Silent Mode Cafe
Welcome to Silent Mode Cafe, the podcast where we translate the digital realm into plain English. From data privacy and basic internet security to smart home gadgets and the latest AI developments, we serve up tech insights with a side of caffeine.
Silent Mode Cafe
Are Devices Spying On You? Find Out Now
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
https://tinyurl.com/2br89jv4
A stranger calls with your child’s voice. A five-star page sells a product that never ships. Your smart speaker hears a command you didn’t. We pull back the curtain on how AI turbocharges old scams and introduces new ones—then map out the simple defenses that actually work.
We start with the most emotional con: deepfake kidnappings and voice clone frauds that need just seconds of audio to sound convincing. We share the one habit that stops panic payments—a family passcode—and the callback rule that forces verification. From there we examine AI-powered phishing that mirrors your writing style, holiday “too good to be true” deals, and the rise of fake storefronts and synthetic reviews. The rule of thumb is clear: go direct to the site or app, treat urgency as a red flag, and weigh reviews for human detail, not star counts.
On the home front, we dig into hidden and ultrasonic commands that can trigger smart assistants. The fix is practical: disable voice purchasing, keep speakers away from locks and garages, and audit your connected skills. We also tackle QR code overlays at meters and restaurants, the spike in delivery text scams, and teen-targeted face-swap sextortion—why open conversations and quick reporting matter more than perfect controls. Finally, we explore metadata and inference risks in AI chat tools. Even with encryption, patterns can leak context, so we outline redaction and obfuscation tactics and when to avoid sharing sensitive data altogether.
If you found this helpful, follow the show, share it with a friend who needs a security reset, and leave a quick review to help more people stay safe online. What’s the first setting you’ll turn off today?
Welcome And What’s At Risk
SPEAKER_00Hey guys, welcome back to Silent Mode Cafe. Quick question for you. Do you ever get that feeling like that phone is listening to you? What do you think, Vivek? Do you get that feeling sometimes?
SPEAKER_03Well, you know, this is Silent Mode Cafe, and we're two security geeks. Um just trying to decode the noise. What's real, what's not, uh, what's the hype and what actually puts uh your data at risk.
SPEAKER_00You know, um, it's it it there's so much going on. What we're trying to do is really just focus it just on the things that you need to know. Uh, a little bit of what we're doing is bringing a lot of information out there that sometimes seems like doomsday information. Um, and we're trying to repackage it in a way where it's consumable and just to heighten everyone's awareness that there is a boatload of stuff that is happening every day that's impacting our personal data security as well as um just just industry trends happening around security and specifically AI. Right.
SPEAKER_03Yeah, and and to uh to your earlier point about is the phone listening to you? The funny thing is it's not even your phone. It's your fridge, your doorbell, your calendar, your data. Like everything's at risk.
SPEAKER_00Yeah, exactly. So, you know, let's uh on that note, uh we have a lot going on. Let's go ahead and jump into it.
SPEAKER_03Sure.
Deepfake Kidnapping And Family Passcodes
SPEAKER_03So I think one of the first things we want to talk about is uh deep fake uh kidnappings and the emergency call scams continue to surge uh thanks to uh tools uh which allow it to make it easier to do that. Um so police departments across the country are reporting multiple cases in the rise of AI-generated voice calls mimicking family members in distress. Something like mom, I need your help, or dad, I need your help. We've uh talked about this in our early.
SPEAKER_00I was gonna say, I think we talked about this, and we you had a pretty cool idea. Um and and now I think it's being adopted. Not not your idea specifically, but that idea is being adopted. That idea, it just makes sense. Um, and it's just create a family passcode um for emergencies, right? And yeah, and and have that secret word or secret code or color or visual or whatever you want to do um to to test. Hey, in case of an emergency, start with this or do this. Otherwise, I'm not gonna believe you, son.
SPEAKER_03I mean, criminals now only need three seconds. That's it, three seconds of someone's voice, uh, whether it's from TikTok, Instagram, YouTube.
SPEAKER_00Um and the In this day and age, you can just get that everyone, anyone's voice you want, just about anywhere with social media.
SPEAKER_03And then, you know, scams are realistic enough that parents panic and send money. Yes. Then older adults are always highly targeted because they answer unknown calls. Like whenever Salah
AI Phishing That Mimics Your Writing
SPEAKER_03calls me and goes to voicemail. I don't know why.
SPEAKER_00Yeah. Well, it's not always calls. Like the interesting thing that's happening now is AI-generated phishing emails are becoming so sophisticated that before it used to be the prints of whatever. Okay. Um, and now it's this highly sophisticated email. And a matter of fact, there's no more like I'm gonna check for bad grammar or or I'm gonna check for the for the link. All that is actually can be recreated and is being recreated, and AI is mimicking even. Uh, if it got a hold of any of your previous conversations or writing or company stuff, it can just mimic that writing style. It's getting really advanced. So, you know, and this is you know, that this to me is really concerning because I think, you know, I'm my mom in her 70s is opening up emails, and once in a while she sees a great email, and I said, Look, the the the news I just gave her recently is look, there's no such thing as an urgent email. Ignore any urgency in emails. If the deal looks really good, like if you're getting a 50, 60, 70% off on this season's whatever, um, go directly to the website and see if it's real, right? Um and at the end of the day, these phishing attacks are gonna do two things. They're either gonna drop some malware on your device, some viruses, um, or they're they're going to steal your credentials, right? They say, oh, okay, for you to apply this 75% off discount, put in your password for Nordstrom. For this, yeah, or uh or give us a T T or your bank or PayPal or you know, all the good stuff. It's getting really sophisticated, Vivek.
SPEAKER_03And especially with the holiday season coming in, right? And then there's the whole thing about parents and grandparents being targeted by AI voice clone frauds. So they're using AI voice clones to impersonate grandkids or adult children asking for help and money.
SPEAKER_02Yeah.
SPEAKER_03Similar to the lines which we talked about earlier about kidnapping and that this is like um this is more of how they're doing it, I guess. There's how they're doing it. And there have been so many cases where elderly victims are losing thousands instantly. Um and the voice clones are nearly perfect with the tone, breathing, emotion. Um and and social media posts fuel these scams too. So it's um that's actually getting concerning, you know.
SPEAKER_00It kind of is, isn't it? You know, the first thought I get I had when I first saw um the AI impersonation, because it didn't start out as a hack, right? I mean, it probably did, who knows? But meaning the my first time seeing this, Vivek, was was kind of just doom scrolling on social media, and I see what's clearly an AI version of some influencer I follow or whatever. And my first thought is how quickly can I replicate this? Like, how can I quickly find an AI
Voice Clone Frauds Targeting Seniors
SPEAKER_00app that can do this with my voice, with my you know, face, etc. Um, and it it's kind of a fun thing. Maybe we should show people how to do this because I mean it feels like it's something everyone needs to know how to do at this point. But look, say I, you know, how do you um how do you combat this though? Coming back to this real security issue of there's always the social piece of it.
SPEAKER_03Teach your older relatives about voice scams. Uh establish a callback rule.
unknownYeah.
SPEAKER_03I know you're getting kidnapped, but you know.
SPEAKER_00Yeah.
SPEAKER_01Call back later.
SPEAKER_00I wonder if what you do is create that situation and show them. Like, meaning go to one of these cloning sites. Everything from even Grok can do it for me now, right? Upload your picture, do a cameo of yourself, Sora can do this, multiple, and just have it say, hey, mom, please give me money. I'm in serious trouble. Um, and then show your mom or show your grandma or show, you know, show them how this can be easily replicated with your voice. And and just to desensitize them from the shock of holy cow, this is the new era we're living in, right?
SPEAKER_03My concern to that approach, though, is you're giving that impersonation to an AI system.
SPEAKER_00I think that ship has sailed. Like everyone now has uploaded an image of themselves. Everyone now can use everything from an open AI like Sora to a meta app or a Grok or you right? They they all have upload your picture and create a cameo function now. They all do. So you gotta do it. I think you gotta it's one of those things that you just have to embrace. Yeah, I guess it is what it is.
SPEAKER_01It's uh it's a brave new world, you know? Yeah. Wanna talk about shopping? Let's talk about shopping.
SPEAKER_00The tis the season. Yes. So similarly, um, what's going on are AI tools are being used to generate fake product reviews um and uh scam shopping websites, right? So it's kind of amazing. We were we were, you know, we were chatting about this last time, and we were wondering how far are these uh threats going to go. And all these things that you and I had thought about, discussed over the past weeks, months, etc. are being done to the T. Which goes to show that their innovation is moving so damn quick. Like these cyber criminals out there's innovation is moving so fast. So look, the reality is consumers are getting tricked into buying from fake stores. So think of your s favorite website or social media application that you're getting. Oh, now buy this 80% discounted electric bike, most likely a fake. Um right, they're very polished, they look very professional, right? Um, and they're they're they're fake. Uh many of them are. So only buy from verified sellers. I know you, you know, this is probably gonna destroy the dropship industry of of all these startup influencers that have their micro stores everywhere, but you just can't trust them, honestly. Um, and nothing against them, but you know, hackers have duplicated exactly what dropship industry has been doing. So therefore, now, you know, any Joe Blow can say, hey, I just acquired 200 e-bikes for half the price, and I'm passing this discount to you, and you can't trust it. You have to go to the actual e-bike website now um and buy it at full price. No more Timo airdrops.
SPEAKER_03I mean, there's uh I mean even Amazon was impacted heavily, right? Previously it was uh fake goods being sold in their marketplace. Yeah. Especially perfumes, right? And cosmetics. And then um a lot of people have been saying that a lot of product reviews on Amazon are up for like are questioning it because of this. Yeah, I bet. Because a lot of yeah, the reviews seem to be AI generated, especially with merchants who want to be a number one seller. Like, you know, for some things. So you're telling me I can't trust the 500 reviews at five stars? Damn it. With a grain of uh with a lot of grain of salt. Brine water? Maybe a lot of brine.
SPEAKER_00That's uh that's a serious
Fake Reviews And Scam Shopping Sites
SPEAKER_00grain there. So tell me, man, look, this is the season for shopping, but it's also the season for traveling.
SPEAKER_03And and customer support queries.
SPEAKER_00Customer support queries. So what's happening there?
SPEAKER_03So uh so scammers are launching fake customer support chatbots trained to imitate real companies.
SPEAKER_02No way.
SPEAKER_03So consumers searching for things like Delta support or Chase support are tricked into giving information to scammers. Because you have AI chatbots now trying to support you. So the bots ask for login codes, social security numbers, etc. So the key takeaway is as always, what you were saying before, drum roll is go to the official website.
SPEAKER_00Go to the official website. You know, that's interesting. Many companies are struggling to deploy their AI chatbots for support and better service. And now you've got a host of bad actors out there.
SPEAKER_03Maybe they should contract them to create the chatbot for those companies.
SPEAKER_00Because their engineering departments are slow. You know, or or just call Vivek. Call Vivek at Silent Mode Cafe who'll implement it for you. Not the bad actors, I mean the companies who are the bad actors. Oh my goodness, man.
SPEAKER_03Yeah. So please uh please uh go to the official website and real support reps never ask for verification codes. That's yes and no, because sometimes they do. If you're with a bank, they say we're sending you a text code, you gotta tell us. But then you have your mobile phone that.
SPEAKER_01So it could be they ask for verification.
SPEAKER_00So this this next topic, Vivek, is not necessarily AI focused, but it is kind of uh, I feel like tricking many of your AI home devices or just home smart devices.
SPEAKER_03Something we discussed also in some of our previous ago. It's all coming back.
SPEAKER_00All coming back. But you know what? And and and folks, that's what you'll notice. Maybe in the first few episodes, you said, oh my God, this world is so complicated. But hopefully, what you're starting to realize over the dozens of episodes that we've had now, I believe, is that some of the stuff is the same tool that is being used and they're just applying it towards something new. Okay. Um, and some of this stuff just is being replicated. So for instance, a while ago, I forgot how a while ago it was, Vivian. Oh, it's two months. Three to four months ago, right? So what what's happening is security researchers found how smart assistants, such as your Alexa, your Google Home, your Ring, etc. Not just limited to those. That's just examples. Um can be manipulated by hidden messages through either ultrasonic sounds or embedded commands to unlock your front door, to make purchases, access data like your calendar, possibly your email, whatever you have integrated into these devices. Right? Um, so it's pretty interesting. Wow.
SPEAKER_03This is fascinating.
SPEAKER_00This is a really fascinating world.
SPEAKER_03This is a really Ultrasonic with ultrasonic world.
SPEAKER_00Ultrasonic or embedded commands. Probably the embedded commands, in my opinion, will probably be more of the widely used. Uh, because it's easier to replicate just having your fame your favorite AI app do it, as giving you hints on how to do this or how it can happen. But the the ultrasonic,
Bogus Support Chatbots And Verification Codes
SPEAKER_00you need some specialized equipment for it.
SPEAKER_03This isn't insider information kind of stuff.
SPEAKER_00This is insider information. This is security researcher stuff.
SPEAKER_03Yeah, but only if someone who worked in the company would know those ultrasonic commands to open or close or whatever, right?
SPEAKER_01Matt, you know what this reminds me of. And somehow that information got out.
SPEAKER_00This is like um goodness, I've just blanked on what it was called. What was the phone sounds that people would make to unlock log?
SPEAKER_03Oh, yeah, for rotary phones, you're showing on these now. For modems? Yeah, yeah, yeah. For international calls?
SPEAKER_00Freaking? I'm forgetting what it's called. Yeah, I think it was called freaking. So what it was back in the day, folks, this was back at before modems. How do you hack your the how do you hack the system on the back end that's accepting the phone calls? So back in the day, there was four commands, phone commands based on sequences and sounds that would unlock some features, functions like long distance, right? Um, and other things.
SPEAKER_03Okay, let's just long distance was super expensive.
SPEAKER_00So it was long distance was really expensive. So if you wanted to call someone back in the day, like that was on the other side of the state or another or another side of the country or another country, you could be racking up like a $20 call, right? So people were hacking their way around doing this thing called freaking. Well, they would replicate the sound frequencies to unlock certain functionality. Well, that's exactly what's going on in modern day um uh smart home devices and they're doing things. Yeah, and they're unlocking your front door. They're unlocking access to sensitive uh data that you might have in a wow. Yeah.
SPEAKER_03Which uh yeah, which is it's fascinating. That's why I'm like, this has to be insider. Like it has to come out from the inside out.
SPEAKER_00I think I think you should, I in my opinion, folks, look, I know, I know it's uh um convenient, but a couple of things you should never do. You should never integrate your smart device with purchasing. You never want to be able to purchase off your smart device. Yes. Just to save yourself from the drunken moments or the kids accidentally, or some your brother-in-law just trying to be funny when they come visit you, or whatever it is, right? People can you you want to turn that function off. So you can only do it, right? Right. Another thing that you should do is turn off smart devices being able to control your home security. Yes. Well that separate them, and like your your your smart device should not be able to unlock your front door. Or your fridge.
SPEAKER_03Or your refrigerator.
SPEAKER_00Well, I mean less of a security issue, like, hey, you know, Alexa, turn on the lights in my office, turn on my TV, whatever. Yeah, don't but
Hidden Commands For Smart Home Devices
SPEAKER_00turn don't have it integrated with your garage door. Don't have it integrated with your with your front door.
SPEAKER_03With your security system, yeah.
SPEAKER_00Right. Okay. We spent a lot of time on that one.
SPEAKER_03But yeah, because there's a lot of memory and most likely all the insider espionage crap that comes out. Um so much good stuff. The other one, which is a very common way of doing it, is QR code scams. Uh they're rising in parking lots and restaurants, so when you have to pay, you have this wonderful poll with a QR code on it. It might be a case where criminals are placing fraudulent QR stickers over legitimate ones, especially parking meters and menus. Uh so QR codes link to fake payment pages. Fake payment pages means you enter your credit card, which means they suddenly have your credit card. Uh and, you know, so this is hitting families, travelers, and older adults frequently. Now, the takeaway isn't don't pay the parking because you get a ticket. Because, you know, there there has to be. Um but the takeaway is, and it's kind of not a foolproof takeaway, but just a more awareness takeaway, which is check QR stick for For tampering or overlays? Which is well.
SPEAKER_00This one is hard to get around, right?
SPEAKER_03Yeah. If it's on a long time, you can see that.
SPEAKER_0090% of the time I use a QR code, though, 90% of the time I use a QR code is in public. Like at a restaurant, for instance. When I sit down, most restaurants are now scan the QR code. If someone had overlaid a sticker, which you may have thought, hey, maybe the restaurant just updated their QR code.
SPEAKER_03Yeah. The other one is type URLs manually when paying for parking, which is a pain for anyone who's decided to pay for parking. And the parking URL is like not a small URL anymore. It's a long URL.
SPEAKER_00Yeah.
SPEAKER_03Right.
SPEAKER_00That's the whole point of a QR code.
SPEAKER_03It's to nod for you to type.
SPEAKER_00It's worry about the stupid URL. Yeah. Oh my gosh. This is horrible because you know what they're doing. And when I say they, you know, everyone that's on the bad side of the world, you know, the dark side of the coin. People want to steal from you. It's getting to the point where you just can't trust anything electronic. And that's bad. If your consumer confidence goes down and their ability to shop online, which you and I both know is probably going to be like, eh, I'll risk it this time, right? Like people are still going to do it. No, I mean Black Friday, I mean, the online is crazy after a while. Like we're going to continue to do it. Like, I know that I probably shouldn't scan that QR code sitting in a restaurant because it might be blah, blah, blah.
SPEAKER_03But I'm still going to ask for a physical menu.
SPEAKER_00You can ask for a physical menu, but after once in a while, you're just going to do it. Once in a while, you're just going to take my shoes parking. You're going to, you know, we can't always be on the red pill if I do a matrix reference here. Sometimes you're just going to give in and like, you know what? I'll do, I'll take the easy route this time. I'll take the blue pill.
SPEAKER_03Is it the thing that this tastes like steak, but I know it's not steak?
SPEAKER_00Yes. Exactly.
SPEAKER_03Of course. So the third takeaway is avoid QR codes in public if possible.
SPEAKER_00Oh, come on. We just discussed how I cannot avoid QR codes in public. I like scanning my dude. One of my favorite breweries in the area, not that I drink, right? But one of my favorite breweries.
SPEAKER_03You just go for the ambience.
SPEAKER_00The chicken wings. The food skills.
SPEAKER_03Yeah.
SPEAKER_00The coolest part about it is you scan, it's associated with your table. You pick whatever you want to eat or drink, and it just comes right over to your table. You're telling me I need I like even if I ask for a physical menu, that whole experience is gone. The experience of, you know what, I like that drink. I'm gonna add another drink. I don't want to wait for the waiter to come by. I just put it, put the order in. Like I think.
SPEAKER_03I'm more annoyed about parking, man. That's what annoys me the most.
SPEAKER_00I don't care about the menu. The parking one is huge because I like you, but I wonder should look, we're getting a bit philosophical here on this thing.
SPEAKER_03On QR.
SPEAKER_00Shouldn't the onus be on the app used by the city for parking to identify that that link does not actually go, that QR code link doesn't actually go where it's supposed to go, and I'm going to block it. How will they know? It's very easy because it's a whitelist blacklist. Whitelist is the back-end link because a QR code goes to a link. Yes. Right? So they can sandbox that link and say, hey, this link doesn't match. Dude, this is like freaking web Web Security 101. They can do this in a heartbeat. A QR code is a sticker where they No, no, no. Listen, listen. I pick up my company app paid for by San Francisco. They're telling me to use this app to pay for parking. I take this app and I scan the QR code. What happens on the back end? No, but listen. But listen.
SPEAKER_03When you scan the QR code, the link comes out, and that's all you do, and you peg.
SPEAKER_00No, no, that's not no. Yes, you don't use the app. Yes, you do. You use the app. It's optional. Oh, I see what you're saying. So then just start just use the app.
SPEAKER_03Not every every corner of the city has a different app.
SPEAKER_00I know. Still goes back on the cities and the apps, in my opinion. San Francisco should have one app. Good luck. Every city should just have one app. Good luck. That's Monopoly. But no, they don't they don't necessarily have to have one app, but if they they there should be a limit to like I shouldn't go to every street, and every street has a different vendor and an app to it for me to pay for parking.
SPEAKER_03You have it, like different geographical locations or yeah.
SPEAKER_00Look, I get it for parking garages.
SPEAKER_03So street parking, huh?
SPEAKER_00Street parking is city parking. The city should have some control over it. Good luck. Right, right. All right, all right. All right. We're going way too much.
SPEAKER_03We're gonna get annoyed at San Francisco next week.
SPEAKER_00We're already annoyed at San Francisco. Don't get me started right now. All right. All right. What else? Um the look, we kind of talked about face swap scams. Um I mean, these are the first couple that we talked about how the scams, but this one is just the application of it is a little different, right? So teen focused scams using face swap apps to create misleading and inappropriate images um and extort victims. So um that that's a pretty bad thing, right? So they'll they'll take whatever bad images from bad websites, put the teens' faces on it, and then tell the teens if you don't buy me or pay for or send me, you know, money or gift cards or whatever, I'm going to release this to all your friends on social media, right? Yeah. Um really bad stuff. So um it's easy for these scammers to generate this content, uh, especially in today's world where social media is just everywhere. Look, we can't tell people to stop your kids from using social media, even though that's what I think you should do. Your teenagers should not be all over social media. If they are, they should stay private and private and only with their friends.
SPEAKER_03Which is really tough
QR Code Traps In Parking And Dining
SPEAKER_03given the social media.
SPEAKER_00But everyone wants to be an influencer, everyone wants to be the kid that goes viral, everyone wants to have the tens of thousands of followers. So I'll go back to it. You can't really ask them to, um, but they should be incredibly aware of the situation and they should know this is the kind of stuff that could happen. You know, parents have the option to turn on parent control, they have the option to turn on um uh lots of controls over the devices, internet use, etc. But to be frank, I think most parents are too lazy to do so, or they've tried and they got in fights with their kids and they gave up, or whatever it may be, right? Um sometimes it's not from a lack of effort. So not preaching here. Um but these things um are are increasing and they're going to get worse. Uh look, we're still in the dawn of this AI age. Like, this is just starting. We literally just starting. Like, imagine the dawn of electricity a hundred years ago or more now, and where we are today, well, we're really just scratching the surface of AI. So these deep fakes um really does it does impact our kids uh quite a bit. And they're they're the ones that we need to protect the most.
SPEAKER_03And yeah, um, they're also the ones that get impacted the most.
SPEAKER_00And and you know, the interesting thing about this, Vivek, is the digital world just seems a bit more benign, especially to millennials and older. You know what I mean? Because it's not as physically damaging. Like you would if your kid was going to say right now, I'm going to go to a nightclub tonight, and they're teenagers, what would you do? You would say, Who's going? You would probably attend, if not drive them, probably wait outside. You'd do so much to ensure their safety. You have to be just as active in the digital world. In the digital world, yeah. You have to be just as active. Because honestly, the damage it could do to them, unlike maybe them getting overly drunk and maybe taking a drug at a party, heaven forbid, if they go, the the stuff that could happen to them on in that digital level.
SPEAKER_03On a psychological level is horrible.
SPEAKER_00From a psychological level, everything from bullying to this new sex torture is tort I can't even freaking say sex tortin, right? Uh extortion with sex, right? Um, and the fact that you can't erase 90% of what is put on digitally. It is incredibly difficult, especially if someone saved it. Um this is a huge deal. Uh uh it's a big deal.
SPEAKER_03Which takes us to our second last topic, which is a rise in fake delivery scams. Right in time for holidays, uh AI generated text messages claiming your delivery failed, which I get all the time.
SPEAKER_00All the time. Or packages at least once a week. Once a week. At least once a week.
SPEAKER_03Yeah. And this is like one of the most prevalent ones. Please delete those messages. Uh, especially during the holidays when consumers receive a lot of uh packages. Uh like I said, Black Friday, a lot of it was online this year. People didn't go crazy in stores. Um, scammers are using AI to tailor those messages to shopping habits. Uh, and then of course, clicking the link, malware or credit card compromises. So never click delivery links and text, please. Uh track your package on the official app only. If it is FedEx, go to FedEx.com, right? If it's USPS, go to USPS.com or UPS.com. They're trying to steal, uh they're either trying to install malware on your machine or they're trying to ask you for money through a credit card saying if you, you know, if you it's held in a facility because all the shipping charges were never put through. You need to pay the difference, and that's the difference, right?
SPEAKER_01So I see.
SPEAKER_03Yeah.
SPEAKER_00And uh do you want to end it with the last topic, Salah? So this is this is a big topic, Vivek. Tell me a little more. So I've been hearing a lot about AI chat box. And and guys, we're just just so you know, we're going to get a little more technical here.
SPEAKER_03And we can we can talk about it in greater detail in in following podcasts too.
SPEAKER_00We can, but let's let's let's dive a little deeper on this one. And this does impact you as well, folks. So it is going to get a little more technical, but I think it's important. So we all know about encryption, just to baseline this conversation. Encryption is the encryption of messages going from point A to point B. We all have downloaded applications that we believe are encrypted, such as our WhatsApps and um uh you know, messengers and et cetera, right? So we know what encryption is. It just creates an encryption between to create some privacy and secrecy between conversations, right? I heard there's some encryption flaws in chatbots with the yeah.
SPEAKER_03Yeah. So the way chatbots are working is there is end-to-end encryption, which means no one the the compromise has not been in the encryption. That is someone sniffing your data between you and the chatbot. What happens is that with AI, there is something called as an inference and a context, which is enveloped in the form of a metadata. And metadata is data about the data. That's what metadata is. Oh so when I'm chatting about, say, to ChatGPT saying, look, I just got my medical records, and here is what the medical records were, and here is the blood report, etc., and I send it to ChatGPT for its inference. There is the data about the data, the metadata would say that user A, Vivek, is talking to ChatGPT and is talking about his or her medical information.
SPEAKER_00Aaron Powell So it infers that information based on some of the topics such as the metadata.
SPEAKER_03Correct. So essentially what is happening is that it's a new class of attack where it's not truly a theft or an unauthorized access, which would be if you break the encryption, but it's inference. And it's trying to infer what you are doing based upon the metadata, which is metadata is nothing else but data about the data. The best example I can give you, one of the coolest examples, is when you take a photograph on an iPhone, there's a metadata about it if you look deeper, which says this photograph was taken at this time, at this location, and this was the the the the you know the this was the color, et cetera. So it's information about the photograph, but not the photograph itself. So that is metadata.
SPEAKER_00So let me give a little more detail if you don't mind, just on metadata, because metadata, because we uh we've talked about this in the past as well, Vivek. Like, okay, WhatsApp doesn't share your data, it shares your metadata. Google doesn't share your data, it shares your metadata. So in terms of like, let's just say Vivek and I are texting, okay, it's clearly known that Vivek and I texted. Who you texted is part of the metadata.
Teen Face-Swap Sextortion Risks
SPEAKER_00When you did that in exchange in text is also metadata. How often you text is metadata. The size of the meta uh message is metadata. Your your location is metadata. Um whether it includes photos or videos is metadata, right? And then just just to add that type of information um on top of what you said.
SPEAKER_03Yes. So now there is this new class of attacks, which is inference-based attacks, which is just which is fascinating. The fact and they're calling this leak a whisper leak vulnerability, because the whisper leak is based upon an inference, which is based on a metadata. And I just find this super fascinating.
SPEAKER_00So is it just impacting one vendor or multiples?
SPEAKER_03No, I think it is its researchers are saying these are smart AI chat systems. So they really haven't said which vendors have truly got impacted.
SPEAKER_00So we don't know like my Grok or my OpenAI. Is it ChatGPT, is it GROK or Sora or whatever?
SPEAKER_03Or Claude or whatever. No, it doesn't say what they're saying is it's a new class of attack, and they're requesting providers to implement padding or metadata obsification, which is adding noise and random delays so that the inference doesn't work. So that's all on the providers. That is all on the providers from Microsoft's, Google's. The Microsoft's, the OpenAI, the Google's, the Inthropics.
SPEAKER_00So we there's really not much we could do other than possibly just not sharing sensitive information.
SPEAKER_03Yes, please don't share sensitive information, irrespective of the chat provider you're using, like social numbers, medical data, banking details.
SPEAKER_00Why would you ever share medical data, folks, or social system?
SPEAKER_03Well, there have been cases where doctors have been wrong about prognosis, and Chat GPT has been right, and these are very well documented cases. Which has saved people's lives.
SPEAKER_00So let me let me uh let me do this for you. Okay. So there's a way you could do this and still use your personal information. And here's what I suggest. Okay, download five, six images of x-rays off the internet before you upload yours and upload all of them and have Grok or or your favorite AI give you a diagnosis for all of them. You know what I mean? If you have specific question, if you want to share specific information from a healthcare perspective, give it 20 instances and let yours be
AI Delivery Text Scams And Safe Tracking
SPEAKER_00one of those instances and you get your answer. So the risk would be a bit of your own obfuscation as well.
SPEAKER_03The the issue with that is it might confuse the AI system into what truly is the prognosis going to be. Well, you that's the risk.
SPEAKER_00Look, you can't count on it to give you true prognosis.
SPEAKER_03You can count on the No, but if you're looking for an independent advice because you want to, and I believe you should. I think you absolutely should you absolutely should, because there have been significant cases where a lot of people have been misdiagnosed, and AI has become extremely good at prognosis, right?
SPEAKER_00Let's land let's sit on this and then end on this, right? Okay, let's end on this. Yeah, because we can go on and because there's just one thing that I do want to say. I always talk to whatever I use many, so I'm not gonna give one more credence than the other, but I use a lot of chatbots. And I always talk to it about here's a situation, what could have my doctor possibly missed? What questions should I ask? What should I think about? Right. Um, and it gives me all this information prior to having a conversation with my doctor. I collect this information after talking to my doctor. I go back to AI and I give it the feedback, and then I get more fe more its version of its prognosis. Obviously, it doesn't give you an actual prognosis, like Vivek said, right? But I also I obfuscate Vivek. I obfuscate because I'm I I create multiple scenarios and they're not all mine. I think to an extent you should do that. Um again, be careful how you do it, as as Vivic just mentioned, because you don't want to confuse the AI. If you upload 20 images, that might be data overload. You may have
Metadata, Inference, And Chatbot Privacy
SPEAKER_00denial service that AI, you're probably gonna get you might it might hallucinate. You confuse the AI.
SPEAKER_03That's what you're gonna do. The way I would do it is I would basically um redact a lot of my personal information. Like my name and my address and my social.
SPEAKER_00And you don't have to say I, just say a friend of mine has a weird itch.
SPEAKER_03And then and then and then you also and data birth, right? Like the AI knows who it is, they're not stupid. Right? Like, you know. I mean it's uh so so you you redact it like you do with what politicians do in Senate hearings?
SPEAKER_00Listen, folks, if you've made it this far, congratulations. Yes. You're officially more paranoid than most people, and I personally love that movie. Look, the the digital world is messy. But it doesn't mean you're powerless. Just stay curious, stay skeptical, and you know. Yeah.
SPEAKER_01And then we'll catch you next time.
SPEAKER_00When it comes to your digital world, Vivek, just stay in silent mode. Yes, and we'll catch you next time. Thank you all. Thanks.