If the idea was that laws must be motivated by a negative occurrence rather than preemptive, then that'd follow yeah (if counting job loss as a reason to ban something, which I think is questionable). But note akersten is saying that it's normal for laws to be preemptive in both cases.
> The commercial bots seamlessly traverse between AI, auto-respond and human. It's very much an ensemble method.
This seems unlikely to me, given it'd increase costs and the response times would make it obvious.
The messages presented in the original source appear to be people expecting to be talking to a real person, likely on a dating app. The relation to AI is only speculative, and mostly in the direction of "my messages may be used to train a chatbot to replace my job of deceiving people" - which is plausible.
> That's why people pay for it over just downloading an abliterated model from hf with system prompt hacking.
I'd assume convenience, fine-tuning, and using a larger model than it's feasible for most people to run locally.
If I'm understanding the issue correctly, an action with read-only repo access shouldn't really be able to write 10GB of cache data to poison the cache and run arbitrary code in other less-restricted actions.
The LLM prompt injection was an entry-point to run the code they needed, but it was still within an untrusted context where the authors had forseen that people would be able to run arbitrary code ("This ensures that even if a malicious user attempts prompt injection via issue content, Claude cannot modify repository code, create branches, or open PRs.")
To me (someone unfamiliar with Github actions) making the whole workflow read-only like this feels like it'd be the safer approach than limiting tool-calls of a program running within that workflow using its config, and the fact that a read-only workflow can poison GitHub Actions' cache such that other less-restricted workflows execute arbitrary code is an unexpected footgun.
Yeah but this is the thing, that's just text. If I tell someone "you can't post on HN anymore", whether they won't is entirely up to them.
Permissions in context or text are weak, these tools - especially the ones that operate on untrusted input - need to have hard constraints, like no merge permissions.
To be clear - the text I pasted is config for the Github actions workflow, not just part of a prompt being given to a model. The authors seemingly understood that the LLM could be prompt-injected run arbitrary code so put it in a workflow with read-only access to the repo.
I put 50% of the blame on GitHub, and 50% of the blame on postinstall. A cache is expected to have no observable effects other than increased storage usage and decreased download time. A package cache must not be able to inject malware.
GitHub could
1. Call the Actions Cache the "Actions key-value database that can be written to by any workflow and breaks the idempotence of your builds" (unlikely)
2. Disable install scripts (unlikely)
3. Make an individually configured package cache unnecessary by caching HTTP requests to package repositories [^1]
4. Make the actions cache versioned as if it were a folder in the repo itself. This way, it can still be an arbitrary build + package cache, but modifications from one branch can't change the behavior of workflows on another branch.
[1]: Assuming most of the work saved is downloading the packages.
> It's about the disrespect of not asking. Could Firefox have asked if users wanted to enable AI features? Of course they could have, did they? Of course not, just think about how would asking would effect the shareholders!!
IMO right clicking and selecting translate/summarize/OCR/etc. is that choice. It doesn't translate pages by default, and the translation models are not downloaded until you choose to do so.
I feel what you're asking is for the option to see the option to also be disabled by default. But, it's a useful feature for many people and hiding it in this way would harm discoverability.
It's still on the claimant to establish copying, which usually involves showing that the two works are substantially similar in protected elements. That the defendants had access to the original helps establish copying, but isn't on its own sufficient.
Only after that would the burden be on the defendants, such as to give a defense that their usage is sufficiently transformative to qualify as fair use.
Have always felt it's not really any different to allowing a website to run a JS crypto miner. It moves money (which is why it's done) but wastes resources (time/energy) so is on net a detriment to affordability.
Many sites already exist to sell products (like Temu) or a paid subscription (like Dropbox), such that ads or crypto miners would just be double-dipping. On average, you would need to pay less than you do now if resources were not wasted on ads/crypto miners.
For websites that aren't costly to host (blogs, tutorials, ...), there's often no need to monetize at all. Non-commercial sites on some topic ran by passionate hobbyists are already typically higher quality than sites designed for profiting through adspam/SEO.
Donations and volunteer work (like Wikipedia) can be viable where there are non-negligible costs to cover. Grants and public funding can also help if it's a worthwhile cause.
Some institutions/people benefit indirectly in recognition from putting information online - like universities, product support forums, or a security researcher writing up an investigation into a malware campaign. Could consider this a form of advertising, but the resources are being used in a productive way rather than just intentionally wasting time.
Non-wasteful use of your time and computing resources are also fine by me, like torrent trackers that require you to maintain a minimum seed ratio. Google's CAPTCHAs are already sneakily giving you annotation work, just not paying for it.
I'd claim federation also helps, in that services that ostensibly benefit from being one massive site (due to network effect) can actually be split up into smaller more feasible nodes. I use SDF's Mastodon/Lemmy instances for example, and host a Matrix server.
> It can and should be removed in minutes because AI can evaluate the “bad” image quickly and a human moderator isn’t required anymore.
CSAM can be detected through hashes or a machine-learning image classifier (with some false positives), whereas whether an image was shared nonconsensually seems like it'd often require context that is not in the image itself, possibly contacting the parties involved.
Indeed. It seems that the process being described is some kind of one-stop portal, operated by or for OFCOM or the police, where someone can attest "this is a nonconsensual intimate image of me" (hopefully in some legally binding way!), triggering a cross-system takedown. Not all that dissimilar to DMCA.
> A professional who pays 20€/month likely believes that the AI product provides them with roughly 20€ each month in productivity gains, or else [...] they would pay more for a bigger subscription
Unless I'm misunderstanding, shouldn't someone rational want to pay where (value - cost) is highest, opposed to increasing cost to the point where it equals value (which has diminishing returns)?
A $40 subscription creating $1000 worth of value would be preferred over a $200 subscription creating $1100 of value, for instance, and both preferred over a $1200 subscription creating $1200 of value.
I was more so limiting myself to the simpler heuristic where people only pay roughly what they personally think something is worth, and not significantly more/less regardless of the options. But of course, as you've pointed out, in real life the options available really do matter, and someone might decline a 200:1200 trade if there are even more lopsided options available. It does complicate the though experiment somewhat if you try to take this into account.
reply