Pete Recommends – Weekly highlights on cyber security issues, October 11, 2025

Subject: People are poorly equipped to detect AI-powered voice clones
Source: Nature Scientific Reports
https://www.bespacific.com/people-are-poorly-equipped-to-detect-ai-powered-voice-clones/

Nature Scientific Reports [full text] – People are poorly equipped to detect AI-powered voice clones. Sarah Barrington, Emily A. Cooper & Hany Farid. “As generative artificial intelligence (AI) continues its ballistic trajectory, everything from text to audio, image, and video generation continues to improve at mimicking human-generated content. Through a series of perceptual studies, we report on the realism of AI-generated voices in terms of identity matching and naturalness. We find human participants cannot consistently identify recordings of AI-generated voices. Specifically, participants perceived the identity of an AI-generated voice to be the same as its real counterpart approximately 80% of the time, and correctly identified a voice as AI generated only about 60% of the time. In January 2024, in the lead up to the November United States presidential election, an estimated tens of thousands of Democratic party voters received a robocall in the voice of President Biden instructing them not to vote in the upcoming New Hampshire primaries. The voice was AI-generated. The perpetrators of this attempted election interference were Steven Kramer (a political consultant), Paul Carpenter (a magician and hypnotist who was paid $150 to create the fake audio), and a telecommunications company called Lingo Telecom1,2. Carpenter used ElevenLabs, a platform offering instant voice cloning for as little as $5 a month. Kramer was fined $6 million and subsequently charged with two dozen crimes including impersonating a candidate and voter suppression, while the telecommunications company, Lingo Telecom, received a $1 million fine for transmitting the calls. This is just one of many examples of how the rise of generative AI is being weaponized, from election interference, to disinformation campaigns3, to small-4 and large-scale financial fraud.

Posted in: AI, Cybercrime, Cybersecurity, E-Records, Financial System, Internet, Knowledge Management, Legal Research, Search Engines

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: Meta is preparing another way to show you targeted ads and you can’t opt out
Source: gHacks Tech News
https://www.ghacks.net/2025/10/06/meta-is-preparing-another-way-to-show-you-targeted-ads-and-you-cant-opt-out/

Soon, all your interactions with AI may be used for personalizating content on all Meta platforms. Meta announced the change officially last week. It plans to use your interactions with AI to power advertisement and recommendations that it says will become more personal as a consequence.

Meta users who use Facebook, Instagram, or WhatsApp will be informed about the change from October 7 onward.
The change lands on December 16, 2025 for users from most regions and country.

While Meta does not provide a list of exceptions, it appears that users from the United Kingdom, South Korea, and the European Union won’t have their AI chats used for those purposes at that time. The rollout may be delayed, just like the initial rollout of Meta AI was delayed in those regions.

[…]

There is no opt-out, similarly to how it is not possible to turn off Meta AI entirely at this time. However, users may continue to ignore the AI by not interacting with it to avoid giving Meta yet another signal for ads and personalization.

[…]

Posted in: AI, Cybercrime, Cybersecurity, E-Records, Financial System, Internet, Knowledge Management, Legal Research, Search Engines

—

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: Gavin Newsom just vetoed a bill to regulate license plate readers
Source: Calmatters
https://calmatters.org/economy/technology/2025/10/newsom-vetoes-license-plate-reader-regulations/

Newsom just vetoed a bill to regulate license plate readers — even as fresh evidence of misuse emerges. https://calmatters.org/economy/technology/2025/10/newsom-vetoes-license-plate-reader-regulations/

In summary – Gov. Gavin Newsom vetoed a bill that would have required regular purges of license plate databases and regularly audited how automated plate readers are used. He said the regulations would have impeded criminal investigations.

[…]

The Legislature approved the proposal last month amid reports police were misusing the data, including a CalMatters story in June showing that officers on more than 100 occasions violated a state law against sharing the data with federal authorities and others outside the state.

[…]

But evidence is growing that the technology is being misused. Records newly reviewed by CalMatters indicate that Riverside County Sheriff’s deputies are misusing “hotlists” that allow them to automatically monitor for certain cars.

[…]

Police and sheriff’s departments have a history of violating other laws by using license plate readers. A CalMatters investigation in June found that roughly a dozen law enforcement agencies throughout Southern California shared data with federal immigration agencies like Immigration and Customs Enforcement and the Border Patrol, a violation of a California law that went into effect 10 years ago. That same log had tens of thousands of searches with no clear justification.

[…]

Filed: https://calmatters.org/category/economy/technology/

Subject: Opt Out October: Daily Tips to Protect Your Privacy and Security
Source: EFF
https://www.bespacific.com/opt-out-october-daily-tips-to-protect-your-privacy-and-security/

EFF: “Trying to take control of your online privacy can feel like a full-time job. But if you break it up into small tasks and take on one project at a time it makes the process of protecting your privacy much easier. This month we’re going to do just that. For the month of October, we’ll update this post with new tips every weekday that show various ways you can opt yourself out of the ways tech giants surveil you. Online privacy isn’t dead. But the tech giants make it a pain in the butt to achieve. With these incremental tweaks to the services we use, we can throw sand in the gears of the surveillance machine and opt out of the ways tech companies attempt to optimize us into advertisement and content viewing machines. We’re also pushing companies to make more privacy-protective defaults the norm, but until that happens, the onus is on all of us to dig into the settings. All month long we’ll share tips, including some with the help from our friends at Consumer Reports’ Security Planner tool. Use the Table of Contents here to jump straight to any tip.

[…]

—

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: Most big US companies now flag AI use in their public risk disclosures
Source: Beta News
https://www.bespacific.com/most-big-us-companies-now-flag-ai-use-in-their-public-risk-disclosures/

Beta News: “A new report from The Conference Board and ESGAUGE [The full report available from The Conference Board site] finds that 72 percent of S&P 500 companies now flag AI as a material risk in their public disclosures. That’s up from just 12 percent in 2023, underscoring how rapidly AI has moved from experimental pilots to business-critical system. Reputational risk tops the list, cited by 38 percent of companies. Firms warn that failed AI projects, missteps in consumer-facing tools, or breakdowns in service could quickly erode brand trust. Cybersecurity risks follow, disclosed by 20 percent of firms. Unlike reputational or cybersecurity risks, which can manifest quickly, legal risk is framed as a longer-tail governance challenge that can lead to protracted litigation, regulatory penalties, and reputational harm.

[…]

—

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: ICE Wants to Build Out a 24/7 Social Media Surveillance Team
Source: Wired
https://www.bespacific.com/ice-wants-to-build-out-a-24-7-social-media-surveillance-team/

Wired: “Documents show that ICE plans to hire dozens of contractors to scan X, Facebook, TikTok, and other platforms to target people for deportation. United States immigration authorities are moving to dramatically expand their social media surveillance, with plans to hire nearly 30 contractors to sift through posts, photos, and messages—raw material to be transformed into intelligence for deportation raids and arrests. Federal contracting records reviewed by WIRED show that the agency is seeking private vendors to run a multiyear surveillance program out of two of its little-known targeting centers. The program envisions stationing nearly 30 private analysts

[…]

—

Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.

Subject: US DoD Will Cut Back on Mandatory Cybersecurity Training
Source: tech.co
https://tech.co/news/us-dod-cut-mandatory-cybersecurity-training

Mandatory Department training that isn’t “directly linked to warfighting” will be reduced or consolidated, says a new memo.

Key takeaways

The Department of Defense will cut back cybersecurity training in a range of different ways.
Defense Secretary Pete Hegseth’s memo on the issues says all mandatory training must be “directly linked to warfighting” or will be “consolidated, reduced in frequency, or eliminated.”
One expert says that annual training is “critical” and eliminating it “is certain to decrease the Department’s overall cybersecurity.”

Subject: Employees regularly paste company secrets into ChatGPT
Source: The Register
https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/

Microsoft Copilot, not so much – Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they’re using the bot without permission.

In its Enterprise AI and SaaS Data Security Report 2025, LayerX blames the growing, largely uncontrolled usage of generative AI tools for exfiltrating personal and payment data from enterprise environments.

With 45 percent of enterprise employees now using generative AI tools, 77 percent of these AI users have been copying and pasting data into their chatbot queries, the LayerX study says. A bit more than a fifth (22 percent) of these copy and paste operations include PII/PCI.

“With 82 percent of pastes coming from unmanaged personal accounts, enterprises have little to no visibility into what data is being shared, creating a massive blind spot for data leakage and compliance risks,” the report says.

Employee affinity for generative AI, the security firm argues, means that CISOs have to get serious about enforcing Single Sign-On (SSO) across every business critical applications if they want to have visibility into data flows.

…

More about

Filed: https://www.theregister.com/software/ai_ml/

Subject: Gmail stopped loading hidden trackers when I changed this one setting
Source: MakeUseOf
https://www.bespacific.com/gmail-stopped-loading-hidden-trackers-when-i-changed-this-one-setting/

[hints for other mail services, too /pmw1]

MakeUseOf: “Your inbox might look clean once spam is filtered out, but that doesn’t mean it is private. Marketing emails and newsletters include tracking pixels that call back to the sender when their images load. Each request registers an open with a timestamp and can be linked to earlier opens to build a profile of when and how often you read. You don’t have to click a link for this to happen, because loading the email images is enough to trigger tracking. as a setting to stop those requests from firing until you choose to load images. Once it is on, tracking pixels remain blocked unless you display them, allowing you to decide which messages report back and which stay private…”

Subject: US Supreme Court allows order forcing Google to make app store reforms
Source: Reuters
https://www.reuters.com/sustainability/boards-policy-regulation/us-supreme-court-allows-order-forcing-google-make-app-store-reforms-2025-10-06/

Google asked Supreme Court to freeze parts of judge’s order
Order was issued in suit by “Fortnite” maker Epic Games
Google says it will continue its appeal

WASHINGTON, Oct 6 (Reuters) – The U.S. Supreme Court declined on Monday to halt key parts of a judge’s order requiring Alphabet’s (GOOGL.O)Google to make major changes to its app store Play, as the company prepares to appeal a decision in a lawsuit brought by “Fortnite” maker Epic Games.

The justices turned down Google’s request to temporarily freeze parts of the injunction won by Epic in its lawsuit accusing the tech giant of monopolizing how consumers access apps on Android devices and pay for transactions within apps.

Epic Games chief executive Tim Sweeney said in a post on social media platform X that starting later this month, app developers will be “legally entitled” to steer Google Play users to out-of-app payment options without fees and other “friction.”

Subject: Cyber Threats to Utilities on the Rise: PUC Calls for Vigilance During Cybersecurity Awareness Month
Source: PA PUC and CISA
https://us5.campaign-archive.com/?e=fd993f360e&u=9bdc73a148614b80a53685a79&id=d7aeb59c06

Cyber Threats to Utilities on the Rise: PUC Calls for Vigilance During Cybersecurity Awareness Month – Commission highlights ongoing rulemaking and collaboration with national partners to address next-generation threats.

HARRISBURG – The Pennsylvania Public Utility Commission (PUC) today joined with federal, state, and industry partners in recognizing October as National Cybersecurity Awareness Month, underscoring the urgent need for strong defenses across all sectors of critical infrastructure and highlighting the Commission’s proactive work to safeguard the systems that power Pennsylvania’s homes and businesses.

“Cybersecurity touches every part of our lives — from the devices we use at home to the systems that deliver electricity, water, natural gas, communications, and transportation across the Commonwealth,” said PUC Vice Chair Kimberly Barrow. “Protecting those systems is about more than technology. It is about public safety, economic security, and preserving the reliability of the services that Pennsylvanians depend on every day.

Facebook LinkedIn

Posted in: AI, Cybersecurity, E-Commerce, Financial System, Privacy, Search Engines, Social Media, Technology Trends, Travel