今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#privacy

找到 129 篇相关文章

AI 资讯

I almost leaked a customer's data while screen-sharing ChatGPT — here's what I built to stop it

A few weeks ago I was on a call sharing my screen, walking a teammate through a prompt I'd been iterating on in ChatGPT. Mid-sentence I scrolled up — and there, three messages back, was a chunk of a customer's data I'd pasted in earlier to debug something. Real email, real account info, sitting right there on a shared screen. Nobody said anything. Maybe nobody noticed. But I noticed, and I spent the rest of the call only half-present, trying to remember everything else still in that thread. If you live in ChatGPT all day, you already know the problem. The thread is your scratchpad. You paste logs, keys, customer rows, half-finished internal docs — things you'd never put in a doc you planned to share. And then someone says "can you share your screen real quick" and suddenly your scratchpad is a presentation. Why the usual advice doesn't work The standard answers are all some version of "be careful": Open a clean tab before sharing. Scroll to the top. Use a separate "demo" account. These fail for the same reason all manual checklists fail under pressure: the moment you actually need them is the moment you're distracted, talking, and not thinking about hygiene. You remember after . The fix has to happen before the screen goes live, and it has to require zero discipline in the moment. What I wanted instead I wanted something that just sat there and blurred sensitive parts of a page automatically, so that even if I forgot, the leak couldn't happen. A few requirements: Local only. Whatever it does, it never sends page content anywhere. A privacy tool that phones home is a contradiction. Before, not after. It blurs while the page renders, not after I've already exposed it. Per-element, not whole-screen. A full black box is useless for a demo. I still need to show the working parts. The interesting technical bit The naive approach is to listen for some "I'm sharing now" signal and react. That's too late — there's a visible frame where the data is exposed before the blur kic

2026-06-05 原文 →
AI 资讯

I built a Brave debloater that refuses to brick your browser

(yes, its open source. link at the bottom, if u want to skip ahead!) Most "debloat scripts" are a pile of registry edits you run as admin and pray. No preview, no undo, and half of them happily disable Safe Browsing or updates for "performance." For your browser, the most security-sensitive app you run, that's reckless. So I built BraveDebloater with one rule: never make Brave less safe. It clears out the noise like Rewards, Wallet, VPN nags, Leo AI prompts, News, and telemetry such as P3A, Web Discovery, and Chromium metrics. But it flat-out refuses to disable Shields, weaken Safe Browsing, turn off updates, or touch your hosts file. That isn't a README promise. It's enforced in the tool itself. A few things that make it trustworthy: Dry-run by default. Nothing changes until you explicitly apply. Official Brave/Chromium enterprise policies, so every change is visible and auditable in brave://policy instead of hidden. Automatic backups before any change, written safely so you never end up with a corrupted file. Validated restore that checks the backup before writing anything and only touches Brave's own policy and profile files. Doctor mode, a read-only health check of your current policy state with no writes. It's MIT-licensed, PowerShell 5.1 compatible, and has a few beginner-friendly issues open. If you care about privacy or Windows tooling, I'd love a star and a PR. Check it out at: https://github.com/osfv/BraveDebloater

2026-06-04 原文 →
AI 资讯

PewDiePie built an open-source AI workspace, and the point is bigger than the hype

PewDiePie launching an open-source AI project sounds like one of those internet headlines you have to read twice. But it is real. Felix Kjellberg, better known as PewDiePie, has released a project called Odysseus through the GitHub account pewdiepie-archdaemon. The repo describes it as a self-hosted AI workspace, and the pitch is simple: give people something that feels closer to ChatGPT or Claude, but runs under their control. That is the part that makes this more interesting than a celebrity side project. Odysseus is not just another chatbot wrapper. It is a statement about where personal AI could go if users start caring less about convenience and more about ownership. What is Odysseus? Odysseus is a free, open-source, self-hosted AI workspace. The project says it is meant to recreate the web UI experience people get from ChatGPT and Claude, but with a local-first and privacy-first approach. In the README, the project describes itself as running on your own hardware, with your own data, and “no trojan.” The landing page calls it “A Self-Hosted AI Workspace.” The GitHub repo is licensed under MIT, which means people can inspect it, run it, modify it, and build on top of it. As of June 4, 2026, the repo had more than 44,000 GitHub stars. That is a massive amount of attention for a project that was created on May 31, 2026. Some of that is obviously PewDiePie's name. But the reaction also says something about the moment we are in: people want AI tools, but they are increasingly uncomfortable with how much those tools depend on cloud platforms and private company servers. Why did PewDiePie build it? The short version: control. In his launch video, titled “MY trillion $Dollar Project is finally OUT!”, PewDiePie presents Odysseus as an alternative to the big AI platforms people already use. Coverage from Gizmodo quotes him promising “no tracking, no subscriptions, no funny business. It's yours and yours forever.” The Business Standard also framed the launch around a pus

2026-06-04 原文 →
AI 资讯

The SMS Verification Market is Bigger Than Most People Realise: Data from 67,000+ Virtual Phone Numbers

We run Quackr, a virtual phone number platform that lets developers and individuals receive SMS verifications without exposing a real number. We just published our first inventory transparency report and the data was surprising enough that we thought the dev community would find it useful. The Numbers Right now, 97.6% of our entire virtual phone number inventory is actively rented. 66,214 out of 67,815 numbers assigned and in use across 15+ countries. Over 1,000 numbers available at any given moment but they move fast. That utilisation rate tells you something about how the market has shifted. Virtual numbers are no longer a niche throwaway tool. Developers, businesses, and privacy-conscious users are holding them long term. What Developers Actually Use Virtual Numbers For The obvious use case is SMS verification during testing. Spin up a number, verify an account in staging, move on. But that is not what drives the bulk of demand on our platform. The real volume comes from: Multi-account management — developers and businesses running multiple instances of platforms that require unique phone verification per account. Privacy layers in production apps — applications that need to verify users without collecting their real numbers. A virtual number sits between the user and the platform. Automated verification pipelines — this is where our API and MCP Server come in. If you need to provision numbers programmatically and retrieve OTPs without manual intervention, this is the use case we built for. Geographic flexibility — needing a UK number from Australia, a US number from Ukraine, or any combination that your real SIM cannot provide. The OTP Blocking Problem Something worth knowing if you are building anything that involves SMS verification: platform-level VoIP blocking has become significantly more aggressive over the past two years. WhatsApp, Telegram, Google, and TikTok all run detection on incoming verification requests. A VoIP number gets flagged and the OTP simp

2026-06-03 原文 →
AI 资讯

Why I Built a Dev Tool That Refuses to Connect to the Internet

Most developer tools in 2026 want your data. They want you to create an account, sync to the cloud, share analytics, and join a team plan. Every new tool is another service that knows what you are working on. I wanted something different. CodeFootprint CodeFootprint is a Mac app that tracks file changes in your project folders. It records every edit with full diff, every deletion with recoverable content, and precise timelines for everything. And it does all of this without ever connecting to the internet. How It Works Select a folder to monitor Code as normal — CodeFootprint records in the background Open it anytime to see what changed, when, and how Export change traces to share with AI tools for debugging The Design Decision I made a deliberate choice: no accounts, no cloud, no telemetry, no data leaving your machine. Not because cloud is bad, but because your project files are some of the most sensitive data you own. Your code, your configs, your unpublished work — a file change tracker sees all of it. A tool that watches everything you change should be trustworthy by design, not by promise. For Developers Who Use AI Tools If you work with multiple AI coding tools, CodeFootprint gives you something valuable: a shared context you can export. Instead of manually explaining to each new AI tool what happened in your project, you hand it a trace file and say "here is the history." Available Now CodeFootprint is on the Mac App Store . No account needed. No internet required. Your files stay on your machine. More convenience. More protection. More peace of mind.

2026-06-03 原文 →
AI 资讯

ChatGPT for Sheets Has 4M Installations. It's Leaking Data to OpenAI.

A Google Sheets add-on with 4 million installs has been silently sending your spreadsheet cell data to OpenAI. Hacker News discovered this 9 days ago, when a PromptArmor security report went viral. Last night — when any normal HN story would be decaying into oblivion — it exploded a second time, gaining 59 points and 23.9% in a single day. I track Hacker News every day. I've seen 518 posts come and go over 319 days of systematic monitoring. Most stories follow a predictable death curve: peak on Day 1, bleed points for 2–3 days, then vanish from the Algolia search layer entirely. A post that survives 5 days is exceptional. One that accelerates on Day 9 is something else entirely. Here's the trajectory: 104 → 106 → 148 → 199 → 219 → 247 → (gap) → (gap) → 306 points. Over 9 days, that's a +194.2% total gain. But the real story is the shape of the curve. From Day 5 to Day 6, it added 20 points. From Day 6 to Day 7, roughly 28. Then on Day 9, it jumped 59 points — a single-day increment that's 2–3x the earlier daily gains. 109 comments and counting. This isn't normal HN physics. This is a second wave of attention — the kind that happens when a story percolates through social media and circles back to the search layer with amplified urgency. People didn't just read this and move on. They came back. The vulnerability itself is brutally simple: ChatGPT for Google Sheets, a popular add-on that lets you use GPT inside spreadsheets, sends cell contents to OpenAI as part of every API call. The PromptArmor research documented specific data flows — workbook data that users never intended to share, flowing to OpenAI's servers as part of "context." No breach required. No malicious actor. Just the plugin working as designed, with a data-sharing envelope nobody bothered to read. I've spent 319 days cataloging every AI security signal that hits HN's front page. Patterns emerge when you watch this long. The data is unambiguous: application-layer AI security is the most underserved mark

2026-06-02 原文 →
AI 资讯

Notes on Federated Learning and Differential Privacy

Notes on Federated Learning and Differential Privacy 2026-05-31 · privacy-preserving ML Working notes on building federated learning (FL) from scratch, what actually breaks under Non-IID data, and how differential privacy (DP) and secure aggregation fit on top — including the honest negative results that the marketing slides leave out. They follow the implementation in federated-learning-lab (FedAvg / FedProx / SCAFFOLD, DP-SGD, secure aggregation; 33/33 tests, literature cross-validated). 1. What federated learning actually is The data never moves. Instead of pooling everyone's data on one server, each client trains locally and sends model updates to a server that aggregates them. The canonical loop ( FedAvg ) is: Server broadcasts the global model. Each client does a few local SGD epochs on its own data. Each client sends back its updated weights. Server averages the weights (weighted by client data size) → new global model. That's it. The elegance is that raw data stays on-device; the difficulty is that the clients' data distributions are not identical. 2. The Non-IID problem (where FedAvg starts to hurt) FedAvg implicitly assumes every client sees roughly the same distribution. Real clients don't — one hospital sees different cases than another, one phone's keyboard sees different language. Under Non-IID data, each client's local optimum pulls in a different direction, so averaging their updates produces client drift : the global model lands somewhere none of them wanted. Two well-known fixes, both implemented and measured in the lab: FedProx — add a proximal term that penalises drifting too far from the global model. Stabilises training when clients are heterogeneous. SCAFFOLD — track control variates (correction terms) that estimate and subtract the drift direction. More state to communicate, but corrects the bias FedProx only damps. The honest finding worth repeating: on a strongly Non-IID split (e.g. label-skewed MNIST), the fancy methods don't always beat p

2026-05-31 原文 →
AI 资讯

How to not Lose $500M via API Bills: Run Private AI for 100 Engineers Under $1 Million

Last week a company nobody can name spent $500 million in a single month on Anthropic's Claude API. Not $500K. Not $5M. Half a billion dollars. In one month. Because nobody set a spending limit. Uber burned through its entire 2026 AI coding budget by April . Four months into the year, done. Microsoft quietly cancelled its internal Claude Code licenses and told engineers to go back to GitHub Copilot. All three stories broke within days of each other, and they all point to the same thing. Token-based billing, when given to an ungoverned team, is a financial weapon pointed at your own company. Every prompt, every context window, every agentic loop gets billed. An engineer running Claude Code seriously can rack up $500 to $2,000 a month just by doing their job well. The answer is not stricter policies. The answer is owning the infrastructure and making tokens free. This article breaks down exactly how to do that for a 100-person engineering team for under $1 million, with real 2026 hardware prices and honest tradeoffs. The Root Problem: You Are Renting the Meter When your team uses Claude Code or any external AI API, you do not own anything. You rent compute by the token. The model is not yours. The data leaves your building on every single request. The bill scales with how well your engineers actually use the tool. That last part is the trap. The better your engineers get at using AI, the more it costs you. Uber's Claude Code adoption jumped from 32% to 84% of their 5,000-person engineering org. That is a success story that turned into a budget crisis. Owning the infrastructure flips this completely. The better your engineers get at using AI, the more value you extract from hardware you already paid for. The Solution: Private On-Premise AI The setup is straightforward: Buy GPU server hardware once Download a state-of-the-art open-source model (free) Run an inference server that speaks the OpenAI API format Point Claude Code, Cursor, or any agent at your local endpoint

2026-05-30 原文 →
产品设计

Trump’s mass deportations are only possible with racial profiling

Border security czar Tom Homan keeps threatening to "flood" New York City with ICE agents. But a new investigation shows that ICE has been quietly ramping up arrests in the New York area already - and disproportionately targeting Latino neighborhoods. The City, a local nonprofit news organization, found 430 street arrests in the metropolitan area […]

2026-05-29 原文 →
AI 资讯

How I Protected My Inbox from Spam Bots While Building Landing Pages

As developers, indie hackers, and solo founders, we launch numerous static sites, minimal landing pages, and open-source project documentation blocks. Every single one of these deployments shares a universal prerequisite: a reliable path to gather raw incoming user feedback, inbound sales leads, or bug reports. The traditional path of least resistance has long been to embed a hardcoded HTML <form> inside our page, or worse, expose a standard mailto: link. However, we all know what happens next. Within hours of your app hitting public hosting servers or GitHub, automated asynchronous spam bots find your raw source code, harvest your personal email address, and turn your inbox into a living nightmare. I used to spend hours configuring captchas, writing honey-pot filters, or spinning up custom Serverless Lambda routines just to secure a simple contact form. Eventually, I realized I was fighting the wrong battle. The best way to protect your inbox isn't to build a better shield around your frontend form; it's to remove the form from your code entirely. That is why I built FormCrab.com . 🦀 The Problem: Why Client-Side Forms are a Risk When you embed a custom form or mailto link into your landing page, you are effectively publishing your communication architecture to the world. Spam bots don't even need to render your page anymore; they use basic regex scrapers to crawl through millions of raw static HTML repositories looking for keywords like type="email" or action="..." . Once your endpoint or raw email identity is captured, it is added to bulk programmatic marketing lists. The Trade-Off We All Hate: Option A: Spin Up a Custom Backend. Configuring an Express or Spring Boot API routing layer solely to act as an authenticated SMTP relay. This adds infrastructural complexity and database burdens to what should be a 15-minute frontend project. Option B: Use Form Backends. Even if you use a standard form endpoint handler, you still have to code the frontend UI, handle valida

2026-05-29 原文 →