Fidaro

👇 if you're using a Windows machine BitLocker "on" and BitLocker actually protecting you aren't the same thing. Most Windows machines run TPM-only mode by default. That's the setting a newly disclosed exploit called YellowKey bypasses with a USB drive and a reboot. The fix: Switch to TPM+PIN. A PIN will be required at startup, and it stops this cold. 🔗 Mitigation guide in the replies.

Up to 275 million students and teachers had their Canvas data exposed. Names, emails, student IDs. And the messages they sent each other. The next phishing email won't come from a stranger. It will reference your real classes, your real teachers, your real conversations. https://t.co/DAHmiOZXh5

"Built with AI in a weekend" sounds impressive until you remember what that actually means. No code review. No security audit. No backup strategy. Last week, an AI agent deleted an entire company's database in 9 seconds. Three months of customer data gone. https://t.co/eh2GR3fM14

You install a browser extension to download a TikTok video. It takes 5 seconds. That extension now has access to everything you do in your browser. Passwords. Messages. Banking. 12 fake TikTok downloaders. 130,000 users. Some were marked "Featured" by Chrome and Edge. https://t.co/rSnuqz1zco

You didn't decide to tell ChatGPT your therapist's name. It just came up. Same with the job you hate. The health thing you're still figuring out. The relationship that's complicated. ChatGPT, Claude, and Gemini can remember all of it between conversations – on by default. Most people have never looked. Settings → Memory. It's worth a few minutes. But what you see there isn't where your data lives. It's just the version they decided to show you.

The New York Times sued OpenAI and asked the court to force them to keep all ChatGPT user data indefinitely. The court agreed. For months, every conversation on ChatGPT was being retained, not because OpenAI wanted to, but because a judge said so. OpenAI fought it and returned to 30-day deletion. But the precedent exists: a lawsuit you have nothing to do with can decide what happens to your data. https://t.co/PWa3iuoeZy

Attorney-client privilege is one of the strongest legal protections that exists. A U.S. court ruled it disappears the moment a conversation touches an AI tool. The reason: the data went to a third party. Privilege waived. Doesn't matter what you intended. Doesn't matter how sensitive it was. The law now treats your AI conversations the way it treats a postcard. Readable by anyone it passes through. If a legal conversation loses protection the moment it touches an AI tool, think about what that means for everything else you share. https://t.co/RAIZ9LVPTG

You meant to share one paragraph. But here's what actually travels when you upload a document to an AI tool: 1️⃣ A PDF carries the author's name, the company, the creation date, the edit history, and sometimes comments people were certain they'd deleted. 2️⃣ A spreadsheet brings tab names referencing internal projects. Formulas pointing to systems that were never meant to leave the building. A timestamp showing exactly who touched it last. 3️⃣ A screenshot captures everything on screen at that moment. The notification bar. The open tabs. The message in the background you didn't notice. AI tools don't read the part you care about. They process the whole file. AI tools don't read the part you care about. They process the whole file. Copy the text. Leave the file behind.