Painful. Stopped reading after first few paragraphs.
Readit Newsgrabeh commented on Why agents matter more than other AI substack.com/home/post/p-... · Posted by u/nvader
grabeh commented on Ask Microsoft: Are you using our personal data to train AI? foundation.mozilla.org/en... · Posted by u/alabhyajindal
To make it look, on cursory reading, like the policy is something you are comfortable to agree to. Legal theatre.
Also because those specific uses are mentioned in existing law and/or have been otherwise successfully defended. It gives their lawyers as many explicit tools as possible, before they need to argue around the implicit ones enabled by their policies & agreements being deliberately more vague elsewhere.
The point is that if they don't say that they won't, then they pretty much can if they choose to.
Interesting! A rather cynical approach. Although preferable to naivety on my part - I'd expect a court to hold the list exhaustive if challenged.
grabeh commented on Ask Microsoft: Are you using our personal data to train AI? foundation.mozilla.org/en... · Posted by u/alabhyajindal
That's the only mention of AI using content. So it can be read in a few ways:
1. They will sometimes use the data for training their RLHF stuff, to "prevent harmful use" of the services.
2. The clause is exhaustive and therefore they won't use it for training, as otherwise that'd be mentioned, and are just going to log stuff for the usual monitoring purposes.
This is a storm in a teacup. I don't even know why I should care. If MS crawl some web pages I've written and AI gets slightly smarter by reading them, or if I have a chat with the AI and some engineers use it to make the AI work better, great. It's very hard to imagine concrete, real harm from them being able to do this, though I can understand why companies might worry about it spitting out their source code verbatim in some cases.
No, that is true. There are multiple interpretations here. I gave the most optimistic one!
grabeh commented on Ask Microsoft: Are you using our personal data to train AI? foundation.mozilla.org/en... · Posted by u/alabhyajindal
That paragraph says some things that they can do. It in no way says they won't use your content for AI training and any number of other things.
Mozilla's point is that the whole document is sufficiently vague that they could use it to defend pretty much whatever use of your content that conceive of now or in the near future.
Why would they single out those specific uses then, if you consider express prohibitions are necessary?
grabeh commented on Ask Microsoft: Are you using our personal data to train AI? foundation.mozilla.org/en... · Posted by u/alabhyajindal
I'm my experience GDPR is relevant.
I need to inform my customers what I do with their personal data. That includes to which companies I share that data with.
Having an excel with customer data is providing that data to Microsoft. So I need, as responsible of the data, to know how they will use it. Any use case that isn't obvious have to be cleared stated in the data privacy agreement. Including moving data outside EU into other countries like America (where US government can request that data without even informing us) or using their data to train AI.
Come'on. If we need to inform that we used chatgpt (just in case they provide PI), why we will not need to inform about Microsoft.
Key word is "may" be completely irrelevant! Of course, if you're providing an Excel of customer data, it will be relevant if the user is in the EU. But still, consent won't be relevant in that context.
User content may include personal data but may also not...so in some senses, better to include totality of use cases in a non-data protection related document.
grabeh commented on Ask Microsoft: Are you using our personal data to train AI? foundation.mozilla.org/en... · Posted by u/alabhyajindal
yeah, that's basically one of core tenants of GDPR.
>Consent must be a specific, freely given, plainly worded, and unambiguous affirmation given by the data subject;
GDPR and indeed any data protection laws may well be completely irrelevant in the context of Microsoft's services. Even if relevant, consent is unlikely to be a relevant as a processing basis under GDPR in the context of usage of MS services. Performance of contract or legitimate interests much more likely to be relevant...
grabeh commented on Ask Microsoft: Are you using our personal data to train AI? foundation.mozilla.org/en... · Posted by u/alabhyajindal
If nine experts in privacy can't understand what Microsoft does with your data,
then in my opinion a court should step in and declare it void so that Microsoft isn't allowed to use any private data until they get their act together.
If it's so vague that it becomes meaningless that should default to granting no rights. Otherwise, why not publish your all-rights-granting privacy policy in Klingonian in a locked drawer in a toilet basement? ;)
To an extent, think about vested interests here. Mozilla has little to gain by showcasing how clear a rival's new service agreement is!
The AI services section seems pretty clear in terms of limiting the use cases of user content:
"iv. Use of Your Content. As part of providing the AI services, Microsoft will process and store your inputs to the service as well as output from the service, for purposes of monitoring for and preventing abusive or harmful uses or outputs of the service."
Admittedly, I haven't read other parts to understand the full picture though.
grabeh commented on We can't all use AI. Someone has to generate the training data twitter.com/paulg/status/... · Posted by u/redbell
When you download a couple epubs from a torrent site, you're an evil pirate stealing books. When you're a FAANG-affiliated AI company and you download all the ebooks and charge for the derivative works your algorithm produces, you're a visionary changing the future.
Reminds me of the quote: "The death of one man is a tragedy, the death of millions is a statistic"
grabeh commented on Using Google Analytics without GDPR consent evrim.io/using-google-ana... · Posted by u/evrimfeyyaz
Yes since GDPR states that personal data is any piece of information that uniquely identifies a living person, creating a unique identifier for each visitor by definition will make you a data processor.
But a unique identifier doesn't necessarily identify a living person, particularly in isolation. It's just that it's frequently associated with a load of additional information that could eventually be used to identify someone (think advertising cookies when associated with a load of browsing data). So you can't escape from scope by saying you're using a unique ID rather than a name.
IP addresses are slightly different because that address can be used to identify the subscriber in certain cases (who in turn may or may not be an individual).
grabeh commented on Using Google Analytics without GDPR consent evrim.io/using-google-ana... · Posted by u/evrimfeyyaz
Google recently introduced "Consent Mode" which basically disables cookie-based tracking and collects anonymous data only. I still find it problematic as Google probably doesn't need a cookie to identify you but it's at least something that is officially backed by Google, instead of a hack like this.
BTW if you use client information to derive an identifier that is unique within a session and you send that identifier to a third-party (e.g. Google) this approach gives you zero benefits. In fact ePrivacy & GDPR don't mention cookies anywhere and don't care what technology you use to derive identifiers, if they can robustly identify an individual or device and you actually send them to another service (for purposes that are not strictly necessary for the performance of your service) you're obliged to asked for consent.
We do see a few references to cookies in the ePrivacy Directive but absolutely right to drive home the point that it's technology agnostic!