> DeepSeek does not "do for $6M what cost US AI companies billions". I can only speak for Anthropic, but Claude 3.5 Sonnet is a mid-sized model that cost a few $10M's to train (I won't give an exact number). Also, 3.5 Sonnet was not trained in any way that involved a larger or more expensive model (contrary to some rumors).
^ This is publicly new information, and the 2nd part especially contradicts consequential rumours that had been all-but-cemented in closely-following outsiders' understanding of Sonnet and Anthropic. Completely aside from anything else in this article.
Also, though it's not "new information": "Making AI that is smarter than almost all humans at almost all things [...] is most likely to happen in 2026-2027." continues to sail over everybody's head, not a single comment about it, even to shit on it. People will continue to act as though they are literally blind to this, as though they literally don't see it.
> People will continue to act as though they are literally blind to this, as though they literally don't see it.
Or like they see it and have learned the appropriate weight to give unsupported predictions of this type from people with a vested interest in them being perceived as true. It not only not new information, its not information at all.
Anthropic is, according to themselves, using RLAIF... which is basically using LLM as a judge / reward model. So maybe he means that the models they use for RLAIF are not (much?) more expensive than Sonnet 3.5 (e.g. previous Sonnet or Haiku 3 :)).
I thought this was true, honestly, up until I read it just now. User data is explicitly one of the 3 training sources[^1], with forced opt-ins like "feedback"[^2] lets them store & train on it for 10 years[^3], or tripping the safety classifier"[^2], lets them store & train on it for 7 years.[^3]
"Specifically, we train our models using data from three sources:...[3.] Data that our users or crowd workers provide"..."
[^2]
For all products, we retain inputs and outputs for up to 2 years and trust and safety classification scores for up to 7 years if you submit a prompt that is flagged by our trust and safety classifiers as violating our UP.
Where you have opted in or provided some affirmative consent (e.g., submitting feedback or bug reports), we retain data associated with that submission for 10 years.
[^3]
"We will not use your Inputs or Outputs to train our models, unless: (1) your conversations are flagged for Trust & Safety review (in which case we may use or analyze them to improve our ability to detect and enforce our Usage Policy, including training models for use by our Trust and Safety team, consistent with Anthropic’s safety mission), or (2) you’ve explicitly reported the materials to us (for example via our feedback mechanisms), or (3) by otherwise explicitly opting in to training."
This is a non starter for every company I work with as a B2B SaaS dealing with sensitive documents. This policy doesn’t make any sense. OpenAI is guilty of the same. Just freaking turn this off for business customers. They’re leaving money on the table by effectively removing themselves from a huge chunk of the market that can’t agree to this single clause.
I haven't personally verified this, but I'm fairly positive all the enterprise versions of these tools (ChatGPT, Gemini, Claude) not only are oblivious to document contents but also respect things like RBAC on documents for any integration.
Given the apparent technical difficulties involved in getting insight into a model’s underlying data, how would anyone ever hold them to account if they violated this policy? Real question, not a gotcha, it just seems like if corporate-backed IP holders are unable to prosecute claims against AI, it seems even more unlikely that individual paying customers would have greater success.
Even if this were true (and not hollowed out by various exceptions in Anthropic’s T&C), I would not call it “extremely strict”. How about zero retention?
Wow, thanks for sharing this. I find it interesting that they chose to make it something that I have to wait 1-2 minutes for before I get my AI generated article.
Seems to do a good job for various types of research, will give it a try next time I'm curious about something and need it researched
I use Anytype and like it. I do hope they’ll invest more time into the editing experience — there are a few sharp edges that will probably alienate people coming from more mainstream tools like Google Docs and Notion:
- Typography is a bit weird, especially with headings; there is very little line height on headings, leading to cramped documents.
- Bullet points look weird when you look closely at them. (On Mac, they’re not perfectly circular; perhaps an aliasing issue.)
- Can only use cmd+b and cmd+i for bold and italic when selecting text; can't use them to switch on/off boldness on the cursor.
- Can't specify type when creating a new object with the @ symbol inline (Capacities, a related tool, does).
- Bullet points flicker when you first create them.
- Linking inserts a space even when you don't want it, as does formatting using markdown characters (e.g., providing the closing ** in italics.)
- Relatedly: Entering closing markdown characters (e.g., the second **) does not end the formatting effect (the cursor should not have the formatting applied after they're entered, but it does).
Anytype is overall a fairly polished app. I hope they’ll iron out these editing issues — when they do, it’ll really be exceptional.
Author here. I agree. I designed a17t awhile ago (I think nearly four years ago now?) and it’s due for a refresh. I think it has the potential to be excellent but it’s not there yet.
Yeah, Firebase makes this much more of a gray area than a SQL database would, where you'd know instantly as soon as you issued an INSERT or an UPDATE that you were doing something unauthorized. The writeup is solid, you seem like you took most of the normal precautions a professional team would. The story has the right ending!
Did you check with the target before you "checked whether we could set `isAdmin` to `true` on our existing accounts?"
If you did not get consent from a subject, you are not a researcher. If you see a door and check to see if it is unlocked without its owner authorizing you to do so, you are on the ethical side of burglary even if you didn't burgle.
Helpfully the "technical writeup" post links to "industry best practices" [0] which include:
If you are carrying out testing under a bug bounty or similar program, the organisation may have established safe harbor policies, that allow you to legally carry out testing, as long as you stay within the scope and rules of their program. Make sure that you read the scope carefully - stepping outside of the scope and rules may be a criminal offence.
The ethically poor behavior of Fizz doesn't mitigate your own.
I disagree with this take. There are certainly lines of what is and is not ethical behaviour (where they are is highly debatable), but the vendor doesn't have a monopoly on deciding that.
Yes i disagree. You are quoting the document out of context and it doesn't say what you are implying it says.
Maybe out of context is the wrong word. You quote enough of the paragraph it just doesn't support your point.
All the paragraph says is that one hypothetical situation may have legal consequences in some juridsictions. It does not make any claim as to whether or not that is ethical or right.
Ok, do you agree that they claimed the OWASP document supported their actions?
Concerned about user privacy and security — and consistent with industry best practices [link to owasp] — we wrote a detailed email to the Fizz team [0]
Do you disagree that the OWASP page states the below?
Researchers should:
Ensure that any testing is legal and authorised.[1]
Ok, I can see how the OWASP document doesn’t use the words ethic or right or wrong. Would you agree that the claim by saligrama.io that they were “consistent with best practices” (where best practices is a link to OWASP) is not true?
I can see an interpretation where they communicated in line with best practices even if they didn’t follow best practices in their actions before communicating.
Yes, threatening to report is what was really happening here. But in their effort to scare us, they elided much of that process. From our perspective it was "watch out, you might face felony charges if you don't agree to silence".
Wow!