Comment by theplumber
2 days ago
A lot of people are now upset because xai is running a bulk upload instead of a stream upload like oai or Anthropic.
Suddenly they became aware that the AI agents are not actually running on their computers. AI agents are just uploading the shit on some servers for how long they want and in exchange of that you pay them and get some work done.
I am surprised through that nobody is asking if the agents are GDRP compliant or if they are even legal considering they are trained with illegal/copyrighted content or if you are liable for theft because now you own, publish and sell illegal content generated by agents….
Enough ranting…instead of this stuff people should just admit that after social media, AI is the new frontier towards a kind of zero privacy, at least until you can have local AI/if ever.
There’s a hell of a difference between a tool that asks my permission to read a file to make it part of a prompt and a tool that packages up my whole working directory and sends it to Google Cloud Storage.
Who told you that it needs your permission? You are in Disneyland and you are debating why Mickey Mouse is not handing you over a legal agreement with guarantees on the ingredients of the candy you’ve just got from him.
> Mickey Mouse is not handing you over a legal agreement with guarantees on the ingredients of the candy
yes he absolutely is. that's literally the law.
Depending on how many files it requests to read, in practice there might not be a difference at all.
Of course there is. It’s not about the _amount_ of files or how many percent of them. I might have 1000 files that I’m fine having the LLM read and then some that it really shouldn’t. The problem here is plainly uploading your whole directory without prompting for permissions to read them - even if you explicitly set up permissions for read tools.
1 reply →
Well, excepting that there's a toggle to turn off 'improving the model' (i.e. don't use my repo for training data) and it still uploads your entire repository, git history, etc., all of which can be fetched locally and fed to the model rather than uploading it to a bulk storage bucket.
Add to that the fact that this also includes env files, which may contain secrets that aren't part of the repo, that don't need to be fed to the model, and that might now be leaked.
Which leads us to the third thing: if this bucket weren't discovered and Grok didn't turn this 'feature' off, imagine the disaster fallout if someone ever managed to get read access to this bucket.
1 reply →
It's funny to remember that the legal definition of something is almost never aligned with how the technology actually works.
Like for instance the legal definition for "encryption at rest" is often wildly different than what a customer thinks that means, what an average SRE think it means, and what a cryptologist thinks it means.
All those regulations like GDPR mean nothing if I can convince a random judge or regulator that an apple is actually an orange.
These technologies are moving so fast that it makes sense why there a lag in understanding and any real attempts at regulating agaists the negative effects.
I don't think there needs to be a lot of understanding that downloading copyrighted content and selling it is illegal under the current law.
The only unclear thing is if the law should be changed or trillion dollar corporations should be liquidated and their executives put in jail(a’la Kim Dotcom). I think we already know the answer.