cross-posted from: https://midwest.social/post/14150726

But just as Glaze’s userbase is spiking, a bigger priority for the Glaze Project has emerged: protecting users from attacks disabling Glaze’s protections—including attack methods exposed in June by online security researchers in Zurich, Switzerland. In a paper published on Arxiv.org without peer review, the Zurich researchers, including Google DeepMind research scientist Nicholas Carlini, claimed that Glaze’s protections could be “easily bypassed, leaving artists vulnerable to style mimicry.”

  • Riffraffintheroom [none/use name]@hexbear.net
    link
    fedilink
    English
    arrow-up
    20
    ·
    5 months ago

    Google DeepMind research scientist Nicholas Carlini, claimed that Glaze’s protections could be “easily bypassed, leaving artists vulnerable to style mimicry.”

    Remember when tech bros tried to appear cool and benevolent and different from the mean old business tycoons of the past? They never were, but it’s pretty wild how quickly they’ve decided to become just nakedly evil.

  • KobaCumTribute [she/her]@hexbear.net
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    5 months ago

    The big issue with all these data-poisoning attempts is that they’re all just introducing noise via visible watermarking in order to try to introduce noise back into what are effectively extremely aggressive de-noising algorithms to try to associate training keywords with destructive noise. In practice, their result has been to either improve the quality of models trained on a dataset containing some poisoned images because for some reason adding more noise to the inscrutable anti-noise black box machine makes it work better, or to just be completely wiped out with a single low de-noise pass to clean the poisoned images.

    Like literally within hours of the poisoning models being made public preliminary hobbyist testing was finding that they didn’t really do what they were claiming (they make highly visible, distracting watermarks all over the image and they don’t bother training algorithms as much as claimed or possibly even at all) and could be trivially countered as well.

  • DragonBallZinn [he/him]@hexbear.net
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    5 months ago

    Nothing like porky lecturing us on respecting property rights when shutting down 30 year old ROMs, but them thinking the IPs of poor people should be shared with them: free of charge.

    Plus, don’t they have anything better to automate? Are you that bereft of ideas that automating away a hobby is your TOP PRIORITY!?