[codedokode]

I am against this.

1) This will be a new source of fingerprinting information and this is difficult to fake to fool fingerprinting scripts, so it can be abused for "device verification". There should be no ability to "verify" a browser, and anyone should be able to emulate any browser. This is the most important point, I thought Google people are smart enough to see it.

2) LLMs use lot of memory and CPU time, for many users they would slow down their system significantly, and given current RAM prices, upgrades are very expensive. If the website relies on local model, it would work slow on cheap devices.

3) The API seems to be tailored for specific LLM like OpenAI.

4) This can be used to push competitors who do not have an AI model from the browser market - the sites would break because they will be made with expectation of having Google Gemini model and would not work with other models. For example, the sites would break in national browsers not having an AI model. There should be no "first-class" and "second-class" browsers.

The explainer claims that this would allow the user to process the data locally without sending it anywhere. But why does Google Gemini local model have "Prohobited Use Policy" then? Why should they bother about prompts and responses they never learn about?

While offline LLM access seems like a good idea, the website could use WebGPU for this without building LLM into the browser (or they could improve WebGPU for better handling ML models). Or everyone should use the same, open source, LLM.

[MisterTea]

> This is the most important point, I thought Google people are smart enough to see it.

Google just points towards the money like other bacterium and beats its flagella until it gets there. I don't know why or how anyone would EVER think Google is going to do something good for the web or humanity.

[john_strinlai]

>I don't know why or how anyone would EVER think Google is going to do something good for the web or humanity.

i dislike google as much as the next guy, but sometimes it can be good to remember that actual humans work at google. some of them want to improve things for people. some of them even have a conscience.

one immediate "good" that comes to mind, from google, is the project zero team.

[eocjeockoefj]

It doesn’t really matter what the people working there want. It matters what the higher ups say, as they control the cash flow and consequently where resources are spent.

And, surprise surprise, the higher ups are generally the ones fucking things up because they also need to see those numbers and lines go up, regardless of actual impact on people’s lives.

So yeah, there surely are good people working for Google, but Google itself is not a person nor is it a “good” company. It is evil, end of. And, unfortunately, when you work for Satan, you don’t get to go around doing charity work.

[anthonyrstevens]

So is it reasonable and helpful to see the same comments over and over again any time Google/Microsoft/OpenAI/Meta is mentioned in a comment - "X is bad, money drives all their decisions, they are anti-user, etc. etc." or should we actually expect to see relevant comments discussing the topic at hand?

It's inane and annoying to have to wade through the same, predictable, might-as-well-be-copy-and-paste comments on every post.

What do you have to say about the Prompt API specifically?

[eikenberry]

This same point should have been made to the grandparent as well... claiming some good people are working inside the system at a bad company is also a tired trope.

[doublerabbit]

Nothing myself, a great innovation but with wet teagbags google/microsoft/apple et cetera running the show. How is Digital ID going?

[beepbooptheory]

Seems like the only thing rational to do then is for the human beings working there to use their labor as leverage.

[xingped]

Sure actual humans work at Google. These actual humans are actively choosing to continue doing a job that makes the web worse. I don't see how "but they're human!" means automatic forgiveness of their actions.

[john_strinlai]

>I don't see how "but they're human!" means automatic forgiveness of their actions.

it doesnt, if the actions are bad.

but if your blind hatred makes you think that google will not "EVER" produce something of value to the web or humanity, then you are just being obtuse.

i have already provided one example of something good that is directly attributable to google. there are several more examples, i am sure.

[xingped]

I'm not the other guy you think I am. I didn't say that. But congrats on finding the one teensy tiny good thing Google has done. I'm sure that exonerates the other 99%. I mean, it's not like they scrapped "don't be evil" as a guiding principle or anything. Oh wait...

[pessimizer]

Maybe it's also helpful to point out that all evil is done by actual humans, and that google will actually fire humans who don't do what google wants them to do.

[doublerabbit]

Working for Enterprise 101: you are a pawn. Unless it's for the company, your just a engineer for their machine.

[b00ty4breakfast]

That some trees in a mudslide veer to the left does not mean that your house isn't going to be plowed down the hillside.

The momentum of the mass-entity that is Google simply cannot be overridden by some outliers trying to change direction.

[kevinwang]

You probably meant "conscience" instead of "conscious"

[john_strinlai]

i sure did. thanks.

[dismalaf]

The sheer amount of OSS projects that have come out of Google would suggest otherwise...

Stuff like Go, Bazel, Ninja, V8, Dart, MLIR, Tensorflow, Chromium, Android, and countless others I can't remember off the top, plus their contributions to Linux, LLVM, Python, and so on... I can't think of any company that has given as much sheer volume of open source code as Google.

[827a]

On the fingerprinting concerns: I have to imagine there will be an option in Chrome (certainly in Firefox) to "never download an LLM, turn off all LLM functionality". I suppose I can see an angle where a website could issue a small LLM request to try and fingerprint the model itself, which is another fingerprinting parameter. But as long as it can be turned off I don't see why this is a problem.

There's a broader class of concern here that reduces to the form: "The web platform should not be able to do this." For people who believe this, I think they'll invent any reason they can to push this narrative. E.g.: Well, sure, the user could turn it off, but then websites would say 'your browser isn't supported because it has no LLM' and now the web just got worse for me because I wanted to turn off LLMs.

But this reduces to "the web platform should not be able to do this" because at the end of the day it was the website operator's decision to turn off their website if an LLM is unavailable. Its not really the platform's fault, or the fault of its maintainers, that they built this capability and JP Morgan or whoever decided to screw over people who don't want to enable this feature. Similar to turning off Firefox support even though it would work fine, because they can't be assed to test their site in Firefox.

I don't know how to counter that take tbh. The web is the world's most successful application platform. It is not competing with PDF; it competes with SwiftUI. Of the options presented in front of you, you are hallucinating an option that reads like "we'll just keep the web nice and static and the way it is and nothing will ever change about it, the web is done". In reality your two options are: "We adapt the web to the evolving needs of its users" or "The web fails to serve the evolving needs of its users, and SwiftUI or WinUI steps in to fill that gap". This second option is far worse!

[codedokode]

> But as long as it can be turned off I don't see why this is a problem.

That immediately makes you stand out, and sites will start breaking, like now some sites (that do not do any 3D graphics) break without WebGL.

> web is the world's most successful application platform.

Also one of the ugliest and poorly designed in my opinion.

[domenicd]

Fingerprinting concerns here are really overblown. At least in Chrome's implementation, the model version / responses will give you ~2 bits over the browser major version: whether the machine can support the model, and whether the model is downloaded yet or not. (Really <2 bits, since these ratios aren't 50/50 in the population.)

This is discussed in detail in https://webmachinelearning.github.io/writing-assistance-apis....

[dabockster]

> There should be no ability to "verify" a browser, and anyone should be able to emulate any browser.

Hard disagree. The AI industry has absolutely shredded the various anti-scraping and anti-botting social contracts that were in place prior to the covid pandemic. Like it's now common knowledge that robots.txt isn't a hard requirement and can be avoided entirely, for example. They have absolutely turned the open web into a dark forest.

Having a browser session able to be verified as untampered and/or "trusted" is probably going to be a thing going forward. Sucks a ton, but we all did this to ourselves.

[lxgr]

> it's now common knowledge that robots.txt isn't a hard requirement and can be avoided entirely, for example

Was it ever not? It's a text file, not law.

> They have absolutely turned the open web into a dark forest.

Only if you have an ideological problem with people you don't like using the things you publish on the open web.

I'd say the web can be very open even without being copyleft. It makes some business models non-viable, but it doesn't prevent anyone from publishing what they want.

On the other hand, I don't think I would call something that preserves copyright at the cost of only admitting "approved/certified non-LLM scrapers" via attestation or similar "the open web".

> Having a browser session able to be verified as untampered and/or "trusted" is probably going to be a thing going forward. Sucks a ton, but we all did this to ourselves.

Who did what to whom?

[codedokode]

Protocols like HTTP or formats like HTML were initially made to be machine-readable. You humans make your site machine-readable, publish on the internet and then get unhappy when machines start actually reading it.

Anyway, just put a captcha or require a cryptocurrency payment if you are unhappy with bots, but several people unhappy about scraping are less important than billion people unhappy about tracking their activity.

[greycol]

You're looking at that pre-covid time with rose tinted glasses. Half the reason sites like reddit or twitter offered free/open APIs was to ensure that the bots were being as efficient as possible rather than hammering the sites (The other half was altruistic but that good will is a very small line item to an MBA). Scrappers got so much better at just going to what's presented to humans because these kinds of APIs are no longer common so they had to. So now the lazy option is to no longer check if a site offers an API, rather than to check if it did and save time / not worry about maintenance by coding for an API.

[realusername]

Browser verification doesn't stop bots, that will just funnel even more money towards click farms which are using unmodified devices on racks.

[pseudalopex]

> we all did this to ourselves

We meant who?

[doctorpangloss]

we already live in that world, Google and Apple cooperates with vendors like Cloudflare to make, essentially, the PAT / WEI implementation that they wanted.

[throwawa14223]

Another reason to criminally prosecute the AI industry.