> Extremely useful if you are, say, trialing a novel chemotherapy drug and want to end your trial ASAP to get everyone on the intervention arm if the drug actually works.
The most important part of this for a living human being is touched on at the end. You only die once. Life expectancy is an ensemble mean over a population, and "you are not a population". You need to try to avoid risks that are going to kill you personally, not risks that affect aggregate life expectancy (there's overlap of course). Tinkering with HR-translated-to-life-years I think actually blurs that focus for individuals.
The worst case is a risk that has a low ensemble HR and low life years impact, but will kill you personally very soon if you take the wrong action. Eating peanuts has an HR of 1, unless you are prone to fatal anaphylaxis from peanuts. HRs are useful for (and biased towards) doctors protecting as many humans as possible, but as an individual you should try to discover your peanut allergies as early as possible and protect yourself against them.
Correct. The argument is not about the deployment or the technical quality of MLKEM. Pretending it is, is an appeal to authority, and is moving the goal posts from the actual argument.
> the code which implements a client-side web application is distributed by the given website
Incorrect, and trivially falsifiable. Examples:
- Self hosting, where you control both client and server.
- Loading a web app from file:///
- Loading a web app from localhost.
The author's "no exceptions" is simply wrong.
The author also seems to assume the same server is required to both serve the code and store/transmit encrypted messages which obviously isn't the case. In addition the statements about service workers are ignorant.
The rest of the analysis is largely correct and the threat outlined (where somebody can replace your client) is a serious one that many underestimate. In particular the proprietary native mobile app model is vulnerable to this, as mentioned.
These problems come from giving LLMs too much agency. The fix is to ruthlessly manage context yourself, and use a harness that only allows one LLM response at a time. Don't leave context up to the LLM, and check everything it is doing. This gives you most of the speed increase while still giving you clean, concise, human-reviewed code.
> you’re criticizing a powerful politician, or talking about your experiences with abuse or addiction, or discussing embarrassing medical issues you’re facing
This is not the problem. Even if, like millions, you are not talking about these things online, these systems still place you in danger. Even if you are a perfect, clean, compliant citizen these privacy-destroying systems place you in danger.
Fundamentally these systems expose you to coercion, extortion, blackmail, ID theft, etc. by criminals and immoral people who want money or power over you. There are countless examples of bad actors inside and outside these systems obtaining access to innocent people's private data and misusing it to their detriment.
This is the strongest argument against these bad ideas. Arguments that paint innocent, privacy-seeking people as suspicious or immoral in any way, should not be used.
It is rational and moral to seek privacy for your own safety and the safety of those you care for. Don't let them argue otherwise.
Nobody will run that trial though because we've spent decades telling people the sun is dangerous and gives you cancer (both things can be true of course). Putting people in the sun every day would not pass ethics tests.
> Drug design: Using Mythos 5, our internal protein design experts accelerated... Nine of the 14 protein targets from this study (shown below) yielded strong candidates for *drug design that we’re currently investigating*.
(emphasis mine)
> queries that are beneficial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors... When Fable’s classifiers detect a request related to cybersecurity, *biology and chemistry*, or distillation, the response is automatically handled by Claude Opus 4.8 instead.
All of the things they are nerfing are things that they also intend to profit from themselves.
- Cybersecurity - selling this to companies and US gov through "Glass Wing".
- Selling inference (distillation risk).
- And now, drug design.
I'm extrapolating "currently investigating" to "are going to monetize" but I don't think that's a big stretch. They appear to be using safety as a cover for anti-competitive behaviour.
https://mccormick.cx
https://github.com/chr15m
https://youtube.com/mccormix