Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
klabb3 3 days ago

Before AI, you needed to trust the recipient and the provider (Gmail, Signal, WhatsApp, discord). You could at least make educated guesses about both for the risk profile. Such as: if someone leaks the code to this repo, it’s likely a collaborator or GitHub.

Today, you invite someone to a private repo and the code gets exfiltrated by a collaborator running whatever AI tool simply by opening their IDE.

Or you send someone an e2ee message on Signal but their AI reads the screen/text to summarize and now that message is exfiltrated.

Yes, I know it’s ”nothing new” ”in principle this could happen because you don’t control the client”. But opsec is also about what happens when well-meaning participants being accomplices in data collection. I used to trust that my friends enough to not share our conversations. Now the default assumption is that text & media on even private messaging will be harvested.

Personally I’m not ever giving keys to the kingdom to a remote data-hungry company, no matter how reputable. I’ll reconsider when local or self-hosted AI is available.

JumpCrisscross 2 days ago | parent | next [-]

> used to trust that my friends enough to not share our conversations. Now the default assumption is that text & media on even private messaging will be harvested

I would seriously reëvaluate my trust level in a friend or colleague who installs a non-ADA screen reader on their phone. At least to the level of sharing anything sensitive.

buran77 2 days ago | parent [-]

What about when devices come with such a "feature" baked in? Android has Magic Cue, Windows has Recall. How long until they're opt-out, or "accidentally" enabled with an update, or just on at all times? And "sensitive" can be wherever details I want to share with that friend. It can be as benign as giving them an address or phone number, or maybe a medical diagnosis, or a crypto wallet number.

Is your position that anyone who's not tech savvy enough to constantly fight the onslaught of shady business practices and dark patterns that most tech companies throw at them is not worthy of their friends' trust?

For most people asking them to guarantee their own devices won't spy on them is a tall order.

JumpCrisscross 2 days ago | parent [-]

> Is your position that anyone who's not tech savvy enough to constantly fight the onslaught of shady business practices and dark patterns that most tech companies throw at them is not worthy of their friends' trust?

Trust is a function of character and competence. Not understanding how your technology may be compromising you is, within the scope of keeping secrets, a fracture of competence.

I can’t repair a car. My friends would be correct in not trusting me to go under their cars’ hoods unsupervised. Similarly, a friend or colleague who cannot be trusted to understand the device they’re using cannot be trusted with matters of confidence in that context.

buran77 9 hours ago | parent | next [-]

> I can’t repair a car. My friends would be correct in not trusting me to go under their cars’ hoods unsupervised

What a let down of an answer. Who said anything about "going under the hood"? This is about simply using a device. Unfortunately the control of your phone is shared with a manufacturer or OS developer with shady practices and interests that don't align with yours. You are tasked with operating a device that is more than occasionally actively hostile and subversive towards you, the owner and user.

You probably don't fully understand almost any of the things you will ever interact with in your entire life. When some of those things will betray you I bet you won't find it a matter of your incompetence. Come to think about it, one day you'll realize you lived long enough to screw something up in almost every area you touched.

> who cannot be trusted to understand the device they’re using

In my previous comment I made it crystal clear that this is about using a device and gave concrete examples of dark patterns that would challenge even an expert. And you still misunderstood, and still wrongly assume that it's a matter of "competence". That's a fracture of competence if I've ever seen one.

Like a victim of a robbery in a bad neighborhood showed a fracture of competence by not understanding bad-neighborhood-dynamics.

danaris 2 days ago | parent | prev [-]

This sounds awfully like blaming individuals for not being able to fix a systemic problem on their own.

2 days ago | parent | prev [-]
[deleted]