I'm relatively confident this was the entire end goal of the Online Safety Act. Get the (relatively) easy law passed, then "oh no platforms are only requiring this for UK-based IPs and there are too many VPNs/proxies, I guess we need to de-anonymize everyone".
Do you have an example? I type in Polish in GBoard regularly and haven't noticed too many anomalies (although I do have the right language pack installed, and the keyboard is set to it, and I "add to dictionary" occasionally).
Multilingual typing is a godsend. I did have to tweak settings though, like disabling the "suggestion strip" (because sometimes I'd be typing fast and accidently click the GIF button, then an image, which in many apps sends it immediately without a draft which was extremely annoying).
The author is complaining a lot about implementation pains without taking a step back and looking at why it exists in the first place.
Say you work at a place that deals with credit cards. You, as a security engineer, have a mandate to stop employees from shipping CC numbers outside the org.
You can educate all you want, you can have scary policies and HR buy-in, you can have all the "Anomaly detection, Zero Trust network architecture, EDR, Netflow analysis" in the world, but exactly zero of those will stop Joe Lunchbox from copy/pasting a block with a CC number in the middle into ChatGPT. You know what will? A TLS-inspecting proxy with some DLP bits and bobs.
It sucks, yes. But it works, and (short of the fool's errand of trying to whitelist every site any employee needs) it's the only thing that works.
And yes, I'm aware PCI DSS has additional requirements for CDEs and whatnot, but really this can apply to anything -- a local government office dealing with SSNs, a school with student ID numbers, a corporation with trade secrets.. these problems exist everywhere, and implementing PCI-like controls is often a bridge too far for unregulated industries.
That is not true, you can run DLP on an endpoint directly and inside a browser directly (e.g. via an extension or direct integration hooks).
You can also try to stop the situation where the CC numbers are in the clear anywhere in the first place, so that you can't copy/paste them around. What happens if someone writes the CC number down on a piece of paper?
Endpoint DLP helps but it's not even close to bulletproof. Just for fun, if you have DLP at work, open the integrated browser in VS Code and notice how you can send protected test strings without anything chirping you.
> CC numbers are in the clear anywhere in the first place
Sounds great in theory, until you realize that in a large number of industries the majority of employees need access to protected data to do their jobs. Imagine telling the IRS their employees can't see/use cleartext SSNs.
As for paper / mobile phones / whatever.. you're not wrong, but physical security is typically someone else's job.
> stop Joe Lunchbox from copy/pasting a block with a CC number in the middle into ChatGPT. You know what will? A TLS-inspecting proxy with some DLP bits and bobs.
If you are sniffing web traffic for anything that looks like a credit card number, won't you just catch every time the employee/company's own card is entered onto a payment page?
I would rather people who don't currently have a voice due to language barriers or simply poor communications skills be able to use LLMs than try to gatekeep them.
And I'm certainly weary of "someone used an em-dash, must be GPT" low-value comments.
I certainly hope we gatekeep them. "I just need my hallucinatory text generator to translate for me" -> "I just need my hallucinatory text generator to refine my thoughts for me" -> "I just need my hallucinatory text generator to generate my comment for me". This is a damn near antithesis of this place.
I doubt a human would use it repetitively, even if it is common. This was most likely written paragraph-by-paragraph by AI, causing the repetition, if I had to guess.
I can't wait for the EU AI Act to require mandatory labelling for AI-generated content.
This is the part that hasn't made much sense to me. Maybe just.. have a better product?
As you quoted above, "most of those conversations were trivial commands to play music or ask about the weather." Why does any of this need to consume provider resources? Could a weather or music command not just be.. a direct API call from the device to a weather service / Spotify / whatever? Why does everything need to be shipped to Google/Amazon HQ?
From what I can tell, only Apple even wants to try doing any of the processing on-device. Including parsing the speech. (This may be out-of-date at this point, but I haven't heard of Amazon or Google doing on-device processing for Alexa or Assistant.)
So there's no way for them to do anything without sending it off to the datacenter.
> (This may be out-of-date at this point, but I haven't heard of Amazon or Google doing on-device processing for Alexa or Assistant.)
It was out of date 6 years ago.
"This breakthrough enabled us to create a next generation Assistant that processes speech on-device at nearly zero latency, with transcription that happens in real-time, even when you have no network connection." - Google, 2019
Alexa actually had the option to process all requests locally (on at least some hardware) for the first ~10 years, from launch until earlier this year. The stated reason for removing the feature was generative AI.
I had a group of students make a service like this in 2021, completely local, could work offline, did pretty much everything Alexa can do, and they made it connect to their student accounts so they could ask it information about their class schedules. If they can do it, Amazon certainly can. That they don't says they think they can extract more value from monitoring each and every request than they could from selling a better product.
The solution is to use a translator rather than a hallucinatory text generator. Google Translate is exceptionally good at maintaining naturalness when you put a multi-sentence/multi-paragraph block through it -- if you're fluent in another language, try it out!
Google translate used to be the best, but it's essentially outdated technology now, surpassed by even small open-weight multilingual LLMs.
Caveat: The remaining thing to watch out for is that some LLMs are not -by default- prompted to translate accurately due to (indeed) hallucination and summarization tendencies.
* Check a given LLM with language-pairs you are familiar with before you commit to using one in situations you are less familiar with.
* always proof-read if you are at all able to!
Ultimately you should be responsible for your own posts.
I haven't had a reason to use Google Translate in years, so will ask: Have they opted to not use/roll out modern LLM translation capabilities in the Google Translate product?
I have seen Google Translate hallucinate exactly zero times over thousands of queries over the years. Meanwhile, LLMs emit garbage roughly 1/3 of the time, in my experience. Can you provide an example of Translate hallucinating something?
Agreed, and I use G translate daily to handle living in a country where 95% of the population doesn’t speak any language I do.
It occasionally messes up, but not by hallucinating, usually grammar salad because what I put into it was somewhat ambiguous. It’s also terrible with genders in Romance languages, but then that is a nightmare for humans too.
Hard disagree. Google Translate performance is abysmal when dealing with danish. In many cases its output is unusable. On the other hand, ChatGPT is excellent at it.
IMO chatgpt is a much better translator. Especially if you’re using one of their normal models like 5.1. I’ve used it many times with an obscure and difficult slavic language that i’m fluent in for example, and chatgpt nailed it whereas google translate sounded less natural.
The big difference? I could easily prompt the LLM with “i’d like to translate the following into language X. For context this is a reply to their email on topic Y, and Z is a female.”
Doing even a tiny bit of prompting will easily get you better results than google translate. Some languages have words with multiple meanings and the context of the sentence/topic is crucial. So is gender in many languages! You can’t provide any hints like that to google translate, especially if you are starting with an un-gendered language like English.
I do still use google translate though. When my phone is offline, or translating very long text. LLM’s perform poorly with larger context windows.
reply