upvote

points

by apothegm3 days ago |
comments
upvoteby hiAndrewQuinn3 days ago|
next
[-]
It's going to be stochastic in some sense whether you want it to be or not, human error never reaches zero percent. I would bet you a penny you'd get better results doing one two-second automated pass + your usual PII redaction than your PII redaction alone.
reply
upvoteby ori_b10 hours ago|
parent|
next
[-]
The advantage of computers was that they didn't make human errors; they did things repeatedly, quickly, and predictably. If I'm going to accept human error, I'd like it to come from a human.
reply
upvoteby creesch6 hours ago|
parent|
next
[-]
> The advantage of computers was that they didn't make human errors;

Sure they do, computers repeatedly, quickly, and predictably do what they are programmed to do. Which includes any human errors in that programming.

reply
upvoteby laserlight6 hours ago|
parent|
[-]
> predictably do what they are programmed to do

And now they predictably do what they are not programmed to do.

reply
upvoteby pigpag10 hours ago|
parent|
prev|
[-]
[dead]
reply
upvoteby cyanydeez3 days ago|
parent|
prev|
[-]
I think the problem is most secrets arn't stochastic; they're determinant. When the user types in the wrong password, it should be blocked. Using a probabilistic model suggests an attacker only now needs to be really close, but not correct.

Sure, there's some math that says being really close and exact arn't a big deal; but then you're also saying your secrets don't need to be exact when decoding them and they absolutely do atm.

Sure looks like a weird privacy veil that sorta might work for some things, like frosted glass, but think of a toilet stall with all frosted glass, are you still comfortable going to the bathroom in there?

reply
upvoteby CityOfThrowaway11 hours ago|
parent|
[-]
I dunno what use case you're thinking this is for.

The use case for this is that many enterprise customers want SaaS products to strip PII from ingested content, and there's no non-model way to do it.

Think, ingesting call transcripts where those calls may include credit card numbers or private data. The call transcripts are very useful for various things, but for obvious reasons we don't want to ingest the PII.

reply
upvoteby traceroute668 hours ago|
parent|
[-]
> Think, ingesting call transcripts where those calls may include credit card numbers or private data. The call transcripts are very useful for various things, but for obvious reasons we don't want to ingest the PII.

Credit card numbers are deterministic. A five year old could write a script to strip out credit card numbers.

As for other PII ? You're seriously expecting an LLM to find every instance of every random piece of PII ? Worldwide ? In multiple languages ? I've got an igloo I'd like to sell you ...

reply
upvoteby agnishom1 hours ago|
prev|
next
[-]
One could chain a regex based system together with this
reply
upvoteby moralestapia2 days ago|
prev|
[-]
The alternative being?
reply