This doesn’t work outside of laboratory conditions.
It’s the equivalent of “doctors find cure for cancer (in mice).”
It hasn’t worked much outside of the laboratory, because they just released it from the laboratory. They’ve already proven it works in their paper with about 90% effectiveness.
It’s clever really, people who don’t like ai are very lonelye to also not understand the technology, if you’re going to grift then it’s a perfect set of rubes - tell them your magic code will defeat the evil magic code of the ai and that’s all they need to know, fudge some numbers and they’ll throw their money at you
Explanation of how this works.
These “AI models” (meaning the free and open Stable Diffusion in particular) consist of different parts. The important parts here are the VAE and the actual “image maker” (U-Net).
A VAE (Variational AutoEncoder) is a kind of AI that can be used to compress data. In image generators, a VAE is used to compress the images. The actual image AI only works on the smaller, compressed image (the latent representation), which means it takes a less powerful computer (and uses less energy). It’s that which makes it possible to run Stable Diffusion at home.
This attack targets the VAE. The image is altered so that the latent representation is that of a very different image, but still roughly the same to humans. Say, you take images of a cat and of a dog. You put both of them through the VAE to get the latent representation. Now you alter the image of the cat until its latent representation is similar to that of the dog. You alter it only in small ways and use methods to check that it still looks similar for humans. So, what the actual image maker AI “sees” is very different from the image the human sees.
Obviously, this only works if you have access to the VAE used by the image generator. So, it only works against open source AI; basically only Stable Diffusion at this point. Companies that use a closed source VAE cannot be attacked in this way.
I guess it makes sense if your ideology is that information must be owned and everything should make money for someone. I guess some people see cyberpunk dystopia as a desirable future. I wonder if it bothers them that all the tools they used are free (EG the method to check if images are similar to humans).
It doesn’t seem to be a very effective attack but it may have some long-term PR effect. Training an AI costs a fair amount of money. People who give that away for free probably still have some ulterior motive, such as being liked. If instead you get the full hate of a few anarcho-capitalists that threaten digital vandalism, you may be deterred. Well, my two cents.
Yeah. Not that it’s the fault of artists that capitalism exists in its current form. Their art is the fruit of their labor, and therefore, means should be taken to ensure that their labor is properly compensated. And I’m a marxist anarchist, no part of me agrees with any part of the capitalist system. But artists are effectively workers, and we enjoy the fruits of their labor. They are rarely fairly compensated for their work. In this particular instance, under the system we live in, artists rights should be prioritized over
I’m all for janky (getting less janky as time goes on) AI images, but I don’t understand why it’s so hard to ask artists permission first to use their data. We already maintain public domain image databases, and loads of artists have in the past allowed their art to be used freely for any purpose. How hard is it to gather a database of art who’s creators have agreed to let it be used for AI? All the time we’ve (the collective we) been arguing over thise could’ve been spent implementing a system to create such a database.
That’s not quite right. A traditional worker is someone who operates machines, they don’t own, to make products, they don’t own. Artists, who are employed, do not own the copyrights to what they make. These employed artists are like workers, in that sense.
Copyrights are “intellectual property”. If one needed permission (mostly meaning, pay for it), then the money would go to the property owners. These worker-artists would not receive anything. Note that, on the whole, the owners already made what profit they could expect. Say, if it’s stills from a movie, then that movie already made a profit (or not).
People who use their own tools and own their own product (EG artisans in Marx’s time) are members of the Petite Bourgeoisie. I think a Marxist analysis of the class dynamics would be fruitful here, but it’s beyond me.
The spoilered bit is something I have written about the NYT lawsuit. I think it’s illuminating here, too.
spoiler
The NYT wants money for the use of its “intellectual property”. This is about money for property owners. When building rents go up, you wouldn’t expect construction workers to benefit, right?
In fact, more money for property owners means that workers lose out, because where else is the money going to come from? (well, “money”)
AI, like all previous forms of automation, allows us to produce more and better goods and services with the same amount of labor. On average, society becomes richer. Whether these gains go to the rich, or are more evenly distributed, is a choice that we, as a society, make. It’s a matter of law, not technology.
The NYT lawsuit is about sending these gains to the rich. The NYT has already made its money from its articles. The authors were paid, in full, and will not get any more money. Giving money to these property owners will not make society any richer. It just moves wealth to property owners for being property owners. It’s about more money for the rich.
If OpenAI has to pay these property owners for no additional labor, then it will eventually have to increase subscription fees to balance the cash flow. People, who pay a subscription, probably feel that it benefits them, whether they use it for creative writing, programming, or entertainment. They must feel that the benefit is worth, at least, that much in terms of money.
So, the subscription fees represent a part of the gains to society. If a part of these subscription fees is paid to property owners, who did not contribute anything, then that means that this part of the social gains is funneled to property owners, IE mainly the ultra-rich, simply for being owners/ultra-rich.
why it’s so hard to ask artists permission first to use their data.
SD was trained on images from the internet. Anything. There are screenshots, charts and pure text jpgs in there. There’s product images from shopping sites and also just ordinary snapshots that someone posted. The people with the biggest individual contribution are almost certainly professional photographers. SD is not built on what one usually calls art (with apologies to photographers). An influencer who has a lot of good, well tagged images on the net has made a more positive contribution than someone who makes abstract art or stick figure comics. And let’s not forget the labor of those who tagged those images.
You could not practically get permission from these tens or hundreds of millions of people. It would really be a shame, because the original SD reveals a lot about the stereotypes and biases on the net.
Using permissively licensed images wouldn’t have helped a lot. I have seen enough outrage over datasets with exactly such material. People say, that’s not what they had in mind when they gave these wide permissions.
Practically, look at wikimedia. There are so many images there which are “pirated”. Wikimedia can just take them down in response to a DMCA notice. Well, you can’t remove an image from a trained AI model. It’s not in there (if everything has worked). So what now? If that means that the model becomes illegal, then you just can’t have a model trained on such a database.
People who use their own tools and own their own product (EG artisans in Marx’s time) are members of the Petite Bourgeoisie. I think a Marxist analysis of the class dynamics would be fruitful here, but it’s beyond me.
Please don’t. Marxists, at least Marxist-Leninists, tend to start talking increasing amounts of nonsense once the Petite Bourgeoisie and Lumpen get involved.
In any case the whole thing is (as Marx would tell you, but Marxist ignore) a function of one’s societal relations, not of the individual person, or job. That relation might change from hour to hour (e.g. if you have a dayjob), and “does not have an employment contract” doesn’t imply “does not depend on capital for survival” – it’s perfectly possible as an artist, or pipe fitter, to own your own means of production (computer, metal tongs) and be, as a contractor, in a very similar relationship to capital as the Lumpen day-labourer: To have no say in the greater work that gets created, to be told “do this, or starve”, to be treated as an easily replaceable cog. That may even be the case if you have employees of your own. The question is, and that’s why Anarchist analysis >>> Marxist analysis, is whether you’re beholden to an unjust hierarchy, in this case, that created by capital ownership, not whether you happen to own a screw driver. As e.g. a farmer you might own millions upon millions in means of production, doesn’t mean that supermarket chains aren’t squeezing your bones dry and you can barely afford your utility bills. Capitalism is unjust hierarchy all the way up and down.
Well, you can’t remove an image from a trained AI model. It’s not in there (if everything has worked). So what now? If that means that the model becomes illegal, then you just can’t have a model trained on such a database.
I also can’t possibly unhear this, doesn’t mean that my mind or any music I might compose is illegal. If it is overfitted in my mind and I want to compose music and publish that then I’ll have to pay attention that my stuff is sufficiently different, have to run an adversarial model against myself, so to speak, if I don’t want to end up having to pay royalties. If I just want to have it bouncing around my head and sing it in the shower then I might be singing copyrighted material, but there’s no obligation for me to pay royalties either as many aspects of copyright necessitate things such as publishing or ability to damage the original author’s income.
Well, Marx believed that the Petite Bourgeoisie would disappear. Their members, unable to economically compete, would become employed workers. Hasn’t happened, though. He also observed that this class emulated the outlook of the Haute Bourgeoisie, the rich. IDK more about that. I find it interesting how vocally in favor of right-wing economic policies some artists are, even though these policies massively favor the rich. The phrase temporarily embarrassed millionaire comes to mind. I’m curious about that, is all.
I like how empathic your anarchist take is but I’m not really sure what to do with it.
I hope every artist starts using it.
AI art isn’t real art.
Your opinion, not a fact. Most art is as derivative or more than AI art.
No, that’s fact. AI-generated images aren’t art. They’re hallucinations without meaning or purpose.
Stupid opinion. If I ask AI to draw an image, that has no meaning or purpose? So if I did the exact same thing with a pencil then it’s suddenly art? AI is just a tool and people like you need to get over it or fully commit and say anything digital isn’t art because a computer really did it. Anything made in Photoshop can’t be art according to you because a program made it. Blender renders aren’t art because a computer generated it. All you did in either case was tell it what to do.
Do you reply to people this way in person ?
If they’re stupid yes.
Is there a similar tool that will “poison” my personal tracked data? Like, I know I’m going to be tracked and have a profile built on me by nearly everywhere online. Is there a tool that I can use to muddy that profile so it doesn’t know if I’m a trans Brazilian pet store owner, a Nigerian bowling alley systems engineer, or a Beverly Hills sanitation worker who moonlights as a practice subject for budding proctologists?
Is there a similar tool that will “poison” my personal tracked data? Like, I know I’m going to be tracked and have a profile built on me by nearly everywhere online. Is there a tool that I can use to muddy that profile so it doesn’t know if I’m a trans Brazilian pet store owner, a Nigerian bowling alley systems engineer, or a Beverly Hills sanitation worker who moonlights as a practice subject for budding proctologists?
Have you considered just being utterly incoherent, and not making sense as a person? That could work.
Begun, the AI Wars have.
Excited to see the guys that made Nightshade get sued in a Silicon Valley district court, because they’re something something mumble mumble intellectual property national security.
They already stole GPLv2 code for their last data poisoning scheme and remain in violation of that license. They’re just grifters.
If their targets don’t care about intellectual property, why should they?
Because the people producing code with GPL are completely unrelated to the AI issues.
You’re asking why you can’t shoot your neighbor if Russians are shooting Ukrainians.
No, I’m asking why they’re held to a standard the AI makers are not when they’re not even charging for the completely optional tool.
That’s a strawman. AI makers should definitely respect FOSS licenses.
You’re just looking for excuses for their shitty behavior.
The entire premise of the AIs are based on stealing intellectual property, which you’ll find cover far more ground than FOSS, but sure, whatever you say, person who definitely knows what a straw man is.
is anyone else excited to see poisoned AI artwork? This might be the element that makes it weird enough.
Also, re: the guy lol’ing that someone says this is illegal - it might be. is it wrong? absolutely not. does the woefully broad computer fraud and abuse act contain language that this might violate? it depends, the CFAA has two requirements for something to be in violation of it.
-
the act in question affects a government computer, a financial institution’s computer, OR a computer “which is used in or affecting interstate or foreign commerce or communication” (that last one is the biggie because it means that almost 100% of internet activity falls under its auspices)
-
the act “knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;” (with ‘protected computer’ being defined in 1)
Quotes are from the law directly, as quoted at https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
the poisoned artwork is information created with the intent of causing it to be transmitted to computers across state or international borders and damaging those computers. Using this technique to protect what’s yours might be a felony in the US, and because it would be considered intentionally damaging a protected computer by the knowing transmission of information designed to cause damage, you could face up to 10 years in prison for it. Which is fun because the people stealing from you face absolutely no retribution at all for their theft, they don’t even have to give you some of the money they use your art to make, but if you try to stop them you go to prison for a decade.
The CFAA is the same law that Reddit co-founder Aaron Swartz was prosecuted under. His crime was downloading things from JSTOR that he had a right to download as an account holder, but more quickly than they felt he should have. He was charged with 13 felonies and faced 50 years and over a million dollars in fines alongside a lifetime ban from ever using an internet connected computer again when he died by suicide. The charges were then dropped.
“Damage to a computer” is legal logorrhoea, possible interpretations range from not even crashing a program to STUXNET, completely under-defined so it’s up to the courts to give it meaning. I’m not at all acquainted with US precedent but I very much doubt they’ll put the boundary at the very extreme of the space of interpretation, which “causes a program to expose a bug in itself without further affecting functioning in any way” indeed is.
Which is fun because the people stealing from you face absolutely no retribution at all for their theft,
Learning from an image, studying it, is absolutely not theft. Otherwise I shall sue you for reading this comment of mine.
Damage to a computer” is legal logorrhoea
The model is the thing of value that is damaged.
Learning from an image is not theft
But making works derivative from someone else’s copyrighted image is a violation of their rights.
So any art done in a style of another artist is theft? Of course not. Learning from looking at others is what all of us do. It’s far more complicated than you’re making it sound.
IMO, If the derivative that the model makes is too close to someone else’s, the person distributing such work would be at fault. Not the model itself.
But again, it’s very nuanced. It’ll be interesting to see how it plays out in the courts.
-
The tool’s creators are seeking to make it so that AI model developers must pay artists to train on data from them that is uncorrupted.
That’s not something a technical solution will work for. We need copyright laws to be updated.
The issue is simply reproduction of original works.
Plenty of people mimic the style of other artists. They do this by studying the style of the artist they intend to mimic. Why is it different when a machine does the same thing?
It’s not. People are just afraid of being replaced, especially when they weren’t that original or creative in the first place.
big companies already have all your uncorrupted artwork, all this does is eliminate any new competition from cropping up.
Good
because supporting monopolies is good? stifling competition and development is good? wut?
Whoda thunk one word isnt enough to describe my feelings lol.
Good as in startups shoukd be allowed to be founded around stolen data.
so, established companies should be allowed to steal from start ups and release their products for less than startups could ever make them, effectively shutting out all competition forever?
or are you just a fucking hypocrite?
No lol, no one should. Me saying AI tech startups shouldnt be allowed to use stolen data means i endorse existing companies who have already stolen it.
But just because companies have already done it also doesnt mean we should be allowing new companies to also do the same thing.
fuck you’re a stupid piece of shit. you’re a fucking hypocrite.
Lmao what? Please, explain to me how thinking neither new companies or existing companies should be allowed to be doing what their doing, is hypocritical.
