HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nostril

no profile record

comments

nostril
·3 năm trước·discuss
This is exactly what I was hoping for. Thanks.

I wish there was some way for us to keep in touch. There are a few things I was hoping for some thoughts on, and most of the people here don't have emails in their profiles.
nostril
·3 năm trước·discuss
smspva is perfect. Thanks! Do you know of one for gift cards? Particularly ones that could be used to pay for services like server rental or Tarsnap.
nostril
·3 năm trước·discuss
> What's your game? Are you profiting enough to make sense - financially-wise - to break the law?

Not at all. Hosting costs $130/mo, and I feel the sting each month. I'm not sure we'll even get enough donations to cover that, let alone have some kind of profit motive. But we wouldn't want to profit off the works anyway, or else we'd be no better than the corporations.

My game is to help people like you be able to train your own models. If I don't help you, who will? Companies will have the final say in what you're allowed to do on your own hardware, because they control the data. No data, no training.

The hard part is to balance this with doing the right thing. I'd like to figure out the right thing from first principles and by asking thoughtful people like you, rather than from fear of consequences.

As for consequences, we're being careful enough that it seems worth the risk. (You can read more about our precautions at https://news.ycombinator.com/item?id=37346620.) But I agree that staying out of jail is preferable to being in one.
nostril
·3 năm trước·discuss
Could you elaborate a little more on how you came to this belief? I'm interested in the process of deciding whether to agree or disagree. A good way to get better at that is to get perspectives from thoughtful people.
nostril
·3 năm trước·discuss
We're not worried. Our operation is anonymous, and as long as we don't slip up, we'll be fine. Though saying "don't slip up" is very "draw the rest of the owl"; it's most of the work: https://news.ycombinator.com/item?id=37346620

But we'd like to do the right thing ethically, which is hard to figure out.

Hypothetically, if you were going to set up a process for yourself outside of the law, what criteria would you use?
nostril
·3 năm trước·discuss
This is an excellent point. Thanks. Do you mind if I quote your comment in our official policies?

It's interesting because libgen also provides most fiction titles, but everyone is rooting for them.

For example, one of the books they want taken offline is from 1954, republished in 2008. So in this case they operate closer to the textbook model than the author model.
nostril
·3 năm trước·discuss
As far as I can tell, Books3 seems to be training data for language models. I'm not sure how it was created, but it contains a lot of books. I got it by torrenting The Pile after it was forced offline by the Danes.

They're asking to remove 109 books from the dataset, which I can do. But I'm not sure whether to. Once you set aside the question of law, it becomes a matter of ethics, and these questions aren't so easy.
nostril
·3 năm trước·discuss
One other question: Is there legal basis in Denmark for asking for proof that they control the copyright for the listed works? DMCAs operate on "good-faith belief, under penalty of perjury" but in international situations it becomes trickier.

If anyone knows of a Danish lawyer I could consult with, or someone versed in international affairs, please let me know. (Or if you care to contribute funding. Hosting costs around $140/mo right now, which isn't free, but paying for consultation is costlier.)
nostril
·3 năm trước·discuss
Hi all. I would like your help with an ethics problem.

I run a site called The Nose, a safe haven for AI training data. It operates overseas in a region out of reach of DMCAs. (Past info: https://news.ycombinator.com/item?id=37512147)

This was necessary because I felt it was unacceptable for entire datasets to be forced offline by one lawyer.

The ethical problem is that I'm sympathetic with people who want to remove their content from AI training data.

I received an email from the Danish Rights Alliance about Books3: https://pastebin.com/6qw3yMWZ

They point out that this is illegal in Denmark and elsewhere, and threaten to ban thenose.cc from Denmark.

Obviously, the threats are meaningless. But I'm interested in your views on whether we should comply with the request by removing the specific titles they list.

I was thinking of saying "If you say 'please', I will remove the listed titles." There are 109 entries, so it wouldn't be too much hassle to just remove those from the tarball, and it would be amusing to force a lawyer to ask nicely.

For now, I asked for a complete list of the full filenames they want to be removed, along with proof that they represent the listed rightsholders.

I'm more interested in how you feel. It seems reasonable to let people opt out of training. We could formalize this process by setting up a way to do this. We could also just ignore takedown demands.

What do you think?
nostril
·3 năm trước·discuss
I think if you're interfacing with your server without going through Whonix, you're asking for trouble. Not only do you need to pay for the server using BTC that can't be traced back to your identity, but anything that touches the server (such as your server you're proxying with) needs to take the same precautions, which means no DigitalOcean, unless you can somehow pay them without that also being tied to your identity.

If you're not actually worried that DMCA people will follow through on their threat to sue you, or you really want to risk losing your property in the event of a lawsuit, then perhaps this might work.

Feel free to email me for more advice or to keep in touch. Your project sounds interesting.
nostril
·3 năm trước·discuss
Indeed. For anyone who isn't convinced, I wrote up some details on our use case (creating a training data DMCA safe haven) in the Tails thread: https://news.ycombinator.com/item?id=37512147

If you're serious about protecting yourself, Whonix is a requirement.
nostril
·3 năm trước·discuss
Other thoughts:

Day to day browsing is a pain. I use a VNC client to remote into our server, which is running a desktop environment with a regular browser. That way you can use apps (gmail, discord, etc) from outside the Tor network. But since you're tunneling through Tor, this is painfully slow. You'll likely want to type out long messages in Whonix, then copy-paste into your remote session. Each keystroke can sometimes take a full second to appear when animations are heavy.

Transferring large amounts of data is also painful. If you try to start Litecoin Core on Whonix, you'll need to sync more than 30 GB, which can take a very long time.

Patience is your weapon. You have all the time in the world not to make a mistake, and moments to make a fatal one. Think carefully about everything you do.

Stylometry scares me. AI can help here: run an assistant locally, and ask it to reword everything you write. You won't be able to use ChatGPT for this, obviously because OpenAI retains a history of everything you submit, but also because they require a real phone number to sign up. And you can't get a real number through any means I've found so far.

Payment is also a pain. I'm hoping to ask the community to donate Vanilla gift cards so that I can sign up for Tarsnap or spin up a droplet.

By applying the discipline normally found in aeronautics, I think it's possible to do this safely. But you'll still be risking jail time, and the intersection of people who want to do something for altruistic reasons and willing to risk prison is pretty small. I'll be documenting everything I do so that you can learn from my example, or perhaps from my mistakes.
nostril
·3 năm trước·discuss
Hi. We're building The Nose (https://thenose.cc), a safe haven for training data that can't be taken down with DMCA. Since this involves copyright infringement, strong anonymity is a requirement.

I wrote up our security procedures here: https://news.ycombinator.com/item?id=37346620

The reason Tails isn't an option is because, as others have mentioned, there have been Tor browser exploits which reveal the IP address of the Tails user. While this is unlikely for our case, it's important to approach security from first principles with threat modeling. An attack from the FBI may seem unlikely today, but both Silk Road and one of its successors were taken down by mistakes they made when setting up their site. Learning from history, if you're not careful early, you're in for a surprise later.

Case in point: When I started Whonix Workstation to post this comment, the Whonix Gateway VM failed to boot. So when I tried to start Tor Browser and go to https://news.ycombinator.com, all I saw was a connection error. This kind of layered defense is essential if you're serious about staying out of jail.

Realistically, you'll likely dox yourself through some other means: sending Bitcoin to your pseudonym from your real identity, admitting to someone you know that you control your pseudonym (this work gets lonely, so this is a real temptation), or even accidentally signing off an email with "Thanks, [your real name]". And once you make a single mistake, you can never recover.
nostril
·3 năm trước·discuss
If anyone wants to download Books3, it seems to be available here: https://thenose.cc/public/AI/EleutherAI_ThePile_v1/pile_prel...

(We noticed The Pile was recently taken offline, so we hosted it: https://thenose.cc. Apparently Books3 was also a part of The Pile, so feel free to download.)
nostril
·3 năm trước·discuss
Hi HN, I have been working on something directly related to AI and copyright. Would it be ok to point it out here?

Recently The Pile was taken offline from The Eye by DMCA. One solution is to host it offshore, which we're calling The Nose: https://thenose.cc

The technical security measures may be of interest to the audience here, so I'll be as detailed as possible. The following formula should be safe if you follow it to the letter.

The basic setup is to install Whonix on a VeraCrypt drive, acquire Monero through any method, use a service like changenow to convert Bitcoin on a wallet stored only on the Whonix installation, sign up for a ProtonMail account (when they ask for email verification, use a no signup inbox service like yopmail), rent a dedicated server at Shinjiru using bitcoin, and register the domain at the same place. They're both a registrar and a server host, which simplifies matters. Use N/A for all contact info. Use Cloudflare to manage your site's DNS records.

Wallet security: do not ever move Bitcoin to any wallet linked with your personal identity. This is easier said than done. First there is the question of how to store passwords. These are the keys to the kingdom, and are the most sensitive aspect by far, because they're intimately linked with you. Additionally, if hardware failure occurs, you'll lose everything if you store them on the Whonix drive. My setup is to use KeePass to store the passwords on a laptop I use to VNC into the computer with the Whonix drive, and then save the database to a folder that gets synced to the cloud. The only flaw in this model is that if your laptop is compromised while your KeePass is open, you're done. But (as Ulbricht discovered) this is always true. The threat model assumes lawyers coming after you with DMCA with additional safeguards against the FBI narrowing down who you are in real life. If your physical location is compromised through any method, you're done.

All it takes is one mistake to end you. SSH into your box from your real computer? Done. Sign up using your real name with Mailgun? Done. Accidentally say "Thanks, <your real name>" to the support staff at Shinjiru in an email? Done. Abandon ship and close everything down.

The security of this technique comes down to simplicity. There are very few moving parts. I opted for nginx + mediawiki with Discourse forums at https://forums.thenose.cc (though I don't know if anyone will care enough to join). Logging is turned off to protect users downloading the data, though you only have my word on this. But reputation is the only thing a hacker has ever truly had anyway.

If you're serious about following the above recipe, I urge you to read through the Whonix docs on online anonymity: https://www.whonix.org/wiki/Documentation Remember, threat model is your saving grace. You probably aren't starting a darknet, so you can relax your threat model in terms of physical safety. But you won't get away with any mistakes made in cyberspace.

As for the site itself, I've avoided asking for donations for now (hosting is $130/mo though, which will get expensive) or describing anything beyond this HN comment. I'll say it's for simplicity, but in fact I only started it a few days ago and haven't had time to provide anything but the essence of our service: hosting AI datasets in stable, copyright-resistant ways.

If additional datasets beyond The Pile need protection or distribution, you can contact me at [email protected] or at https://forums.thenose.cc. I have a 4TB drive, of which 800gb is being used by The Pile so far.
nostril
·3 năm trước·discuss
If you'd care to point out exactly what you mean, I might avoid those traits. But as it stands I have no idea what you're talking about, though I'm familiar with Eternal September.

My question was, how did you envision BitTorrent working?
nostril
·3 năm trước·discuss
The fact that copyright infringement works in spite of attempts to kill it seems to be proof that BitTorrent is well-designed, rather than evidence it's broken. What else would it be associated with? People do use it to distribute large datasets, but even those have fallen into the infringement category.

And of course; good faith is all that we have here.