惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
S
Security @ Cisco Blogs
S
Security Affairs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
Lohrmann on Cybersecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
A
Arctic Wolf
NISL@THU
NISL@THU
P
Proofpoint News Feed
W
WeLiveSecurity
S
Schneier on Security
AI
AI
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
L
LINUX DO - 最新话题
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
V
Vulnerabilities – Threatpost
Cyberwarzone
Cyberwarzone
I
Intezer
S
Securelist
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
小众软件
小众软件
Last Week in AI
Last Week in AI
Jina AI
Jina AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
WordPress大学
WordPress大学
罗磊的独立博客
月光博客
月光博客
雷峰网
雷峰网
A
About on SuperTechFans
The GitHub Blog
The GitHub Blog
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
大猫的无限游戏
大猫的无限游戏
博客园 - 司徒正美
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
The United Nations runs Google
Alexander Hanff · 2026-06-25 · via Hacker News - Newest: "AI"

I have spent the better part of my life fighting for privacy - for the right of a person to control what is known about them, by whom, and to what end. It is a right the United Nations itself gave the world, in Article 12 of the Universal Declaration of Human Rights in 1948, and restated in binding terms in Article 17 of the International Covenant on Civil and Political Rights. I am a supporter of the UN, and of the architecture of rights it built across the last seventy-five years. I want to be very clear about that before I say anything else, because what follows is written out of respect for what the organisation is supposed to stand for, not out of any wish to see it diminished.

On AI accountability, the UN is right

The Secretary-General has been right to raise the environmental cost of artificial intelligence - the electricity these systems burn, the water their data centres consume, the carbon they put into an atmosphere we all share. I agree with the position completely. If anything I would like the UN to go further, to treat the whole of corporate environmental, social and governance accountability with the seriousness it deserves, and to hold the companies building these systems to a standard that matches their scale and their power. On the substance of what the UN is asking of industry, I do not disagree with a single word.

The problem is the hypocrisy

My problem is not the message. My problem is that the organisation delivering it does the very thing it condemns - on its own website, at enormous scale, using the very vendors it is demanding the rest of the world hold to account - and it does not so much as acknowledge that the harm exists.

I ran a forensic capture of the United Nations English-language homepage, https://www.un.org/en/, from an EU vantage point. The capture is cryptographically signed and RFC 3161 timestamped, so every figure below can be independently verified rather than taken on my word. What it shows is that the page loads Google Tag Manager, Google DoubleClick advertising infrastructure, YouTube tracking, and Google-hosted fonts and APIs - third-party services that profile the people who visit - and it does so with no consent banner of any kind. There is no consent mechanism on the page at all. Nothing is asked. Nothing is offered. The tracking simply runs, on every visitor, the moment the page loads.

Not bound by the law is not the same as free to ignore it

The UN is an international organisation. That is a specific thing in law - a body created by treaty between states, with its own legal personality, and with immunities from national jurisdiction set out in the Charter itself (Article 105) and in the 1946 Convention on the Privileges and Immunities of the United Nations. In practice that means a national data protection authority cannot serve the UN with an enforcement notice or a fine. The General Data Protection Regulation and the ePrivacy Directive, as instruments of national and EU enforcement, do not reach the UN in the way they reach other data controllers.

That immunity is a reason to hold a higher standard, not a licence to hold a lower one. An organisation that exists to create, maintain and champion human rights, and that lectures industry on responsibility, should be setting the bar for everyone else - not quietly availing itself of the very surveillance technologies that erode the rights it was built to defend. These technologies should not be on the UN's estate at all. They do real and documented harm to fundamental rights, and, as the figures below show, real and avoidable harm to the environment. By ignoring its own conduct while demanding accountability from others, the UN brings its entire moral authority into disrepute - and it does so at the expense of the rights it created and, given the context of the Secretary-General's own remarks, at a measurable cost to the climate.

The environmental impact

The method here is the same one my WebSentinel platform applies to any site, and the same one I have already set out in a formal environmental complaint filed in another matter. I measure the bytes actually transferred to load the page, separate the first-party content from the third-party tracking, and convert that tracking to electrical energy and carbon. By "the tracking" I mean the third-party services that, for any data controller the law actually binds, would require the visitor's freely given consent before they were allowed to load - consent the UN, as an international organisation, is not obliged to obtain, and here did not seek. The energy intensity of network transfer is taken as 0.06 kWh per gigabyte, the mid-band of Parssinen et al. (2018); the grid factor is 0.25 kg CO2e per kWh, the EEA / IEA EU-27 composite for 2024. I use a thirty-day month, and I extrapolate across the English-language site's traffic, which public estimators place in the region of 20 to 25 million visits per month.

Per single visit the page transfers about 6.29 MB, of which about 2.06 MB is third-party tracking of the kind that would otherwise require consent.

The avoidable footprint - that would-otherwise-require-consent portion alone:

English-site visits / month Energy (annual) Carbon (annual)
20 million 29,599 kWh 7.40 tonnes CO2e
25 million 36,999 kWh 9.25 tonnes CO2e

For reference, the full page weight across the same traffic runs to roughly 22.6 to 28.3 tonnes CO2e a year. The numbers above are deliberately conservative: they count only the third-party portion, they exclude end-user device energy, and they use the mid-point of the published range. The true figure is higher, and that is before a single one of the UN's many other pages, languages and subdomains is counted.

The privacy impact

The capture is unambiguous about what the page does to the people who load it, and it does all of it with no consent and no means to refuse.

The page reaches out to thirteen distinct third-party hosts, and loads executable third-party script from five of them - 160 third-party script requests in a single page load. The third parties are, almost without exception, Google: Google Tag Manager, Google Analytics (region1.google-analytics.com), Google's DoubleClick advertising infrastructure across three separate endpoints (googleads.g.doubleclick.net, static.doubleclick.net, ad.doubleclick.net), YouTube, Google Fonts and Google APIs - alongside Libsyn, a podcast and advertising platform, and a UN media CDN. This is an advertising and analytics stack, running on the website of the body that wrote the right to privacy into international law.

While that code runs, it interrogates the visitor's device. The capture records 342 fingerprinting events across roughly twenty distinct surfaces. Among them: the device's graphics hardware (WebGL), its battery status - an API browsers have been removing precisely because it was abused for tracking - its network connection information, its media devices, that is the cameras and microphones attached to the machine, its timezone, keyboard layout, client hints, permissions state, and the full navigator and screen profile. These are the building blocks of a device fingerprint - a way to recognise the same person again even when they have taken deliberate steps to stay anonymous.

The page also writes and reads storage relentlessly: 437 storage operations, including 44 cookies set and 228 cookies sent, plus localStorage, sessionStorage, IndexedDB, the Cache Storage API, and even window.name, a long-standing cross-context tracking trick. The third parties doing most of this are YouTube, with 140 storage operations, and Google Tag Manager with 23 - third-party code, writing and reading identifiers on the device of every UN visitor, who was never asked.

I want to address one surface specifically, because of who visits this site. WebRTC is a browser technology that can be made to reveal a visitor's true network endpoints even when they are behind a VPN. For an ordinary website that is a privacy problem. For a site visited by human rights defenders, journalists, and people reporting from hostile territory, it could be a matter of physical safety - the unmasking of a VPN could place a real person in real danger, and if the script doing it is a third party, the UN has no control over where that data goes. I checked for it specifically. On this page I found no WebRTC endpoint probing, and no service worker quietly running in the background after the visitor has left, and I am glad to be able to say so. But the deeper problem does not go away: the UN does not control any of the thirteen third parties on this page. It cannot read their code, it cannot vet their updates, and it cannot guarantee that none of them adds exactly that capability tomorrow. When you hand your visitors to third-party scripts, you hand over the people behind the screens - and not all of the UN's visitors are ordinary people, many are in a vulnerable class of one form or another.

What I am asking the Secretary-General to do

I call on the Secretary-General to pledge that, within 180 days, the United Nations will remove all third-party tracking, analytics, testing and advertising scripts, and all tracking beacons, from its websites - the entire online estate, not a single flagship page. At the scale the UN operates, this is not a cosmetic change. It is the difference between an organisation that practises the rights it preaches and one that erodes them, continuously, across millions of visitors a month, at significant and entirely avoidable cost to the environment the Secretary-General has rightly asked us all to protect.

Because the Charter demands it

I am not singling out the United Nations, and I have the record to prove it. In 2018, on the very day the European Data Protection Board's website went live, I filed a formal complaint against the Board, because its own site did not comply with the ePrivacy Directive or the GDPR - while openly acknowledging that the Board was not itself bound by the GDPR, but owed a duty of responsibility precisely because it is the body telling every company in the EU how important it is to protect personal data. It took several weeks, and the Board's first plenary meeting, before the matter was resolved and the Board accepted that it had to lead by example. On 1 October 2019, within two minutes of the Court of Justice handing down its judgment in Planet49 (Case C-673/17), I filed a complaint, because the Court's own website did not comply with the judgment the Court had just issued. I hold the institutions I admire to the standard they set for everyone else, and I always have.

Just because the rules might not apply does not mean the rules should not be applied. The United Nations Charter, in Article 1(3), sets as a founding purpose of the organisation "promoting and encouraging respect for human rights and for fundamental freedoms for all", and its preamble reaffirms "faith in fundamental human rights, in the dignity and worth of the human person". Privacy is one of those rights - the UN said so itself in 1948, and again in the Covenant. Convenience is no excuse for a corporate entity that loads these technologies without consent, and it is no excuse for an international organisation either - least of all one whose own founding document demands that it respect the very rights its technical choices are quietly undermining.