Notices by Meredith Whittaker (mer__edith@mastodon.world)

Now that "scale is all we need" has predictably faltered...

1. Small AI models often perform better in context.

2. Obsession w bigness has bad consequences, from climate, to power concentration, to research capture.

Me +
@GaelVaroquaux
@sashaluccioni

arxiv.org/abs/2409.14160

Signal has been running on Signal video for a long time, and the addition of call links about a month ago was a MASSIVE quality of life improvement.

Seriously, give them a try! Imagine, not sharing the contents of your daily standup with a large video conferencing company!

Tired of zoom, meet, w/e video conferencing software collecting your data?

Signal's got you❤️

NEW: call links let you start a video call with your fave Signal users easily, no group needed. Announcing these, and other improvements to calling here👇

https://signal.org/blog/call-links/

I remember Google+, and the idee fixe and mad hype around it. (Google was afraid of Facebook.) G+ was a ghost town. But for the first year or so the G+ team reported astronomical engagement numbers. Huhh?

Finally we learned they were counting every G+ notification dropped at the top of Gmail as an "engagement."

Anyway, I wonder how they're measuring this...

https://www.businessinsider.com/google-earnings-q3-2024-new-code-created-by-ai-2024-10

📣 New Paper! w/@HeidyKhlaaf + @sarahbmyers

We put the narrative on AI risks & NatSec under a microscope, finding the focus on hypothetical AI bioweapons is warping policy and ignoring real & serious harms of current AI use in surveillance, targeting, etc.

Instead of crafting solutions for hypothetical harms, we advocate focusing on already existing and very significant safety issues--namely AI’s reliance on PII & the vulns created by foundation models' use in NatSec.

https://arxiv.org/abs/2410.14831

Apparently there's an imposter pretending to be me and messaging infosec and infosec-adjacent folks cold on Signal (or, at least these are the people reporting it).

So, for the record I will NEVER cold message people on Signal. If you don't know me, or we didn't connect explicitly via a contact or at an event, I will not reach out to you. Ever. I have, like, better things to do, for one...

Case in point: there's no way to build a backdoor that only the "good guys" can use.

When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=byoB7m

📣NEW paper! Don’t believe the hype: bigger AI ≠ better AI. @SashaMTL, @GaelVaroquaux and me on how the race to bigger, and bigger AI has bad consequences and isn't necessary.

1. Smaller AI models often perform better than big models in context

And

2. Obsession with bigness has severe collateral consequences, from climate costs, to concentrated power, to more surveillance, to the capture of AI research.

All of this, and what we can do instead 👇

arxiv.org/abs/2409.14160

@apicultor @x_cli @briankrebs

That Flatpak package, linked above in this thread, is unofficial.

Our official download instructions for Linux tell people how to install our APT key, and every release is signed.

I'm assuming Brian Krebs' original is referring to macOS. Our releases are signed on macOS and Windows too.

💐

This is so cool/kind

(AND they're using machine learning to actually do the thing 'for humanity' that companies selling ML to the pharma industry claim it will , but that of course their version will not actually do, given the incentives♥️)

https://www.404media.co/right-to-repair-for-your-body-the-rise-of-diy-pirated-medicine/

Such a delight to sit down with the great @a_greenberg for a long engaged convo on surveillance, AI, my wild path through tech, and how by rejecting the toxic norm Signal provides a shining model for better, healthier tech futures♥️

https://www.wired.com/story/meredith-whittaker-signal/

Nice reflection on the value of private comms, and the consequences of the massive AT&T data breech.

This is why Signal bends over backward to collect as close to NO DATA as we can. Not having it is the best way to keep it safe❤️

https://blog.yaelwrites.com/insights-from-my-stolen-at-t-data-or-why-i-use-signal/

Of course, VC's require an exit, and an acquisition is the classic exit. But a healthy and competitive innovation landscape does not.

Taxing equity is also, of course, very alarming to investors.

But the argument that this hurts innovation and competition also falls flat IMO. Taxing unrealized investment value would check the overhype-to-acquisition cycle that makes VC's rich, but directs so much energy and capital into overvalued bullshit that doesn't meaningfully work/help people/etc.

Catching up on some of the "Little Tech" rhetoric from a16z. A lot more to say here.

But one thing that stands out as a rhetorical flaw in the pitch: curbing Big Tech startup acquisitions is listed as bad for little tech. Even as little tech is presented as the enabler of competition and innovation, contra Big Tech's market consolidation. Consolidation that is, of course, facilitated via acquisitions.

https://pmarca.substack.com/p/the-little-tech-agenda

2. We continue working to harden our desktop build across supported operating systems and take advantage of new platform capabilities as they emerge. Those of you following our repo can follow this work there.

3. The posters who raised this issue did so without contacting us directly. Instead, they went straight to social media, in some cases using inflammatory language. And they dropped these claims over a US holiday weekend. This is the opposite of responsible disclosure.

We ask those who are serious about security and privacy to please engage us directly in the future, instead of resorting first to online claims that can confuse non-experts and lead people to make unsafe choices and develop inaccurate mental models based on scary language. We monitor security@signal.org carefully and respond to all legitimate reports.

There’s been some chatter about Signal desktop recently, so let’s clear the air. Three points:

1. The reported issues rely on an attacker already having *full access to your device* — either physically, through a malware compromise, or via a malicious application running on the same device. This is not something that Signal, or any other app, can fully protect against. Nor do we ever claim to.

This is why we're seeing dumb AI everywhere, and self owns like MS's Recall

Recouping revenue from massively expensive AI development is urgent, market fit's unclear, so corps are shoving "AI" into everything to please investors/hope for fit/keep the bubble inflated

IMO this also explains the lockstep turn to military contracting (OAI, et al). A good way to sell tech that "doesn't actually work" via lucrative contracts whose efficacy won't be assessed w trad. metrics.

https://www.sequoiacap.com/article/ais-600b-question/

📣Official statement: the new EU chat controls proposal for mass scanning is the same old surveillance with new branding.

Whether you call it a backdoor, a front door, or “upload moderation” it undermines encryption & creates significant vulnerabilities

https://signal.org/blog/pdfs/upload-moderation.pdf