Sunday, April 30, 2023

WhatsApp Is Rolling Out Voice Message Transcripts For Its Users

WhatsApp users are in for a treat as the platform has opted to introduce voice message transcripts.

The news comes after an update was recently shared regarding how the platform was busy testing this feature out in beta. But that appears to have gone as per plan as a widespread rollout begins today.

This new endeavor provides users the chance to attain voice message content in certain situations where they cannot listen to a voice note. Instead, they end up providing a certain degree of flexibility and accessibility in terms of communication.

After having the newest version of the beta for iOS update installed, users claim they can finally have the feature which gets enabled through default settings. And in case you choose to opt out of it, you can always disable it by going to Settings, Chats, and finally to the Voice Message Transcripts.

The company says that this new rollout is secure through E2E encryption as the entire process of transcription begins on the user’s device with the help of language packs.

Therefore, the feature may only be up for grabs to a few users having the latest iOS version with them as this makes use of APIs thanks to iOS 16 which provides permission for apps to process voice messages through local means on a device. Hence, you don’t need to transfer it to external sources.

Similarly, this feature for voice notes also enables users to look for certain types of data found in a message. When voice notes get transcribed, this text would be indexed and that makes it searchable. Hence, if you’re on the lookout for certain kinds of data featuring long voice notes, or you can’t remember which one entails content you’re in search of, you can search for it through relevant keynotes or phrases through the search bar. This way, the transcription ends up getting highlighted in places where the text pops up in a message.

This type of operation can assist users in saving time and making it so much simpler to look up certain details inside a chat.

Moreover, the chance to transcribe such voice notes is up for grabs to some beta testers for now but don’t worry, it’s getting rolled out to others in the next few weeks so keep your eyes open.


Read next: WhatsApp Android users will soon be able to navigate communities, reply with a quick response while receiving calls, and review privacy checkup
by Dr. Hura Anwar via Digital Information World

Consumers Are Losing Up To 40% Of Their Broadband Speed Over Wi-Fi Connections, New Research Proves

A recent study is proving how consumers are losing up to 40% of their total broadband speed over Wi-Fi connections.

This research comes to us thanks to SamKnows who found a clear gap between incoming speed and speed received by clients on their devices. And the gap found was literally huge.

The company was seen recording a massive speed loss for mobile devices including mobiles and tablets where the figure stood at 40% as compared to 27% for both PCs and laptops.

Other than that, there was a clear drop off which gets higher as the connection speed in the home arguably grows faster. Those people having gigabit connections end up losing nearly half of the speed by the time it goes about reaching the Wi-Fi devices.

If you happen to be on connections that are more than a few hundred megabits, the odds of attaining those megabits all across your residence are quite small. This is unless you’re sorted with a really expensive router connection that has been sourced through third parties.

Even then, the odds of attaining nearly 400 to 500 megabits across your residence are truly quite small. The study also proved how much data seen through the RealSpeed product ended up measuring the speed received by the Wifi-devices as well as the router in the residence. This is used by consumers as well as broadband service providers so it gets to troubleshoot problems through people’s internet.

The study further revealed how there are so many different ways how such Wi-Fi devices cannot exploit the entire speed for internet connectivity.

Wi-Fi ends up losing speed at a faster pace as it roams far from routers. This is especially true when there happens to be many obstacles along the way like walls.

It was shown how mobile phones usually have smaller antennas for Wi-Fi than PCs or Laptops. This goes a long way into understanding how there is a huge drop in speeds and it’s less dramatic than devices. Meanwhile, interference gained from home can even affect performance to a further extent, the study mentioned.

And when you’ve got a range of other types of wireless devices at your residence and further congestion from neighbors along the way too, it could really harm the speed to a greater extent.

So what is the solution to such a problem? Well, it’s the emergency of Wi-Fi 7 equipment that could prevent the loss of broadband speed to a huge degree. This not only provides a huge bandwidth to play with than the usual predecessors, but it also entails advanced techniques for coding that work along the interference seen on wireless devices.

In this manner, they can benefit from a lot of speed that seems to be coming into a home. Similarly, it can make way for several connections through various Wi-Fi bands. Currently, devices tend to connect through several channels across several types of bands. This combines the entire traffic through these channels and provides a connection that’s faster and more reliable than those seen at home.

But with Wi-Fi 7 routines in place, these tend to emerge into the market and very few electronic devices have the chips in place that are compatible with them. Therefore, it’s definitely a slow process before consumers actually start to feel the benefit that this has for some time. It’s really true for those kinds of broadband providers that are usually slow to adopt different Wi-Fi standards across routers that distribute them.


Read next: Global Smartphone Shipments Fell 13% In Q1 Of 2023 But Apple Was The Only Brand To Resist The Trend, Claims New Market Intelligence Data
by Dr. Hura Anwar via Digital Information World

3 New Types of Malware Target Businesses Every 2 Minutes, New Report Reveals

Malicious actors have been upping the ante at a concerning rate, and recent reports indicate that there are three new types of malware targeting businesses every two minutes. This data comes from an analysis conducted by BlackBerry, and it points to the sorry state of cybersecurity around the world with all things having been considered and taken into account. The report also indicates that there has been a rise in new malware types as of late.

With all of that having been said and now out of the way, it is important to note that 60% of all malware attacks are targeting three main industries. These industries are finance, food retail as well as healthcare companies. Healthcare in particular has been beset by the worst malware attacks of all, which is dangerous because of the fact that this is the sort of thing that could potentially end up clogging up critical healthcare infrastructure.

Another thing that this report points towards is the increased prevalence of AI being used to conduct these attacks. AI can make malware easier to distribute than might have been the case otherwise since it can help malicious actors craft more believable attack campaigns. Deepfakes as well as AI chatbots are making things ever more challenging for those working in the cybersecurity industry, and unless something changes, things might get even worse from here on out.

Finally, the study revealed just how commonplace malware as a service has become. So called commodity malware can be purchased for a very low price, and in some cases it may even be free of charge.

This goes to show that cybersecurity experts as well as companies that are in possession of valuable and sensitive data need to be very vigilant lest things spiral out of control. It will be interesting to see what efforts are made to curtail the impact of malware, and we will have to wait for the rest of 2023 to play out in order to get any firm conclusions either way. All in all, cybersecurity is in a state of peril due to rising malware distribution.



Read next: What Companies Offer the Highest Paying Internships?
by Zia Muhammad via Digital Information World

The Best Selling iPhone of 2023 Revealed

The iPhone has managed to become the single most popular smartphone brand in the world, and its latest model always ends up topping the charts in terms of sales. In spite of the fact that this is the case, the type of iPhone that gets the most sales is not always obvious. CIRP just conducted a study that revealed some key insights into which version of the iPhone received the highest number of sales in the first quarter of 2023, and the results might surprise you.

It turns out that the latest versions of the iPhone, namely the iPhone 14 Pro and 14 Pro Max, ended up comprising 22% and 24% of total iPhone sales with all things having been considered and taken into account. The high price point may have made the sales lower than might have been the case otherwise, but the smartphones still managed to succeed against all odds.

With all of that having been said and now out of the way, it is important to note that the iPhone 14 Pro saw a 15% increase from the fourth quarter of 2022, thereby making it more popular than the more affordable standard iPhone 14. However, it should be mentioned that the iPhone 14 Pro Max actually saw a 4 point dip, decreasing from 28% in Q4 2022 to 24% in Q1 2023.

Interestingly, the iPhone 13 saw more sales than anyone could have expected. It comprised 11% of total sales, far more than the 1% that its budget counterpart the iPhone 13 Mini was able to manage. It even surpassed the iPhone 14 Plus which only received 10%.

Consumers clearly have a preference for flagship models because of the fact that this is the sort of thing that could potentially end up giving them cutting edge tech. This seems to suggest that buyers don’t really care about how expensive iPhones are. They will always go for whatever is most advanced, or they will settle for the next best option. All in all, the latest iPhones ended up representing a whopping 75% of the total number of Apple smartphones sold last quarter.


Read next: 19% of Smartphone Users Want Devices to Last Over Five Years
by Zia Muhammad via Digital Information World

ChatGPT Just Failed This Accounting Exam

The internet is littered with examples of ChatGPT passing certain difficult exams with flying colors. For example, many users cited ChatGPT managing to clear the US bar exam that gives lawyers the right to practice in the state of their residence. This has led many to assume that ChatGPT could actually replace lawyers in the real world, but in spite of the fact that this is the case the AI chatbot has ended up struggling with other types of exams, mainly those that involve high level math.

With all of that having been said and now out of the way, it is important to note that ChatGPT recently failed the CPA exam, also known as the Chartered Public Accountant exam. This is the exam that must be cleared in order to get registered as a Chartered Accountant in the US, and ChatGPT’s failure to answer all of the questions seems to suggest that it is not as advanced as people think it is.

Indeed, the chatbot’s performance was so bad that it tried to invent facts out of thin air to try to pass. This obviously wasn’t going to lead to any positive results, and it indicates that ChatGPT does not have what it takes to tackle exams that don’t involve linguistic analysis with all things having been considered and taken into account.

One thing that had a strong impact on how well ChatGPT performed was the type of question it got asked. The chatbot did far better with simple yes or no answer questions, getting 68.7% of them right. It also did well with multiple choice questions, obtaining a success rate of about 59.5%.

However, when it came to questions that required short form answers, ChatGPT was found lacking. It should be mentioned that this chatbot is still in a relatively early stage of its development. Students are still managing to outperform the chatbot in a wide array of areas, which is why it is unlikely that ChatGPT will serve any professional roles in the near future. Upcoming upgrades and advancements to the tech might allow it to get to the next level.


H/T: BYU / Study.

Read next: What’s the Best Tool for Detecting AI Generated Content?
by Zia Muhammad via Digital Information World

Twitter Is Making An Array Of Interesting Changes To Its App Including An Expansion Of Community Notes and Encrypted DMs

With Elon Musk in charge of the Twitter app, we’re not too surprised that the platform is working on a series of changes.

The company recently announced the decision to expand its Community Notes endeavor. This means allowing users to glance notes across Tweets that are found inside articles and also seen across websites located outside of the platform.


This particular update is designed to provide some more context and accurate details for readers whenever they come across Tweets.

Moreover, such a Community Notes offering is also designed for users to come together and include some helpful content to the Tweets that some might deem to be a little misleading.

Contributors that are quite regular on the app end up writing and rating such notes across Tweets with an effective system that relies upon the participation of users across a diverse range.

Seeing the notes feature work outside of Twitter is unique and exciting news and that means both your articles and webpages would now feature them, the app mentioned in its recent blog post.

This way, people would be attaining more context whenever they read tweets. And remember, the news arises as many Twitter fans demanded this through suggestions for the platform. Hence, seeing the company pay heed to it is really some great news as Musk had commented on one user’s post as a ‘good idea’.

But remember, to make sure such notes are helpful for a wide range of audience members, it won’t be operating on a major set of rules. They would entail an agreement among contributors that may have disagreed in the past with ratings, putting an end to opinions from one side taking charge.

The app hopes that such ordeals would make users stay more informed as they wish to provide more users with the chance to express their voice and make better decisions that are fair and based on accurate judgments.

Twitter has always been committed to transparency and that’s all of the Notes are set out daily with the ranking algorithm being open for anyone and everyone that wishes to inspect it further. This way, it allows users to understand how a feature works and how it shapes up activities throughout the development process.

In other news, the app has set out a reminder to its platform users about how it would be taking a 10% cut from content subscriptions after a year’s time.

The update was shared by Elon Musk on Friday who explained how the app is on a mission to diversify its sources of revenue. And by monetizing content, he hopes Twitter can do just that. Therefore, a cut of 10% would be slashed from the user’s profits.

He similarly shed light on the company’s plans of providing those with subscriptions the chance to add more text to tweets and also set out longer duration video content on the platform too.

Similarly, in another tweet, Musk announced that, starting from next month, Twitter "will allow media publishers to charge users on a per article basis with one click." Adding further, "This enables users who would not sign up for a monthly subscription to pay a higher per article price for when they want to read an occasional article."

Elon Musk has been on a mission to really bring up the company’s revenue after a huge drop in advertising revenue since last year October, which is when the world’s second richest person purchased the app for a striking $44 billion.

He similarly added how the firm’s cut from iOS and Android platforms would drop from 30% in the first year to 15% in the second.

Musk, also tweeted about a major software upgrade this week, which includes, "Encrypted DMs & other DM upgrades" for Twitter users.

Lastly, we’re seeing more news on how the company is trying to make way for new measures that prevent underage users from recording on Twitter Spaces.

The news was first set out by mobile developer and social media enthusiast Alessandro Paluzzi on his Twitter account but we’ll keep you updated more on this front as it becomes public by Twitter itself.

Read next: Global Smartphone Shipments Fell 13% In Q1 Of 2023 But Apple Was The Only Brand To Resist The Trend, Claims New Market Intelligence Data
by Dr. Hura Anwar via Digital Information World

Saturday, April 29, 2023

Reddit Experiments With A New Discord-Like Chat Channel With Select Subreddits

Reddit is carrying out tests for a new Discord-like chat channel with a range of select subreddits.

The company announced the decision on Thursday and revealed how it was on the mission to gain more avenues for members of the community so they could engage with one another, apart from the same old asynchronous system for generating comments.

The company wants to start this new test with nearly 25 volunteer subreddits but it did unveil which ones it hoped to use. It similarly specified those communities who were participating would entail a little less than 100,000 members.

Reddit also unveiled how the channels would be functioning persistently on the navigation bar set out for the community so members would be able to pay a visit more frequently.

The firm also unveiled how it was learning more through various chat products launched in the past such as its community chat rooms endeavor. This was discontinued in the year 2020.

To be more specific, it hoped to provide more control to its moderators on this front. Moreover, there are plenty of plans in place to have dedicated channels that moderators can utilize to better manage users’ subreddits.

People would be able to better decide if they wished to have such features enabled for the community or not.

In addition to that, Reddit wants to be able to provide moderators with an array of tools such as the ability to select which people would be allowed to participate in chats, moderate reported texts, and take part in chat queues too.

In this particular subreddit, the company also mentioned how it has plans to add more features for various channels such as threatening, user mentions, and pinned messages. This alongside push notifications and message edits for senders would be a great thing for the future, it feels.

They will similarly be accepting applications for the moderator position for subreddits that they wish to experiment with in the community.

Most users were pushing back on posts that make announcements of such channels, but now, moderators feel this would launch a great experiment that provides ways for the community to talk with one another.

Reddit mentioned how it adores its tress of posts and the various communities that work on the app and are text-based. They have what people need and give more options to different community members so they can interact in various ways.

For those who may not be aware, communities on Reddit work through external real-time chat servers such as Telegram or Discord where they conduct chats between various members. Therefore, adding such channels would incentivize the community to stay on such platforms.

This platform has really put out a number of ways for liver chats to take place such as the previously famous Clubhouse copy that was called Reddit Talk. Similarly, we had Live Chat posts seen in a community.

And remember, Reddit venturing into this field is not something shocking as it’s not the first firm putting out ways to host chats as WhatsApp did the same with its group chat offering.


Read next: Mobile Augmented Reality Emerges as a Major Revenue Generator for Advertisers and Brands
by Dr. Hura Anwar via Digital Information World

ChatGPT Resumes Its Operations In Italy After Implementing Changes Requested By Regulators

The makers of ChatGPT are excited to announce that they’re back to work as usual in Italy after a temporary ban.

OpenAI was warned by Italian regulators that it needed to make changes that satisfied their rules and regulations. And today, it appears that is the case as they’re back to work as usual, confirmed by a recent report by The Associated Press.

The regulators did exclaim how excited they were about the matter and how keen they were to welcome them back after the necessary changes came into play.

OpenAI mentioned how it was busy trying to address the concerns raised by the Data Protection Authority in the country. These arose during the latter part of last month.

Meanwhile, the GPDP mentioned in bold terms how unlawful it was to see them collecting users’ data. Other concerns were linked to a complete failure of stopping underage users from gaining access to material that was not age appropriate. And in the end, OpenAI had zero choices but to block out ChatGPT in Italy.

The firm was given a timeframe of 20 days to address those issues and today, it appears like they have done more than enough as they’ve been granted the green light to operate again.

But what were the changes brought forward is a question on so many people’s minds. Well, for starters, users in the EU region would be granted a form that they can submit to have any personal data removed under this GDPR act.

In the same way, a new tool would verify users’ ages after being signed up in Italy. In the same way, it also set out a new help center that was designed to outline how both OpenAI and ChatGPT collect personal details such as data about how to contact a particular officer from the GDPR.

The GPDP is yet to respond to requests on the matter regarding any concerns some people may have. But they did unveil a statement that was set out by AP and it mentioned how it was going to welcome such measures that were getting implemented by OpenAI.

It further urged OpeanAI to get on track with age verification amendments and a new publicity campaign that would inform Italians about the right to get out of collecting data.

None of these types of changes appear to be modified dramatically in terms of how ChatGPT functions in the Italian nation. But OpenAI did reveal how it would face a set of challenges later on.

Spain, Canada, and a few other nations have thought about opening up an investigation into the matter. But right now, none of these changes are dramatically modifying how the tool functions in the country of Italy.

OpenAI knows that it would be facing some more challenges in other places too and they’re excited to work with others to bring a solution. A lot of other concerns were linked to how the tool gathers data for training its language models and what kinds of data that model makes for its users.

European lawmakers are moving toward the advancing AI front. And that may add some more requirements for firms such as OpenAI as it could lead to major information disclosures.

OpenAI has really been at the top of the radar for many countries, including leading personalities who feel the ChatGPT might end up doing more harm than good. A lot of job sectors are paying the price of the tool revolutionizing the tech world in more than one way.


Read next: Mobile Augmented Reality Emerges as a Major Revenue Generator for Advertisers and Brands
by Dr. Hura Anwar via Digital Information World

People find artwork generated by artificial intelligence to be less creative

As per a new study, people lose interest in artworks when they are told that they were created using artificial intelligence. Those who believe that only humans can do such stuff showed the strongest effect. The report was published in Computers in Human Behaviour.

AI is the future, as it is capable of completing tasks in just a few minutes that might take hours to get done by normal humans. It has a number of applications, including the ability to recognise speech and translate texts. It can also generate texts and images. With the technology getting more advanced, the tool can now generate art pieces as well, which initially were only done by humans.

Kobe Millet, the man behind the study, added that artificial intelligence was able to generate artwork similar to that done by renowned artists. Not only was it able to create artwork, but it was also able to write poems and create new maps. As a result of such advancements, researchers wanted to see the impact it has on humans and how they view artwork created by AI.

At the time of the study, it was believed that people would prefer human work over computer-generated work. In order to collect data, four tests were conducted. In each of the tests, participants were asked to review two artworks and identify which one was human-made and which one was created using AI. They were even asked to rate which one attracted them the most.

3 out of 4 tests were based on ratings of creativity, while test number 4 asked participants which artwork was worth buying. The first test had 206 Dutch candidates. Thirty-one percent of them were female. They were asked to review music created by artificial intelligence. The second test included almost 300 participants from the United Kingdom. They were asked to share their thoughts on two artworks created by humans. The third test included 404 participants from the U.K. who were asked to review AI-generated artwork. While test number four was based on 800 participants testing the findings of the first three tests.

Moving on to the results, it was revealed that in test number 1, music content produced by humans was favored the most. Similarly, in test number 2, artwork displayed as a creation from AI had the least support and was even considered to lack creativity.

In the next test, although both were AI-generated, the results were similar to test number 2. It was mainly due to the strong effect observed in people who believe artwork can only be created by humans. Test number 4 concluded the results of the first three tests as it showed that artworks perceived as human-made had a high chance of being bought by participants as compared to AI-generated work.


Read next: What’s the Best Tool for Detecting AI Generated Content?
by Arooj Ahmed via Digital Information World

Mobile Augmented Reality Emerges as a Major Revenue Generator for Advertisers and Brands

A recent analysis highlights that mobile augmented reality is the current talk of the town. Besides being hanging for years, it is bringing in large sums of money through advertising and consumer spending.

With advertisers spending billions on these efforts, AR tech has emerged as a key source of revenue. According to the InsiderIntelligence analysis, mobile AR revenue might reach $23 billion in 2024.

The lenses of Snapchat, which enables users to add augmented reality effects to their photographs and videos, generate a sizable portion of mobile revenue from augmented reality. The platform has been effective in making money off its augmented reality features, drawing a swarm of marketers looking to provide customers with an immersive ad experience.

Even while AR advertising is currently making a sizable profit, consumer spending is still modest. However, as it gains popularity and users become more accustomed to the technology, this is anticipated to change drastically.

Additionally, the addition of Quick Response codes has made it simpler for businesses to introduce similar experiences. Companies may give their clients more engaging and interactive experiences by using these codes to start AR activities. This feature is anticipated to be used by 94 million users in the US this year.

New AR ad types are anticipated to appear as it becomes more widely used. Experts anticipate that these advertisements will become more subdued and blended into the user experience. For instance, commercials based on augmented reality might be incorporated into the environment surrounding the user, creating a more natural and immersive experience, as opposed to interrupting the user with a full-screen advertisement.

The study emphasizes how mobile augmented reality has the power to revolutionize commerce and advertising. More enterprises will hang up on this evolution for their revenues, as this develops further.

Thus, to sum up, the study indicates that mobile augmented reality is already a significant revenue generator, with interest in the technology rising among both consumers and advertisers. We'll probably see even more growth in this market as augmented reality technology advances, with additional revenue streams and chances for businesses to interact with consumers.


Read next: New Survey Finds 30% Of The Population Is Aware Of The Web3 Concept
by Arooj Ahmed via Digital Information World

Meta Celebrates Its Unique One Million Avatar Creation Milestone With The Launch Of New Personalization Options

Meta is on a roll as it recently confirmed reaching a milestone that it’s celebrating in full swing.

The company says it has managed to design more than one million avatars through its platforms and that includes a combination of Instagram, Messenger, and Facebook. Therefore, it’s celebrating by launching a new set of options for personalization.

For those who might not be aware, the term avatar is exclusively restricted to setting out graphical representations of a certain user’s looks or persona. This was launched in 2019 and while many people may have been skeptical about the launch in the past, we see how it’s doing some good now.

But the tech giant still feels there is a lot of room for improvement in terms of personalization. The option that is now up for grabs includes the chance to equip avatars with more assistive devices and some NFL shirts in certain regions where it has rolled out clothing stores through digital means.

And for those who might be underestimating the potential of such a project, well, leading fashion labels like Prada, Thom Browne, and even Balenciaga are already on their way to setting up shops across Meta’s Avatar Store. And now, we’re hearing about Puma joining in on the fun too with the launch of seven new outfits that would be up for grabs starting Monday.

The announcement was made to the public recently where it was outlined how such endeavors would freshen up people’s looks as they make way for the spring season. It similarly mentioned how Shakira’s hit track, ‘Hips Don’t Lie’ was a way to express yourself as equivalent to dancing to the tune.

Meta has been working hard in terms of making room for improvements in both small but noticeable details that continue to arise amid huge changes. Such endeavors assist personalities in shining through.

From a tinkle to the eyes for a touch of sparkle to an array of various kinds of volumes to the hair, it’s the subtle changes that make all the difference. Did we mention how it turns the whole endeavor into something more appealing too?

It’s quite like including details with textures to the wardrobe so as to turn the whole thing into something that’s closer to reality. What do you think?


Read next: Most Americans Oppose Bans On Social Media But Are Likely To Support Bans On Apps Owned By Hostile Nations, New Study Claims
by Dr. Hura Anwar via Digital Information World

Here’s How Long it Takes to Turn a Behavior Into a Habit

The process by which habits are formed has been a prime focus of research for quite some time now. Studies have sought to crack the code behind how frequently something must be done in order to make it habitual, since this can make it easier to replace bad habits with good ones than might have been the case otherwise. In spite of the fact that this is the case, there is a lot of variation with respect to how long it takes for a habit to become innate.

Researchers working at Caltech, the University of Chicago as well as the University of Pennsylvania tried to uncover the secrets behind habit formation. With all of that having been said and now out of the way, it is important to note that the time required to form the habit largely relies on what the activity in question involves.

For example, when going to the gym was analyzed, the researchers discovered that it took as long as six months for it to stop being a chore and become a habit that you don’t have to think too much about. They also found that Mondays and Tuesdays were the most popular days for people to go to the gym.

However, when healthcare workers were put under the microscope, it was revealed that it only took them a few weeks to get into the habit of regularly washing their hands. This might have something to do with the enormous task of going to the gym and working out compared to the relatively simple process of washing one’s hands.

One thing that this research did confirm was that consistency is essential because of the fact that this is the sort of thing that could potentially end up increasing the likelihood of a habit being created. The longer you spend between visits to the gym, the harder it will be to make it a habit. There is no one size fits all solution, and more studies will be required before any definitive conclusions can be reached with all things having been considered and taken into account.


Read next: Data shows the correlation between GDP per capita and world happiness
by Zia Muhammad via Digital Information World

Friday, April 28, 2023

Wikipedia Confirms It Will Not Comply With Any Age Checks Needed Under The Online Safety Bill

Wikipedia has recently come out with a shocking statement on how it refuses to comply with any checks needed for age verification under the Online Safety Bill.

The news comes to us thanks to Rebecca MacKinnon who is a part of the foundation that shows support for the site.

Meanwhile, one senior member of Wikimedia UK claims that might be a signal that the website could soon be blocked. But the current government mentioned how those services serving as the biggest risk for kids would need proper verification of their ages.

For those who may not be aware, the site entails millions of different articles that come in hundreds of different types of languages. These are produced and even edited by so many volunteers situated in different places around the globe.

This makes this site a part of the top 8 most visited locations in the United Kingdom as per data arising from SimiarWeb, which is a top analytics firm.

This online safety bill is currently put in front of the Parliament and is known to place huge duties across different tech giants so they would do everything to provide protection to users from various types of harm or illegal content online. And that is known to come into existence by the year 2024.

Meanwhile, one solicitor by the name of Neil Brown is mentioning how such a bill means these kinds of services would be easily accessed by young audiences and therefore some sort of a proportionate system must be in place. After all, it needs to offer protection from users coming across dangerous content online. And age verification should be a part of that.

One of the chief executives of Wikimedia in the UK sent out a new warning about the content and material found on the webpage that may give rise to the need for age verification. For instance, even educational messages and pictures regarding sexuality may be misunderstood as explicit content.

But still, The Wikimedia Foundation admits that it will not verify the age of readers and contributors across the country. They similarly spoke about how the need for Wikipedia to put together information about different users and check their ages would need a huge overhaul of the entire tech system.

If a particular service doesn’t fit into some bill out there, that can bring with it plenty of consequences that entail huge penalties, senior staff being sanctioned for crime, and even complete restriction of the website for users in the UK region.

Today, Wikimedia UK says it has so much fear about the webpage getting blocked thanks to this Bill and there is a huge risk that it would make age checks mandatory.

So just the thought of one of the world’s leading and most popular web pages that provides free knowledge and data for so many individuals can’t be a source of free knowledge and data for millions.

Today, the site entails 6.6 million articles through Wikipedia and it’s just beyond impossible to think that it could function without verifying content to comply with regulations like this bill.


Read next: 65% of Chinese Consumers Will Boycott American Products if TikTok is Banned
by Dr. Hura Anwar via Digital Information World

First Ever Call to Space Marks a New Chapter in Telecommunications

Whenever you make a call to someone, your call is routed through a series of cell towers that are placed on the Earth’s surface. However, companies like AT&T as well as AST SpaceMobile have been trying to user satellites since they can provide higher quality than might have been the case otherwise. On the 20th of April 2023, the first ever call was routed through a satellite, and it might mark the beginning of a new chapter in telecom history.

With all of that having been said and now out of the way, it is important to note that this call was made to a Japanese company by the name of Rakuten. The call was initiated by a Samsung Galaxy S22 smartphone which was using an AT&T SIM card. Engineers working at Vodafone assisted with the call, and it was routed through the BlueWalker 3 Satellite owned by AST.

There is currently no use on what type of bandwidth the call used, but given how 5G is still only usable by T-Mobile and Vodafone was the company involved, it is likely that it was conducted over the 3G network with all things having been considered and taken into account. In spite of the fact that this is the case, it marks the first time ever that a call was sent to space and then rerouted back to Earth, which might allow for lower latency as well as making on the ground cell towers obsolete.

Also, while the call was not 5G enabled, AST stated that the tests confirmed that 5G could be used in the future. It will be interesting to see where things go from here on out, since a huge number of competitors would want to throw their hat in the ring as well.

Five more BlueBird satellites are going to be launched next year in 2024, and when that happens, we may start to see the global telecommunications industry expanding beyond Earth’s borders. This might also help facilitate communication between Earth and the Space Station allowing conversations to occur in real time rather than with a delay.


Read next: What Companies Offer the Highest Paying Internships?
by Zia Muhammad via Digital Information World

What Companies Offer the Highest Paying Internships?

Internships are meant to provide recent or soon to be graduates with some real world experience that can help them land jobs later on. Hence, they generally don’t tend to pay very well, and many of them don’t offer any kind of stipend whatsoever. In spite of the fact that this is the case, some companies offer internships that are actually very well paid. Glassdoor recently compiled a list of the companies whose lucky interns receive hefty paydays throughout their tenure.

First up, we have Microsoft. The tech juggernaut only hires the most accomplished graduates to take part in their internship and it pays its interns nearly $7,000 a month or $6,934 to be precise. With all of that having been said and now out of the way, it is important to note that Uber does even better, with interns working at the major start up receiving an average of $7,080 on a monthly basis.

Following this, we have the global management consulting firm known as McKinsey & Company. Interns working at this firm receive a monthly salary of $7,170. The finance sector in general is known for offering very high paying internships with all things having been considered and taken into account. For example, JP Morgan and BlackRock pay their interns $7,188 and $7,270 respectively.

Other finance companies like Earnst and Young $7,651 per month, with Bain & Company paying $7,873 and Credit Suisse offering just under $8,000 or $7,947 to be precise. Internships in the crypto space are also quite valuable, with Coinbase’s internships offering a monthly salary of $8,206, far higher than that of traditional finance companies like the ones we have already mentioned!

Twitter also does extremely well here, with the social media platform offering interns a pay package of $7,290 per month. However, its internship is the lowest paying one when compared to other social media platforms. Interns working at LinkedIn receive an average of $7,360 per month, with Snap going even further with its $7,520 per month salary package. These companies also set up long term careers, so the salary packages are the icing on top.

Now, the social media platform that has the highest paying internship is unsurprisingly Meta. Interns working at this massive social media juggernaut earn close to 6 figures a year thanks, with monthly salaries of $8,160 all in all.

As for the company offering the highest paying internship of all, it turned out to be none other than Stripe! With a salary package of $9,064 per month, Stripe’s internships are highly coveted among recent graduates because of the fact that this is the sort of thing that could potentially end up netting them a six figure salary before they even get a full time position.

The only other internship that offers more than $9,000 per month is with Roblox, with the metaverse and gaming company’s internships netting around $9,017 or so.

The purpose of internships is to set up future careers, but people still need to earn money in order to be able to eat. High paying internships make it easier for such individuals to make ends meet than might have been the case otherwise, and any of these companies would be excellent options for people who are looking for internships.


Read next: The Hidden Costs of Holding onto Outdated Tech in the Workplace
by Zia Muhammad via Digital Information World

65% of Chinese Consumers Will Boycott American Products if TikTok is Banned

The US government has been arguing that TikTok poses a threat to national security for quite some time now. According to legislators who are responsible for creating laws in the US, TikTok’s ownership by a Chinese concern is the problem because of the fact that this is the sort of thing that could potentially end up allowing the app to spy on Americans.

The CCP government is notorious for being involved in all Chinese companies, so many would say that these concerns are well warranted. In spite of the fact that this is the case, Chinese consumers don’t seem to think that this behavior from American legislators is fair in the slightest.

According to data coming out of the Morning Consult, it appears that majority of consumers who are residing within China are keeping up to date with reports of a potential TikTok ban in the US. 52% of consumers in China who responded to a survey said that they are watching the news surrounding this ban in order to find out what’s going on.

With all of that having been said and now out of the way, it is important to note that Chinese consumers tend to have a different view of the looming ban on TikTok. This ban is starting to seem more and more likely by the day. In the opinion of Chinese consumers, America is only trying to ban TikTok in order to curtail China’s growing soft power around the globe.

Suspicion among Chinese consumers has a definite root cause. America has a reputation for stopping at nothing to preserve its own seemingly unassailable global hegemony. Banning an app that threatens to upset the supremacy of its own social media platforms, many of which are struggling right now, seems to be right of out America’s playbook.

It should be mentioned that there is still a long way to go before a ban can be passed. However, should the ban come into fruition, American companies might find that fewer Chinese consumers are buying their products than might have been the case otherwise.

According to the data that has been presented, nearly two out of every three Chinese consumers are saying that they will start boycotting American products if a ban on TikTok ever gets imposed. Losing access to 65% of the Chinese market will be a death blow to many American corporations that rely on the sizeable consumer sector in the East Asian nation for a hefty chunk of their quarterly revenues.

However, the numbers might be exaggerating the story. For example, just 15% of Chinese consumers stated that they are hearing a huge quantity of news regarding this issue. What’s more, interest in a potential TikTok ban in the US is virtually nonexistent among Gen Z consumers on the Chinese mainland.

This seems to indicate that the most prized sector of China’s consumer market, namely Gen Z, will be unperturbed by any kind of ban. It will be interesting to see if the ban is imposed in the near future, as well as what the fallout from such a ban might look like. There is a chance that it may increase tensions between the two global superpowers.




Read next: The Hidden Costs of Holding onto Outdated Tech in the Workplace
by Zia Muhammad via Digital Information World

New Android Malware 'Daam' Discovered: Steals Sensitive Information and Spreads Ransomware

The IT industry has been battling cyber attacks and malware for a long time. However, with the advancement of technology, cybercriminals have become more sophisticated in creating malicious software. This has led to an increase in cyber attacks and data breaches, posing a significant threat to individuals and organizations worldwide.

Recently, CloudSEK's Threat Intelligence Research Team discovered a new strain of Android malware known as "Daam" that poses a severe threat to users' data security. Daam spreads through various Android APK files, which serve as a possible source of infection. Once installed on a device, Daam attempts to evade security checks and gain sensitive permissions, such as audio recording, call log access, and reading browsing history bookmarks.

The malware can also record all active calls, including mobile and VoIP calls, and transmit the recordings to a command and control server. Additionally, Daam can collect contacts from the victim's phone and encrypt data using AES algorithms located in the root directory and SD card. It drops a ransom note in the form of a "readme_now.txt" file and erases all other files from local storage, except for the encrypted files.

The researchers found that Daam spreads through third-party websites, and it currently uses three programs to infect devices, namely Currency Pro, Boulders, and Psiphon Client for Android and Windows. Currency Pro is a money converter app, while Boulders is a smartphone game. Psiphon Client for Android and Windows is a circumvention tool that can bypass paywalls and restricted content.


To protect themselves from Daam and other similar malware, users are advised to download software only from trusted sources and to read reviews before installation. It is also critical to keep antivirus software up to date and exercise caution when granting application permissions.

In conclusion, Daam is a highly dangerous Android malware that can steal confidential data, record phone calls, and spread ransomware. Users must remain vigilant when downloading and installing apps and only download software from reputable sources. They should also keep their antivirus software up to date and carefully consider the permissions they grant to applications. By taking these precautions, users can safeguard their devices and data from this type of cyber attack.

Read next: Google Dives Down Deep Into Explaining Why Its Authenticator Isn’t E2E Encrypted Amid Concerns
by Arooj Ahmed via Digital Information World

What’s the Best Tool for Detecting AI Generated Content?

The rise of artificial intelligence (AI) based chatbots like ChatGPT have made it way easier to generate content than might have been the case otherwise. In spite of the fact that this is the case, much of this content might not be all that high in quality, and most users are looking for ways to detect whether or not content was written by a human being or simply generated through the use of an AI chatbot with all things having been considered and taken into account.

Not only can the content output of AI be of a low quality, it can also contain harmful misinformation. Also, if you are paying someone to write content for you, it helps to know if they actually put the work in or if they just tried to use a shortcut to cut corners and get the job done without putting any effort into it. Another disadvantage of AI generated content is that it can result in a penalty from Google.

With all of that having been said and now out of the way, it is important to note that there are several tools that can be used to detect whether or not content was written by an AI or a human being. Here’s a list of some of the best ones:

1. AI Text Classifier by OpenAI

Are your writers providing you AI-generated content? Find out the truth with these handy tools

Created by the same company that’s behind ChatGPT, this is a relatively accurate tool. One might think that a detector from the creator of ChatGPT would be the most accurate tool of all, but it failed to measure up to the quality and effectiveness of some of the tools we have described below. That said, all you need to access it is an OpenAI account, and there are no charges that need to be paid either.

2. Copyleaks AI Content Detector

Firstly, this tool offers a Chrome extension because of the fact that this is the sort of thing that could potentially end up expanding its usability by a large margin. You can simply hover your cursor over a specific block of text and it will give you a percentage that will determine the likelihood that an AI was used to generate it. Or simply you can visit copyleaks.com/ai-content-detector and paste your content to see its originality. 

3. Writer

If you want to be able to detect AI generated content but don’t want to have to pay for the privilege, Writer might be your best bet. You can gauge the legitimacy of up to one thousand and five hundred words of content with this tool, although you would need to purchase access to the API in order to scan more words, currently it can detect content written by GPT-3 and GPT-4 models.

4. ZeroGPT


Here we have yet another AI content detector that is freely available for consumers. Not only will this tool allow you to detect content which was drafted by AI, but it will also serve as a tool that highlights the part of the content which is likely written by ChatGPT or GPT-4. So ZeroGPT can be a good choice for digital marketers who want to separate the original content from machine generated.

5. AI Content Detector by CrossPlag

If you’re looking for an AI content detector that can also provide some insight into plagiarism, this tool will be an essential choice. One thing to note about this tool is that it tends to perform better if it is provided a longer block of text to analyze. Overall, it is a handy tool, even though it falls short of the performance of AI generated content detectors that are higher up on this list, which makes it a decent second choice.

Other bonus tools you can try, GPTzeroSapling AI Content-detectorContent at Scale AI.

One important note for those who use these AI detectors is that, these tools can sometimes label carefully human-crafted content as AI-generated text, so be sure to not fire your content writer just based on the tools finding, instead, manually fact-checking your content by a human editor is always recommended. 

Read next: Is The Writing Profession at Risk? Content Producers Weigh in On AI's Impact
by Zia Muhammad via Digital Information World

Thursday, April 27, 2023

Leading Meta Executive Nick Clegg Slams TikTok As A Chinese Firm With Questionable Values Amid Calls For US Ban

One of Meta’s top executives is not shying away from speaking his mind about the entire TikTok fiasco and how strongly he feels about the matter.

Nick Clegg referred to the leading social media platform as one that is Chinese in origin and had a series of questionable values. And the news comes at a time when the demand for a complete ban of the app across the US continues.

Clegg who is leading the global affairs division for Meta also pointed toward the hypocrisy of a new kind that was taking place on the app and was flourishing at a fast pace than expected. This comes as various social media websites such as Facebook and Instagram are currently banned across the Communist nation.

He further explained how TikTok is a huge and very dynamic Chinese firm and can operate in the US but companies like Meta cannot services across China, during a recent interview with Bloomberg.

There is this major issue linked to a discrepancy of leveled playing fields, he continued. And toward the end, there is this mega issue regarding values. There’s a lot of underpinning for this type of technology.

TikTok is just a subsidiary of ByteDance but the way the firm’s executives continue to scramble to display its operations as an independent entity from others of the parent firm, not to mention interference from government officials in China, is a huge deal.

Today, TikTok is not found in China, while the government censors American-owned platforms like Twitter and Facebook too.

Cleggs’s comments arose at a time when we saw both Democrats and Republicans call for the app to be banned in America as issues arise regarding the nation’s security and the dangers linked to underage users getting exposed.

There was much discussion about the firm’s values and how so many advancements were coming forward in the world of AI and that led to concerns from regulators around the globe to take a stand before it’s too late.

China has been taking a very unique course and wishes to pursue different paths depending on its values. Today, there are so many issues regarding separate data privacy and they’re not too huge of a concern in China as they are across the US and other regions like Europe and the rest of North America.

So in conclusion, Clegg felt that it was time for more countries to come forward and make out a new roadmap that makes sure fledging technologies arise and end up matching values too.


Photo: Kenzo Tribouillard—AFP via Getty Images

Read next: UK’s Top Antitrust Regulator Blocks Microsoft’s Purchase Of Activision Blizzard
by Dr. Hura Anwar via Digital Information World

19% of Smartphone Users Want Devices to Last Over Five Years

Most major smartphone companies recommend that you upgrade your smartphone every two years, but in spite of the fact that this is the case, this is mostly just a way for them to increase their sales. It is quite possible to make your smartphone last far longer than two years if you use it carefully, and it turns out that a decent chunk of consumers feel like two years is far too little with all things having been considered and taken into account.

In a recent YouGov survey of British consumers, it was revealed that just 12% of consumers wanted to change their smartphone in two years or less. With all of that having been said and now out of the way, it is important to note that 27% wanted to use their phone for between two to three years, 23% said three to four years. As many as 19% wanted to be able to use their smartphones for half a decade or more!

This includes all smartphone users, but similar patterns can be seen when we break the data down by budget. 46% of ultra premium smartphone users also stated that they would like to use their phones for three years or more, with 10% wanting a five year plus timeframe.

Unsurprisingly, 24% of budget smartphone users mentioned an over five year time frame as well. However, what’s truly unexpected is that the gap between budget phone users and ultra premium phone users isn’t a lot higher.

This proves that smartphone users irrespective of their budget want smartphones to last longer than might have been the case otherwise. 36% of smartphone users stated that their main priority is durability because of the fact that this is the sort of thing that could potentially end up extending the lifespan of their devices.

OEMs would do well to take heed of this data. It reveals a shifting landscape among consumers, with most preferring to hold onto their phones for as long as possible. Just 20% said that update availability was a factor they considered when buying smartphones, so the old model might not work anymore.


Read next: The Rise Of The Green Tech Transition: Which Countries Are Ready To Adopt The Technology
by Zia Muhammad via Digital Information World

How Wondershare’s PDFelement is Revolutionizing Productivity With AI

The rise of AI technology has created a series of seismic shifts across numerous industries. Professionals looking to boost their productivity have frequently started to turn to tools like ChatGPT to boost their productivity. However, ChatGPT is just the tip of the iceberg as far as productivity tools are concerned. Using these tools is crucial for maintaining relevancy in a niche, and a new company that many professionals are looking to explore is Wondershare.


Firstly, Wondershare is seeking to simplify the use of PDFs in a standard workflow. Its intuitive user interface is a hallmark of design done right, and the estimated 60% in savings that Adobe users can get by switching over to it further enhances its appeal.

With its flexible licensing options that include permanent access with a one time payment or a monthly subscription, Wondershare’s PDFelement attempts to offer a no-nonsense solution for PDF usage in the corporate world as well as for individuals. Multi-platform compatibility serves to sweeten the deal by making it so that Mac, Windows, and even mobile users on iOS and Android can get in on the action!

There’s an abundance of features that set Wondershare PDFelement apart. Modifying PDFs will now become easier than ever before, with an editing setting that makes things as simple as typing text out into Word. Got a PDF that’s in a different language? Wondershare’s translation tool has got you covered, and the Compress feature can make it easier to send off to other collaborators as well!

Perhaps the most prominent benefit of using Wondershare is its emphasis on security. Long gone are the days when facsimiles of your PDFs might end up making the rounds. You can now use AES and RC4 encryption ciphers to password protect them. Only users with the pass key would be able to get access to the PDFs, thereby rendering the information contained within as safe as it could possibly be.

Other features that are worth a mention include the eSign feature which can greatly simplify the process of signing contracts. Drafting these contracts would be a breeze as well, with the aforementioned editing feature also assisting in the creation of PDFs along with organizing them to get the information across as accurately as possible.

Furthermore, Wondershare PDFelement also offers a variety of AI tools that can bring your work flow into the modern age. Firstly, there’s the Summarize tool, which facilitates easy comprehension of long and short form content. Rather than having to read through the entirety of the content, you can have Wondershare PDFelement extract the most relevant pieces of information and compile them in a summary.


This is a tremendous time-saving feature, but it’s just one of the many that Wondershare brings to the table. Its PDFelement product also offers an excellent AI content detector. The ease with which content can be created through the use of AI makes it necessary to know the difference between AI generated content and human-made content. The PDFelement software’s content detector feature notices patterns in the text that would confirm its origins either way.

It's quite clear that Wondershare is taking great strides to enhance productivity with the AI tools contained within its PDFelement software. Its Proofread and Rewrite features stand out, since they can help to optimize your content.

Using AI to proofread blocks of text can point out errors that regular human proofreaders might miss, and the rewrite feature lets you come up with a more polished finished product. Combining these tools can make for a much easier workflow, one that would be conducive to fixing any unnoticed errors and creating content that would be in line with industry expectations.

Yet another excellent addition to Wondershare’s PDF reader is its Explain feature. This feature leverages AI to not just summarize the content within the PDF, but also to provide some context for technical terms that may be difficult to parse. Automatically generating technical explanations can double productivity time, since users can skip over the hassle of having to look up each definition individually.

Finally, Wondershare has seen fit to add the most useful AI feature of all, namely a chatbot that can act as your personal AI assistant! This assistant can allow you to get suggestions on how to deal with various documents, and it can combine quite spectacularly with all of the aforementioned AI features to create something new and useful. It turns your PDF into an actual chatbot, allowing you to communicate with it in order to better understand it.

The sum total of these features could create the perfect storm for a productivity revolution. Let’s say you receive a complex legal contract from a client. Signing the contract would be easy thanks to Wondershare’s PDFelement, but what if you’re having some trouble ascertaining the meanings behind some of the words?

Well, in that case, users can use the Explain feature, or Summarize the document so that they can understand some of its more salient points. If you need to draft a response or raise issues with certain portions of the contract, the Proofread and Rewrite features can ensure that your reply is professional and succinct.


All of a sudden, several days of work that would have involved numerous people can be done by a single person in under an hour, and it’s all thanks to Wondershare!

We would strongly advise anyone that’s been paying attention to the AI revolution to give Wondershare’s PDFelement a try. Its assortment of features, both standard and AI optimized, can be just the tool you need to meet each and every deadline in the blink of an eye.

by Zia Muhammad via Digital Information World

UK’s Top Antitrust Regulator Blocks Microsoft’s Purchase Of Activision Blizzard

Microsoft has been barred from carrying out one of the tech industry’s biggest purchase deals.

A leading antitrust regulator in the United Kingdom has prevented the computational giant from purchasing Activision Blizzard and this has ended up putting the deal on hold. The regulator feels it would jeopardize competition in regard to cloud gaming.

Moreover, this particular Competition and Markets Authority (CMA) mentioned through a statement released on Wednesday how it was concerned about a reduction in innovation and providing a decreased selection of choices for gamers across the United Kingdom in the future.

This particular acquisition was reportedly worth a staggering $69 billion that was unveiled at the start of 2022. And if it did manage to pull through, it would make the software maker even stronger in regard to cloud gaming. Today’s market share for the firm stands at 60% to 70% so you can only imagine how the share would be increased globally.

The shares for Activision fell more than 11% today as Microsoft’s shares increased by 8%.

Activision Blizzard is one of the world’s largest developers in the world of video games as it is known for producing games like Call of Duty, Overwatch, Diablo, and World of Warcraft. Moreover, Microsoft which sells such Xbox gaming consoles is now also offering subscription services for video games that are known as Xbox Game Pass. This entails a video game streaming service that’s based on the cloud.

This type of deal combines firms together and is continuing to meet a great amount of opposition thanks to global antitrust regulators.

Let’s not forget how toward the end of 2022, we saw the American FTC suing to block this transition over a number of concerns regarding competition. Meanwhile, a hearing for August is scheduled and the EU is also glancing over this transaction.

For now, it’s not quite sure if the deal may be allowed to carry on after receiving no approval from a leading regulator. Meanwhile, the ruling mentioned how the tech giant could work toward making the games on Activision a more exclusive affair to its platforms and then go about increasing the costs of the subscriptions for Game Pass.

Remember, UK gamers are faced with cloud restrictions to prevent them from making expensive gaming purchases of gaming consoles and PCs as it provides them with so much more flexibility and selection in terms of how they play. In the end, it just puts Microsoft in a leading position in the market for cloud gaming as starts to grow at a rapid pace and would take on innovation that’s important to the development of such chances.

So after the sudden rejection, Microsoft has full plans to appeal such decisions. The tech giant says it has already started work on this front by sending out a notice of appeal to the Competition Appeals Tribunal in the UK. And this is being done on behalf of both parties involved.


Read next: Microsoft Edge In The Spotlight As Company’s ‘Follow Creators’ Feature Reportedly Bugged In New Update
by Dr. Hura Anwar via Digital Information World

Exploring SSTI Vulnerabilities: Real-World Examples and Mitigation Strategies

Server-Side Template Injection (SSTI) attacks are growing, and they pose serious threats to most organizations that use web apps that employ a templating engine to produce content. Common examples of which are WordPress, Joomla, and Drupal. Many organizations rely on these content generation and management systems for their online presence.

SSTI vulnerabilities are regarded as serious threats. They are rarely benign. Most vulnerabilities are eventually discovered and exploited by threat actors. The attackers can take advantage of the issue to execute malicious code on the victim’s server, which can lead to data theft and the possibility of being able to take over a server. There have also been instances when an attack through this vulnerability has led to more attacks on an organization's internal infrastructure.

Illustration: Freepik

Here’s a rundown of a few actual SSTI vulnerabilities discovered over the past years and the best possible methods to address them.

Apache Velocity SSTI vulnerability

One of the more recently discovered SSTI vulnerabilities involves Apache Velocity, a template engine based on the Java programming language. In March 2021, IT engineer Marjan Sterjev explained the vulnerability in a blog post, where he detailed the possible ways it can be exploited. He presented the different command lines that bring out the server's root directory, OS directory listing, and other information that is of interest to hackers.

Sterjev emphasized that this vulnerability could have been avoided by not inspecting raw content in templates using string-based substitution. This creates an unnecessary opportunity for hackers to launch an SSTI attack. It should only be allowed if there is a compelling reason for it, like the availability of an important function. If this string-based substitution is allowed, it is advisable to conduct thorough tests and implement the necessary sanitation.

Drupal SSTI vulnerability

On January 5, 2023, Drupal received a report regarding the possibility of an SSTI vulnerability identified in the rendering of the CKEditor plugin's "Language" button. The issue is associated with Drupal core version 9.4.x-dev. A patch is already available to fix this security issue. However, it can also be rectified by upgrading to Drupal 10.

This issue is traced to the use of 'type' => 'inline_template' in the Language class on line 68. The vulnerability emerges because of the failure to sanitize the value of Language translation before it is sent to the Twig template. It only appears if the CKEditor module is enabled and the user saves the translations made.

This can also be resolved by switching to the use of “PlainTextOutput::renderFromHtml” on the result. Additionally, instead of allowing the standard direct usage in the string to prevail, the context argument should be used.

This vulnerability is regarded as obscure by some developers, but there is nothing to lose in addressing it. This is a server-side template injection vulnerability, and the possibility of enabling the execution of arbitrary code through it has not been ruled out.

Shopify SSTI vulnerability

In April 2019, a participant in Shopify's HackerOne event reported an SSTI vulnerability, which was tagged as a "zero-day" at that time. It specifically targeted the JavaScript template library referred to as “handlebars.” This vulnerability made it possible for threat actors to execute code remotely in the Shopify Return Magic app. The malicious code can be used to stage a takeover of a server.

Shopify’s Return Magic app is designed to automate the process of doing product returns. Shop owners can take advantage of this app to customize the messages sent to customers who go through the product return process. The vulnerability resides in the app’s workflow email templates, which appear to allow injection.

Thymeleaf SSTI issue

Noted for its natural templating engine, Thymeleaf is a server-side template engine for Java. It makes it possible to generate a template that looks and operates just like HTML. The problem is that Thymeleaf appears to come with a "dangerous" feature called "expression preprocessing." This feature preprocesses expressions that are enclosed by double underscores, then uses the result of the preprocessing as a component of a real expression to be evaluated later on.

In June 2020, security researcher Aleksei Tiurin exposed this preprocessing feature as a potential SSTI threat. Tiurin pointed out that threat actors can gain the ability to execute arbitrary expressions if they manage to control, manipulate, or decide what the content of the preprocessed values will be. Tiurin describes this as a “double-evaluation vulnerability,” which appears to be quite challenging to detect through the standard black-box approach.

Taking the SSTI threat seriously

Fortunately, there have been no reports of major attacks exploiting the vulnerabilities listed above. Or maybe there have been actual SSTI attacks that resulted in serious consequences for the victims, but nobody was interested in making a big deal out of it. Falling victim to cybercrimes is not something to be proud of, after all.

It is important to be mindful of the risks of server-side template injection. Organizations should consider adopting preventive security mechanisms together with the following best practices:
  • Input sanitization - Templates should be configured to always check for disruptive or potentially anomalous elements in the inputs. An "allowlist" rule is recommended to make sure that inputs are limited to a specific range of characters that are ascertained to produce no anomalous behavior.
  • 'Edit' access restriction - Templates should not be editable to virtually everyone. Access rules should be implemented and only administrators or developers should be allowed to impose changes.
  • Sandboxing - This is a precautionary measure designed to ensure the safety and security of users. It is often regarded as a more secure approach, as compared to mere input sanitization.
  • No-logic templates - Templates are considered logic-less if their code interpretation is designed to be uncoupled from visual representation. Logic-less templates are considered more secure and data-driven because they make controls compulsorily data-driven and integrated with application logic, thus making remote code execution unlikely.
  • Using cybersecurity platforms - It is also possible to significantly minimize the threats of SSTI by using cybersecurity platforms that include runtime application self-protection (RASP), web application firewalls (WAF), API security, DDoS defense, advanced bot protection, attack analytics, and other advanced security functions.
Server-side template injection vulnerabilities are quite common, but many do not realize the severity of the possible outcomes of SSTI attacks. It is important to understand this threat properly and anticipate possible attacks by embracing best practices and using comprehensive cybersecurity platforms. The lack of reported damages or losses due to SSTI attacks does not mean that this vulnerability is not dangerous.

by Web Desk via Digital Information World