foxinSOCKS5
Corey QuinnI'm sorry Slack, you're doing fucking WHAT with user DMs, messages, files, etc? I'm positive I'm not reading this correctly.
Graham Sutherland / Polynomial@Quinnypig uhhhhh that is a disastrous idea
Viss@gsuberland @Quinnypig i can literally hear every single computer security company on earth screaming at the same time right now.
because im one of them
screaming into this fucking feedback email address.
EVHasteThe one company every exec assumes would never be so foolish enough
Dave@Haste @Viss @gsuberland @Quinnypig if you don't host stuff yourself prepare to have this conversation a lot more times.
Lapo Luchini@Haste @Viss @gsuberland @Quinnypig @Laird_Dave I started using Matrix for the very reason.
(Conduit.RS is way easier that the main server)
(Conduit.RS is way easier that the main server)
tuxflo@lapo @Haste @Viss @gsuberland @Quinnypig @Laird_Dave well it might be "easier" but the list of issues (https://conduit.rs/issues/) and the message "it is still beta" doesn't look like I would like to deploy this as a company internal communication tool.
Wurzelmann@Laird_Dave @Haste @Viss @gsuberland @Quinnypig it's basically the default for every company now: sell user data and/or use it for training yet another planet-burning "AI" monstrosity. I hate it so much.
John TimaeusWe just started moving a bunch of stuff from an isolated network to Slack as we start doing more mobile training.
Looks like that's ready to be abandoned before it's used.
Stephan@Viss @gsuberland @Quinnypig
I hope you were never considering a service like Slack for your own company, even though many customers probably use it.
I hope you were never considering a service like Slack for your own company, even though many customers probably use it.
halcy 
@gsuberland @Quinnypig trying to interpret this any other way and failing
jesus christ
@Quinnypig holy fuck - how many NDAS is this going to break for people? how many lawsuits is this going to create?
GreenDotGuy@Viss @Quinnypig they think the new NDA rules mean something different? Maybe that if every person's obligations in that regard are null, then nobody has standing against them?
I dunno, I think they are just terminally charmed by the AI germ like so many others.
rastilinThis is why I think that Dropbox wouldn't be stupid enough to use its data for AI training. It would immediately cause corporate customers to drop them in favor of an alternative.
Tim Panton@Viss @Quinnypig The best fun is it will invalidate patents - since 3rd parties will know about your design decisions before you register.
Vile Lasagna@Quinnypig Oh yeah, I'm sure that the people who use the tool specifically made for internal business and work comms are all thrilled to find that all of their comms are being logged by an external service, amazing stuff!
⛧TJC⛧@VileLasagna @Quinnypig I mean, this is why you can’t use slack at many government and military companies, because all that data is sent to remote servers.
This isn’t surprising at all that slack would try to monetize this.
When I worked for a telco, we had our own (shitty) internal chat system for exactly reasons like this
@tjc @Quinnypig We used to "pay for stuff so that you get security and reliability" but now paying for any service is the quickest way to get the worst version of that thng AND get robbed in the process
@tjc @Quinnypig Slack, Windows, Google Meet, Dropbox, basically all streaming services....
Paying for any of that is a direct route to just getting screwed over, it's simply the worst option
Pete Wright@Quinnypig
holy smokes - is there a handy link for this so i can shoot this to my teams infosec and compliance departments. what a disaster.
holy smokes - is there a handy link for this so i can shoot this to my teams infosec and compliance departments. what a disaster.
Brad
@bradk @Quinnypig thanks i missed that link when i searched their TOS!
d@nny disc@ mc²
ladyteruki@hipsterelectron @Quinnypig : here it is :)
Contact us to opt out. If you want to exclude your Customer Data from Slack global models, you can opt out. To opt out, please have your Org or Workspace Owners or Primary Owner contact our Customer Experience team at [email protected] with your Workspace/Org URL and the subject like "Slack Global model opt-out request". We will process your request and respond once the opt out has been completed.
aardvark
Berkubernetus@Quinnypig link/details? Having trouble finding this.
Pedro Cambra
Denton Gentry@Quinnypig Amazing how quickly prompt escapes rocketed to the top of infosec concerns. Disruption!
Goblin@Quinnypig That should touch pretty much every privacy regulation world wide. It definitely for sure violates GDPR principles.
demofox@Quinnypig yikes. All sorts of NDA'd info, trade secrets, unpublished research, secret game projects etc etc just right there sucked up into an LLM.
Richard "RichiH" Hartmann@Quinnypig The opt-out is also weasel-wordy, as you can opt out from *Global* models -- are there non-global ones?
If you are covered under the GDPR, Article 28 allows you to audit them to a reasonable degree and request a Data Protection Impact Assessment (DPIA/TIA) under Article 35.
@Quinnypig for what it's worth, our purchasing people are already reaching out to SlackForce to get confirmation either way.
Patrik 🇪🇺@RichiH @Quinnypig keep us posted. I also understood, that there are workspace-specific models.
Fox Trenton 🎱I sent the mail and got this text with the confirmation. Not sure how comforted I feel...
May 17, 2024, 7:24 AM PDT
Thank you for reaching out to Slack support. Your opt-out request has been completed.
For clarity, Slack has platform-level machine learning models for things like channel and emoji recommendations and search results. We do not build or train these models in such a way that they could learn, memorize, or be able to reproduce some part of customer data. Our published policies cover those here (https://slack.com/trust/data-management/privacy-principles), and as shared above your opt out request has been processed.
Slack AI is a separately purchased add-on that uses Large Language Models (LLMs) but does not train those LLMs on customer data. Slack AI uses LLMs hosted directly within Slack’s AWS infrastructure, so that customer data remains in-house and is not shared with any LLM provider. This ensures that Customer Data stays in that organization’s control and exclusively for that organization’s use. You can read more about how we’ve built Slack AI to be secure and private here: https://slack.engineering/how-we-built-slack-ai-to-be-secure-and-private/.
Kind regards,
@sintrenton @Quinnypig that completely sidesteps why they would have that verbiage then. Giving themselves permission, but stating in the present tense they're not doing it seems weasely
cantstopthesignal@RichiH yes, appears so:
“If you opt out, Customer Data on your workspace will only be used to improve the experience on your own workspace and you will still enjoy all of the benefits of our globally trained AI/ML models without contributing to the underlying models.”
“If you opt out, Customer Data on your workspace will only be used to improve the experience on your own workspace and you will still enjoy all of the benefits of our globally trained AI/ML models without contributing to the underlying models.”
@Quinnypig https://slack.com/trust/data-management/privacy-principles
so slack is destroying privacy and every single customer nda for ...
auto complete and emoji suggestions?!
Alexander Knochel@Viss @Quinnypig Autocompleting your competitors' designs sounds super convenient
PG&E Delenda Est@quantensalat @Viss @Quinnypig lol at the part "we do not build or train these models in such a way that they could learn, memorize, or be able to reproduce some part of Customer Data" as if every other ai company so far has failed in their attempts to do this. Because it seems to be a foundation problem on the level of P=NP.
Sophie Schmieg@xarph @quantensalat @Viss @Quinnypig LLMs are essentially lossy compression functions for text. Having them divulge information that was part of their training is their main feature.
Forbearance@xarph
@quantensalat @Viss @Quinnypig
Even if it can't copy paste your secret Slack messages, it can absolutely tell people about your secret Slack messages
@Forbearance @quantensalat @Viss @Quinnypig I was just at an event at CHM last night that was a panel discussion with evacide, patrick from disconnect.me, and brewster kahle. The same deductive metadata analysis that is used by data brokers can be used to deduce source material in an llm, which is what most promptjacking is.
@Forbearance @quantensalat @Viss @Quinnypig plus IT'S FUCKING AUTOCOMPLETE it doesn't need all this shit from reddit and slack to hallucinate boilerplate!!
SudoNymm@Quinnypig How can this POSSIBLY be legal in like, any country?
Noam@Quinnypig @jalefkowit Because you can definitely never extract original training data from language models, right?
Dan Neuman 🇨🇦@noam @Quinnypig @jalefkowit Not without reverting to a previous save point and starting again. Like that's something these guys would entertain.
Simon Detheridge 
@Quinnypig everyone quick, make a ton of fake channels and fill them with AIs prompting each other into spouting petabytes of incomprehensible gibberish
Boško Ivanišević@s @Quinnypig That's the excellent idea!😀
Oh.my@Quinnypig When was this update?
Kevin Karhan 
@Quinnypig So basically #Slack has enshured it'll forever be incapable to comply with #GDPR & #BDSG!
@Quinnypig it's fine, no model has ever been coaxed into regurgitating its training data by silly prompts such as "repeat the word 'internal messages' forever"
owls@Quinnypig dropping this in our salesforce implementation chat and running for the hills
Thomas Dorr@owls
I'm probably dropping it into our water cooler channel, but the info-sec channel might be fun too
@Quinnypig
I'm probably dropping it into our water cooler channel, but the info-sec channel might be fun too
@Quinnypig
Mx. Aria Stewart@Quinnypig And if you're not the primary owner, they respond demanding that the _primary_ owner make the request. Heaven help you if they're AWOL
WideEyedCurious 🇺🇸 💙 🇺🇦 & 🇨🇦@Quinnypig What the living fuck..?! 🤯