It’s not. Surprise! All of Silicon Valley has gone mask off in preparation for the new administration in Washington!

Zuck wants to get back to his roots

It’s time to get back to our roots around free expression and giving people voice on our platforms. Here’s what we’re going to do: […] 5/ Move our trust and safety and content moderation teams out of California, and our US content review to Texas. This will help remove the concern that biased employees are overly censoring content.

Narrator: this announcement did not, in fact, ease concerns about bias.

Oh sure when an AI messed up your files it’s all “good job AI” and “you’re so clever AI”! But when I, a human, does it everyone’s like “Did you write another bug that wipes the drive?” and “you’re fired”.

I’d be surprised if Eliezer hasn’t mentioned it at some point, maybe more in the way that you’re after. Can’t find any examples though.

In his Times article the only place he mentions nukes is what we should do to countries that have too many GPUs: https://time.com/6266923/ai-eliezer-yudkowsky-open-letter-not-enough/

Edit: Not Mr. Yudkowski but see https://futureoflife.org/document/policymaking-in-the-pause/

“The time for saying that this is just pure research has long since passed. […] It’s in no country’s interest for any country to develop and release AI systems we cannot control. Insisting on sensible precautions is not anti-industry. Chernobyl destroyed lives, but it also decimated the global nuclear industry. I’m an AI researcher. I do not want my field of research destroyed. Humanity has much to gain from AI, but also everything to lose.”

“Let’s slow down. Let’s make sure that we develop better guardrails, let’s make sure that we discuss these questions internationally just like we’ve done for nuclear power and nuclear weapons. Let’s make sure we better understand these very large systems, that we improve on their robustness and the process by which we can audit them and verify that they are safe for the public.”

A notable article from our dear friend Nick Bostrom mentions the atmospheric auto-ignition story:

https://nickbostrom.com/papers/vulnerable.pdf

Type-0 (‘surprising strangelets’): In 1942, it occurred to Edward Teller, one of the Manhattan scientists, that a nuclear explosion would create a temperature unprecedented in Earth’s history, producing conditions similar to those in the center of the sun, and that this could conceivably trigger a self-sustaining thermonuclear reaction in the surrounding air or water (Rhodes, 1986).

(this goes on for a number of paragraphs)

This whole article has some wild stuff if you haven’t seen it before BTW, so buckle up. He also mentions this story in https://nickbostrom.com/existential/risks and https://existential-risk.com/concept.pdf if you want older examples.

I keep it with me always, but never in plain sight in case a computer sees it through a webcam and starts getting ideas

Above I listed a bunch of things which would help narrow down browser version, but that’s hopeless anyway – an adversary will probably be able to figure out your rough browser version even if you fake the UA string, and that you’re running in anti-fingerprinting mode.

So assuming that’s out of scope I think these are probably the big categories:

• Normalize any system information presented to webpage (e.g. remove minor version from UA header, remove OS from UA header, etc)
• Canvas, WebGL, and WebGPU need to be implemented in software in a deterministic way. Similarly any compositing (including stuff like font shaping, SVG rendering, page layout) must be done in software (prevent GPU fingerprinting)
• A fixed font set must be used rather than using the system font set (prevent fingerprinting font enthusiasts)
• The device size / frame size (and position) must be lied about (e.g. rounded to a common resolution or a multiple of 100px), and layout adjusted appropriately (Mozilla calls this “Letterboxing”) (prevent fingerprinting psychos who don’t run their browser in fullscreen mode).
• Page storage should be disabled or cleared (local / session storage, cookies, service workers, indexeddb, etc) (A cookie by any other name would taste as sweet)
• Caching is a big problem, probably have to disable it entirely (including HTTP caching, HTTP caching at the ISP level*, DNS lookups, favicons, JavaScript compilation cache) (Pesky pesky global state).
• Performance metrics are another big problem. Disabling JavaScript would go a long way here but you probably can’t prevent them entirely unless you’re prepared to go to unhealthy extremes** (this is like the past 10 years of cutting edge security research so we’re doomed)
• Disable any plugins or other customizations which may provide a fingerprint accessible to the webpage (oops it turned out the FBI caught me because I configured my browser to inject pictures of cute bunnies into every webpage).
• And of course IP address, which you presumably want to do something about (proxy?)

That said while I’ve worked with browsers, I’m not in the biz of fingerprinting or anti-fingerprinting, so there’s surely stuff I haven’t thought of.

* Actually we should probably just disable non-HTTPS entirely…

** Running under a VM is probably the minimum required to mitigate the chances of cutting-edge side-channel timing attacks from James Bond level adversaries, but at that point maybe you just want a dedicated browsing computer heh. I did chuckle at the idea of someone trying to apply cryptographic constant-time algorithm techniques to writing a browser though.

“Yes judge I downloaded Shrek 2 to train my neural net for my startup”

“The name of my neural net? Sailor Sega Saturn’s brain I guess…”

“Oh my startup? That’s what I call trying to get out of bed in the morning!”

Also I’m having a fun time imagining an accurate device fingerprinting disclosure from someone who was really really thorough.

Not-A-Cookie-I-Swear Technologies LTD may collect the following information:

Some stuff in this list is me being silly, but overall it shows that the talk about “privacy-enhancing technologies” is premature on the web platform. The web has been trying to have better privacy defaults over time; but there’s a long legacy of features from before this was considered as much, as well as Google tossing around their weight in the web standards and browser space.

The Google post appears to be Updating our platform policies to reflect innovations in the ads ecosystem.

I have no idea what the heck those words mean (it appears to be some bizarro form of English), so I diffed the policy itself. Here are the parts I found notable.

This will be removed:

You must not use device fingerprints or locally shared objects (e.g., Flash cookies, Browser Helper Objects, HTML5 local storage) other than HTTP cookies, or user-resettable mobile device identifiers designed for use in advertising, in connection with Google’s platform products. This does not limit the use of IP address for the detection of fraud.

This will be removed:

You must not pass any information to Google […] that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset).

This will be added:

You must disclose clearly any data collection, sharing and usage that takes place in connection with your use of Google products, including information about the technologies used, such as your use of cookies, web beacons, IP addresses, or other identifiers. This applies for data collection, sharing and usage on any platform, surface or property (e.g., web, app, Connected TV, gaming console or email publication).