Ongoing public concerns over real-time video scams has been the spur to gain global attention as we witness new major incidents taking place increasingly more. Take a Hong Kong MNC recently falling prey to a scammer in a colossal $25.6 million heist — the deepfake technology has already evolved enough to bring on a whole new brand of fraud.

What remains is a call to action. Are there ways to protect yourself and your organization against con men posing as your boss, your business partner, or even your own mother? Let’s find out!

First things first, let us start with the definition.

What is a deepfake?

In case the definition of a deepfake is still unclear to some, a deepfake is content generated using deep learning techniques that is intended to look real, but is in fact fabricated. Artificial intelligence (AI) used to generate deepfakes typically employs generative models, for example, Generative Adversarial Networks (GANs) or auto-encoders.

Deepfakes are used not only in video content, but also in audio recordings and images. The purpose of a deepfake is often to depict an individual or a group saying or doing something that they never did in reality. To produce content that appears convincing, the AI must use large datasets in its training. It allows the model to recognize and reproduce natural patterns present in content it is designed to mimic.

While deepfake technology is a breakthrough with great potential in the film industry and game development, as well as a rising social media trend, it also opens dangerous opportunities for illegal use. The examples are numerous and include identity theft, evidence forging, disinformation, slander and biometric security bypass. In all cases, fraudsters typically leverage the depicted person’s authority over the targeted individuals or personal connection to them, depending on the setting.

Where can you encounter a deepfake?

Deepfakes are used to produce video, audio or image content, as a recorded media or a real-time stream. It can be a YouTube video, a ‘leaked’ recording in a social post, a phone call or a video conference – the opportunities are practically unlimited.

Depending on the purpose, the format is picked accordingly. For example, political disinformation works best where mass engagement is possible, meaning that spreading it publicly via social media is the best tactic. Whereas seeking a private gain from a company or or individual requires a more intimate setting and often a personal conversation.

When it comes to threats to your personal life, finance or security, we can narrow down the most dangerous deepfake scenarios to encounters with people you care about, trust , or report to. This can be a family member, a friend, or an authority figure at work such as your boss or a company executive.

The setting will most likely be private: whether over a phone call or a video meeting. Personal meetings are much easier to execute and give the faker much more control over the situation. The conversation, whatever the background is, will lead you to an action under a sense of urgency or fear – most likely to transfer a sum of money. The tactic is to deceive your logic and common sense using fear, compassion or even ambition.

As generative AI development drives a huge interest and investment, we are entering a dangerous zone: real-time video, the most sophisticated and convincing deepfake use case yet, still has a very little awareness.

Deepfakes in real-time video

Real-time video deepfakes generate manipulated video content in real-time for immediate application during live streams and video calls. Voice cloning and face swapping are the most frequently used techniques to compose a complete faked environment.

Face swapping

Face swapping is a common application of deepfakes, allowing the software to replace facial features of a target person with fake features, most often those of another person. With facial landmark detection and manipulation techniques, the blending appears seamless and hard to spot when caught unaware.

Voice cloning

In addition to looking convincing, a faker also needs to sound convincing. For this part, voice cloning is used. In voice cloning, the AI replicates the voice of the individual. A significant amount of high-quality audio data is required to train a voice cloning model, usually obtained from recordings of the target person speaking in various contexts and using different intonations.

Curiosity time: how does a deepfake setup actually work?

Deepfake technology is capable of impersonating real-life individuals and doing it in a real-time setting, making the result even more convincing (and terrifying!). But how does the software work in a way that we encounter deepfakes using familiar meeting platforms?

Deepfake generation software can be integrated with streaming platforms and video conferencing tools in many ways:

• It could function as a separate application that captures the video feed, processes it in real-time, and then sends the manipulated feed to the video conferencing software.
• Alternatively, it might be integrated directly into the video conferencing software as an optional feature or plugin.
• Another way, even more sophisticated and hard to detect is camera input, namely a virtual camera. Virtual camera intercepts the video feed from the physical camera of the faker. It then outputs the manipulated feed to the video conferencing software. The faker just picks the virtual camera as their camera input and voilà! (not funny, we know).

How to protect yourself against deepfakes?

Finally, to the most important part. How do you protect yourself against a deepfake, or at least get prepared to spot a fake boss making a sketchy request over video?

Privacy-first videoconferencing software is a key to safe meetings. Meet Nextcloud Talk, a powerful chatting and meeting platform that lets you regain control.

Learn more

Watch out for red flags

AI face swapping technology maybe advanced, but it’s not perfect. There are red flags you can spot, or at least learn to look out for when something seems off or unnatural:

• Unrealistic facial expressions or movements, including unnatural eye movements, inappropriate blinking, and/or weird lip sync.
• Inconsistencies in lighting and shadows that don’t match the surroundings.
• Unnatural head or body movements, as well as visible blurring or pixelation around the face or neck.
• Inconsistent quality in audio and video and mismatch between the picture and the sound.

Suspicious? Be proactive

There are methods to help you fish out the red flags that generally won’t make the conversation awkward if the person is in fact real.

First, there’s nothing more natural than a casual conversation. Engage in small talk: ask about their day, routine, questions about people you both know, etc. A complete stranger will struggle to be spontaneous and maintain the same personal connection. It’s also easier to catch one off guard when they lose a sense of control.

You can also use other video conferencing features: ask the person to share their screen and show you something related to your common tasks. This will be very difficult to replicate without access.

Finally, once they make a suspicious request, you have more freedom to be alert openly — politely ask them to confirm their identity by providing some exclusive information or send you a confirmation message via a different channel.

Set up a passphrase

One more way to ensure confidence when it comes to sensitive topics is setting up a password or passphrase. This is an easy way to confirm the identity of the people you know, both at work and between family members, and it is equally effective via voice, video and text communication.

Verify identity outside of the meeting

If a faker poses as a person you know well, chances are you have more than one communication channel to reach out with. Use email, a messenger or a personal phone number to contact them and raise a question — the reason is valid.

Don’t let them harvest your data

To replicate and manipulate a person’s voice or image, AI needs a massive amount of data. This data is often gathered beforehand, during online calls and meetings. Features like Recording Consent in Nextcloud Talk may help you protect yourself and others from such a data haul.

Use company software

It’s unlikely for your real boss to set up a meeting via a platform you never use for work. And if they do, they must have a good reason! Don’t be afraid to stand up to suspicious activity.

Using company software means better control over the data and compliance with privacy regulations. Even better — if you run it on-premises! Should an incident happen, the company IT team can run an audit to retrieve the relevant data and investigate.

Ensure secure access to your videoconferencing platform with settings like 2FA, strong passwords, data encryption, activity monitoring, and login restrictions. This applies to your personal settings and administrative controls.

Nextcloud Talk: video and chat with privacy in mind

Using a privacy-oriented, unified workspace with admin control in all apps makes sure your security protocols are in place to detect and prevent breaches. Nextcloud Hub provides a user friendly videoconferencing platform that keeps users happy to stay within company IT.

How Nextcloud Talk protects your data:

• AI-powered suspicious login detection
• Multi-layered encryption with end-to-end encrypted communication
• Brute-force protection
• Fully on-premises, 100% open source

Nextcloud is an open-source project backed by a strong community with proactive approach to vulnerability research and patching. It is designed to let you stay compliant with GDPR, CCPA, and the upcoming EU ePrivacy Regulation.

Get Nextcloud Hub

Download and install Nextcloud Hub here!

Get Hub

The post How to protect yourself against deepfake scams in video calls appeared first on Nextcloud.

While a press release is obviously meant to be public, which is why the simple password was chosen, you might wonder why the ministry didn’t just use a completely password-less link for their Nextcloud share?

Secure sharing with Nextcloud

Nextcloud differentiates itself from public clouds like Microsoft 365, Dropbox or Google Drive with a focus on privacy and data sovereignty. Unlike public clouds, Nextcloud often runs on private cloud environments, giving the organization deploying it direct control over the data. It wouldn’t make sense for the German government (or any other) to hand over important data to foreign tech firms, which is why Nextcloud is widely deployed in the European public sector.

Protect your public links with passwords

With Nextcloud, users can share directly with other users. This makes sure no data leaves the government data center. But sometimes data must be shared outside the organization, either to a single individual or fully in public like with a press release.

Nextcloud allows users to create one, or more, public links for this purpose. A public link lets a third party who has the link view and (depending on the settings) download and edit the file. As you might share a document for editing with one person, and create another link with only viewing permissions to a second, each link can have its own protections. Including a password, expiration date and more!

The system administrator can put in additional controls, to ensure data is always protected. The File Access Control can use rules to stop files from being accessed outside Germany, for example. Or a mandatory 30 day expiration date can make sure links get cleaned up after a while. And last, but very relevant, administrators can enforce a password on each public link.

This setting is clearly enabled on the Nextcloud server used by the German Ministry of Defense, and explains why a simple password (1234) had to be chosen. Note that administrators can even enforce a certain degree of password quality, blocking such simple passwords from being chosen by users!

In other words. Mr. Pistorius does not use the password ‘1234’ to protect any data – it was meant to make it easy to access the press release.

We hope the readers at Bild appreciate out explanation!

For a more detailed exploration of our file sharing features available throughout Nextcloud, see our in-depth docs on File Sharing or our Sharing features overview.

The post Educating Bild: password-protected sharing appeared first on Nextcloud.

Here at Nextcloud we love reasons to celebrate data privacy, to continue exploring and improving our privacy goals. Respecting privacy is a deep aspect of our company and community culture, our shared mission, and a concept we interact with daily. With Data Privacy Week in full swing, we’re excited to be part of the conversation — and part of the solution — in regaining and maintaining privacy of your personal and corporate data.

We encourage you this week to be introspective, to re-evaluate your current privacy landscape, and to explore steps you can take to regain aspects of your data privacy. And in case you’re already a privacy advocate, we encourage you to help guide others to a more private digital lifestyle!

Who owns your…

If you’ve met us at conferences and corporate events around the world, you may have seen our swag with memorable nudging queries:

We encourage you to ask yourself regularly: Where is your contact book stored, and who has access to that data? What about your calendar, or your email? Medical data? Your location?

And with everyday technology’s every-evolving pace, we can also begin to ask: Who owns your AI prompts? Your intellectual property and corporate secrets? What of your home surveillance videos? Your Bitcoin wallet?

Recommended everywhere

We’re proud that together with our open source community we’ve built the industry’s leading privacy-respecting online collaboration platform as recommended everywhere. PrivacyTools.io highlights Nextcloud in their list of “Top 10 Privacy Tools” and “Best Encrypted Cloud Storage in 2024“. PrivacyGuides.org features Nextcloud at the top of many categories from Productivity Tools and Collaboration Platforms, to File Sync.

Think Dropbox, Google Drive, or iCloud, except that you have complete control over where and how your files are stored.

ProPrivacy’s review of Nextcloud

Read review

Most trustworthy cloud storage… With Nextcloud, you, of course, decide where to keep your data.

ZDNET’s Best Cloud Services of 2024

Read more

Nextcloud’s many privacy solutions

Nextcloud Hub, our collection of tools all under one unified platform, offers many solutions to help you secure your private data.

• Nextcloud Photos — backup, store, and enjoy your photos, privately.
• Nextcloud Notes — secure, mobile note-taking in your back pocket.
• Passwords Managers for Nextcloud — keep your accounts safe with better password strategies.
• Nextcloud Talk — private chat and video conversations for family, friends, and the office.

Local, private Artificial Intelligence

Several types of AI integrations are also available throughout Nextcloud Hub, from completely self-hosted options to integrations with external services. For a fully private AI experience, all self-hosted AI features in Nextcloud are built-in and run completely on your server, meaning none of your data leaves your premises and you’re in full control. We encourage you to read more about our Ethical AI Rating system, our dedication to transparency, and the various AI-assisted features available to you:

• AI in Nextcloud: what, why and how
• Meet the Nextcloud AI Assistant

Open Source: non-private code by design

When it comes to assuring privacy and security concepts are upheld in our software, we actually prefer to share our development in the open; transparent for all to see, inspect, share and participate in. Following open source development practices is deeply embedded in our identity, building trust in both the people and the code that goes into Nextcloud.

Curious? Explore what thousands of contributors create together on our GitHub!

Where to start?

While we firmly believe your data privacy is equally important every week of the year, we hope this Data Privacy Week encourages you to consider your current practices, and where you can take action to improve your data privacy. There’s plenty of opportunity to make improvements, collaborate with others, and to have fun along the way. We hope, too, that our excitement to make Nextcloud a central part of your data privacy toolkit helps make your journey that much more successful.

We all deserve privacy — after all, it has been declared a UN Human Right. Our goal is that together we can help make private-by-default the standard in all our technological endeavors.

Streamline your move to Nextcloud with our migration tools

We’ve created a number of migration tools to help you easily transition from platforms like Google, Microsoft, and more. With just a few clicks, you can move your documents, photos, chat logs, and calendar items into Nextcloud — a platform trusted by millions of users worldwide.

We currently offer migration tools for Google, Dropbox, OneDrive, and ownCloud to help you create a smooth transition, whether you’re a family or an enterprise.

We look forward to joining you on your data privacy journey! We also encourage you to discuss your data privacy with your family, friends, colleagues and those who care for your data.

The post Data Privacy Week: Who owns your data? appeared first on Nextcloud.