There are many concerns about the potential harm that sophisticated generative AI systems have unleashed on the public. What they do with our data is one of them. We know very little about where these models get the petabytes of data they need, how that data is being used, and what protections, if any, are in place when it comes to sensitive information. The companies that make these systems aren’t telling us much, and may not even know themselves.

Two weeks ago, a viral tweet accused Google of scraping Google Docs for data on which to train its AI tools. In a follow-up, its author claimed that Google “used docs and emails to train their AI for years.” The initial tweet has nearly 10 million views, and it’s been retweeted thousands of times. The fact that this may not even be true is almost beside the point. (Google says it doesn’t use data from its free or enterprise Workspace products — that includes Gmail and Docs — to train its generative AI models unless it has user permission, though it does train some Workspace AI features like spellcheck and Smart Compose using anonymized data.)

“Up until this point, tech companies have not done what they’re doing now with generative AI, which is to take everyone’s information and feed it into a product that can then contribute to people’s professional obsolescence and totally decimate their privacy in ways previously unimaginable,” said Ryan Clarkson, whose law firm is behind class action lawsuits against OpenAI and Microsoft and Google.

Google’s general counsel, Halimah DeLaine Prado, said in a statement that the company has been clear that it uses data from public sources, adding that “American law supports using public information to create new beneficial uses, and we look forward to refuting these baseless claims.”

Exactly what rights we may have over our own information, however, is still being worked out in lawsuits, worker strikes, regulator probes, executive orders, and possibly new laws. Those might take care of your data in the future, but what can you do about what these companies already took, used, and profited from? The answer is probably not a whole lot.

Generative AI companies are hungry for your data. Here’s how they get it.

Simply put, generative AI systems need as much data as possible to train on. The more they get, the better they can generate approximations of how humans sound, look, talk, and write. The internet provides massive amounts of data that’s relatively easy to gobble up through web scraping tools and APIs. But that gobbling process doesn’t distinguish between copyrighted works or personal data; if it’s out there, it takes it.

“In the absence of meaningful privacy regulations, that means that people can scrape really widely all over the internet, take anything that is ‘publicly available’ — that top layer of the internet for lack of a better term — and just use it in their product,” said Ben Winters, who leads the Electronic Privacy Information Center’s AI and Human Rights Project and co-authored its report on generative AI harms.

Which means that, unbeknownst to you and, apparently, several of the companies whose sites were being scraped, some startup may be taking and using your data to power a technology you had no idea was possible. That data may have been posted on the internet years before these companies existed. It may not have been posted by you at all. Or you may have thought you were giving a company your data for one purpose that you were fine with, but now you’re afraid it was used for something else. Many companies’ privacy policies, which are updated and changed all the time, may let them do exactly that. They often say something along the lines of how your data may be used to improve their existing products or develop new ones. Conceivably, that includes generative AI systems.

Not helping matters is how cagey generative AI companies have been about revealing their data sources, often simply saying that they’re “publicly available.” Even Meta’s more detailed list of sources for its first LLaMA model refers to things like “Common Crawl,” which is an open source archive of the entire internet, as well as sites like Github, Wikipedia, and Stack Exchange, which are also enormous repositories of information. (Meta hasn’t been as forthcoming about the data used for the just-released Llama 2.) All of these sources may contain personal information. OpenAI admits that it uses personal data to train its models, but says it comes across that data “incidentally” and only uses it to make “our models better,” as opposed to building profiles of people to sell ads to them.

Google and Meta have vast troves of personal user data they say they don’t use to train their language models now, but we have no guarantee they won’t do so in the future, especially if it means gaining a competitive advantage. We know that Google scanned users’ emails for years in order to target ads (the company says it no longer does this). Meta had a major scandal and a $5 billion fine when it shared data with third parties, including Cambridge Analytica, which then misused it. The fact is, these companies have given users plenty of reasons not to take their assurances about data privacy or commitments to produce safe systems at face value.

“The voluntary commitments by big tech require a level of trust that they don’t deserve, and they have not earned,” Clarkson said.

Copyrights, privacy laws, and “publicly available” data

For creators — writers, musicians, and actors, for instance — copyrights and image rights are a major issue, and it’s pretty obvious why. Generative AI models have both been trained on their work and could put them out of work in the future.

That’s why comedian Sarah Silverman is suing OpenAI and Meta as part of a class action lawsuit. She alleges that the two companies trained off of her written work by using datasets that contained text from her book, The Bedwetter. There are also lawsuits over image rights and the use of open source computer code.

The use of generative AI is also one of the reasons why writers and actors are on strike, with both of their unions, the WGA and SAG-AFTRA, fearing that studios will train AI models on artists’ words and images and simply generate new content without compensating the original human creators.

But you, the average person, might not have intellectual property to protect, or at least your livelihood may not depend on it. So your concerns might be more about how companies like OpenAI are protecting your privacy when their systems scoop it up, remix it, and spit it back out.

Regulators, lawmakers, and lawyers are wondering about this, too. Italy, which has stronger privacy laws than the US, even temporarily banned ChatGPT over privacy issues. Other European countries are looking into doing their own probes of ChatGPT. The Federal Trade Commission has also set its sights on OpenAI, investigating it for possible violations of consumer protection laws. The agency has also made it clear that it will keep a close eye on generative AI tools.

But the FTC can only enforce what the laws allow it to. President Biden has encouraged Congress to pass AI-related bills, and many members of Congress have said they want to do the same. Congress is notoriously slow-moving, however, and has done little to regulate or protect consumers from social media platforms. Lawmakers may learn a lesson from this and act faster when it comes to AI, or they may repeat their mistake. The fact that there is interest in doing something relatively soon after generative AI’s introduction to the general public is promising.

“The pace at which people have introduced legislation and said they want to do something about [AI] is, like, 9 million times faster than it was with any of these other issues,” Winters said.

But it’s also hard to imagine Congress acting on data privacy. The US doesn’t have a federal consumer online privacy law. Children under 13 do get some privacy protections, as do residents of states that passed their own privacy laws. Some types of data are protected, too. That leaves a lot of adults across the country with very little by way of data privacy rights.

We will likely be looking at the courts to figure out how generative AI fits with the laws we already have, which is where people like Clarkson come in.

“This is a chance for the people to have their voice heard, through these lawsuits,” he said. “And I think that they’re going to demand action on some of these issues that we haven’t made much progress through the other channels thus far. Transparency, the ability to opt out, compensation, ethical sourcing of data — those kinds of things.”

In some instances, Clarkson and Tim Giordano, a partner at Clarkson Law Firm who is also working on these cases, said there’s existing law that doesn’t explicitly cover people’s rights with generative AI but which a judge can interpret to apply there. In others, there are things like California’s privacy law, which requires companies that share or sell people’s data to give them a way to opt out and delete their information.

“There’s currently no way for these models to delete the personal information that they’ve learned about us, so we think that that’s a clear example of a privacy violation,” Giordano said.

ChatGPT’s opt out and data deletion tools, for example, are only for data collected by people using the ChatGPT service. It does have a way for people in “certain jurisdictions” to opt out of having their data processed by OpenAI’s models now, but it also doesn’t guarantee it will do so and it requires that you provide evidence that your data was processed in the first place.

Although OpenAI recently changed its policy and has stopped training models off data provided by its own customers, another set of privacy concerns crops up with how these models use the data you give them when you use them and the information they release into the wild. “Customers clearly want us not to train on their data,” Sam Altman, CEO of OpenAI, told CNBC, an indicator that people aren’t comfortable with their data being used to train AI systems, though only some are given the chance to opt out of it, and in limited circumstances. Meanwhile, OpenAI has been sued for defamation over a ChatGPT response that falsely claimed that someone had defrauded and stolen money from a non-profit. And this isn’t the only time a ChatGPT response levied false accusations against someone.

So what can you currently do about any of this? That’s what’s so tricky here. A lot of the privacy issues now are the result of a failure to pass real, meaningful privacy laws in the past that could have protected your data before these datasets and technologies even existed. You can always try to minimize the data you put out there now, but you can’t do much about what’s already been scraped and used. You’d need a time machine for that, and not even generative AI has been able to invent one yet.

A version of this story was also published in the Vox technology newsletter. 

According to the FCC’s release, the move comes in an effort to uphold 2019’s Secure and Trusted Communications Networks Act, which requires the agency to publish a list that details any communications equipment or services which may present a risk to national security.

The FCC published its so-called “Covered List” for the first time in March 2021, when it named Chinese companies Huawei, ZTE, Hytera Communications, Hikvision, and Dahua. With this year’s update, the full list only names eight companies that pose such risk, and Kaspersky is the only one based in Russia.

The company’s inclusion on the list means it is banned from receiving support from the FCC’s Universal Service Fund. According to Reuters, the $8 billion fund is used to maintain communications services in rural areas and for low income users and facilities.

Kaspersky’s arrival on the Covered List this year follows a 2017 directive barring the company’s flagship antivirus product on federal computer systems. More recently, the FCC’s move subsequently spurred bug bounty platform HackerOne to indefinitely suspend Kaspersky from using its services, as announced on Twitter.

Tweet may have been deleted

Kaspersky has maintained that such federal action against its services is unconstitutional, claiming both the initial 2017 prohibition and this year’s Covered List designation to be be based not on actual evidence against the company, but rather political motivations. That’s the position the company took in a statement to Bleeping Computer earlier this week.

“Kaspersky maintains that the U.S. Government’s 2017 prohibitions on federal entities and federal contractors from using Kaspersky products and services were unconstitutional,” the statement reads. It goes on to note that the FCC’s latest update to the Covered List is flawed because, the company maintains, there’s been “public evidence” to justify the 2017 move, which is also referenced in the FCC’s announcement.

“This decision is not based on any technical assessment of Kaspersky products – that the company continuously advocates for – but instead is being made on political grounds.”

Your Android phone is likely brimming with data gathered from all over the internet by your web browser, no matter if you have a new Samsung Galaxy S22, Google Pixel 6 or older smartphone. This data makes up your browser cache and cookies, and can be helpful. It keeps you logged in to your accounts and loads frequently used websites. 

But whether you use Firefox, Samsung Internet or Google Chrome, this data eventually builds up, taking up space on your phone while also probably including cookies that are tracking your browsing history with the intention of serving personalized advertising (I’ve been seeing ads for eyeglasses after visiting a few online stores to compare prices and styles, as well as for TV shows related to my YouTube searches.)

It doesn’t hurt to occasionally clear this data out in order to keep your web browser lean, running efficiently and, ideally, storing as few tracking cookies as possible.

On Android, the steps differ slightly depending on the type of phone and web browser app you’re using, so below we’ll go over how to clear this data on Google’s Chrome (often the default for many Android phones like the Google Pixel line), Samsung’s Internet browser (often the default on the Galaxy phone series) and Mozilla’s Firefox browser. You can also check out our separate guide on how to clear your cache on an iPhone web browser in case you have a few Apple devices to clear out, too.

Google Chrome

You can delete your cookies and cache from within the Android version of Google Chrome by first tapping the More button in the top right corner of the browser, indicated by a column of three dots, then tapping History, then Clear browsing data. You can also access this from the Chrome Settings menu, tapping Privacy and Security and then Clear browsing data.

Chrome also offers Basic and Advanced settings for clearing your Browsing history, Cookies and site data and Cached images and files. You can use the Time range drop-down to select whether you want to delete the entire history or a selection of anywhere from the past 24 hours up to the last four weeks. Tapping Advanced will also give you access to deleting Saved passwords, Autofill form data and Site settings. After selecting what you want to delete, tap the blue Clear data button, and it will then delete without any other prompts, so just make sure you’re zapping exactly what you want to zap.

Read more: Ditch Google Chrome and Use This Privacy-Focused Browser Instead

Samsung Internet

There are two different ways you can clear your Samsung Internet browser’s cache and cookie data. You can clear from within the browser itself, or you can go through your phone’s Settings app.

To clear while in the Samsung Internet browser app, first tap the Options button in the bottom right corner represented by three horizontal lines, then Settings, scroll down to and tap Personal Data, then tap Delete browsing data to get a menu of options to delete. You can clear your Browsing history, Cookies and site data, Cached images and files, Passwords and Autofill forms in any combination. After tapping Delete data, you’ll then receive a prompt asking for you to confirm your choices before deleting.

Going through the browser app itself provides the most customization of what you want to delete. However, if you want to access similar options from your phone’s settings menu, open the Settings app and tap on Apps, then scroll down to and tap Samsung Internet and then Storage. 

At the bottom of Storage, you get separate options to Clear cache and Clear data. Tapping Clear cache will immediately delete the cache, but Clear data brings up a prompt that warns you that all of the application’s data will be deleted permanently, including files, settings, accounts and databases. While it doesn’t specify cookies, this “going nuclear” approach should zap all remaining data, letting you restart the Samsung Internet browser as if it were brand-new.

Read more: Change These Android Settings to Get the Most Out of Your Phone

Mozilla Firefox

Much as with Google Chrome, you can clear the cookies and cache from within the Mozilla Firefox Android app. To access this function, tap the More button on the right of the address bar, again symbolized by three vertically aligned dots. Then tap Settings and scroll down to Delete browsing data. 

Of the three browsers we’re discussing here, Firefox gives you the most options under the Delete browsing data menu, allowing you to also delete any existing Open tabs, your Browsing history and site data, Site permissions and even your Downloads folder alongside Cookies and Cached images and files. 

While you can’t pick a time range as you can for Chrome, you can be more specific regarding what type of data you would like to remove.

Read more: Browser Privacy Settings to Change ASAP in Firefox, Chrome and Safari 

And Firefox has an additional option for those who never want to keep their browsing data after they’re done using the app. Inside of Settings is a Delete browsing data on quit option, which instructs Firefox to wipe any combination of these same settings every time you quit the application. It’s a useful feature if you’d like to keep the browser tidy and, say, avoid accidentally handing off your browser history to someone who may have stolen or otherwise gained access to your phone.

For more, check out everything to know about Google’s new operating system, Android 12, including how to check when your phone will get the update and how to download. Also, take a look at CNET’s list of the best Android apps. 

How often do you clear your browser’s cache and cookies? And do you have a favorite Android browser that should get added to this Tech Tip? Tell us in the comments.

New laws allow Australia’s eSafety Commissioner to compel platforms such as Twitter, Facebook, and Instagram to remove “cyber‑abuse material” within 24 hours, or face a hefty fine. It’s a second avenue of recourse for those dissatisfied with the platforms’ moderation policies.

Described by government officials as a “world first cyber-abuse take-down scheme to protect adults,” the amendments to Australia’s Online Safety Act came into effect on Sunday after being passed by the Australian Senate last June. Under this new legislation, the eSafety Commissioner can issue a removal notice to a platform if they don’t take down a post within 48 hours of receiving a complaint about it.

This doesn’t mean Aussies can run to the government about every single tweet they find objectionable, though. The offending posts must be “menacing, harassing or offensive,” as well as likely intended to cause “serious harm to a particular Australian adult.” This means that mere hurt feelings won’t suffice, and that posts targeting characteristics such as race or gender won’t fall under this law.

The eSafety Commissioner noted the criteria for determining what falls under “cyber‑abuse material targeted at the Australian adult” has intentionally been set high “to ensure it does not stifle freedom of speech.”

“These new laws…. place Australia at the international forefront in the fight against online abuse and harm – providing additional protections for Australians in the fight against online harms through our approach of prevention, protection, and proactive change in the online space,” said eSafety Commissioner Julie Inman Grant.

If a company refuses a request to take down a post, they may be fined up to $AU555,000. If they repeatedly refuse, the consequences can be more severe.

“Under these new laws, if websites or apps systematically ignore take down notices from eSafety for this type of content, they could see their sites delinked from search engines or their apps removed from app stores,” said Australian minister Paul Fletcher’s office in a media release last December.

Mashable has reached out to Facebook and Twitter for comment.

“The internet has brought immense advantages, but also new risks, and Australians rightly expect the big tech companies to do more to make their products safer for users,” Fletcher said on Sunday.

SAVE 76%: Ivacy VPN is one of the best services for unlocking top streaming sites. A one-year subscription to Ivacy VPN is on sale for £1.91 per month as of Jan. 16 — saving you 76% for a limited time.

---

Whether you’re looking to protect your online data or access top streaming sites from around the world, Ivacy VPN should be something to seriously consider. It’s an impressive VPN with a wide range of user-friendly features for security and streaming.

Users get malware protection, unlimited bandwidth, high speed downloading, P2P support, and 10 simultaneous connections. Ivacy VPN also provides access to thousands of secure servers located all around the world. It’s this feature that makes Ivacy VPN such a strong option for streaming.

Selecting the right plan for you can be complicated, so we’ve lined up everything on offer from Ivacy VPN:

A five-year subscription represents a big commitment, but this works out at just £44 — significantly less than some one-year deals from other top VPNs. The fact that five-year subscriptions also come with a free password manager makes this plan even more appealing.

Bag one of the best VPN deals from Ivacy VPN.

TL;DR: A lifetime subscription to BelkaVPN is on sale for £29.61, saving you 94% on list price.

---

Any time you enter your credit card information on the internet, you’re putting yourself at risk. The same goes for other private data, like your home address or company passwords. Hackers, trackers, and other nefarious internet abusers are lurking around corners, waiting to make their move. But a VPN acts as a shield, stopping them in their tracks.

If you haven’t equipped yourself with a VPN, there’s no time like the present. For a limited time, you can snag a lifetime subscription to BelkaVPN — a trusted VPN with 4.1 stars on Google Play and 4.2 on Trustpilot — for under £30.

BelkaVPN uses virtual military-grade encryption to route all of your vulnerable internet activity through a private, secure tunnel. You can access over 120 servers in over 25 locations globally, which essentially disguises your true location and keeps you completely anonymous on the web. This is especially helpful when you’re logged on to public WiFi networks, like at a coffee shop or the airport.

There are no speed or bandwidth limits and you can surf on a variety of VPN protocols, including OpenVPN, L2TP/IPSec, Socks5, and WireGuard. Plus, you can access streaming sites like Hulu, Amazon Prime, BBC iPlayer, HBO, and ESBC without geographical restrictions. So, you can finally watch all the shows Netflix won’t let Americans binge-watch. And if for some reason your connection is dropped, a kill switch will ensure your connection is terminated before being left vulnerable.

With a CleanWeb feature blocking ads, trackers, and malware, and the ability to connect up 10 different devices simultaneously, BelkaVPN is capable of keeping you safe from all angles. And the 24/7 customer support is just a bonus.

While it’s valued at £532, you can save hundreds of pounds and get a lifetime of protection on the web for only £29.61.