Researchers from the Stanford Internet Observatory say that a dataset used to train AI image generation tools contains at least 1,008 validated instances of child sexual abuse material. The Stanford researchers note that the presence of CSAM in the dataset could allow AI models that were trained on the data to generate new and even realistic instances of CSAM.

LAION, the non-profit that created the dataset, told 404 Media that it "has a zero tolerance policy for illegal content and in an abundance of caution, we are temporarily taking down the LAION datasets to ensure they are safe before republishing them." The organization added that, before publishing its datasets in the first place, it created filters to detect and remove illegal content from them. However, 404 points out that LAION leaders have been aware since at least 2021 that there was a possibility of their systems picking up CSAM as they vacuumed up billions of images from the internet. 

According to previous reports, the LAION-5B dataset in question contains "millions of images of pornography, violence, child nudity, racist memes, hate symbols, copyrighted art and works scraped from private company websites." Overall, it includes more than 5 billion images and associated descriptive captions (the dataset itself doesn't include any images but rather links to scraped images and alt text). LAION founder Christoph Schuhmann said earlier this year that while he was not aware of any CSAM in the dataset, he hadn't examined the data in great depth.

It's illegal for most institutions in the US to view CSAM for verification purposes. As such, the Stanford researchers used several techniques to look for potential CSAM. According to their paper, they employed "perceptual hash‐based detection, cryptographic hash‐based detection, and nearest‐neighbors analysis leveraging the image embeddings in the dataset itself." They found 3,226 entries that contained suspected CSAM. Many of those images were confirmed as CSAM by third parties such as PhotoDNA and the Canadian Centre for Child Protection.

Stability AI founder Emad Mostaque trained Stable Diffusion using a subset of LAION-5B data. The first research version of Google's Imagen text-to-image model was trained on LAION-400M, but that was never released; Google says that none of the following iterations of Imagen use any LAION datasets. A Stability AI spokesperson told Bloomberg that it prohibits the use of its test-to-image systems for illegal purposes, such as creating or editing CSAM.“This report focuses on the LAION-5B dataset as a whole,” the spokesperson said. “Stability AI models were trained on a filtered subset of that dataset. In addition, we fine-tuned these models to mitigate residual behaviors.”

Stable Diffusion 2 (a more recent version of Stability AI's image generation tool) was trained on data that substantially filtered out 'unsafe' materials from the dataset. That, Bloomberg notes, makes it more difficult for users to generate explicit images. However, it's claimed that Stable Diffusion 1.5, which is still available on the internet, does not have the same protections. "Models based on Stable Diffusion 1.5 that have not had safety measures applied to them should be deprecated and distribution ceased where feasible," the Stanford paper's authors wrote.

Correction, 4:30PM ET: This story originally stated that Google's Imagen tool used a subset of LAION-5B data. The story has been updated to note that Imagen used LAION-400M in its first research version, but hasn't used any LAION data since then. We apologize for the error.

This article originally appeared on Engadget at https://www.engadget.com/researchers-found-child-abuse-material-in-the-largest-ai-image-generation-dataset-154006002.html?src=rss

The European Union says three porn sites are now subject to stricter rules under the Digital Services Act (DSA). The bloc has designated Pornhub, Stripchat and XVideos as "very large online platforms" (VLOPs) after determining that they each have an average of more than 45 million monthly users in the EU. As such, the three sites are subject to the same stringent rules as the likes of Facebook, Instagram, X and TikTok.

The European Commission (the EU's executive arm) says VLOPs have until February 17 to comply with the DSA's general requirements. Those include making it easy for users to flag illegal content, prioritizing reports from "trusted flaggers," providing a means of appeal for content moderation decisions, publishing an annual transparency report detailing content moderation processes and bolstering their systems to "ensure a high level of privacy, security and safety of minors."

The three porn sites also have four months to comply with additional obligations. For instance, they're required to have mitigation measures in place to prevent the spread of illegal content. This, according to the Commission, includes "child sexual abuse material and content affecting fundamental rights, such as the right to human dignity and private life in case of non-consensual sharing of intimate material online or deepfake pornography." The three sites must also offer researchers publicly available data and be subject to an annual external independent audit. The Commission says these measures will "empower and protect users online, including minors, and duly assess and mitigate any systemic risks stemming from their services."

The Commission says it will keep a close eye on the three porn sites to make sure they comply with the rules, "especially concerning the measures to protect minors from harmful content and to address the dissemination of illegal content." 

When asked for comment, Pornhub directed Engadget to a statement claiming that "as of July 31, 2023, Pornhub has 33 million average monthly recipients of the service in the European Union, calculated as an average over the period of the past six months." As such, Pornhub disputes the EU's claim that it has more that 45 million monthly users in the bloc. Engadget has also asked XVideos and Stripchat for comment.

The penalties for failing to comply with the DSA's requirements are severe. Platform holders can be fined up to six percent of their annual global revenue. The Commission may also issue penalties of up to five percent of average daily worldwide revenue for each delayed day that VLOPs fail to abide by remedies, interim measures or commitments. In extreme cases, the EC can also ask national courts to temporarily block access to a given service.

The Commission, which designated its first 19 Very Large Online Platforms and Search Engines under the DSA in April, is already holding some VLOPs to account. Earlier this week, the EU opened formal infringement proceedings into X over potential violations of the DSA. Among other things, investigators are looking into whether the platform is doing enough to mitigate risks to "civic discourse and electoral processes." They're also examining the "suspected deceptive design" of features such as paid checkmarks. In October, the EU said it was looking into Meta's and TikTok's handling of the conflict between Israel and Hamas under the DSA.

Update 12/20 8:38AM ET: Added Pornhub's statement.

This article originally appeared on Engadget at https://www.engadget.com/pornhub-and-xvideos-will-be-subject-to-the-same-strict-eu-rules-as-social-media-sites-123922469.html?src=rss

Blue Origin is taking another stab at its first launch in 15 months as New Shepard's 24th mission is scheduled to take flight on Tuesday. The company had to scrub a planned launch on Monday due to a ground system issue. Today's launch window opens at 11:37AM ET and the webcast starts 20 minutes beforehand. You can watch the launch below.

The uncrewed science mission has 33 payloads, more than half of which were developed by NASA, Blue Origin says. The other payloads are from K-12 schools, universities and STEAM-centric organizations. The manifest also includes 38,000 student postcards from the Club for the Future initiative.

The Federal Aviation Administration grounded New Shepard after an uncrewed launch attempt in September 2022 didn't go as planned. The booster failed after takeoff but it was able to separate successfully from the capsule. Although the capsule made a safe parachute landing, the booster was destroyed when it hit the ground in a designated hazard area.

This article originally appeared on Engadget at https://www.engadget.com/watch-blue-origins-first-launch-in-15-months-here-at-1137am-et-160030131.html?src=rss

Xfinity says a data breach likely led to attackers obtaining customers' usernames and hashed passwords. Other personal information may have been exposed, such as names, contact information, the last four digits of social security numbers, dates of birth and secret questions and answers. The company added that its analysis of the attack is ongoing, which may explain why it hasn't disclosed the number of customers who have been affected. Xfinity also notes that it informed law enforcement about the incident.

On October 10, Citrix disclosed a vulnerability in software that Xfinity and many other businesses use. It provided guidance on how to mitigate the vulnerability on October 23 and Xfinity said it swiftly patched the problem. However, while carrying out a routine cybersecurity check two days later, Xfinity spotted suspicious activity in its systems. It later determined that bad actors accessed its internal network between October 16 and 19.

Xfinity says it's informing customers of the incident via its website, email and by other means. It's urging them to change their passwords, to make sure they don't use the same passwords on different accounts and to enable two-factor or multi-factor authentication. Xfinity also suggested that folks who use the same login credentials on other accounts change their passwords on those.

This isn't the first security incident Xfinity has had to deal with. Back in 2018, it emerged there was a bug in a Comcast website used to activate Xfinity routers. The issue led to some customers' home addresses being exposed, along with the name and password for their Wi-Fi networks.

This article originally appeared on Engadget at https://www.engadget.com/xfinity-suffered-a-data-breach-but-doesnt-know-quite-how-bad-it-was-100711214.html?src=rss

Xfinity says a data breach likely led to attackers obtaining customers' usernames and hashed passwords. Other personal information may have been exposed, such as names, contact information, the last four digits of social security numbers, dates of birth and secret questions and answers. The company added that its analysis of the attack is ongoing, which may explain why it hasn't disclosed the number of customers who have been affected. Xfinity also notes that it informed law enforcement about the incident.

On October 10, Citrix disclosed a vulnerability in software that Xfinity and many other businesses use. It provided guidance on how to mitigate the vulnerability on October 23 and Xfinity said it swiftly patched the problem. However, while carrying out a routine cybersecurity check two days later, Xfinity spotted suspicious activity in its systems. It later determined that bad actors accessed its internal network between October 16 and 19.

Xfinity says it's informing customers of the incident via its website, email and by other means. It's urging them to change their passwords, to make sure they don't use the same passwords on different accounts and to enable two-factor or multi-factor authentication. Xfinity also suggested that folks who use the same login credentials on other accounts change their passwords on those.

This isn't the first security incident Xfinity has had to deal with. Back in 2018, it emerged there was a bug in a Comcast website used to activate Xfinity routers. The issue led to some customers' home addresses being exposed, along with the name and password for their Wi-Fi networks.

This article originally appeared on Engadget at https://www.engadget.com/xfinity-suffered-a-data-breach-but-doesnt-know-quite-how-bad-it-was-100711214.html?src=rss

Xfinity says a data breach likely led to attackers obtaining customers' usernames and hashed passwords. Other personal information may have been exposed, such as names, contact information, the last four digits of social security numbers, dates of birth and secret questions and answers. The company added that its analysis of the attack is ongoing and it has informed law enforcement about the incident.

In a filing with Maine's attorney general's office, Xfinity owner Comcast disclosed that the intrusion has impacted 35.8 million people. As TechCrunch points out, Comcast had 32.3 million broadband customers as of the end of September, indicating that the vast majority of Xfinity customers have been affected by the breach.

On October 10, Citrix disclosed a vulnerability in software that Xfinity and many other businesses use. It provided guidance on how to mitigate the vulnerability on October 23 and Xfinity said it swiftly patched the problem. However, while carrying out a routine cybersecurity check two days later, Xfinity spotted suspicious activity in its systems. It later determined that bad actors accessed its internal network between October 16 and 19.

Xfinity says it's informing customers of the incident via its website, email and by other means. It's urging them to change their passwords, to make sure they don't use the same passwords on different accounts and to enable two-factor or multi-factor authentication. Xfinity also suggested that folks who use the same login credentials on other accounts change their passwords on those.

This isn't the first security incident Xfinity has had to deal with. Back in 2018, it emerged there was a bug in a Comcast website used to activate Xfinity routers. The issue led to some customers' home addresses being exposed, along with the name and password for their Wi-Fi networks.

Update 12/19 8:00AM ET: Updated to note the number of people who were impacted by the breach.

This article originally appeared on Engadget at https://www.engadget.com/xfinity-suffered-a-data-breach-but-doesnt-know-quite-how-bad-it-was-100711214.html?src=rss