[jillesvangurp]

There's no point fearing or obsessing over the inevitable. Pretend it already happened and adapt. A lot of the sentiment here is aimed at putting the cat back in the bag and then hoping for the best. It won't work. Not even a little bit.

Laws are going to do absolutely nothing here except slow down the wrong people. The world is full of people who don't play by rules. It's a level playing field already. Everybody is doing AI at this point: the Iranians, the Chinese, the North Koreans, criminals, sociopath entrepreneurs in Silicon Valley, and everybody else with bad intentions you can think about. Every idiot with half a clue as well.

Laws are for obedient citizens that aren't a threat. It's all the other people we need to worry about. Besides, US law is worthless across its borders. And I don't even live there. I live in a place with actual anti AI laws (Europe) and I think they are a really bad idea. I'd prefer to be in a place that isn't awaiting the inevitable meekly with their hands tied behind their backs.

There is a nice little howto build and LLM from scratch article featuring on the HN front page today. Assume everybody else read that too. And then some. This is all public knowledge at this point. You can get pretty far coding an LLM with the help of an LLM. Even the offline ones are probably not that bad for this. Any idiot can build an LLM at this point. Even me probably. So that means that world + dog has been figuring out how to use LLMs to their advantage for the last decade or so. Probably with a sharp uptick in interest about 2-3 years ago. We've seen nothing yet.

Given all that, the safest course of action is working on the assumption that this already happened or if not that it will be happening very soon. The trick is not to prevent the technology but to be better at it than everybody else. This is an arms race and we can't afford to let the wrong people win it.

Regarding the fears about art and impersonation. Same thing. That too is going to happen. Nothing we can do about it. No amount of virtue signalling is going to help here. So, I would propose the exact opposite. Let people do what they will (again, inevitable that they will). But require them to sign all their work and assume any unsigned work to be fraudulent, malevolent, and worthless. Illegal even (laws can work to our advantage here). AI work should be signed too. So we can trace it back to who, when, and how. AI will be able to fake a lot of things. But not cryptographic signatures.

It's a lot easier to regulate proper use of signatures than abuse of technology. And the beauty of this is that we've had the technology to do this for decades already. But we still send unsigned emails, publish unsigned articles on blogs, and don't bother with encryption in general, etc. This is stupid and it has been for quite some time. It's only the unsigned work that's easy to fake.

[jart]

That's what sites like GitHub and Twitter already do. When I push to GitHub it's signed by me. When I tweet about something I did, that's a signature too. Would you like to be bold courageous one who writes a browser extension to block everyone and everything that's anonymous on these services? That's basically your vision. Google tried to make that happen with Google Plus but the service was sadly shut down.

[jillesvangurp]

I've been thinking about such a thing. It wouldn't be hard technically but it seems people are a bit indifferent on this front which makes it hard to pull off from a business point of view. We need some good scandals to get people a bit more paranoid.

Some scandals around LLM generated content could be exactly what we need here. I'm talking reputation damaging scandals that have the likes of the NYT having to explain in public how they messed up so badly and paying millions in damages to the victims. Money is a great way to incentivize companies to level up their game. The the likes of the NYT need to get paranoid about checking authenticity. And everybody else as well.

A few geeks wearing tin foil hats aren't much of a solution. PGP flopped for that reason. But it's not to late for it to make a comeback in some form.

IMHO the Fediverse is an obvious place to start. Why accept any content there that isn't signed? It should be stupidly easy to level up its protocols to add and verify signatures to content and profiles. I've actually considered having a go at it at some point. No time and other priorities. So, I havent. But why isn't this a big topic in the wider community?

[jart]

I doubt there's going to be any such scandals, unless someone creates them. What's going to happen is LLM generated content is going to become so good so fast that you won't want to consume content created by people anymore, and you're going to feel guilty about that. Similar to how people probably feel guilty about playing football video games rather than going outside and playing football. Crypto and authentication services won't help, because people will just give their LLM agents the ability to act autonomously under their identity.