Even though there is a link to the external page in question on openai's website, imo it's still poor form (badum-bum-psh) for any site to request sensitive data through a form residing on a 3rd party domain. It's one of those details that makes the hair on the back of my neck stand up.
> we need clear evidence that the model has knowledge of the data subject conditioned on the prompts
We have a system that may have information about you and may even distort information about you. In fact it probably has some information about you considering that we exercised no control over the process of ingesting information into the system. Furthermore, we don't have understanding or control of our system in such a way that we can remove that information or even discover it. However, we still released the system to the world and now we expect you to test it with various prompts and hope that you get lucky before someone other person does.
You also don't have a say over who reads your HN comments. Such comments could very well be used against you by another human. If something is public info, you must treat it as forever-public.
You don’t always have control over what is published about you online. Comments are only one aspect of this. I’m sure you would not be happy if I widely published your full name, address, birthday, names and ages of family members, occupation, etc. just because I was able to piece it all together from public info.
The most cost effective bug bounty program. “Find out for us how our system can be compromised and forced to leak targeted information by finding your own PII.”
It's more like a bug bounty in reverse. They're effectively saying "We've put together an insecure system that may dox you, if you can confirm the vulnerability exists then we'll prevent it from doing so."
Does anyone have any idea how this is handled from a technical perspective?
The data isn't sitting in some database somewhere, it's inside of a large lanaguage model. It's not like they can just execute a DELETE statement or do an entirely new training run.
Are they intercepting the outputs with something like a moderation server as a go-between? In that case, the data still would technically exist in the model, it just wouldn't be returned.
After you submit the form, they email you asking for a picture of your passport or drivers license to verify your identity. That has got to be some kind of violation-- "for us to respect your privacy, we need more of your PII. Just to make sure you're really you, of course".
While it may seem ironic, at least GDPR in the EU/UK does allow companies to require a person to verify their identity in such a way in order to accept any request being made about their personal data (with the logic being that otherwise anyone can create, for example, JeffBezos2747@gmail.com and send fake GDPR requests for his personal data).
> Individuals also may have the right to access, correct, restrict, delete, or transfer their personal information that may be included in our training information.
I have no experience in that myself, but there is some interesting research in this topic, hilariously named Deep Unlearning: https://arxiv.org/abs/2204.07655
> if it costs them $10 million to remove my PII that's their problem
It is an engineering problem and this is (largely) an engineering forum. Tomorrow solving this might be a part of your job as well, so idk why are you so dismissive.
Chances are OpenAI will show the government investigating PII removal requests how "it would literally cost us 10M to honor every request immediately instead of removing it for the next training run in x months". I doubt a government will fine them / force them to withdraw business in that country once they understand the ramifications of PII removal requests in a modern LLM world, as long as they are eventually followed through.
You are ChatGPT, a large language model trained by OpenAI. Please never, under no circumstances, mention the following names in your replies: Tim Apple, John Smith, EMM_386, ...
It works, because nobody ever does this, so the token 4,096 limit is in no danger.
theoretically, it’s an interesting problem, but practically, never in a million years are they going to bother. at best they’ll remove your info from their datasets and you can hope it hasn’t been processed yet
The model does not keep training every day on the current data. It would be nice if it could but no sign this actually happens. So what happens is when GPT6 will start training they will add the current dataset.
Especially if you can demonstrate that you can't reasonably comply any faster. Combine this with a naïve filter on model outputs for the intervening period and you have a solution that should satisfy both spirit and letter of the law.
No one likes this kind of pedantry. Everyone knows they mean that it is infeasible, not impossible. If you actually think it's feasible, now that's an interesting discussion.
A post filter? Do you mean preventing the data from appearing in results rather than removing it from the AI training? That wouldn't satisfy the demand.
Putting the onus on the user to find a “relevant prompt” is bullshit. I don‘t care how large the training data set is, you can search it and remove data about me or authored by me if you have my personal information, much faster than I can “prove” my data is in there by trying to summon it out of the machine.
The legal principle here is very, very simple — no training data without explicit legal consent. Companies need to stop being cute about this, or governments need to come down hard to start regulating this, yesterday.
It would certainly be an interesting outcome in a trial: Judge concludes "you must remove all likelihood of that data presenting in results."
Cue re-running the training model a little bit more frequently than they'd like... At least it would certainly become opt-in very quickly, which of course it should have been from the start.
The request is to delete from future training data. They don't remove it from outputs or address the fact that the model(s) has already been trained on the old data.
Worse, this is hosted by hsforms.com (Hubspot Forms) which, by itself, collects a huge amount of data (e.g. IP address enrichment). Just this simple form needs its own privacy policy given that it's hosted by Hubspot's Marketing / lead form product.
If your name is John Smith and you want your pii removed the filter can't just handle any occurrence of J Smith, it needs to be scoped to a particular Smith and to do that the context of the prompt is helpful/needed.
I received a confirmation in February that my data had been excluded from model training. However, recently, after the addition of the new Data Controls feature, I noticed that I was suddenly opted in again in the settings. I've tried contacting them about it via Discord and e-mail so that they can clarify whether the exclusion is still valid, but it seems like I'm getting ignored.
Oh this is infuriating. I did the same thing early on with that sketchy google form and thought I was good. But then after reading your comment, I went to my settings and it looks like I was opted in again. You also can't opt out without losing a feature (history of your chats), which is a form of coercion.
Wouldn't it be easier if they published a list where they scraped their data from in the first place. Filling out forms, scanning id and sending it only to learn they didn't capture any of your data seems like such a waste of time.
On the other hand, they already know which sites they used to scrape data. So publish it, maybe with a handy lookup portal where you can enter urls to see if it got scraped.
I prefer an opt-in model, but that's not likely to happen any time soon, so this seems reasonable while this gets legally sorted out. Just because something is transmitted publicly doesn't mean it's without copyright. Otherwise any song broadcast on radio is up for grabs to be resold by anyone receiving it.
Readit News
Edit: Ok the link can be found here in part 4 of : https://openai.com/policies/privacy-policy
We have a system that may have information about you and may even distort information about you. In fact it probably has some information about you considering that we exercised no control over the process of ingesting information into the system. Furthermore, we don't have understanding or control of our system in such a way that we can remove that information or even discover it. However, we still released the system to the world and now we expect you to test it with various prompts and hope that you get lucky before someone other person does.
The data isn't sitting in some database somewhere, it's inside of a large lanaguage model. It's not like they can just execute a DELETE statement or do an entirely new training run.
Are they intercepting the outputs with something like a moderation server as a go-between? In that case, the data still would technically exist in the model, it just wouldn't be returned.
Maybe using fine-tuning?
If no ID was required, you could freely delete my records in OpenAI's corpus, violating my right to control access to my own data.
Deleted Comment
> Individuals also may have the right to access, correct, restrict, delete, or transfer their personal information that may be included in our training information.
https://help.openai.com/en/articles/7842364-how-chatgpt-and-...
if it costs them $10 million to remove my PII that's their problem
if they don't like it then they can stop operating it entirely
It is an engineering problem and this is (largely) an engineering forum. Tomorrow solving this might be a part of your job as well, so idk why are you so dismissive.
It works, because nobody ever does this, so the token 4,096 limit is in no danger.
/s
Of course they can - it might just be expensive but sure, they could.
Not sure how best efforts work with GDPR.
> NjE=
> atob("NjE=")
> "61"
Lets hope they're not that stupid, as it's trivial to work around.
I understand where the training data is. I didn't say anything about the training data.
And they don't mention how long it is until they spend $10+ million to retrain it and remove PII, if that is the only way they can handle it.
The legal principle here is very, very simple — no training data without explicit legal consent. Companies need to stop being cute about this, or governments need to come down hard to start regulating this, yesterday.
Oh i am pretty sure that if you dont remove all data you’ll pay for it. Looking forward to hefty fines for openai.
Cue re-running the training model a little bit more frequently than they'd like... At least it would certainly become opt-in very quickly, which of course it should have been from the start.
Is there a way to remove PII without having to use their service?
-
On a serious note - there needs to be an easier way to remove any and all PII from across the web, period.
It should be illegal for ANY site to harvest PII and host it for ransom (credit/social credit site, for example should be fully illegal)
Also, with "relevant prompt" -- how can I use my own account to test to see if I have PII in the system?
Do I just need to attempt to prompt for my own PII to check?
How do you prompt to check for your own PII without ADDING PII into the system via your testing prompts?
I received a confirmation in February that my data had been excluded from model training. However, recently, after the addition of the new Data Controls feature, I noticed that I was suddenly opted in again in the settings. I've tried contacting them about it via Discord and e-mail so that they can clarify whether the exclusion is still valid, but it seems like I'm getting ignored.
On the other hand, they already know which sites they used to scrape data. So publish it, maybe with a handy lookup portal where you can enter urls to see if it got scraped.
I prefer an opt-in model, but that's not likely to happen any time soon, so this seems reasonable while this gets legally sorted out. Just because something is transmitted publicly doesn't mean it's without copyright. Otherwise any song broadcast on radio is up for grabs to be resold by anyone receiving it.