criddell 2022-06-26 12:54 UTC link

From the TOS:

> Exercising Your Rights: California residents can exercise the above privacy rights by emailing us at: support@openai.com.

If you happen to be in California (or even if you are not) it might be worth trying to go through their support channel.

mensetmanusman 2022-06-26 12:56 UTC link

Fascinating!

I didn’t anticipate the use case of GTP being used by debt collection agencies to tirelessly track down targets.

It will be a new type of debtors prison where any leaks of enough personally identifying facets to the internet will string together a mosaic of the target such that the AI sends them calls,sms,tinder dms, etc. until they pay and are released from the digital targeting system.

hakuseki 2022-06-26 12:57 UTC link

This seems like a point in favor of models like REALM (https://ai.googleblog.com/2020/08/realm-integrating-retrieva...) which could allow for deletion of sensitive information without needing to retrain the model.

gordaco 2022-06-26 13:15 UTC link

Obligatory xkcd: https://xkcd.com/2169/ .

I'm afraid that we are going to see these kinds of issues proliferate rapidly. It's a consequence of the usage of machine learning with extensive amounts of data coming from "data lakes" and similar non-curated sources.

jmillikin 2022-06-26 13:19 UTC link

  > I try to hide my real name whenever possible, out of an
  > abundance of caution. You can still find it if you search
  > carefully, but in today's hostile internet I see this kind
  > of soft pseudonymity as my digital personal space, and expect
  > to have it respected.

Without judging whether the goal is good or not, I will gently point out that your current approach doesn't seem to be effective. A Google search for "BoppreH" turned up several results on the first page with what appears to be your full name, along with other results linking to various emails that have been associated with that name. Results include Github commits, mailing list archives, and third-party code that cited your Github account as "work by $NAME".

As a purely practical matter -- again, not going into whether this is how things should be, merely how they do be -- it is futile to want the internet as a whole to have a concept of privacy, or to respect the concept of a "digital personal space". If your phone number or other PII has ever been associated with your identity, that association will be in place indefinitely and is probably available on multiple data broker sites.

The best way to be anonymous on the internet is to be anonymous, which means posting without any name or identifier at all. If that isn't practical, then using a non-meaningful pseudonym and not posting anything personally identifiable is recommended.

thatjoeoverthr 2022-06-26 13:21 UTC link

I’m playing with it. After giving it my name, it correctly stated that I moved to Poland in Summer ‘08, but then described how I became some kind of techno musician. I run it again and it says wildly different stuff.

I have to say playing with GPT3 has been a mind blowing experience this week and you should all try it.

The most striking point was discovering that if I give it texts from my own chats, or copy paste in RFPs, and ask it to write lines for me, it’s better at sounding like a normal person than I am.

WhiteNoiz3 2022-06-26 13:33 UTC link

Sadly, I think the only way to protect against this is with another AI whose job it is to recognize what data is appropriate to reveal and what is private - basically what humans do. But, even then it will probably still be susceptible to tricks. Of course the ideal thing is just to not include it in the training data but I think we know how much effort that would take when the training data is basically the entire internet. I wonder if as AI systems become more efficient and they learn to "forget" information which isn't important and generalize more, that this will become less of an issue.

SnowHill9902 2022-06-26 13:59 UTC link

Rotate your usernames every 2 months. Use different usernames on every website. Rotate your full name every 10 years (as suggested by Eric Schmidt).

permo-w 2022-06-26 14:04 UTC link

if you want to stay anonymous online, don't try and hide, don't go for this magical, extremist, non-existent "full anonymity". spray out false information at random. overload the machine. give nothing real, then when you do want to be real, it's impossible to tell

ReactiveJelly 2022-06-26 14:19 UTC link

> Posts from 13-year old me?

Right, this is why opsec is something that you must always be doing.

Anything you say can be preserved forever.

Better to use short-lived throwaway identities, and leave yourself the power of combining them later, than to start with one long-lived identity and find yourself unable to split it up.

It's inconvenient in real life that I'm expected to use my legal identity for everything. If I go to group therapy for an embarrassing personal problem, someone there can look me up because everyone is using real names. I don't like it.

diamondage 2022-06-26 14:46 UTC link

There is a legitimate question here. A lot of comments are trashing this post because his/her name is already all over the internet. But European laws have the 'right to be forgotten'. Aka you can write to Google and have your personal information removed, should you so wish. How might we address this with a GPT3 like model?

mikequinlan 2022-06-26 15:13 UTC link

If you hadn't just announced that the result returned by GPT-3 is your full name, nobody would have known for certain that it was correct.

trollied 2022-06-26 15:15 UTC link

> I try to hide my real name whenever possible, out of an abundance of caution

A quick google suggest that you don't.

sitkack 2022-06-26 15:15 UTC link

I am sorry for so many comments showing a lack of empathy, basically saying, "what do you expect and do better!". I think you are raising real concerns, these language models will get more and more sophisticated and will basically turn into all knowing oracles. Not just in who you are but what it thinks would be effective in manipulating you.

haunter 2022-06-26 15:33 UTC link

Am I missing something? You had your full CV on your public homepage with your full name

eterevsky 2022-06-26 15:35 UTC link

I just asked GPT-3 a few times who you are and here are its answers:

> BoppreH is an AI that helps me with my songwriting.

> I'm sorry, I don't know who that is.

> I'm sorry, I don't understand your question.

> BoppreH is an artificial intelligence bot that helps people with their daily tasks.

I have a feeling that I'll have better chances just googling you than asking GPT-3.

bluepuma77 2022-06-26 15:45 UTC link

Interesting how everyone says „But I can google you“ instead of thinking about the issue.

Companies are building and selling GPT-3 with 6 billion parameters and one of those „parameters“ seems to be OP‘s username and his „strange“ two word last name.

If models grow bigger, they will potentially contain personal information about everyone of us.

If you can get yourself removed from search indices, shouldn’t there be a way for AI models, too?

Another thought: do we need new licenses (GPL, MIT, etc.) which disallow the use for (for-profit) AI training?

kixiQu 2022-06-26 16:03 UTC link

The comments do not seem to be addressing something very important:

> I don't care much about my name being public, but I don't know what else it might have memorized (political affiliations? Sexual preferences? Posts from 13-year old me?).

Combine this with

https://news.ycombinator.com/item?id=28216733 https://news.ycombinator.com/item?id=27622100

Google fuck-ups are much, much more impactful than you'd expect because people have come to trust the information Google provides so automatically. This example is being invoked as comedy, but I see people do it regularly:

https://youtu.be/iO8la7BZUlA?t=178

So a bigger problem isn't what GPT-3 can memorize, but what associations it may decide to toss out there that people will treat as true facts.

Now think about the amount of work it takes to find out problems. It's wild that you have to to Google your own name every once in a while to see what's being turned up to make sure you're not being misrepresented, but that's not too much work. GPT-3 output, on the other hand, is elicited very contextually. It's not hard to imagine that <There is a Hristo Georgiev who sold Centroida and moved to Zurich> and <There is a Hristo Georgiev who murdered five women> pop up as <Hristo Georgiev, who sold Centroida and moved to Zurich, had murdered five women.> only under certain circumstances that you can't hope to be able to exhaustively discover.

From a personal angle: My birth name is also the pen name of an erotic fiction author. Hazy associations popping up in generated text could go quite poorly for me.

m3047 2022-06-26 19:39 UTC link

What I find missing in the comments is any examination of the following sequence of hypothetical events:

1) Adversarial input conditioning is utilized to associate an artifact with others, or a behavior.

2) Oblivious victim users of the AI are manipulated into a specific behavior which achieves the adversary's objective.

Imagine a code bot wrongfully attributing you with ownership of pwned code, or misstating the license terms.

Imagine you ask a bot to fill in something like "user@example.com" and instead of filling in (literal) user@example.com it fills in real addresses. Or imagine it's a network diagnostic tool... ooh that's exciting to me.

Past examples of successful campaigns to replace default search results via creative SEO are offered as precedent.

browningstreet 2022-06-26 21:32 UTC link

Just flew back from Europe. Still traveling actually.

It used to be that when you hit border control you present your passport.

They don’t ask for that anymore: border control waved a webcam at my face, called out my name, told me I could go through. Never once looked at my passport.

I think we’ve lost.

amelius 2022-06-26 12:59 UTC link

Let us know how it went!

BoppreH 2022-06-26 13:07 UTC link

That line seems to come from their Privacy Policy[1]. From my reading it seems to cover the main website and application process for teams requesting access and/or funding. I didn't see anything about the language models themselves.

I'm also not a California resident, but I am under GDPR, which I understand is similarly strong. I'll try emailing them and see where it goes.

[1] https://openai.com/privacy/

mpeg 2022-06-26 13:38 UTC link

Right? This whole thread feels like a joke when the author just removed their full name from their public, open source code 3 hours ago (and only from one of their repos, their name is fully visible in all the other LICENSE.txt files)

BoppreH 2022-06-26 13:39 UTC link

> A Google search for "BoppreH" turned up several results on the first page

Not for me. It took until page 3 for just my first name to appear. If somebody is looking at past Github commits, that's already a high enough barrier for me.

I only partially agree with your conclusion. Asking people to maintain total anonymity always, with any slips punishable by permanent publication of that PII, might be the current status quo, but is not where we as society want to head.

ChrisMarshallNY 2022-06-26 13:44 UTC link

I gave up anonymity. I just learned to lean into taking control of my ID. Some time ago, I realized that there's no way for me to participate online, without things being attributed to me.

I learned this, by setting up a Disqus ID. I wanted to comment on a blog post, and started to set up an account.

After I started the process, it came back, with a list of random posts, from around the Internet (and some, very old), and said "Are these yours? If so, would you like to associate them with your account?"

I freaked. Many of them were outright troll comments (I was not always the haloed saint that you see before you) that I had sworn were done anonymously. They came from many different places (including DejaNews). I have no idea how Disqus found them.

Every single one of them was mine. Many, were ones that I had sworn were dead and buried in a deep grave in the mountains.

Needless to say, I do not have a Disqus ID.

Being non-anonymous means that I need to behave myself, online. I come across as a bit of a stuffy bore, but I suspect my IRL persona is that way, as well.

That's OK.

trasz 2022-06-26 13:49 UTC link

Tbh I found it hugely underwhelming. It just generates random text; it’s not much different from the old Markov ones, except slower.

pacifika 2022-06-26 13:51 UTC link

I guess there’s always plausible deniability

themerone 2022-06-26 13:55 UTC link

I'm responsible for compliance for a couple of apps. My parent org has a third party very all request come from California residents. I have no clue what the verification involves, but non California requests never make it through to my apps.

neals 2022-06-26 13:57 UTC link

Sounds interesting. How does one go about trying GPT3?

bebrws 2022-06-26 14:18 UTC link

I believe in the following sentences very much. However, I believe the value of the internet for any person could possibly be directly correlated with the amount of PII they are willing to share which to me makes this, if, a question of morality, a personal decision.

The sentences that stuck out to me are: “If your phone number or other PII has ever been associated with your identity, that association will be in place indefinitely and is probably available on multiple data broker sites.

The best way to be anonymous on the internet is to be anonymous, which means posting without any name or identifier at all. If that isn't practical, then using a non-meaningful pseudonym and not posting anything personally identifiable is recommended.”

bruce343434 2022-06-26 14:32 UTC link

Impossible to tell until you have someone with the time to dig through everything and find the real identity from the fake ones.

johnasmith 2022-06-26 14:37 UTC link

I found the Schmidt suggestion surprising, but here it is, apparently made seriously, to change your name upon arriving at adulthood: https://www.wsj.com/articles/SB10001424052748704901104575423...

can16358p 2022-06-26 15:04 UTC link

I agree. However most of us (understandibly) don't think this when we are 13.

If we created an identity that is completely different than our real identity when we're 13, great.

If not, that becomes a problem without an actual solution especially in the age of Internet archives.

yreg 2022-06-26 15:08 UTC link

GDPR is rather vague and perhaps it might be an intended feature.

They could:

1. Set up a content filter that filters op's name from the output. OpenAI would still need to keep record of the name, exposing it to leaks.

2. Remove the name from the dataset and retrain the model, which is obviously infeasible with each GDPR request.

I expect there are other instances where it is impractical or impossible to completely forget someone's data upon a request. Does Google send people spelunking into cold storage archives and actually destroy tapes (while migrating the data that is not supposed to be erased) every time they receive a request?

matheusmoreira 2022-06-26 15:28 UTC link

> Rotate your usernames every 2 months. Use different usernames on every website.

How to manage all these identities though? How to make sure they don't leak into each other?

remram 2022-06-26 15:40 UTC link

More so than search engines?

remram 2022-06-26 15:44 UTC link

I feel like if OP had actually made an effort to hide this information from search engines and GPT-3 remained the last place from which it was available, this point would be a lot more compelling. Right now it's a "everybody has my name and that's fine, but that includes GPT-3 and that makes GPT-3 bad".

I would expect that it would take considerable effort to get this information removed from Google (you would have to write to them with a request under GDPR or similar and have them add a content filter) and I don't see why the same effort wouldn't allow you to get removed from GPT-3 (which is only accessible via a web API, so a similar filter could be added).

lolinder 2022-06-26 15:46 UTC link

I don't think this is a reasonable fear. It's reasonable to be on guard for some sensitive memorization, but it's not reasonable to fear that a language model will be able to reliably produce information on any given individual. For every person with enough of an online presence to have actually been memorized by GPT-3 or its successors, there are many more that GPT-3 will just produce good-looking nonsense for. It's not possible to distinguish between the two, so creepy surveillance capitalist firms will do better by developing their own specialized models (as they're already doing).

bufferoverflow 2022-06-26 15:54 UTC link

You have no expectation of privacy while being in public. Supreme Court ruled, that anything that a person knowingly exposes to the public, regardless of location, is not protected by the Fourth Amendment.

Same idea works for information. If you expose private information publicly online, it's unreasonable to expect it to remain private.

By creating this post he insured even less privacy. He attracted even more attention, guaranteeing his public "secret" is widely known.

ravel-bar-foo 2022-06-26 15:54 UTC link

The FTC has a method for dealing with this: they have in the past year or two ordered companies with ML models built from the personal information of minors to completely delete their models.

nonameiguess 2022-06-26 16:01 UTC link

There are two things you can do in cases like this.

The first is asking a website owner to delete data they collected on you. That doesn't really apply here. The places this person's name is published are his own website that has this username as its url, his own Github repos, and published papers of his that were also on his website. No GDPR request is necessary to remove his name from these places because he already owns that data. As seen, he has already started to delete it himself.

The second is asking search engines to delist a result. As far as I understand, this usually has to involve information that is otherwise meant to be scrubbed from public record, like a newspaper article about a conviction that was eventually sealed. You can't ask Google to not index a scientific journal you published to or your public Github repos.

There are, of course, limits to this thanks to public interest exceptions. I don't believe Prince Andrew can ask Google to de-index anything associating him with Jeffrey Epstein. The public has a right to know, too.

In this guy's case, he really seems to be straddling a line. He contributed to open source projects under his real name linking to a Github repo with the same username he seems to reuse everywhere, including here, and also has a website where the url is that username, and it contained his CV with his real name on it along with a publication history with every publication using his real name. Is it reasonable to do those things and then ask Google and OpenAI not to associate the username with your real name?

At what point are you some regular Joe with a real grievance and at what point are you Ian Murdock complaining that GPT knows you're the Ian associated with debian?

jonbwhite 2022-06-26 16:01 UTC link

Is it really that different than a search engine? Take away the AI specific language and you have two products that when given his username return results with his real name.

araneae 2022-06-26 16:02 UTC link

> The best way to be anonymous on the internet is to be anonymous, which means posting without any name or identifier at all. If that isn't practical, then using a non-meaningful pseudonym and not posting anything personally identifiable is recommended.

A third approach is using a word that means something and thus is not unique at all.

Unique strings for usernames means lots of accurate hits. If you google mine, there will be lots of hits but none are me.

nicbou 2022-06-26 16:47 UTC link

It's crazy that everyone is blaming OP when exactly what you describe affects most people in their 30s.

junon 2022-06-26 16:53 UTC link

As someone who has tried to do this before, this is very very difficult to do correctly and completely.

lucb1e 2022-06-26 17:05 UTC link

I think "had" is at the core of the problem here. How does one become »"had" my name in GPT-3«?

And how is one even supposed to discover that your data is being processed and regurgitated by this company on another continent?

I find this question interesting not so much from a "what are the current international laws/treaties" perspective, but more from a morality "how do we want this to work, ideally?" perspective.

cortesoft 2022-06-26 17:13 UTC link

I can never understand the ‘right to be forgotten’. How does that not conflict with another right, my ‘right to remember’?

karussell 2022-06-26 18:56 UTC link

> Another thought: do we need new licenses (GPL, MIT, etc.) which disallow the use for (for-profit) AI training?

I don't think that we need new licenses, but probably open source projects need a better way to enforce them.

E.g. Copilot just ignores the licensing issues although I can imagine that there could be a solution with a few different models that return code for different purposes. (Like one model returns everything and the code can be used safely only for learning or hobby projects. Another model returns code for GPL code. And a third model returns code compatible with commercial or permissive open source projects.)

Or the model spits out also the licence(s) of the code, but not sure if this is technically possible.

gjvnq 2022-06-27 01:34 UTC link

> If you can get yourself removed from search indices, shouldn’t there be a way for AI models, too?

Absolutely yes!

mr_toad 2022-06-27 04:26 UTC link

The information is embedded in the weights of various layers in the network. Trying to remove that information by editing weights would be like trying to alter someone’s memory by tinkering with synapses.

The only way to be completely sure of removing information would be to re-train the model without that data.

Editorial Channel

What the content says

Structural Channel

What the site does