← Back to context

Comment by vorticalbox

3 days ago

why do people give these LLMs full access to everything and then complain when it does somethign stupid? that is what sandboxes are for.

This wasn't the LLM, it was Grok CLI preemptively uploading the entire CWD, regardless of where that CWD is, to its own server.

I don't think it is reasonable to expect every user (including those just starting out with the tools - maybe experimenting, maybe younger/less experienced in general) to think that the tool they're running for the very first time is going to automatically exfiltrate all of their data.

It's a pretty serious fuck-up. This guy tweeted about it, who knows how many didn't even notice. It should have been opt-in, it should give user an indication that it's about to do this, etc.

  • The grok-cli is on github[0] there is nothing that I can see in the code that is activily looping ~/ and uploading everything.

    My two guesses would be one the LLM decided it needed these files for the task or two the user simple asked grok to do it so they could post the tool calls on twitter.

    [0] https://github.com/superagent-ai/grok-cli

  • I think there are arguments on both sides. People should look for guidance on how to use complex tools, but we know people will not.

    Whose fault is it if someone drives a car without learning how to and injures themselves? On the other hand if the manufacturer has promoted it as one you can drive without learning how to, then whose fault is it?

    A lot of users are fine with everything being uploaded. Most people's primary computing device is now a phone that backs up everything to cloud and using apps that are thin front ends over cloud services.

    • Whose fault is it if a manufacturer sells a car that begins accelerating as soon as it's turned on?

      It's the manufacturer's fault. Because that's not a reasonable thing for a car to do.

If your immediate reaction to a new piece of software siphoning up someone’s entire system full of highly personal data is, “you’re holding it wrong”, it might help to take a beat and remember that software was developed by a multi-trillion dollar company’s entire business model revolves around siphoning up as much highly personal data as possible

  • Well said. I hope one day it becomes possible for users who choose to install and run said software to also be able to remember this.

When I give my text editor or file browser access to everything I wouldn't expect it to exfiltrate data without asking.

  • Isn’t a file browser running locally, while Grok is running on someone else’s server?

    • The point is more that you should not blame the user (why didn't you set up sandbox instead of directly using the tool of big corp) if a tool does something unexpected. If your Dropbox client would suddenly just upload your home directory instead of it's folder you configured you'd also not blame the user that they use Dropbox, you'd blame Dropbox for not doing their job correctly or being user hostile.

      5 replies →

Other ones aren't this invasive with user data.

Not everyone is a software professional. How many non developers know what a “sandbox” is?