• l_b_i@yiffit.net
    link
    fedilink
    arrow-up
    6
    ·
    10 months ago

    So I guess there are two paths of training data. Some company selling it explicitly, and the companies just scraping accessible data. Not that either is “good”, but at least with public data, you only have the AI company profiting.

    • Soatok DreamseekerOPM
      link
      fedilink
      arrow-up
      6
      ·
      10 months ago

      Yep. That’s why the two things I say Automattic MUST do to make things right are about proper consent controls for Automattic’s use of data and sale to AI vendors, but the third thing is a proposed proactive defense against scrapers.

      • mindbleach@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        10 months ago

        Making the web un-scrapable to prevent AI is a terrible idea that won’t even work. You’re talking about DRM against the user’s browser… to read publicly-available text… as if the LLM genie can get shoved back in its bottle.

          • mindbleach@sh.itjust.works
            link
            fedilink
            arrow-up
            3
            ·
            10 months ago

            Oh, you meant using a generative network to modify artwork so that generative networks can’t learn to modify artwork. A process that’s totally not intrinsic to adversarial training.

            • Soatok DreamseekerOPM
              link
              fedilink
              arrow-up
              2
              ·
              10 months ago

              If you make the cost of bypassing Nightshade higher than the cost of convincing people to opt in to their data being used in LLM training, then the outcome is obvious. “If you show me the incentives, I’ll show you the outcome.”

              • mindbleach@sh.itjust.works
                link
                fedilink
                arrow-up
                3
                ·
                10 months ago

                The cost will become negligible for any nigh-invisible data fuckery. Like how “single pixel attacks” aren’t really a thing, anymore. And how alphanumeric Captcha became so hard that humans struggle to discern letters.

                (The cost of Nightshade versus LLMs is nothing, because LLMs are for text.)

                There will be nothing you can fuck with in an image that changes what all networks see, without changing what all humans see. Only a style-transfer network that removes the artist’s style will ultimately keep training from discerning that style.

                This is downright laughable when Nightshade can be applied to any existing image, locally… meaning people training on scraped data could surely identify the presence and impact of Nightshade. We’re talking about networks which already exist that can look at a blob of pixels and pick out which parts look like a Picasso, or an avocado chair, or Hatsune Miku. Stable Diffusion in particular is a denoiser. Identifying damage and nonsense is all it does. If that environment includes deliberate countermeasures, they will be worked into the model through existing training, just like watermarks, JPEG artifacts, and the random noise used to make this shit work in the first place.