I feel like this is missing a big point of the article.

The vulnerability that the xz backdoor attempt revealed was the developers. The elephant in the room is that for someone capable of writing and maintaining a program so important to modern technical infrastructure, we’re making sure to hang them out to dry. When they burn out because their ‘hobby’ becomes too emotionally draining (either because of a campaign to wear them down intentionally or fully naturally) someone will be waiting to take control. Who can you trust? Here, we see someone attempted (and nearly succeeded) a multi-year effort to establish themselves as a trusted member of the development community who was faking it all along. With the advent of LLMs, it’s going to be even harder to tell if someone is trustworthy, or just a long-running LLM deception campaign.

Maybe, we should treat the people we rely on for these tools a little better for how much they contribute to modern tech infrastructure?

And I’ll point out that’s less aimed at the individuals who use tech, and more at the multi-billion-dollar multi-national tech companies that make money hand over fist using the work others donate.

Firewall redirect and masquerade.

Bitch you thought

“You mean if I delete data, then it’s gone? No matter what platform?”

Wherever checkouts are asking for a phone number for rewards, I use (local area code) 867-5309. Works at all the gas stations, and it’s luck of the draw who gets the fuel discounts because other people use it too.

So we all charge the discounts up, and one lucky asshole gets to benefit.

It’s easy to post on a forum and say so.

Maybe you even are actually asking AI questions and researching whether or not it’s accurate.

Perhaps you really are the world’s most perfect person.

But even if that’s true, which I very seriously doubt, then you’re going to be the extreme minority. People will ask AI a question, and if they like the answers given, they’ll look no further. If they don’t like the answers given, they’ll ask the AI with different wording until they get the answer they want.

It’s a single data data point, nothing more, nothing less. But that single data point is evidence of using LLMs in their code generation.

Time will tell if this is a molehill or a mountain. When it comes to data privacy, given that it just takes one mistake and my data can be compromised, I’m going to be picky about who I park my data with.

I’m not necessarily immediately looking to jump ship, but I consider it a red flag that they’re using developer tools centered around using AI to generate code.

There it is. The bold-faced lie.

“I don’t blindly trust AI, I just ask it to summarize something, read the output, then read the source article too. Just to be sure the AI summarized it properly.”

Nobody is doing double the work. If you ask AI a question, it only gets a vibe check at best.

If you want to trade accuracy for speed, that’s your prerogative.

AI has its uses. Transcribing subtitles, searching images by description, things like that. But too many times, I’ve seen AI summaries that, if you read the article the AI cited, it can be flatly wrong on things.

What’s the point of a summary that doesn’t actually summarize the facts accurately?

Sure, but with all the mistakes I see LLMs making in places where professionals should be quality checking their work (lawyers, judges, internal company email summaries, etc) it gives me pause considering this is a privacy and security focused company.

It’s one thing for AI to hallucinate cases, and another entirely to forget there’s a difference between = and == when the AI bulk generates code. One slip up and my security and privacy could be compromised.

You’re welcome to buy in to the AI hype. I remember the dot com bubble.

There’s been evidence in their github repo that they’re using LLMs to code their tools now.

It’s making me reconsider using them.

That raises a fundamental question to me:

Are companies required to get permission to get data from people?

Because currently, they sure seem to think they need permission, except when it suits the company’s interests (IE gathering data from people who explicitly reject their services and choose not to use them).

And while I understand that not everything is private, we have laws against gathering public data about people but only if you’re just one person. Stalking is a crime, unless you’re Facebook apparently.

That choice is called not using their service.

https://en.m.wikipedia.org/wiki/Shadow_profile

Turns out, that isn’t enough.

EDIT

See also: https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/

The health insurance lobbyists won’t hesitate to inject money into a local election for a candidate that agrees to keep things as they are.

But hey, I remember being naive and idealistic once, too.

You have a lot of faith in the US government’s willingness to solve problems for people vs for companies.

We have a gun violence epidemic because gun manufacturer profits matter more than children’s lives. Forgive me if I’m skeptical that congress would do anything other than protect big business. Health insurance lobbyists will make sure of it.

You don’t care about your data because you don’t realize how valuable it is, and how bad the deal is that in exchange for not being able to control your data, you get to see some cute cat memes.

We’re headed to a world where your health insurance company can pay a data broker to get access to data Kroger collects about what you buy when shopping. Imagine your health insurance going up because you buy real butter vs margarine. Or not enough vegetables.

But hey, at least you get to see your friends vacation pictures for free on Facebook. Totally worth it.

I can guarantee that all these people complaining about “muh privacy” would not like having a paywall restricted internet.

As one of the privacy zealots on the internet, I’d gladly pay for services if it avoids advertisements. But I should get a choice in who gets my information.

As things are now, I’m not in control of any of it unless I fight tooth and nail to retain it, and even then I can only limit what they have access to. Facebook tracks my browsing habits and builds an advertisement profile based on it even though I explicitly deleted my accounts almost 10 years ago.

And this information isn’t just kept by Facebook. They have the right to sell it to anyone, including the government. Who needs a warrant when your local PD can just pay a data broker and get access to your GPS logs? After all, you consented to that website’s EULA that said they can sell that data to any other entity.

People who don’t care about data privacy don’t understand how much you can learn about someone just from ‘anonymized metadata’.

If it was a person wanting to know that much about you, you’d call the cops for stalking. But because it’s a multimillion dollar company with a profit motive, it’s suddenly okay?

It’s the constant war on end users that chased me away from windows.

You can’t say no to their relentless advertising. It’s “maybe later”. The pushing to require a Microsoft account. Ads in the start menu. Windows Recall.

The list goes on. You get as much agency as Microsoft allows, or you violate your eula and modify the os to remove things you don’t want.

We didn’t know it at the time, but windows 7 was peak windows.

You’re the one who brought him into the conversation.

Fucking same.

I deleted my main account once they first came out with the reddit recap, and deleted my replacement when they fucked RIF, never to return.

I still lurk without an account sometimes, but that’s all they’ll ever get out of me.

What I want is a way to answer the phone like a fax machine. Just press a button and the call gets answered and immediately starts playing that fax machine sound.

I’ll bet that would stop calls. Surely they have something that can tell if they’re calling a fax machine over and over.