undefined

points

[-]

It's only half of the solution though. If the models are trained in a closed way, they can prioritize values encoded during training even if that's not what you want (example: ask the open Chinese models about Tiananmen). It's not beyond imagining that these models would e.g. try to send your data to authorities or advertisers when their training says so, even if you run them locally.

So the full solution would be models trained in an open verifiable way and running locally.

by wrxd5 hours ago|

parent|

[-]

The model is only generating tokens without touching the network at all, right? How would it send data away?

by procaryote5 hours ago|

parent|

[-]

Theoretically, by taking the opportunity to inject an exfiltration mechanism if you ask it to write code for you

by kg4 hours ago|

parent|

[-]

Lots of people I know run models in "yolo" mode or the equivalent as well, which means it could just invoke curl or telnet to exfiltrate data.

by hombre_fatal6 hours ago|

prev|

[-]

Another angle is when you're passing untrusted content to the AI service, e.g. anything from using it to crawl websites to spam-detection on new forum user posts.

You can trigger the the service's ToS violation or worse, get tipped off to law enforcement for something you didn't even write.

by Xenoamorphous4 hours ago|

prev|

[-]

> I like the approach of running everything locally. I'm strongly of the opinion that the privacy angle for local models is going to keep getting stronger and more relevant.

In HN circles perhaps. Average Joes don’t care.

by lukewarm7078 hours ago|

prev|

[-]

local is best for privacy, but i personally think you don't need to go local.

anthropic, google, openai etc, decided that their consumer ai plans would not be private. partly to collect training data, the other half to employ moderators to review user activity for safety.

we trust that human moderators will not review and flag our icloud docs, onedrive or gmail, or aggregate such documents into training data for llms. it became the norm that an llm is somehow not private. it became a norm that you can't opt out of training, even on paid plans (see meta and google); or if you can opt out of training, you can't opt out of moderation.

cloud models with a zero retention privacy policy are private enough for almost everyone, the subscriptions, google search, ai search engines are either 'buying' your digital life or covering themselves for legal reasons.

you can and should have private cloud services, and if legal agreement is not enough, cryptographic attestation is already used in compute, with AWS nitro enclaves and other providers.

by inetknght8 hours ago|

parent|

[-]

> i personally think you don't need to go local.

I personally think everyone should default to using local resources. Cloud resources should only be used for expansion and be relatively bursty rather than the default.

by mark_l_watson8 hours ago|

parent|

[-]

For about two years I experimented with writing local apps using local LLMs, but I often had to blend in a commercial web search API to make my little experiments useful.

by Whyachi5 hours ago|

parent|

prev|

[-]

[dead]

by mark_l_watson8 hours ago|

parent|

prev|

[-]

I pay $13/month for Proton’s Lumo+ private chat LLM that contains an excellent built-in web search tool. I use it for everything non-technical, even just simple searching for local businesses, etc.

As an enthusiastic reader of books like Privacy is Power and Surveillance Capitalism, it feels good to have a private tool that is ready at hand.

by djl07 hours ago|

parent|

prev|

[-]

do you have any provider recommendations? I've experimented with this on runpod serverless, but I've been meaning to dig deeper before I feel comfortable with personal data.

I saw a service named Phala, which claims to be actually no-knowledge to server side (I think). It was significantly more expensive, but interesting to see it's out there. My thought was escaping the data-collection-hungry consumer models was a big win.

by sebastiennight1 hours ago|

parent|

prev|

[-]

> anthropic, google, openai etc, decided that their consumer ai plans would not be private. partly to collect training data, the other half to employ moderators to review user activity for safety.

That's two halves of "why", sure.

Another interesting half would be that those companies have US military officers on their boards, and LLMs are the ultimate voluntary data collection platform, even better trojan horses than smartphones.

Yet another "half" could be how much enterprise value might be found by datamining for a minute or two... may I suggest reading a couple of Martha Wells books.

by ge967 hours ago|

prev|

[-]

The other thing, is encrypted inferencing a thing/service currently? I want to run my own models locally just because if I'm going to be chatting to it about my day to day life why send it to a server in plaintext.

by lukewarm7077 hours ago|

parent|

[-]

encrypted inferencing, meaning homomorphic encryption: no, it's not solved.

cryptographic confirmation of zero knowledge: yes.

the latter, based on trust in the hardware manufacturer and their root ca. so, encrypted if you trust intel/nvidia to sign it.

there are a few services, phala, tinfoil, near ai, redpill is an aggregator of those

by aswanson9 hours ago|

prev|

[-]

That's the way things have to go. Business risk is too high having everything ran over exposed networks.

by lukewarm7078 hours ago|

parent|

[-]

what i say about this, is that an llm is just a big file, there is nothing 'not private' about it.

if you are happy with off-prem then the llm is ok too, if you need on-prem this is when you will need local.

by zahlman8 hours ago|

parent|

[-]

> an llm is just a big file, there is nothing 'not private' about it.

The private thing is the prompt.

But also, a local LLM opens up the possibility of agentic workflows that don't have to touch the Internet.