BitterAd9531 t1_j5erse4 wrote
Won't work in the long term. OpenAI might have been the first one to release, but we know other companies have better LLMs and others will catch up soon. When that happens, models without watermarks will be released and people who want output without a watermark will use that model.
And even if you somehow force all of them to implement a watermark, it would be trivial to combine outputs of different models to circumvent it. Not to mention that slight rewrites by a human would probably break most watermarks, the same way they break the current GPT detectors.
[deleted] t1_j5f1x9y wrote
[removed]
BitterAd9531 t1_j5f2nk5 wrote
I know about OpenAI's research into watermarking. It doesn't contradict anything I said. It's only a matter of time before more models appear and the researchers themselves talk about how it's defeatable by both humans and other models through combinations and rewriting.
[deleted] t1_j5f3k9f wrote
[removed]
BitterAd9531 t1_j5f5olr wrote
I think you are misunderstanding how these watermarks work. The watermark is encoded in the tokens used and so combining or rewriting will weaken the watermark to the point it can no longer be used to accurately detect. Robust means a few tokens may be changed, but changing enough tokens will have an impact eventually.
The semantics don't change because in language, there are multiple ways to describe the same thing without using the same (order of) words. That's literally what "rewriting" means.
[deleted] t1_j5f9weh wrote
[removed]
BitterAd9531 t1_j5fcby3 wrote
>If you think, you can take two watermarked LLMs and 'trivially" combine their output as you stated, explain in detail how you do that in an automated way.
No thank you, I'm not going to write an LLM from scratch for a Reddit argument. And FWIW, I suspect that even if I did, you'd find some way to convince yourself that you're not wrong. You not understanding how this works doesn't impact me nearly enough to care that much. Have a good one.
[deleted] t1_j5fflnf wrote
[removed]
[deleted] t1_j5fdv9z wrote
[removed]
hey_look_its_shiny t1_j5fnyt6 wrote
I'm not OP, but the words "won't work in the long term" from their original statement are not synonymous with "useless".
Your original comment was disrespectful, and while you have raised some valid points along the way, they're collectively misaligned with the original statement you were responding to. You've been fighting a strawman, and it shows in how the community received your comments.
[deleted] t1_j5fqkim wrote
[removed]
its_ya_boi_Santa t1_j5gdo2x wrote
Wrong. I didn't read anything past your 2nd wall of text on this post, but maybe you should use a LLM to argue with people online, it looks like it could save you hours of time and effort.
[deleted] t1_j5gdsob wrote
[removed]
its_ya_boi_Santa t1_j5geex3 wrote
Wrong. Mentions LLM.
[deleted] t1_j5gf9jo wrote
[removed]
its_ya_boi_Santa t1_j5gh0s1 wrote
Wrong.
hellrail t1_j5x5u8o wrote
And what exactly is wrong about the statement?
its_ya_boi_Santa t1_j5xqz3k wrote
The guy was just being obnoxious hence all the deleted comments and starting his replies with "wrong." before writing huge walls of text
hellrail t1_j5xsq46 wrote
Ah, so there was nothing wrong in my statement but you just wanted to be obnoxious?
Good that you admit it.
PS: im the guy haha
its_ya_boi_Santa t1_j5xworg wrote
I have no idea what you wrote it didn't bother me enough to remember it all this time later, if you made a new account just to come back to your old arguments that's really sad dude, I hope you can better yourself and have a good life
hellrail t1_j5xwq72 wrote
Wrong. Its the very same account.
And in your previous answer, when u thought i was sb different, you already explained why you did it, now you claim to not remember. Hahaha. You are contradictory and nonsense as usual.
its_ya_boi_Santa t1_j5xwuc9 wrote
The sentiment still stands, I hope you get out of this rut your in. "This too shall pass" as they say.
hellrail t1_j5y0ok5 wrote
Wrong, I am not in any rut.
New accounts, being in a rut, saying wrong just for the sake of saying something eventhough nothing was wrong....
If i look at your behaviour it clearly shows that you are fighting your own inner demons instead of really replying to what somebody has said (otherwise u wouldnt put so much of self-fantasized allegations in your posting).
I hope this kind of self-therapy works out for you, but i doubt it helps with anything.
hey_look_its_shiny t1_j5fu53q wrote
You don't need to implement a full-scale LLM in order to degrade watermarks at scale or even mix-and-match watermarked inputs. People who aren't even trying get halfway there now with crappy synonym engines.
And before you ask, no, I'm not going to technically spec it for you. Instead I suggest using the upvote pattern from this expert community to run backprop on your beliefs. ;)
[deleted] t1_j5fv06l wrote
[removed]
BitterAd9531 t1_j5g52os wrote
>Besides that, OP stated that he wants to use a llm for this, not me.
Actually I didn't. If you read my comment you'd understand I would need the LLM to demonstrate the model that does the actual combining (which obviously wouldn't be an LLM). Seeing as there are currently no models that have watermarking, I'd have to write one myself to test the actual model that does the combining to circumvent the watermark. Either you didn't understand this, or you're once again taking single sentences out of context and making semi-valid points that don't have any relevancy to the orignal discussion.
But honestly I feel like this is completely besides the point. I've given you a high-level explanation of how these watermarks can be defeated and you seem to be the only one who does not understand how they work.
[deleted] t1_j5g7rb3 wrote
[removed]
hey_look_its_shiny t1_j5htrp4 wrote
> Besides that, OP stated that he wants to use a llm for this, not me.
Actually, you introduced that concept first when you said:
> If u want some AI to alter the text for you, you again need a LLM.
OP had not mentioned applying an LLM to the case prior to that. It was explicit in their original comment, and implicit in all comments thereafter, that a watermark-free LLM was only one of the ways in which this problem could be tackled.
Meanwhile:
> Synonym engines wouldnt change an n-gram watermarks significantly enough as a synonym is the same type of word so there are token patterns persisting.
Right. Hence why I said they "get halfway there". Halfway is clearly not "all the way", and thus not "significantly enough".
And finally:
> Rules for r/MachineLearning > 1. Be nice: no offensive behavior, insults or attacks
In light of your recent description of an interlocutor's "limited capacity brain", you seem to be catastrophically failing at (1) understanding the problem space being discussed, (2) understanding the deficiencies in your own arguments, and (3) understanding basic norms and rules of interpersonal decency....
Just my two cents, but this forum probably isn't the right space for you until you level up a bit.
Historical-Coat5318 t1_j5f88m7 wrote
It seems to me ethically imperative to be able to discern human text from AI text, so it's really concerning when people just hand-wave it away immediately as obviously futile, like Altman did in a recent interview. Obviously these detection methods would have to be more robust than just a cryptographic key that can be easily circumvented just by changing a few words, but this is the most pressing ethical issue in AI safety today and no one seems to be even considering dealing with it in a serious way.
One idea: Couldn't you just train the AI to identify minor changes to the text to the point where rewriting it would be too much of a hassle? Also, open the server history under a homonymous (for privacy concerns) database so that everyone has access to all GPT (and all other LLMs) output and couple that with the cryptographic key Scott Aaronson introduced plus adversarial solutions for re-worded text. This with other additional safety features would make it too much of hassle for anyone to try to bypass it, maybe an additional infinitesimal cost to every GPT output to counteract spam, etc etc. A lot of regulation is needed for something so potentially disruptive.
BitterAd9531 t1_j5fal5s wrote
>no one seems to be even considering dealing with it in a serious way
Everyone has considered dealing with it, but everyone who understands the technology behind them also knows that it's futile in the long term. The whole point of these LLMs it to mimic human writing as closely as possible and the more they succeed, the more difficult it becomes to detect. They can be used to output both more precise and more variated text.
Countermeasures like watermarks will be trivial to circumvent while at the same time restricting the capabilities and performance of these models. And that's ignoring the elephant in the room, which is that once open-source models come out, it won't matter at all.
>this is the most pressing ethical issue in AI safety today
Why? It's been long known that the difference between AI and human capabilities will diminish over time. This is simply the direction we're going. Maybe it's time to adapt instead of trying to fight something inevitable. Fighting technological progress has never worked before.
People banking on being able to distinguish between AI and humans will be in for a bad time the coming few years.
Historical-Coat5318 t1_j5fbhj5 wrote
If by fighting technological progress you mean controlling it to make sure it serves humanity in the safest most optimal way then yes, we've been doing this forever, when cars were first introduced traffic police didn't exist. There is nothing retrograde or luddite in thinking this way, it's what we've always done.
Obviously watermarking is futile but there are other methods that need to be considered which no one even entertains, for example the ones I mentioned in my first comment.
Also it should be trivially obvious that AI should never be open-source. That's the worst possible idea.
TonyTalksBackPodcast t1_j5iblmx wrote
I think the worst possible idea is allowing a single person or handful of people to have near-total control over the future of AI, which will be the future of humanity. The process should be democratized as much as can be. Open source is one way to accomplish that, though it brings its own dangers as well
KvanteKat t1_j5j3ewk wrote
>I think the worst possible idea is allowing a single person or handful of people to have near-total control over the future of AI
I'm not sure regulation is the biggest threat to the field of AI being open. We already live in a world where a small handful of people (i.e. decision makers at Alphabet, OpenAI, etc.) have an outsized influence on the development of the field because training large models is so capital-intensive that very few organizations can really compete with them (researches at universities sure as hell can't). Neither compute (on the scale necessary to train a state-of-the-art model) or well-curated large training datasets are cheap.
Since it is in the business interest of incumbents in this space to minimize competition (nobody likes to be disrupted), and since incumbents in this space already have an outsized influence, some degree of regulation to keep them in check may well be beneficial rather than detrimental to the development of AI and derived technologies and their integration into wider society (at least I believe so, although I'm open to other perspectives in this matter).
Historical-Coat5318 t1_j5jw8o8 wrote
I just can't even begin to comprehend this view. Of course, democratizing something sounds good, but if AI has mass-destructive potential it is obviously safer if a handful of people have that power than if eight billion have it. Even if AI isn't mass-destructive, which it obviously isn't yet, it is already extremely socially disruptive and if any given person has that power our governing bodies have basically no hope of steering it in the right direction through regulation, (which they would try to since it would serve their best interests as individuals). The common person would still have a say in these regulations through the vote.
GinoAcknowledges t1_j5kb95p wrote
A vast amount of technological knowledge (e.g. how to create poisons, manufacture bombs) has mass destructive potential if it can be scaled. The difficulty, just like with AI, is scaling, and this mostly self-regulates (with help from the government).
For example, you can build dangerous explosive devices in your garage. That knowledge is widely available (google "Anarchists Handbook"). If you try and build thousands of them (enough to cause mass destruction) the government will notice, and most likely, you aren't going to have enough money and time to do it.
The exact same thing will happen for "dangerous uses of AI". The only actors which have the hardware and capital to cause mass destruction with AI are the big tech firms developing AI. Try running inference at scale on even a 30B parameter model right now. It's extremely difficult unless you have access to multiple server-grade GPUs which are very expensive and hard to get ahold of even if you had the money.
BitterAd9531 t1_j5idapl wrote
>trivially obvious that AI should never be open-source
Wow. Trivially obvious? I'd very much like to know how that statement is trivially obvious, because it goes against what pretty much every single expert in this field advocates.
Obviously open-source AI brings problems, but what is the alternative? A single entity controlling one of the most disrupting technologies ever? And ignoring for a second the obvious problems with that, how would you enforce it? Criminalize open-sourcing of software? Can't say I'm a fan of this line of thinking.
Historical-Coat5318 t1_j5juhb7 wrote
AI in my view should be controlled by very few institutions, and these institutions should be carefully managed by experts and very intelligent people, which is the case for companies like Google or OpenAI. If AI must exist, and it must, I would much rather it were in the hands of people like Sam Altman and Scott Aaronson than literally everyone with an internet connection.
Obviously terms like "open-source" and "democratised" sound good, but if you think about the repercussions of this you will surely realise that it would be totally disastrous for society. Looking back in history we can see that nuclear weapons were actually quite judiciously managed when you consider all of the economic and political tensions of the time, now imagine if anyone could have bought a nuke at Walmart, human extinction would have been assured. Open-source AI is basically democratized mass-destruction, and if weapons of mass-destruction must exist (including AI), then it should be in as few hands as possible.
Even ignoring existential risk, which is obviously still very speculative, even LLMs should never be open-source because that makes any regulation impossible. In that world evidence (video, images and text), not to mention human creativity, would cease to exist and the internet would basically be unnavigable as the chasm between people's political conception of the world and the world itself only widens. Only a few companies should be allowed to have this technology, and they should be heavily regulated. I admit I don't know how this could be implemented, I just know that it should be.
This is basically Nick Bostrom's Vulnerable World Hypothesis. Bostrom should be read as a prerequisite for everyone involved in AI, in my opinion.
Throwaway00000000028 t1_j5k1aqv wrote
Just curious, why do you think it's "ethically imperative to be able to discern human text from AI text"? Would it really be so bad if you were talking to a computer?
Historical-Coat5318 t1_j5k3k1o wrote
I think so, yes. In that world the dead internet theory would become true and people will become only more dissociated from reality and society, especially so when AI can generate video and audio. The political repercussions are disastrous.
Also, I really love literature (and art in general) and a future where one cannot differentiate a human writer from AI is, frankly, suicidally bleak to me. I can see a future where publishers use AI to read the market and write the right books for maximum profit completely cutting out human authors from the process. I am an aspiring novelist myself and, while the act of writing is intrinsically motivating there is also a massive social component in terms of having a career and having others read your work that would be completely excised from creativity, so there is also a personal component I suppose. Sharing in the creativity of other humans is the main thing that gives life meaning to me personally and to many others, and to have that stripped from life is extremely depressing.
While this is all very speculative I just can't see the rapid advances in AI leading anywhere expect a lonelier, more isolated and chaotic world if it isn't seriously regulated. But all of this can be fixed if we could just identify AI text. Then nothing would change in terms of the place of human creativity in the world, it would be basically like chess, people still devote their lives to it and the community thrives but only because we can discern AI chess playing from human chess playing. Imagine if there were no anti-cheating policies in chess tournaments, no one would ever play chess seriously ever again.
If we could just identify AI output we would get all of the benefits of LLMs without any of the disastrous drawbacks. To me it is the most important issue right now, but people don't even consider it and are outright hostile to the idea, just see the downvotes to my original reply.
Viewing a single comment thread. View all comments