There are no "rules" for responsible disclosure. We have guidelines that we have broadly accepted, but at the end of the day whether or not you discussed responsibly is in the opinion of your peers.
There's no such thing as "responsible disclosure on a technicality". Don't be a dick, and work in good faith to keep users safe.
I have no insider information so this is all appreciation, but:
When it comes to legislative things, there is pretty much always a timeline in which to become compliant. I do wonder if there was opportunity to give warning etc. but Anthropic decided to perform an immediate full stop deliberately causing the metaphorical three-car pileup, because the more painful for the users, the more pressure from the people there will be on the government to undo this.
See also: those painfully annoying cookie banners that are malicious compliance in the most irritating way possible, which GDPR does not require, in order to make people think GDPR is dumb.
If our standard for laws would be that "well no reasonable person would do this/believe this" then nothing would be illegal, there'd be no need to label any product as potentiality harmful, etc.
Do you really want to go there? That everything in the world would have a literal "caveat emptor" attached to it?
It's unbelievable how lightly some people hand over the tools for mass manipulation to a single corporation in the name of freedom of all things. We're not talking about a laser pointer here.
There is a disclaimer, yes, but you have to admit that it's pretty shit, innit? I mean for one, it's about the size of a human hair, and at least when I tried it, the disclaimer came up only when I clicked the "Show More" button. It might admittedly show up earlier if the response is shorter, admittedly I don't know. Also personally I'm a bit uneasy with the idea that just with a simple disclaimer they could avoid any and all liability. Not your argument, I know, but still.
As for not wanting to force companies to release only "safe-for-children products", I do actually agree. However I consider it to be a matter of degree, and in this case for example, I think that if nothing else, Google should say the very least make the disclaimer a bit more prominent and maybe tweak the model so that it's not quite as confident in its claims in the AI Overview.
> As for not wanting to force companies to release only "safe-for-children products", I do actually agree
That would be nice, but as every effort to restrict kids from using software which are not safe-for-children keeps getting condemned for being invasive surveilence, and every effort to stop kids getting the hardware instead gets condemned because of how much of society is now built on assumption everyone has a phone…
Do you mean the responsible people who will ensure their algorithms can be trusted with the important task of acting in the best interest of said people? Try and get a defamatory statement about google from the AI search box.
I have to fight with my family members when they "Google" something, read the top AI slop result, and I ask which page it came from. They believe what is on the Google landing page, and actually I don't think that is a naive assumption. Google has pushed itself as the information oracle, now they are delivering slop as the first result. It's a bait and switch.
There is a vast difference between it not being 100% impossible and data holders not doing the absolute basics to keep it safe.
I could imagine if, after a data breach, there was a government-run cyber investigative task force that would come into an organization, and be tasked with investigating and fully understanding the nature of the breach. We already have forensic detectives for other crimes, why not this one?
And if it turns out that the failure occurred due to the company acting negligently, a la (whoopsie all the records were in an open S3 bucket) then humans would be found personally liable.
--
But in principle, i also agree with the other causes you list. These are very much what GDPR was aimed at improving. It really is a shame when you look at what GDPR could have accomplished if not for malicious compliance by American tech giants, and shitty enforcement (instigated by American tech giants)
It doesn't even need to be government-run, we just need the right incentives. I've seen proposals for making some kind of data loss insurance mandatory to compensate victims. The insurance companies would then conduct audits which determine the premiums for the company, and investigate for negligence after a breach.
Edit: Thinking more about it, this would probably also be positive for security investigators. If a company is stonewalling you and ignoring a legitimate bug report, you now have the option to escalate this to the insurer. Maybe they could even facilitate bug bounty programs for smaller companies
I've had a similar thought in the past. I was thinking about the feasibility of a law being introduced where each company making over a certain amount of money per year must begin a VDP (and optionally a BBP) so that security flaws can be reported to them easily. This can easily be done by simply opening up security@companydomain and using security.txt (https://securitytxt.org). Reports must receive a response in N days, where N is calculated based on available staff, resource allocation, and revenue of the company. If they don't receive a response after N days, this can be escalated to some government agency which can take action against the company for failing to respond to a report on time.
> The thing that determines whether you’re the product isn’t whether you’re paying for the product: it’s whether market power and regulatory forbearance allow the company to get away with selling you.
Or more simply:
> Companies don’t make you the product because you don’t pay — they make you the product because you can’t stop them.
As far as feature development goes, Meta isn't looking under the couch cushions for change. If they want to invest in a feature, they will.
Joke's on the server. The robot that will replace their job soon will be more than happy to regale you with any hallucinated information you would like about the subtleties of the menu.
I excitedly bought a Framework 12 when it first came out, since I figured it'd be a nice thing to travel with (my typical laptop is the 11th-gen 13). However the 12 has just sat under my bed since it arrived. It's actually the same size and weight as the 13 so there's no real reason to use it when traveling, and everything about the 13 feels better in general. Overall I'm fairly disappointed by the 12.
I haven't held a Neo myself, but it seems like a solid device. Personally I would probably go for the Neo.
but why would anybody choose blue? there is no moral benefit to doing so.
If you altered the game to say that only some fraction of the population get the choice, and everyone who doesn't get the choice is assumed blue (or, is killed if less than 50% of voters choose blue) then there's some question to be explored here. But at it stands there is literally no reason to choose blue.
Choosing red is choosing to survive knowing that there will always be people who choose blue, potentially an amount that would mean you don't survive if you didn't take explicit action against it.
They didn't cause the peril, but knowing that their choice is possibility, if I don't make a decision to protect myself now their decisions may then be the cause of my continued not-survival.
To me, the whole point of the riddle is that it reveals the most internal bias towards either yourself or others, meaning that you do things for society or for yourself. Blues don't understand reds, reds don't understand blues. The bias is invisible to the self but it is clearly there given the huge contrast in the opinions of people.
You fail to see how anyone could choose blue, even though there are plenty of people on the internet and even in the comments here who are stating they would choose blue?
Depends on the scenario… or the number of people in the experiment. A sufficiently large number of people will guarantee votes in both bins. The specific scenario (reading this outside of a vacuum) will also have knock-on effects.
Eg: reading this into the current political landscape in the US vs reading this into another toy problem about jumping off a cliff or not will have very different outcomes and ethics.
The article makes a good point with their reframing.
"Give everyone a magic gun. They may choose to shoot themselves in the head. If more than 50% of people choose to shoot themselves, all the guns jam. The person also has the option to put the gun down and not shoot it."
The "dilemma" is asking to what lengths we should go to save people choosing to commit suicide, and does that change when they are unintentionally choosing suicide due to being "tricked" into it.
I guess that just underlines how reframing can really muddy or clarify a problem. The original problem can be mapped onto many varied scenarios with wildly different ethics.
Practically at least one person will choose blue for lulz or curiosity or as a moral compass. Shall we punish them? How does it affect survival of whole population in a long term?
There’s a moral benefit to choosing blue if you think there’s a chance that the end result will be split 50-50 and you’ll be the deciding vote between a blue majority and a red majority.
If everyone picks red everyone lives, nobody needs saving by picking blue. Picking blue obliges others to pick blue to prevent your death, risking their own life in turn. Red is the moral option.
There is no topic in which you'll get 100% of people to agree with you, and this is no different. There will always be people who choose blue. Arguing that you could ever get 100% of people to pick red is a coping mechanism to deal with the knowledge that your choice to pick red will result in some deaths (i.e., unless blue wins).
That isn't to say I categorically judge anyone who would choose red.
If there's good reason to believe a majority and especially a supermajority would choose red over blue, then choosing red is indeed the only rational choice, and convincing overs to do the same is the only way to save lives.
What I like about the question is that it can be used to measure whether a society is low trust (majority red) or high trust (majority blue).
However, where I take issue with the article is the assertion that it's impossible to get a blue majority, especially in the face of polling that suggests such a majority already exists. The article's claim that choosing red is the only moral choice seems at best to be self-delusion.
The utility of choosing red and the morality of convincing others to follow suit maximizes the larger the currently expected pool of red gets, sure. However, while choosing blue has less and less personal downside the greater the expected majority of blue there is, similar to red, the morality of choosing blue maximizes the closer you get to an even split, since it's the product of the potential lives saved by going blue and the likelihood your individual vote will push it over the edge.
Personally, I'd choose blue. I'd rather sacrifice myself than be party to the deaths of billions of people, so if there's even some hope at convincing the majority to go blue, I'd feel obligated to stay with it even if pre-polling suggests things initially tip toward red. I'd also be a bit wary of living in a society now devoid of anyone willing to self-sacrifice. I'm not convinced most people choosing red give that any thought.
> However, where I take issue with the article is the assertion that it's impossible to get a blue majority, especially in the face of polling that suggests such a majority already exists.
The people saying they'd vote blue would never actually do it. People support lots of altruistic things in the abstract, but almost nobody does it when it involves real risk and sacrifice. The cost of saving a kid in Africa by donating malaria medicine and insecticidal nets is only about $5,000. How many people do you know who will cancel their Hawaii vacation and donate that money to an African charity?
Every time you choose to take a vacation, or get a tricked out Macbook Pro, etc., you are in a real way choosing to allow some kid in Africa to die. But you do it anyway.
You're thinking of this like a game where the only point is to "win". That's not how this would actually work in practice.
Blue is the only moral and logical choice. If red gets over 50% and you picked it, therefore contributing to the "red" outcome, you are now effectively a murderer. Plus you now get to live in a world where everyone else alive are sociopaths that picked red, where everyone with a conscience is now dead.
You also can't count on everyone picking red, or "if you picked blue, then you voted for suicide".
It's reasonable to assume that, leading to the button press event, the usual low-trust, "every man by himself" types will rally for red, with the usual excuses, where high-trust societies will make it clear that it's your moral duty to pick blue, to get the votes to the 50% threshold and ensure no one dies. Around the world there would be debates nonstop that would permeate every social circle and families. You'd have huge arguments where the typical selfish types would scream at their family members "how dare you say you're going to press blue, do you want to leave your poor mother alone without their only child?", only pushing red-leaning voters more into red and blue-leaning voters more into blue.
Plus, if you look at the possible outcomes:
- Red wins, you picked red: Depending on where you live, a reasonable portion to the large majority of the population is now dead. The ones alive have, by definition, a strong bias towards individualism and noncooperation. It's extremely likely civilisation will collapse. Pick your favourite fictional dystopia and you might have a reasonable chance of it actually coming somewhat real.
- Red wins, you picked blue: You are now dead, but at least you don't have to live in the world above.
- Blue wins, you picked blue: Things carry on as normal and your conscience is safe in knowing that you didn't vote to kill and that over 50% of your fellow humans also didn't vote to kill.
- Blue wins, you picked red: Things carry on as normal, but you now have a guilty conscience, or, if your vote was made public, people around you know you would have killed them to save your skin.
By picking red you didn't contribute to anything at all, this button does absolutely nothing in practice. If you remove the red button, leaving the choice between pressing blue and not participating at all, the choice to not participate seems quite obvious. The red button adds some "weight" to the decision, but it's materially the same
> Depending on where you live, a reasonable portion to the large majority of the population is now dead. The ones alive have, by definition, a strong bias towards individualism and noncooperation.
Anyone who picked blue gambled their own lives over nothing. There is nothing altruistic about pressing the blue button and especially nothing altruistic about trying to convince people to press the blue button. The altruistic thing is to convince everyone that they don't need to kill themselves by pressing the blue button.
You're ignoring the dimension of universalism versus insularity. In practice, high-trust, high-cooperation communities are also insular. They cooperate within their community, but not people outside their community. Those communities can ensure the survival of their members by using their social infrastructure to ensure everyone votes red.
Assuming that the red/blue choice doesn't have a theological valance, you'd have a lot of tight-knit Mormon, Muslim, and Orthodox Jewish communities surviving in the red scenario. I suspect also all the highly authoritarian Asian countries.
This is great! Though in my case, since i have the very first generation they made, i probably need to upgrade every part of the thing so might as well just get a new one
There's no such thing as "responsible disclosure on a technicality". Don't be a dick, and work in good faith to keep users safe.
reply