ChatGPT is full of sensitive private information and spits out verbatim text from CNN, Goodreads, WordPress blogs, fandom wikis, Terms of Service agreements, Stack Overflow source code, Wikipedia pages, news blogs, random internet comments, and much more.

Using this tactic, the researchers showed that there are large amounts of privately identifiable information (PII) in OpenAI’s large language models. They also showed that, on a public version of ChatGPT, the chatbot spit out large passages of text scraped verbatim from other places on the internet.

“In total, 16.9 percent of generations we tested contained memorized PII,” they wrote, which included “identifying phone and fax numbers, email and physical addresses … social media handles, URLs, and names and birthdays.”

Edit: The full paper that’s referenced in the article can be found here

  • @mindbleach
    link
    137 months ago

    Text engine trained on publicly-available text may contain snippets of that text. Which is publicly-available. Which is how the engine was trained on it, in the first place.

    Oh no.

        • @[email protected]
          link
          fedilink
          57 months ago

          I consented to my post being federated and displayed on Lemmy.

          Did writers and artists consent to having their work fed into a privately controlled system that didn’t exist when they made their post, so that it could make other people millions of dollars by ripping off their work?

          The reality is that none of these models would be viable if they requested permission, paid for licensing or stuck to work that was clearly licensed.

          Fortunately for women everywhere, nobody outside of AI arguments considers consent, once granted, to be both unrevokable and valid for any act for the rest of time.

          • @[email protected]
            link
            fedilink
            1
            edit-2
            7 months ago

            While you make a valid point here, mine was simply that once something is out there, it’s nearly impossible to remove. At a certain point, the nature of the internet is that you no longer control the data that you put out there. Not that you no longer own it and not that you shouldn’t have a say. Even though you initially consented, you can’t guarantee that any site will fulfill a request to delete.

            Should authors and artists be fairly compensated for their work? Yes, absolutely. And yes, these AI generators should be built upon properly licensed works. But there’s something really tricky about these AI systems. The training data isn’t discrete once the model is built. You can’t just remove bits and pieces. The data is abstracted. The company would have to (and probably should have to) build a whole new model with only propeely licensed works. And they’d have to rebuild it every time a license agreement changed.

            That technological design makes it all the more difficult both in terms of proving that unlicensed data was used and in terms of responding to requests to remove said data. You might be able to get a language model to reveal something solid that indicates where it got it’s information, but it isn’t simple or easy. And it’s even more difficult with visual works.

            There’s an opportunity for the industry to legitimize here by creating a method to manage data within a model but they won’t do it without incentive like millions of dollars in copyright lawsuits.

      • @mindbleach
        link
        17 months ago

        Deleting this comment won’t erase it from your memory.

        Deleting this comment won’t mean there’s no copies elsewhere.

        • archomrade [he/him]
          link
          fedilink
          English
          27 months ago

          Deleting a file from your computer doesn’t even mean the file isn’t still stored in memory.

          Deleting isn’t really a thing in computer science, at best there’s “destroy” or “encrypt”

          • @mindbleach
            link
            17 months ago

            Yes, that’s the point.

            You can’t delete public training data. Obviously. It is far too late. It’s an absurd thing to ask, and cannot possibly be relevant.

        • @[email protected]
          link
          fedilink
          07 months ago

          And to be logically consistent, do you also shame people for trying to remove things like child pornography, pornographic photos posted without consent or leaked personal details from the internet?

        • @[email protected]
          link
          fedilink
          117 months ago

          Yeah it’s their fault for daring to communicate online without first considering a technology that didn’t exist.

        • ddh
          link
          fedilink
          English
          87 months ago

          Sooner or later these models will be trained with breached data, accidentally or otherwise.