- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
What a non-story. The username, profile picture, posts from profile, and post interactions are all required for displaying the content that the Thread’s user has subscribed to. The IP address is required for connecting to the service to retrieve that content. Facebook doesn’t get any more access to your data than necessary nor do they get any more access to your data than anybody else. This is just fear mongering.
But remember, they intend to monetize this information by building it into your ad profile.
Oh noes, someone is making money out there off of something I did that I can’t actually make money off of myself.
I have no love for Facebook or any other big giant corporation, but IMO people have really become overly sensitive about this stuff. They think they can send me ads that are more relevant to me now that they’ve seen a few of my posts. That doesn’t harm me at all, I don’t see their ads regardless because I’ve got ad blockers up the wazoo.
What a non-story.
Lemmy project set wild unrealistic expectations on GItHub project: 1) "high performance’, maybe the Rust code but PostgreSQL logic is the ORM madness. 2) “full erase” while sending all your public comments and posts to ActivePub without agreement on concept of delete.
unrealistic expectations on GItHub project: 1) "high performance
For sure. That seems to be the go to phrase for anything developed in Rust. By itself, Rust isn’t any safer or faster than another similar language; it takes a good developer to make it work well.
Just because it’s written in Rust doesn’t make your app safe, or performant. Just like because your app is written in C, doesn’t mean it’s buggy and insecure.
Just because it’s written in Rust doesn’t make your app safe, or performant.
Lemmy 0.18.4 listing posts, frequently via ORM Diesel:
SELECT "post"."id", "post"."name", "post"."url", "post"."body", "post"."creator_id", "post"."community_id", "post"."removed", "post"."locked", "post"."published", "post"."updated", "post"."deleted", "post"."nsfw", "post"."embed_title", "post"."embed_description", "post"."thumbnail_url", "post"."ap_id", "post"."local", "post"."embed_video_url", "post"."language_id", "post"."featured_community", "post"."featured_local", "person"."id", "person"."name", "person"."display_name", "person"."avatar", "person"."banned", "person"."published", "person"."updated", "person"."actor_id", "person"."bio", "person"."local", "person"."private_key", "person"."public_key", "person"."last_refreshed_at", "person"."banner", "person"."deleted", "person"."inbox_url", "person"."shared_inbox_url", "person"."matrix_user_id", "person"."admin", "person"."bot_account", "person"."ban_expires", "person"."instance_id", "community"."id", "community"."name", "community"."title", "community"."description", "community"."removed", "community"."published", "community"."updated", "community"."deleted", "community"."nsfw", "community"."actor_id", "community"."local", "community"."private_key", "community"."public_key", "community"."last_refreshed_at", "community"."icon", "community"."banner", "community"."followers_url", "community"."inbox_url", "community"."shared_inbox_url", "community"."hidden", "community"."posting_restricted_to_mods", "community"."instance_id", "community"."moderators_url", "community"."featured_url", ("community_person_ban"."id" IS NOT NULL), "post_aggregates"."id", "post_aggregates"."post_id", "post_aggregates"."comments", "post_aggregates"."score", "post_aggregates"."upvotes", "post_aggregates"."downvotes", "post_aggregates"."published", "post_aggregates"."newest_comment_time_necro", "post_aggregates"."newest_comment_time", "post_aggregates"."featured_community", "post_aggregates"."featured_local", "post_aggregates"."hot_rank", "post_aggregates"."hot_rank_active", "post_aggregates"."community_id", "post_aggregates"."creator_id", "post_aggregates"."controversy_rank", "community_follower"."pending", ("post_saved"."id" IS NOT NULL), ("post_read"."id" IS NOT NULL), ("person_block"."id" IS NOT NULL), "post_like"."score", coalesce(("post_aggregates"."comments" - "person_post_aggregates"."read_comments"), "post_aggregates"."comments") FROM (((((((((((( ("post_aggregates" INNER JOIN "person" ON ("post_aggregates"."creator_id" = "person"."id")) INNER JOIN "community" ON ("post_aggregates"."community_id" = "community"."id")) LEFT OUTER JOIN "community_person_ban" ON (("post_aggregates"."community_id" = "community_person_ban"."community_id") AND ("community_person_ban"."person_id" = "post_aggregates"."creator_id")) ) INNER JOIN "post" ON ("post_aggregates"."post_id" = "post"."id") ) LEFT OUTER JOIN "community_follower" ON (("post_aggregates"."community_id" = "community_follower"."community_id") AND ("community_follower"."person_id" = $1)) ) LEFT OUTER JOIN "community_moderator" ON (("post"."community_id" = "community_moderator"."community_id") AND ("community_moderator"."person_id" = $1)) ) LEFT OUTER JOIN "post_saved" ON (("post_aggregates"."post_id" = "post_saved"."post_id") AND ("post_saved"."person_id" = $1)) ) LEFT OUTER JOIN "post_read" ON (("post_aggregates"."post_id" = "post_read"."post_id") AND ("post_read"."person_id" = $1)) ) LEFT OUTER JOIN "person_block" ON (("post_aggregates"."creator_id" = "person_block"."target_id") AND ("person_block"."person_id" = $1)) ) LEFT OUTER JOIN "post_like" ON (("post_aggregates"."post_id" = "post_like"."post_id") AND ("post_like"."person_id" = $1)) ) LEFT OUTER JOIN "person_post_aggregates" ON (("post_aggregates"."post_id" = "person_post_aggregates"."post_id") AND ("person_post_aggregates"."person_id" = $1)) ) LEFT OUTER JOIN "community_block" ON (("post_aggregates"."community_id" = "community_block"."community_id") AND ("community_block"."person_id" = $1)) ) LEFT OUTER JOIN "local_user_language" ON (("post"."language_id" = "local_user_language"."language_id") AND ("local_user_language"."local_user_id" = $2)) ) WHERE ((( ((( ( ("community"."removed" = $3) AND ("post"."removed" = $4)) AND ("community_follower"."pending" IS NOT NULL) ) AND ("post"."nsfw" = $5) ) AND ("community"."nsfw" = $6) ) AND ("local_user_language"."language_id" IS NOT NULL) ) AND ("community_block"."person_id" IS NULL) ) AND ("person_block"."person_id" IS NULL) ) ORDER BY "post_aggregates"."featured_local" DESC , "post_aggregates"."hot_rank_active" DESC , "post_aggregates"."published" DESC LIMIT $7 OFFSET $8 ;`
That is with hand-optimized person_id = $1, which the Rust code does not do.
I cry just reading that…
See, I noticed this stuff reading through the Lemmy source code, but I assumed the authors just were on another level of database use than me. Is this actually just a mess? How exactly is it bad, beyond being opaque?
serous problems with scalability, it works fine if there is little data in the system.
Huh. I guess I’ll have to learn a bit more.
This is effectively a binary blob to me lol
This doesn’t look like anything out of the ordinary in a real-world application to me. We have way more complex queries in our service, even though ours are hand crafted.
One thing we did notice though is that sometimes, it’s faster to just query the whole dataset and do the complex filtering in Rust. As soon as you hit the seq scan heuristic in PostgreSQL, there’s nothing to be gained from doing it in SQL.
We have way more complex queries
It isn’t the complexity that is the problem. It is the open-ended nature. It lacks any WHERE clause that specifies which posts to get. It just kicks off join after join without restricting what it is looking for. It relies on the “LIMIT 50” that Lemmy restricts post listings too. Which worked OK in March 2023 when Lemmy was over 4 years old and still had very tiny amounts of data in all these tables that it joins, but once even a modest amount of data got point in the open-ended nature of the WHERE clause kept making it slower and slower as more and more content.
On an individual (“you”) level, the data mining is only a tiny bit concerning. Sure, Meta will hoard any sort of data that you share with the Fediverse, and then share it with its “business partners”, so everyone can profile you, and then fly on circles around you, like vultures, with targetted advertisement. However:
- The amount of data that Meta can harvest from you this way is fairly limited. Because unlike in Facebook, Instagram or WhatsApp, they have no way to force you to yield more info about you than what you’re comfortable with.
- This info is already publicly available, and Meta can already profile you, with or without Threads. And regardless of being in the Fediverse or elsewhere, you should be conscious on what you’re sharing.
Even then, I like Macgirvin’s take on the matter, on a collective (“the Fediverse”) level. It’s basically telling Meta “people here ara quite hostile against data vulturing, you won’t get much out of it”. It helps quite a bit against the actual threat - that Meta might try to Embrace, Extend and Extinguish the Fediverse.
Remember to block metas ip ranges and not just defederate. Make data scraping as hard as possible for these weirdos
You think Meta can’t pick up some random new IP address just for this?
A better solution would be to either stop fretting about trivialities like this, or if you can’t do that stop putting your data up on an open protocol that is specifically designed to spread it around and show it to anyone who wants to see it.
Companies need to stop ignoring copyright on data they don’t own and never have owned.
There is nothing against copyright law to read data that a person has put online in a public, unrestricted manner for the purpose of having it be read.
That’s not what’s happening though, they are using that data to train their AI models, which pretty irreparably embeds identifiable aspects of it into their model. The only way to remove that data from the model would be an incredibly costly retrain. It’s not literally embedded verbatim anywhere, but it’s almost as if you took an image of a book. The data is definitely different, but if you read it (i.e. make the right prompts, or enough of them), there’s the potential to get parts of the original data back.
which pretty irreparably embeds identifiable aspects of it into their model.
No, it doesn’t. The model doesn’t contain any copyright-significant amount of the original training data in it, it physically can’t contain it, the model isn’t large enough. The model only contains concepts that it learned from the training data - ideas, patterns, but not literal snippets of the data.
The only time you can dredge a significant snippet of training data out is in a case where a particular bit of training data was present hundreds or thousands of times in the training data - a condition called “overfitting” that is considered a flaw and that AI trainers work hard to prevent by de-duplicating the data before training. Nobody wants overfitting, it defeats the whole point of generative AI to use it to replicate the “copy and paste” function in a hugely inefficient way. It’s very hard to find any actual examples of overfitting in modern models.
It’s not literally embedded verbatim anywhere
And that’s all that you need to make this copyright-kosher.
Think of it this way. Draw a picture of an apple. When you’re done drawing it, think to yourself - which apple did I just draw? You’ve probably seen thousands of apples in your life, but you didn’t draw any specific one, or piece together the picture from various specific bits of apple images you memorized. Instead you learned what the concept of an apple is like from all those examples, and drew a new thing that represents that concept of “appleness.” It’s the same way with these AIs, they don’t have a repository of training data that they copy from whenever they’re generating new text.
I’m aware the model doesn’t literally contain the training data, but for many models and applications, the training data is by nature small enough, and the application is restrictive enough that it is trivial to get even snippets of almost verbatim training data back out.
One of the primary models I work on involves code generation, and in those applications we’ve actually observed verbatim code being output by the model from the training data, even if there’s a fair amount of training data it’s been trained on. This has spurred concerns about license violation on open source code that was trained on.
There’s also the concept of less verbatim, but more “copied” style. Sure making a movie in the style of Wes Anderson is legitimate artistic expression, but what about a graphic designer making a logo in the “style of McDonalds”? The law is intentionally pretty murky in this department, with even some colors being trademarked for certain categories in the states. There’s not a clear line here, and LLMs are well positioned to challenge what we have on the books already. IMO this is not an AI problem, it’s a legal one that AI just happens to exacerbate.
You’re conflating a bunch of different areas here. Trademark is an entirely different category of IP. As you say, “style” cannot be copyrighted. And the sorts of models that chatter from social media is being used for is quite different from code generation.
Sure, there is going to be a bunch of lawsuits and new legislation coming down the pipe to clarify this stuff. But it’s important to bear in mind that none of that has happened yet. Things are not illegal by default, you need to have a law or precedent that makes them illegal. And there’s none of that now, and no guarantee that things are going to pan out that way in the end.
People are acting incensed at AI trainers using public data to train AI as if they’re doing something illegal. Maybe they want it to be illegal, but it isn’t yet and may never be. Until that happens people should keep in mind that they have to debate, not dictate.
What specific data are you referring to?
Short messages usually aren’t creative enough to be protected by copyright. Exceptions might be poems and similar texts.
“Terms of service” checkmarks are their reality
Then all they need to do is spin up an instance of mastodon on any random VPS and scrape away if they really want to get the data.
But the 1,000,000 odd mastodon users would pale to their user base
I’d be shocked if they weren’t already harvesting publicly available data “in preparation for” federating. But bluntly, they’re going to be scraping publicly available data. As in, they’d be doing this without Threads if there was advertising money to be made, and it’s publicly available data.
It really annoys me how people react with such shock and alarm at how companies are “stealing” their data, when they put said data up in a public venue explicitly for the purpose of everyone seeing it. And particularly in the case of AI training there isn’t even any need for them to save a copy of that data or redistribute it to anyone once the AI has been trained.
But they’re monetizing their data.
So?
Exactly.
Making something publicly available does not automatically give everyone unrestricted rights to it.
For example, you do not have permission to make copies of articles in the NYT even when they are available to the public. In fact, a main purpose of IP law is to define certain rights over a work even after it is seen by the public.
In the case of AI, if training requires making a local copy of a protected work then that may be copyright infringement even if the local copy is later deleted. It’s no different than torrenting a Disney movie and deleting your copy after you watched it.
Making something publicly available does not automatically give everyone unrestricted rights to it.
Of course not. But that’s not what’s happening here. Only very specific rights are needed, such as the right to learn concepts and styles from what you can see.
In the case of AI, if training requires making a local copy of a protected work then that may be copyright infringement even if the local copy is later deleted.
That’s the case for literally everything you view online. Putting it up on your screen requires copying it into your computer’s memory and then analyzing it in various ways. Every search engine ever has done this way more flagrantly than any AI trainer has. There have been plenty of lawsuits over this general concept already and it’s not a problem.
It’s no different than torrenting a Disney movie and deleting your copy after you watched it.
Except that in this case it’s not torrenting a copy that Disney didn’t want to have online for you to see. It’s looking at stuff that you have deliberately put up online for people to see. That’s rather different.
Besides, it’s actually not illegal to download a pirated movie. It’s illegal to upload a pirated movie. A distinction that people often overlook.
Only very specific rights are needed, such as the right to learn concepts and styles from what you can see.
For AI training, you nearly always need a local copy of the data.
That’s the case for literally everything you view online. Putting it up on your screen requires copying it into your computer’s memory
Yes, and that copy is provided with restrictions. You can view your copy in a browser, but not necessarily use it for other purposes.
Every search engine ever has done this way more flagrantly than any AI trainer has. There have been plenty of lawsuits over this general concept already and it’s not a problem.
Those cases have delineated what Google is and is not allowed to do. It can only copy a short snippet of the page as a summary. This was ruled “fair use” largely because a short snippet does not compete against the original work. If anything it advertises the original work, just as movie reviews are allowed to copy short scenes from the movie they are reviewing.
On the other hand, AIs are designed to compete against the authors of the works they downloaded. If so, a fair use defense is unlikely to succeed.
Except that in this case it’s not torrenting a copy that Disney didn’t want to have online for you to see. It’s looking at stuff that you have deliberately put up online for people to see.
Disney does put its work online for people to see. So does the New York Times. That doesn’t mean you can make an unrestricted copy of what you see.
Besides, it’s actually not illegal to download a pirated movie.
Both are illegal in the US, although copyright holders generally prefer to go after uploaders.
Yes, and that copy is provided with restrictions. You can view your copy in a browser, but not use it for other purposes.
No, it’s not. I can use it for other purposes. I can’t distribute copies, that’s all that copyright restricts.
Those cases have delineated what Google is and is not allowed to do. It can only store a short snippet of the page as a summary.
Which is way more than what an AI model retains. Fair use is not even required since nothing copyrighted remains in the first place. You’ll first have to show that copyright is being violated before fair use even enters the picture.
Disney does put its work online for people to see. So does the New York Times. That doesn’t mean you can make an unrestricted copy of what you see.
Again, that has nothing to do with all this. AI training doesn’t require “making an unrestricted copy.” Once the AI has learned from a particular image or piece of text that image or text can be deleted, it’s gone. No longer needed. No copy is distributed under any level of restrictiveness.
Both are illegal in the US
I am Canadian. America’s laws are not global laws. If they wish to ban AI training this will become starkly apparent.
Which is way more than what an AI model retains.
It makes no difference what the AI model retains. The only question is whether you had permission to use your copy in the manner that you did.
So for instance suppose you made a copy of a Disney movie in any fashion (by torrent, by videotaping a screening, by screen-capturing Disney+, etc), then showed it to a classroom in its entirety, and then deleted it immediately thereafter. You infringed copyright, because you did not have permission to use it in that manner even once. It makes no difference how long you retained your copy.
Note that it would also make no difference if there were actually no students in the classroom. Or if the students were actually robots. Or just one robot, or a software AI. Or if you didn’t use a screen to show the material, you simply sent the file electronically to the AI. Or if the AI deleted the file shortly after receiving it. You still didn’t have permission to use your copy in the manner you did, even once. Which means it was illegal.
America’s laws are not global laws.
True. But the GDPR has shown us that a country can take measures to protect its data globally.
If they wish to ban AI training this will become starkly apparent.
In every other field, researchers have long been required to use opt-in databases for their work. They can’t just “scrape” your medical records without your consent in order to study a particular disease. That would be wildly unethical.
Yet research, including AI research, has thrived in the US even with such ethical requirements. I am confident future AI researchers in America can be both ethical and successful.
The only question is whether you had permission to use your copy in the manner that you did.
The only permission needed is to look at it.
So for instance suppose you made a copy of a Disney movie in any fashion (by torrent, by videotaping a screening, by screen-capturing Disney+, etc), then showed it to a classroom in its entirety, and then deleted it immediately thereafter.
That’s a public performance, which is a form of redistribution. That’s not relevant to AI training.
Note that it would also make no difference if there were actually no students in the classroom.
[citation needed]
They can’t just “scrape” your medical records without your consent in order to study a particular disease.
The goalposts just swung wildly. Who’s posting medical records on the Fediverse?
I am confident future AI researchers in America can be both ethical and successful.
Except for being banned from using public data that non-American AIs are able to use.
Also, the undefined “ethical” term is a new goalpost just brought into this discussion as well. I’ve found its use to be unhelpful, it always boils down to meaning whatever the person who’s using it wants it to mean.
I said this in a different post’s comments about Facebook scraping data:
Can activity pub change it’s terms to say that all crawlers that use this must be gnu open sources and all information crawled must be open to the public on gnu open sources software (no crawling to a private enterprise)?
My understanding is all the big tech companies are scared of what happened with router software (openwrt) and they don’t want to be forced to let competition be a foss community via gnu licensing.
I share your sentiment, but personally I don’t like the GPL’s Borg-like assimilation of anything it touches.
How about "every crawler using the API must provide the same API free of charge for "?
Meta has no problems providing API access free of charge, since their income comes from other sources.
I have also thought this is a good idea. I think that the ActivityPub standard should have a required field that lists a copyright license. Then a copyleft style copyright should be created that allows storing and indexing for distribution via open-source standards, and disallows using for AI training and data scraping. If every single post has a copyleft license then it would be risky for bigtech to repurpose it because if a whistleblower called them out that could be a huge class action suit.
A good question is if a single post can be copyrighted. I think it could. Perhaps you would consider each post like a collaborative work of art. People keep adding to it, and at the end of the day the whole chain could function as a “work”. Especially since there is a lot of useful value and knowledge in some post threads.
If that worked, we could have easily prevented AI companies from vacuuming up data from personal websites and separately hosted git repos. We could put a condition that if they train their models using our data, then the model and its weights would automatically be under the same license as our content. Of course, those psychopaths are going to use their money to defeat such arguments in court.