy it is to get your location based on your phone number?

john 2024-10-10T13:43:48.946999Z

Ping data is allegedly anonymized when purchased by the public iiuc

john 2024-10-10T13:44:24.497109Z

But you could easily deanonymize someone if you buy enough data and just follow their ping out of their house

john 2024-10-10T13:45:04.108899Z

But that costs money

john 2024-10-10T13:45:17.105339Z

Your presence is free

p-himik 2024-10-10T13:45:44.039989Z

I don't know what "ping data" means, but it doesn't cost that much to get into SS7 and then you can not only get the location of a phone but also spoof it to your heart's content (well, almost).

p-himik 2024-10-10T13:46:00.123869Z

> But that costs money It's dirt cheap. And it's in bulk - not per person.

john 2024-10-10T13:49:02.034679Z

You can buy publicly available ping data from cell phones from a company like this https://fogdatascience.com/

john 2024-10-10T13:49:10.939639Z

With that you can basically triangulate on anybody

p-himik 2024-10-10T13:49:48.893329Z

And you can buy access into SS7 from other companies. :) A bit less "public", but open to anyone with money nonetheless. And it's not millions - it's thousands or tens of thousands.

p-himik 2024-10-10T13:50:26.408799Z

(Well, at least as I'm aware - maybe I misunderstand or misremember some things, it's not my area of expertise.)

john 2024-10-10T13:51:36.222199Z

Interesting

p-himik 2024-10-10T13:51:50.334259Z

Found it: "a few thousand $ per month".

p-himik 2024-10-10T13:53:12.555709Z

The most recent video on the topic that I've seen: https://www.youtube.com/watch?v=wVyu7NB7W6Y Not that much groundbreaking stuff in there - it's all old info. Just in a neat easy-to-consume package.

john 2024-10-10T13:54:33.653059Z

Yeah device security is a joke

p-himik 2024-10-10T13:55:17.741819Z

So online status here is just like telling people the ice cream you like is off-white in color, when everyone already knows you like vanilla ice cream. :)

john 2024-10-10T13:57:21.625729Z

Well you call it noise, but what's noise to a human can be very much moreso signal to an AI. But yeah it's a threat model and not everyone will care

p-himik 2024-10-10T14:02:24.464599Z

You don't need AI at all here to separate the wheat from the chaff. Algorithms for noise reduction and finding signals have been around for decades. Humans haven't looked at data since the day we got computers. You're walking around with a sign that says "the end is nigh", I'm saying your sign has already been stolen, you just didn't notice. In terms of the amount of data, it will not get worse because it's already as bad as it gets. The only thing that can get worse is if people start actively participating in their own doom - via social engineering.

john 2024-10-10T14:09:40.053709Z

Okay, you have a daughter. Her ex boyfriend is stalking her. He can't program but he knows how to get a local LLM to help him stalk your daughter. Is that going to change your cost benefit analysis at all?

p-himik 2024-10-10T14:13:40.767169Z

Being able to program has nothing to do with it. What you advocate for is akin to security via obscurity. It does not reduce the attack surface, it just removes lazy attackers. And I would worry about my hypothetical daughter just the same, regardless whether LLMs exist or not. And my steps would also be the same, because LLMs offer only quantitative advantage, not qualitative.

john 2024-10-10T14:26:34.148409Z

Hmm, perhaps. Yeah, it's just a prediction, that presence beaconing will become less popular. But maybe not. I do agree that the most effective security against a large adversary is to just be a minnow among a million minnows