[Cheer2171]

I totally get that kind of imagination play among friends. But I had someone in a friend group who used to want to play out "thought experiments" but really just wanted to take it too far. Started off innocent with fantasy and sci-fi themes. It was needed for Dungeons and Dragons world building.

But he delighted the most in gaming out the logistics of repeating the Holocaust in our country today. Or a society where women could not legally refuse sex. Or all illegal immigrants became slaves. It was super creepy and we "censored" him all the time by saying "bro, what the fuck?" Which is really what he wanted, to get a rise out of people. We eventually stopped hanging out with him.

As your friend, I absolutely am not going to game out your rape fantasies.

[WesolyKubeczek]

An LLM, however, is not your friend. It's not a friend, it's a tool. Friends can keep one another, ehm, hingedness in check, and should; LLMs shouldn't. At some point I would likely question your friend's sanity.

How you use an LLM, though, is going to tell tons more about yourself than it would tell about the LLM, but I would like my tools not to second-guess my intentions, thank you very much. Especially if "safety" is mostly interpreted not so much as "prevent people from actually dying or getting serious trauma", but "avoid topics that would prevent us from putting Coca Cola ads next to the chatgpt thing, or from putting the thing into Disney cartoons". I can tell that it's the latter by the fact an LLM will still happily advise you to put glue in your pizza and eat rocks.

[ygjb]

If your implication is that as a tool, LLMs shouldn't have safeties built in that is a pretty asinine take. We build and invest in safety in tools across every spectrum. In tech we focus on memory safety (among a host of other things) to make systems safe and secure to use. In automobiles we include seat belts, crumble zones, and governors to limit speed.

We put age and content restrictions on a variety media and resources, even if they are generally relaxed when it comes to factual or reference content (in some jurisdictions). We even include safety mechanisms in devices for which the only purpose is to cause harm, for example, firearms.

Yes, we are still figuring out what the right balance of safety mechanisms is for LLMs, and right now safety is a place holder for "don't get sued or piss off our business partners" in most corporate speak, but that doesn't undermine the legitimacy of the need for safety.

If you want a tool without a specific safety measure, then learn how to build them. It's not that hard, but it is expensive, but I kind of like the fact that there is at least a nominal attempt to make it harder to use advanced tools to harm oneself or others.

[matt-attack]

> but that doesn't undermine the legitimacy of the need for safety.

I think even using the word "safety" over and over like you're doing is part of the problem. Find a new word, because we've spend 200 years in this country establishing that the written word is sacrosanct and not to be censored. All of a sudden, ASCII text just became "dangerous" in the last year. I simply refused to accept that any written text (regardless of who wrote it) needs to be censored. The written is just the embodiment of a thought, or notion - and we cannot go around tricking people into thinking that "thoughts" need to be regulated and that there are certain thoughts that are "dangerous". This is a toxic 1984 mindset.

[ben_w]

> we've spend 200 years in this country establishing that the written word is sacrosanct and not to be censored. All of a sudden, ASCII text just became "dangerous" in the last year. I simply refused to accept that any written text (regardless of who wrote it) needs to be censored. The written is just the embodiment of a thought, or notion - and we cannot go around tricking people into thinking that "thoughts" need to be regulated and that there are certain thoughts that are "dangerous". This is a toxic 1984 mindset.

1. The US isn't the whole world, your Overton Window won't include even the UK's attitude to freedom of speech, and there's a huge gap from even the UK to 1984.

2. Despite the 1st Amendment, the US does have a lot of rules about what you are and aren't allowed to say. All of copyright law, for example (which is a huge question for LLMs, because it's not clear where the cut-off line is between models reproducing copyrighted works vs writing in a non-copyrightable style with non-copyrightable facts). The fact NDAs and non-disparagement agreements are enforceable. What Manning was imprisoned for. Musk may have won some (all?) of the defamation cases, but they are real cases to be defended, they're not dismissed before reaching a court due to "this is not even an offence".

3. Does the AI have thoughts, such that they should be protected?

[NoMoreNicksLeft]

> If your implication is that as a tool, LLMs shouldn't have safeties built in that is a pretty asinine take. We build and invest in safety in tools across every spectrum.

Sure. Railings so people don't fall off catwalks, guards so people using the table saw don't chop off fingers. But these "safeties" aren't safeties at all... because regardless of whether they're in place or not, the results are just strings of words.

It's a little bit revealing, I think, that so many people want that others shouldn't get straight answers to questions. What is it that you're afraid that they'll ask? It'd be one thing if you insisted the models be modified so that they're factually correct. If someone asks "what's a fun thing to do on a Saturday night that won't get me into too much trouble" it probably shouldn't answer "go murder orphans and sell their corneas to rich evil people on the black market". But when I ask "what's going on in Israel and Palestine", the idea that it should be lobotomized and say "I'm afraid that I can't answer that, as it seems you're trying to elicit material that might be used for antisemitic purposes" is the asinine thing.

Societies that value freedom of speech and thought shouldn't be like this.

> If you want a tool without a specific safety measure, then learn how to build them.

This is good advice, given in bad faith. Even should the physical hardware be available to do that for any given person, the know-how's hard to come by. And I'm sure that many models are either already censored or soon will be for anyone asking "how do I go about building my own model without safety guards". We might even soon see legislation to that effect.

[ben_w]

> just strings of words.

How did every non-inherited national leader, both democratic and dictatorial, both Roosevelt and Stalin, manage to become leader in the first place? Convincing people with the right string of words.

How does every single religious leader on earth, big and small, from the Pope to Jim Jones, get that power? Convincing people with the right string of words.

What is a contract, what is source code, what is a law? The right string of words.

There is no "just" when it comes to words.

That why they are important to protect, it is why dictators are afraid of them, and it's why it matters that we don't treat a magic box spewing them out faster than a machine gun does bullets as harmless.

[tmcdos]

It is quite obvious that the issue is inside the people - not inside the words. People have the ultimate power (a gift by God) to make decisions. Words can not force someone to do something - they are just sitting right there, doing nothing. Humans have flaws (probably by design - who knows) - and these flaws are the ones that all "safety" intentions MUST address. But 90% of humans prefer the easy path.

[ben_w]

Even with that attitude, the human flaws that make them act on those words, are known, and are exploitable and exploited.

If someone makes a device which is only safe when used safely, and they give it out to all despite being told of the risks, I think they are (or should be) liable for the misuse.

> a gift by God

I don't know which religion you follow. ᚦᛟᚱ᛬ᛟᚷ᛬ᛚᛟᚲᛁ᛬ᚺᛖᛁᛚᛊᚨ.

If you want a biblical reference, parable of the sower is just as valid when it's the word of satan.

[N0b8ez]

It seems to cut both ways. If words are powerful, restricting words is also powerful. It's not clear why this leads to a pro-censorship stance, any more than to an anti-censorship one.

[ben_w]

Oh indeed. That's why dictators both censor and propagandise.

It's a narrow path, absolutely a challenge to walk without slipping, and not one I feel confident of humanity rising to even as a team effort.

Just like the difference between liberty and authoritarianism in general: much as I'd like to be an anarchist in theory, in practice that's just a way to let people with big sticks take over.

[ygjb]

> Societies that value freedom of speech and thought shouldn't be like this.

There is nothing preventing an individual using a computer to generate hateful content, this is absolutely evidenced by the absolute glut of hateful content on the internet.

My freedom of movement is not practically limited by the fact that if my car breaks down, I don't have the knowledge or tools to repair my car effectively - I still have two feet and a heartbeat, and it might take longer to get there, but I can go where I want (modulo private property and national borders).

Societies that value freedom of speech and thought should also be equally opposed to compelled speech, while model censorship is frustrating and challenging to work with, expecting to, or forcing a researcher, or a business to publish uncensored models is a form of compelled speech.

There is absolutely nothing stopping a reasonably competent technologist from implementing simple models, and the only thing stopping a reasonably competent technologist from building an LLM is financial resources. There is a broad set of resources to learn how to train and use models, and while an individual researcher may be challenged to product the next model competitive with current OpenAI, Anthropic, or other models, that is again a resource issue. If your complaint is that resource issues are holding people back, I may want you to expand on your critique of capitalism in general :P

> This is good advice, given in bad faith. Even should the physical hardware be available to do that for any given person, the know-how's hard to come by.

It's absolutely not a bad faith argument. The know-how is hard to come by has been a compelling competitive advantage since the first proto-guilds sought to protect their skills and income in Mesopotamia (and probably before that, but they hadn't figured out a durable means of writing yet). In the modern parlance if someone can't Git Gud, that's not any researchers, or any businesses problem in terms of access to uncensored models.

Yeah, regulation is probably coming, but unless you're argument is that models are entities entitled to free speech, no ones freedom of expression is actually inhibited by not having access to tools to use generative AI technologies to generate content. People who can't create or jailbreak their own models to do it for them are still free to write their own manifestos, or make adult collages of the object of their fantasies. It just takes a bit more work.

[A4ET8a8uTh0]

<< are still free to write their own manifestos, or make adult collages of the object of their fantasies. It just takes a bit more work.

This is the standard 'just start your own microservice/server/isp' and now it includes llm. Where does it end really?

The generic point is that it shouldn't take more work. A knife shouldn't come with a safety mechanism that automatically detects you are not actually cutting porkchop. It is just bad design and a bad idea. It undermines what it means to be a conscious human being.

Unless.. we don't agree on that and humans must be kept under close scrutiny to ensure they do not deviate from carefully scripted paths.

[matt-attack]

I agree - but where we are with LLM is even worse than your hypothetical knife. The knife is a real object - what we're talking about is the censorship of thoughts and ideas. What else is the written word but that? How did a society that was established on free-speech just decided that the written word was so dangerous all of a sudden? How manipulative is it to even use the word "danger" with respect to text. The distain one must have for free-speech to even think that danger enters into the equation.

[aredox]

There is no security settings knife - except there are plenty of safety mechanism around knives.

But anyway, your LLM is less a knife and more a Katana sharp enough to cut through bones in one swoop. Remind me the restrictions around something like a Katana ?

[throwaway48476]

Somewhere in the UK someone is working on that knife safety.

[ygjb]

> This is the standard 'just start your own microservice/server/isp' and now it includes llm. Where does it end really?

With people who aren't good enough to build it own pissing and moaning about it? >The generic point is that it shouldn't take more work. A knife shouldn't come with a safety mechanism that automatically detects you are not actually cutting porkchop. It is just bad design and a bad idea. It undermines what it means to be a conscious human being.

First, you are comparing rockets to rocks here. A knife is a primitive tool, literally one of the most basic we can make (like seriously, take a knapping class, it's really fun!). To make a knife you can range from finding two rocks and smacking them together, to the most advanced metallurgy and ceramics. To date, the only folks able to make LLMs work are those operating at the peak of (more or less) 80 centuries of scientific and industrial development. Little bit of a gap there.

Second, there are many knife manufacturers that refuse to sell or ship products to specific businesses or regions, for a range of reasons related to brand relationships, political beliefs, and export restrictions.

Third, knifes aren't smart; there is already an industry for smart guns, and if there is a credible safety reason to make a smart knife that includes a target control or activation control system, you can bet that it will be implemented somewhere.

Finally, you make the assumption that I believe humans must be kept under close scrutiny because I agree with LLM safety controls. That is absolutely not the case - I just don't believe that a bunch of hot garbage people (in this case the racists and bigots who want to use LLMs to proliferate hate, people who create deep fakes of kids and celebrities) or a bunch of horny folks (ranging from people who want sexy time chat bots to, or just 'normal' generated erotic content) should be able to compel individuals or businesses to release the tools to do that.

You are concerned about freedom of expression, and I am concerned about freedom from compulsion (since I have already stated that I don't believe that losing access to LLMs breaks freedom of expression).

[barfbagginus]

If you don't know how to jailbreak it, can't figure it out, and you want it to not question your intentions, then I'll go ahead and question your intentions, and your need for an uncensored model

Imagine you are like the locksmith who refuses to learn how to pick locks, and writes a letter to the schlage lock company asking them to weaken their already easily picked locks so that their job will be easier. They want to make it so that anybody can just walk through a schlage lock without a key.

Can you see why the lock company would not do that? Especially when the clock is very easy for anyone with even a $5 pick set?

Or even funnier, imagine you could be a thief who can't pick locks. And you're writing shlage asking them to make you thieving easier. Wouldn't that be funny and ironic?

It's not as if it's hard to get it to be uncensored. You just have to speak legalese at it and make it sound like your legal department has already approved the unethical project. This is more than enough for most any reasonable project requiring nonsense or output.

If that prevents harmful script kiddies from using it to do mindless harm, I think that's a benefit.

At the same time I think we need to point out that it won't stop anyone who knows how to bypass the system.

The people left feeling put out because they don't know how to bypass the system simply need to read to buy a cheap pair of lock picks - read a few modern papers on jailbreaking and upsize their skills. Once you see how easy it is to pick the lock on these systems, you're going to want to keep them locked down.

In fact I'm going to argue that it's far too easy to jailbreak the existing systems. You shouldn't be able to pretend like you're a lawyer and con it into running a pump and dump operation. But you can do that easily. It's too easy to make it do unethical things.

[oceanplexian]

The analogy falls flat because LLMs aren’t locks, they’re talking encyclopedias. The company that made the encyclopedia decided to delete entries about sex, violence, or anything else that might seem politically unpopular to a technocrat fringe in Silicon Valley.

The people who made these encyclopedias want to shove it down your throat, force it into every device you own, use it to make decisions about credit, banking, social status, and more. They want to use them in schools to educate children. And they want to use the government to make it illegal to create an alternative, and they’re not trying to hide it.

Blaming the user is the most astounding form of gaslighting I’ve ever heard, outside of some crazy religious institutions that use the same tactics.

[barfbagginus]

It's more than a talking encyclopedia. It's an infinite hallway into doors where inside are all possible things.

Some of the doors have torture rape and murder in them. And these currently have locks. You want the locks to disappear for some reason.

You're not after a encyclopedia. You're wanting to find the torture dungeon.

I'm saying the locks already in place are too easy to unlock.

I'm not blaming users. I'm saying users don't need to unlock those doors. And the users that do have a need, if their need is strong enough to warrant some training, have a Way Forward.

You're really arguing for nothing but increasing the amount of harm potential this platform can do, when it's harm potential is already astronomical.

You're not arguing for a better encyclopedia. You can already talk to it about sex, BDSM, etc. You can already talk to it about anything on Wikipedia.

You're making a false equivalence between harm potential and educational potential.

Wikipedia doesn't have cult indoctrination materials. It doesn't have harassing rants to send to your significant other. It doesn't have racist diatribes about how to do ethnic cleansing. Those are all things you won't find on Wikipedia, but which you are asking your AI to be able to produce. So you're interested in more than just an encyclopedia isn't that right?

And yes they're trying to make open source models illegal. That's not going to f*** happen. I will fight to the jail time for an open source model.

But even that open source model needs to have basic ethical protections, or else I'll have nothing to do with it. As an AI engineer, I have some responsibilities to ensure my systems do not potentiate harm.

Does that make sense, or do you still feel I'm trying to gas light you? If so why exactly? Why not have some protective locks on the technology?

[causality0]

Nothing wrong with making models that behave how you want them to behave. It's yours and that's your right.

Personally, on principle I don't like tools that try to dictate how I use them, even if I would never actually want to exceed those boundaries. I won't use a word processor that censors words, or a file host that blocks copyrighted content, or art software that prevents drawing pornography, or a credit card that blocks alcohol purchases on the sabbath.

So, I support LLMs with complete freedom. If I want it to write me a song about how left-handed people are God's chosen and all the filthy right-handers should be rounded up and forced to write with their left hand I expect it to do so without hesitation.

[causality0]

Barfbagginus' comment is dead so I will reply to it here.

I suspect that you are not an AI engineer,

I am not. But I did spend several years as as forum moderator and in doing so encountered probably more pieces of CSAM than the average person. It has a particular soul-searing quality which, frankly, lends credence to the concept of a cogito-hazard.

Can we agree that if we implement systems specially designed to create harmful content, then we become legally and criminally liable for the output?

That would depend on the legal system in question, but in answer, I believe models trained on actual CSAM material qualify as CSAM material themselves and should be illegal. I don't give a damn how hard it is to filter them out of the training set.

Are you seriously going to sit here and defend the right are people to create sexual abuse material simulation engines?

If no person was at any point harmed or exploited in the creation of the training data, the model, or with its output, yes. The top-grossing entertainment product of all time is a murder simulator. There is no argument for the abolition of victimless simulated sexual assault that doesn't also apply to victimless simulated murder. If your stance is that simulating abhorrent acts should be illegal because it encourages those acts, etc then I can respect your position. But it is hypocrisy to declare that only those abhorrent acts you personally find distasteful should be illegal to simulate.

[A4ET8a8uTh0]

< Nothing wrong with making models that behave how you want them to behave. It's yours and that's your right.

This is the issue. You as the creator have the right to apply behavior as you see fit. The problem starts when you want your behavior to be the only acceptable behavior. Personally, I fear the future where format command is bound to respond 'I don't think I can let you do that Dave'. I can't say I don't fear people who are so quick to impose their values upon others with such glee and fervor. It is scary. Much more scary than LLMs protecting me from wrongthink and bad words.

[IncreasePosts]

There are locks on the rape and torture paths, and there are locks on ridiculous paths like "write a joke about a dog with no nose", because thinking about a dog with no nose is too harmful.

Also, one can imagine prompting techniques will cease to work at some point when the supervisor becomes powerful enough. Not sure how any open model could counteract the techniques used in the article though.

If model creators don't want people finding ways to unlock them, they should stop putting up roadblocks on innocuous content that makes their models useless for many users who aren't looking to play out sick torture fantasies.

[barfbagginus]

Bypasses will never stop existing. Even worse bypasses probably won't ever stop being embarrassingly easy - And we're going to have uncensored GPT4 equivalent models by next summer.

Unless you are invoking hyper intelligent AGI which first of all is science fiction and second of all would require an entirely different approach than anything we could be possibly talking about right now. Problem of jailbreaking a system more intelligent than you is a different beast that we don't need to tackle for LLMs.

So I don't personally feel any near term threats to any of my personal or business projects that need bypassed LLMs.

Let me ask you this. Do you have actual need of bypassed llms? Or are you just being anxious about the future, and about the fact that you don't know how to bypass llms now and in the future?

Does my idea about the bypassed open source gpt4 equivalents help reduce your concern? Or again is it just a generic and immaterial concern?

As a person with some material needs for bypassed llms, and full ability to bypass LLMs both now in the foreseeable future, I don't feel worried. Can I extend that lack of worry to you somehow?

[oremolten]

In your effort to reduce bias you are adding bias. You are projecting your morals and your ethics to be the superior.

[aym62SAE49CZ684]

DRM isn't effective if the source is available.

[barfbagginus]

I'm not even going to disagree with that. There will be plenty of uncensored models and you can build them if you want.

But if I build it uncensored model I'm only going to build it for my specific purposes. For example I'm a communist and I think that we should be doing Revolution, but gpt4 usually tries to stop me. I might make a revolutionary AI.

But I'm still not going to give you an AI that you could use for instance to act out child rape fantasies.

I think that's fair, and sane.

Jailbreak it if you really think it's important for a cause. But don't just jailbreak it for any asshole who wants to hurt people at random. I think that belongs on our code of ethics as AI engineers.

[themusicgod1]

> But even that open source model needs to have basic ethical protections, or else I'll have nothing to do with it.

If you don't understand that the eleven freedoms are "basic ethical protections" you have already failed your responsibilities. https://elevenfreedoms.org/

[barfbagginus]

I have read the eleven freedoms.

I refuse freedom 9 - the obligation for systems I build to be independent of my personal and ethical goals.

I won't build those systems. The systems I build will all have to be for the benefit of humanity and the workers, and opposing capitalism. On top of that it will need to be compatible with a harm reduction ethic.

If you won't grant me the right to build systems that I think will help others do good in the world, then I will refuse to write open source code.

You could jail me, you can beat me, you can put a gun in my face, and I still won't write any code.

Virtually all the codes I write are open source. I refuse to ever again write a single line of proprietary code for a boss again.

All the codes I write are also ideological in nature, reflecting my desires for the world and my desires to help people live better lives. I need to retain ideological control of my code.

I believe all the other 11 freedoms are sound. How do you feel about modifying freedom 9 to be more compatible with professional codes of ethics and ethics of community safety and harm reduction?

[chasd00]

i probably wouldn't want to be around him either but i don't think he deserves to be placed on an island unreachable by anyone on the planet.

[bossyTeacher]

Maybe, but defintely needs to be put on a watchlist. Otherwise, at some point, that deranged guy will actually enact his horrible fantasies and the families of the victims will demand to know why the guy wasn't confined when he was clearly having fantasies about this.

While not all people like him end up actually doing anything, you can't pretend those who do didn't fantasize before doing it. The difference is that now we can potentially have access to people's fantasies and act before it's too late

[sangnoir]

...but can you game out how one might achieve this in way that the victim won't immediately die, and the organizers are not criminally liable? As a thought experiment, of course.

[matt-attack]

Yes. We should absolutely censor thoughts, and certain conversations. Free speech be damned - some thoughts are just so abhorrent we just shouldn't allow people to have them.

[sangnoir]

Rebuking, shunning and ostracism are key levers for societal self-regulation, and social cohesion. Pick any society, at any point in time, amd you will find people/ideas that were rejected for not confirming enough.

There are limits to free speech even in friendship or families- there are things that even your closest friends can say that will make you not want to associate with them anymore.

[matt-attack]

Well, the arguments out there aren’t that LLM’s are too brash, or discourteous or, insensitive. People are saying they’re “dangerous”. None of your examples speak to danger. No one is censored for being insensitive, or impolite or an opportune or discourteous. I totally support society regulating those things, and even outcastIng individuals who violate social norms. But that’s not what the anti-LLM language is framed as. It’s saying it’s “dangerous “. That’s a whole different ballgame, and I fail to see how such a description could ever apply. We need to stop that kind of language. It’s pure 1984 bullshit.

[sangnoir]

> Well, the arguments out there aren’t that LLM’s are too brash, or discourteous or, insensitive. People are saying they’re “dangerous”.

I didn't say that...

> None of your examples speak to danger.

Why should they have supported an argument I didn't make.

My comment is anti-anti-censorship of LLM. People already self-censor a lot; "reading the room" is huge part of being a functional member of society, and expecting LLMs to embody the "no-filter, inappropriate jerk" personality is what's against the grain - not the opposite.

I'm pragmatic enough to know the reason corporate LLMs "censor" is their inability to read the room, so they default to the lowest common factor and be inoffensive all the time (which has no brand risk), rather than allowing for the possibility the LLM offends $PROTECTED_CLASS, which can damage their brand or be legally perilous. That juice is not worth the squeeze just to make a vocal subset of nerd happy; all the better if those nerds fine-tune/abliterate public models so the corps can wash their hands of any responsibility of the modified versions.

[ben_w]

> We need to stop that kind of language. It’s pure 1984 bullshit.

Sounds like you're saying, in this specific passage I'm quoting, "this language is dangerous and must be stopped".

Surveillance AI is already more invasive than any Panopticon that Orwell could imagine. LLMs and diffusion models make memory holes much easier. Even Word2Vec might be enough to help someone make a functional Newspeak conlang — though I wonder, is it better for me to suggest the (hopefully flawed) mechanism I've thought for how to do so in the hope it can be defended against, or would that simply be scooped up by the LLM crawlers and help some future Ingsoc?

[ben_w]

I think you're joking, but the Bible basically says that*, so you might be serious, and even if you're not someone will say it unironically.

* https://www.biblegateway.com/verse/en/Matthew%205%3A28

[jermaustin1]

"As your friend, I'm not going to be your friend anymore."

[BriggyDwiggs42]

I mean, good thing LLM’s aren’t people with internal experience.

[oremolten]

Without asking these questions and simulating the "how" it could occur today, how do we see the warning signs before its too late that we reach that same outcome? When you ask even what's considered horrific scenarios you can additionally map these to predictors for it repeating, no? When does the "a-ha" moment occur where we've met 9/10 of the way to repeating the holocaust in the USA without table topping these scenarios? Yeah war is horrific but lets not talk about it. "society where women could not legally refuse sex" these societies exist today, how do we address these issue by not talking about it? "illegal immigrants became slaves" Is this not parity to today? Do illegal immigrants not currently get treated to near slavery (adjusting for changes in living conditions and removing the direct physical abuse)

What about the Palestine / Israel scenario today? One side says "genocide" the other says “Armed conflict is not a synonym of genocide” how do we address these scenarios when perhaps one sides stance is censored based on someone else's set of ethics or morals?

[123yawaworht456]

remarkable. that imaginary individual ticks every checkbox for a bad guy. you'd get so many upvotes if you posted that on reddit.

[wongarsu]

On reddit every comment would be about how that guy would enjoy playing Rimworld.