← Back to context

Comment by hiAndrewQuinn

4 days ago

It's going to be stochastic in some sense whether you want it to be or not, human error never reaches zero percent. I would bet you a penny you'd get better results doing one two-second automated pass + your usual PII redaction than your PII redaction alone.

8 comments

hiAndrewQuinn

Reply
ori_b  14 hours ago

The advantage of computers was that they didn't make human errors; they did things repeatedly, quickly, and predictably. If I'm going to accept human error, I'd like it to come from a human.

  • creesch  10 hours ago

    > The advantage of computers was that they didn't make human errors;

    Sure they do, computers repeatedly, quickly, and predictably do what they are programmed to do. Which includes any human errors in that programming.

    • laserlight  9 hours ago

      > predictably do what they are programmed to do

      And now they predictably do what they are not programmed to do.

cyanydeez  3 days ago

I think the problem is most secrets arn't stochastic; they're determinant. When the user types in the wrong password, it should be blocked. Using a probabilistic model suggests an attacker only now needs to be really close, but not correct.

Sure, there's some math that says being really close and exact arn't a big deal; but then you're also saying your secrets don't need to be exact when decoding them and they absolutely do atm.

Sure looks like a weird privacy veil that sorta might work for some things, like frosted glass, but think of a toilet stall with all frosted glass, are you still comfortable going to the bathroom in there?

  • CityOfThrowaway  14 hours ago

    I dunno what use case you're thinking this is for.

    The use case for this is that many enterprise customers want SaaS products to strip PII from ingested content, and there's no non-model way to do it.

    Think, ingesting call transcripts where those calls may include credit card numbers or private data. The call transcripts are very useful for various things, but for obvious reasons we don't want to ingest the PII.

    • traceroute66  11 hours ago

      > Think, ingesting call transcripts where those calls may include credit card numbers or private data. The call transcripts are very useful for various things, but for obvious reasons we don't want to ingest the PII.

      Credit card numbers are deterministic. A five year old could write a script to strip out credit card numbers.

      As for other PII ? You're seriously expecting an LLM to find every instance of every random piece of PII ? Worldwide ? In multiple languages ? I've got an igloo I'd like to sell you ...

      1 reply →