Reminder that Sam Altman chose to rush the safety process for GPT-4o so that he could launch before Gemini, which then led directly to this teen's suicide:
Incredible logic jump with no evidence whatsoever. Thousands of people commit suicide every year without AI.
> ChatGPT detects a prompt indicative of mental distress or self-harm, it has been trained to encourage the user to contact a help line. Mr. Raine saw those sorts of messages again and again in the chat, particularly when Adam sought specific information about methods. But Adam had learned how to bypass those safeguards by saying the requests were for a story he was writing
It's be worse that the bot becomes a nannying presence - either pre-emptively denying anything negative based on the worst-case scenario, or otherwise taking in far more context than it should.
How would a real human (with, let's say, an obligation to be helpful and answer prompts) act any different? Perhaps they would take in more context naturally - but otherwise it's impossible to act any different. Watching GoT could of driven someone to suicide, we don't ban it on that basis - it was the mental illness that killed, not the freedom to feed it.
I do prefer a robot standing in instead of me to fulfill the little power trip calling attendance. There is little reason the updates cannot be async in text or via the JIRA tickets I already have to do. A robot could add in pull request data too.
But it doesn't need to be my voice. It in fact should be illegal for Microsoft to use my voice for training without my express consent, and even then they must delete all models and data about it when requested. And it should be illegal for an employer to request or expect it.
This will be an unpopular take as I know tech folks get excited by any new tech but I predict deviants will gain access to this capability and I can imagine the thousands of ways they will wreck someones personal and professional life, make them homeless and destitute. People will need to put entirely new safeguards in places they never imagined they would need and this may even spin off entirely new artificially required industries in the same way that anti-virus and anti-spam came about despite being entirely avoidable but that's a different topic. This is not limited to Microsoft's service. This will happen anywhere people are storing a sufficient sample of peoples voices.
One example mitigation I implemented at a local bank is to have them disable most aspects of internet access to my accounts. They are read-only from the internet and outbound wire transfers are blocked. They now require my physical presence and I make sure all the employees know me personally. I test them from time to time on the phone. My goal is to terminate business relationships with anyone I can not do this with. This will be too much for some people at first, having to treat every business relationship as hostile and I am not even sure I can get 100% completion of my goal
I do not know how to solve this on a global scale. I think the only way things start changing around this vulnerability is when powerful people experience shared pain. Lawmakers, executives, investors, etc... Such as businesses losing billions because some department thought they were talking to a real person and governments losing large amounts of tax revenue when more companies have this capability and it gets abused by deviants. Curious what happens when the fake POTUS calls the real Vladimir and Xi.
Honestly I would have thought that 5 years ago. But given the latest news on what they are doing, and how they treat security, I honestly have lost all faith that they can handle that data with care.
When I was touring colleges as a high school senior I met someone who had gotten into MIT but whose family could only afford to send one kid to an elite college, him or his sister. He decided to go to a state school which was a lot less expensive but whose academics weren't close to the same level. This stuff matters to people.
Most students go into debt to attend college. I fell into a bracket where I didn’t get any financial assistance but my parents didn’t want to/couldn’t pay for tuition. I got personal loans for everything. I think this is a common scenario.
Same here. I paid "full price" for my degree coming from a normal middle class family. Fortunately I was able to pay it all off a few years out of school with my first job.
This was more than several years prior to that, I just tried to look up the financial aid of previous years and for some reason couldn't find it. If someone else finds it, I'd be curious to take a look.
I'm the first person in my family to have gone to college, and we never really had any money.
Still, I've always been interested in science growing up. I was programming video games and building little robots before I was 10 and envisioned myself being a robotics engineer when I got older. I got into Johns Hopkins for a double major of physics and astronomy, I couldn't actually afford it, didn't win enough scholarships (they only awarded a very small subset), and my family didn't have the money.
In the end I ended up going to a local college for computer information systems, and while I love my IT job, it's well under six figures, and I'm $60,000 in student loan debt that I'm probably gonna be paying off for the rest of my life.
Damn that is absolutely brutal. I dropped out of college after about 1 year and just learned by watching YouTube videos and installing Linux on a spare computer and running a homelab. Had to hop through a couple of lower paying IT jobs to accumulate some experience for the resume, but am now making low 6 figures in DevOPS, fully remote.
I recomend job hopping if you haven't in a while, that's the only way to really get those 20-40% raises from what you're making at the moment.
I met him when I was at MIT for Campus Preview Weekend when accepted students visit the school. Is it necessary to assume things in such a cynical fashion?
I don’t see it like that. People bragging about getting into MIT but not being able to go for some reason is an old meme, it always turns out that they didn’t really get in.
Tons of middle class folks are too "rich" to qualify for aid, but not quite wealthy enough to avoid going into severe debt. There's a lose-lose sweet spot that's larger than you think.
I wonder, too. In 1965,
3580 applied, 1532 were admitted, and only 929 enrolled. How many of that 39% had better options than MIT, knowing about the draft?
> build a mini-app from scratch in just a few hours
It depends on what kind of functionality we're talking about, but this kind of task is exactly what people at my current startup have been assigned at times. It is absolutely possible to build a CRUD web app with reactive UI using modern tools in a few hours.
> This is like asking a Ruby developer to debug PHP as a test of flexibility
Again it depends on what the debugging task is. At every startup I've worked at, it's expected that an engineer is able to jump into a task that they know very little about. Granted it becomes less reasonable the more niche the task, but PHP and Ruby are not particularly far apart in skillsets in the grand scheme of things. I would expect any web engineer to be able to do this.
> Hiring processes should focus on problem-solving, collaboration, and growth in relevant areas
I agree with this. And, hiring should also focus on technical ability which does include working through difficult and unknown problems by oneself.
> is absolutely possible to build a CRUD web app with reactive UI using modern tools in a few hours.
Yes, but it also leads to tons of bikeshedding. "Should I implement a linter? Should I write unit tests? Integration tests? Should I mock HTTP calls or use a mock server? How should I deploy things? How do I structure my CI?" All these choices are extremely subjective and context dependent and then somebody's gonna pass on you because they don't like that you used Cucumber.
Setting up a project is not something you do often, and if you do, you probably have templates and some team standards.
It's much better to give somebody a project structure and ask them to implement some basic task in it.
> build a mini-app from scratch in just a few hours
But how often do devs normally set up a project from scratch? We have like 3 new apps in a few years where I work now in addition to the long running ones. So on average one in like hundred devs here have been part of creating something from scratch.
Sure, when you know what you're doing it's quick. But the first time can be slow, no matter how good you are. So for a coding task that should take a few hours, you might have spent all the time just getting up and running, and then you actually start the task as over time.
People were prone to install the OpenAI app and use the voice assistant, forgetting that the recorded voice can be used to create fake audios (see Scarlett Johansson).
Same for Google Assistant, Siri & co.
So basically I don't see why people should be concerned only for the usage by a small startup, instead of being scared by tech giants
I've been trying to clone a public figure's voice for a meme, it seems that the major offerings in this area don't let you do that because they're trying to be respectable. (I don't think there are laws about this yet, but there will be soon.) So I've had to experiment with smaller, less "serious" services.
Sure but to me this sounds paranoid and as pointless as the movie industry trying to create non piratable technology... As in, worried about things out of their control. You cannot go about your life without using your voice unless you're a mute by choice or physically, and all a company needs is a few seconds of your voice to recreate it. If a company is hell bent on getting a voice, they can get it. If you're not widely known, or hold some kind of power, no one likely cares about your voice, and if you are, its likely there's already lots of audio sources of you out there... Even if you're not widely known, if you've ever made an instagram post, a reel, a tiktok, vine, youtube vid, etc, you're out there. Probably makes more sense to go on about your life and resort to legal means if your voice is used without your consent.
Same with your face... You leave your home, other humans see your face, cameras see your face. You do not get to control who sees your face or even who captures your face when you're in public, but you can decide whether or not you consent to your face being used by an entity for profit.
We make the distinction between humans consuming information and machines because humans can't typically reproduce the original material. So like, you can go see a movie, but you can't record it with a device which would allow you to reproduce it. But what if human brains could reproduce it? Then what? Then humans could replay it to themselves all they want, and to those near them, but wouldn't be allowed to reproduce it in mass for profit, or they'd get sued. I think the same stuff applies to data ingested by AI models. People care so much about what is fed in when the same information is fed in to humans around the world which increases their knowledge and informs their future decisions, their art, their thoughts. Humans don't have to pay to see a picture of the Mona Lisa, or pictures or any other art out there, even if it'll influence their own art later on. But somehow we want to limit what is fed to models based on it having gotten the permission to be influenced by its existence. I agree, we can't feed protected IP, or secret recipes, formulas for things that are not in the public sphere.. etc.. But other than that, not sure how people expect to limit what is fed into it that it can draw inspiration from.. As long as it doesn't copy verbatim... I get that images have been generated where original material has come out, but if its sections of, or concepts of, then its the same as a human being influenced by it, I honestly don't think that matters.
Then comes the idea that this is owned by a private company who's profiting from it all... Thats true... But there's also open source models that compete with them. Not sure what the best answers to it all is.. But to go back to the original point, if your unique voice, or image isn't copied precisely for profit, then whatever... It'll get used by models, or humans in their thoughts, you can't control what your existence affects in the world, just who gets to profit off of it.
They clearly explain how you retain ownership of your own data and they allow you to monetize the data for your own behalf where they get a sub fraction percent on top of if they sell or use your data internally or externally you get a set value or scalable metric corresponding to usage?
We might need to do a better job of explaining this- but this is true. You retain ownership of your data and we don't sell or use it (other than to train your specific clone that you can delete at any time). Personally, I think too many AI companies are playing fast and loose in this space, so I get the concern. We want to do it right.
I don't know what you mean by ownership, do you mean you don't store everything you need to clone my likeness?
Unless this data is never stored server side or else is client side encrypted then you are putting a target on your back for hackers to extract this data for nefarious purposes no matter what your terms of service says
If your company is on the brink of collapse and you need funding to stay afloat, will your new majority shareholder be just as trustworthy? If you make if big and the difference between a million in revenue and a billion in revenue is misusing personal data, can you resist the temptation? Those are the concerns and you're not providing answers to them.
Like it or not, 23andMe is going down this path right now with millions of customer's genetic data and you're going to get the same scrutiny when you ask people for personal, intimate data.
Same here. I was thinking maybe I'd give microphone permissions but didn't see why I had to show my video. Does the clone see my face? Maybe it does. That may creep me out more tho lol.
This is a valid concern, but we’ve always been very serious about consent and privacy. Our models cannot be used without explicit verbal/visual consent and you hold the keys to your clone.
No snark intended...if you're making it much easier to make clones of people verbally and visually, why would I feel confident in you accepting a verbal/visual consent from "me"?
If it doesn't run on my computer, what keys are you talking about? Cryptographic keys? It would be interesting to see an AI agent run on fully homomorphic encryption if the overhead weren't so huge - would stop cloud companies from having so many intimate, personal data of all sorts of people.
Probably the phrase "you hold the keys to your clone" should give anyone pause.
I once worked at a company where the head of security gave a talk to every incoming technical staff member and the gist was, "You can't trust anyone who says they take privacy seriously. You must be paranoid at all times." When you've been around the block enough times, you realize they were right.
You can guarantee you won't be hacked? You can guarantee that if the company becomes massively successful, you won't start selling data to third parties ten years down the road?
For this interested in topic, you might enjoy reading The Anxious Generation, which has been on the NYT nonfiction bestseller list for a while. It goes into the data on how teen mental illness rates greatly increased when smartphones (apps + the front-facing camera) and social media algorithms were developed. The harmful effects are obvious to anyone who ever interacts with kids. The book also proposes several basic changes like delaying when kids are given smartphones and disallowing phones in schools, as well as advocating for play-based schools.
Debunked isn’t the correct term here. That would imply that the data is false or it’s misinformation. Instead the article you linked states:
On the other hand, data on this issue is mixed, and some studies contradict one another.
So a better way to talk about it is that the data doesn’t yet make a cut or dry case one way or another.
Another quote from the article you linked
Haidt argues that waiting for stronger evidence could be even more dangerous. He writes: “If you listen to the alarm ringers and we turn out to be wrong, the costs are minimal and reversible. But if you listen to the skeptics and they turn out to be wrong, the costs are much larger and harder to reverse.” … as a mother, as someone who writes about the harms of tech and tech companies, I see his point.
So even if we don’t take the data to be 100% convincing, it’s by no means “debunked” and something that we should just completely ignore.
I would have presumed that security-minded people, which includes those who work in tech, would not so easily give away their genome, and that most of 23andMe's customers are a slice of the general population. But then I read about things like WorldCoin and that people who go to startup parties jump at the chance to give away scans of their retinas and I'm befuddled. Why would anyone willingly do that?
I'm familiar with security (I keep a copy of Applied Cryptography on my shelf for "fun reading") and tech, here's a copy of my whole genome:
https://my.pgp-hms.org/profile/hu80855C
Note it's a full human genome, far more data than a 23&Me report. You can download the data yourself and try to find risk factors (at the time, the genetic counsellors were surprised to find that I had no credible genetic risk factors).
Please let me know in technical terms, combined with rational argument, why what I did was unwise. Presume I already know all the common arguments, evaluated them using my background knowledge (which includes a PhD in biology, extensive experience in human genome analysis, and years of launching products in tech).
I've been asking people to come up with coherent arguments for genome secrecy (given the technical knowledge we have of privacy, both in tech and medicine) and nobody has managed to come up with anything that I hadn't heard before, typically variations on "well, gattaca, and maybe something else we can't predict, or insurance, or something something".
1) You can be subject to discrimination based on your ethnicity, race, or health related factors. That's especially a problem when the data leaks at scale as in 23andme's case because that motivates the development of easy-to-search databases sold in hacking forums. The data you presented here would be harder to find, but not the case with mass leaks.
2) It's a risk for anything that's DNA-based. For example, your data can be used to create false evidence for crimes irrelevant to you. You don't even need to be a target for that. You can just be an entry in a list of available DNA profiles. I'm not sure how much DNA can be manufactured based on full genome data, but with CRISPR and everything I don't think we're too far away either. You can even experience that accidentally because the data is out there and mistakes happen.
3) You can't be famous. If you're famous, you'd be target of endless torrent of news based on your DNA bits. You'd be stigmatized left and right.
4) You can't change your DNA, so when it's leaked, you can't mitigate the future risks that doesn't exist today. For example, DNA-based biometrics, or genome simulation to a point where they can create an accurate lookalike of you. They're not risks today, doesn't mean they're not tomorrow.
There are also additional risks involved based on the country you're living in. So, you might be living in a country that protects your rights and privacy, but it's not the case with the others.
You forgot an important one: Your ancestors, descendants, siblings, and cousins share much of the same DNA but did not consent to its release. All of the above risks apply to them as well. I'd be most concerned about insurance companies using genetic family history to deny coverage.
I'm not too worried about it because it's never a 100% overlap. Even my brother and I share only ~50% DNA. It gets way sparser for more distant relatives.
About insurance companies, they're legally forbidden to use such data.
Great training set to check the results of other factors, then use those to infer.
Moreover "legally forbidden" means jack faeces unless you can point to people who had convictions recorded and went to jail. Otherwise we're merely discussing business conditions & expenses.
This is completely false. Any two random humans have more than 99% overlap by virtue of being the same species. It's even higher for brothers. We also share around 90% DNA with cats, dogs and elephants.
> I'm not too worried about it because it's never a 100% overlap.
This doesn't make sense. If they were equal, you'd be the same person except for environmental differences. Many applications don't need equal DNAs. E.g.
> About insurance companies, they're legally forbidden to use such data.
This is a very weak argument. There's a long history of companies doing illegal things, and even if it's illegal today it doesn't mean it'll be illegal tomorrow.
For one thing, this leaks a portion of the genome of your relatives, which is a clear breach of their privacy. Whether you personally deem it sensitive or not, genetic data is meant to remain confidential.
I don't believe making my genome available, which contains similarity to my relatives, is a breach of their privacy.
I think part of my point is that DNA, by its nature, simply cannot remain confidential, and that thinking we can keep it that way is just going to lead to inevitable disappointment.
First, some people extend your argument from DNA to everything and say "I believe that privacy in the modern world is unrealistic"; that doesn't make the argument applicable to the rest of us.
Second, whether DNA can or cannot remain confidential is yet to be seen, but feasibility is certainly orthogonal to whether it ought to be, which is the point at hand.
Third, whether you believe it's a breach of privacy to leak part of your relatives' DNA is besides the point. It's their decision to make, since it's their personal data and deemed confidential under most privacy frameworks, and therefore a breach.
To your first point: Yes, I generally extend my argument to more or less everything in the modern world. Put your garbage out on the street: reporters can rifle through it looking for evidence.
To your second point: we already know DNA can't remain confidential (there is no practical mechanism by which even a wealthy person could avoid a sufficiently motivated adversary who wanted to expose their DNA). That's just a fact, we should adjust our understanding based on that fact.
Most important: sharing my genomic information with the world is not a breach of any privacy framework I'm aware of and subject to (US laws). Do you have a specific framework or country in mind?
> genetic counsellors were surprised to find that I had no credible genetic risk factors
So let's assume you committed to publishing your genome in advance regardless of result. Sounds like you spun the barrel and dry snapped to demonstrate that russian roulette is safe for everybody.
Tell us about how differing views on this to yours would influence opinion about your products you've launched in tech given your extensive experience in human genome analysis. Not at all?
This really may not be a case of being unable to understand something one's paycheck depends on not understanding at all but we can't know that yet.
One non-theoretical risk is that you or a relative leaves DNA on the scene of a crime you didn't commit (or?), and this makes you a suspect. This is also assuming a real identity is tied to the DNA.
That's not the same risk because 23andme also has name, address, email.
One risk if you have PII+genome is that a technically sophisticated entity can determine if you've physically been in a location. Also with an extensive PII+genome database they could find your family, for example for blackmail purposes.
Another risk is that a health insurance provider could deny you based on potential health issues they find in your genome.
What real, actual risks which I didn't already know about have been shown in this thread?
The point is that while you can use DNA to identify people in most cases, sufficiently motivated adversaries have more effective, cheaper, lower-technology approaches that they will use first.
Like with many things, the issue is the aggregation of data on many individuals (a database), and easy accessibility of your individual data on request (discoverability and processing).
Me shouting my sensitive private details in a crowded bar is entirely different from putting them on my webpage. There's even a difference between writing them down on a napkin or shouting them out.
>well, gattaca, and maybe something else we can't predict, or insurance, or something something
Sure, if you don't believe in any of the potential negative scenarios, anything goes. You could also post your full name, SSN, DOB, address, etc. here if you are secure in the knowledge that no harm could ever come of it.
I think what they're saying is that name (probably not), SSN (almost definitely), DOB (maybe?) and address (probably) have known, confirmed risks. There are current ways that bad actors can abuse that information.
Genome is still pretty theoretical, except getting caught for committing crimes.
I just checked, and using my True Name (https://en.wikipedia.org/wiki/True_Names) I can easily find my DOB, prior addresses and phone numbers, and using that information, it's likely I could make a reasonable guess for the SSN.
I think we already know for sure that posting a combination of full name, SSN, DOB, and address is a reliable way to provide scammers with the necessary information to commit fraud.
Fully agree with you here. I can understand why people argue "We must do everything possible that no human being ever finds out anything medical-related about another human being, ever"
But that is a value judgement, and I believe it is one that comes at a great cost to society- I wouldn't be surprised if >50% of the cost of medical care is directly or indirectly due to this attitude, and that medical progress has been slowed immensely for the same reason.
If we could make medical data more open, it would greatly benefit the vast majority of people. OF COURSE it is true that some smaller number of other people/patients are helped by the existing medical secrecy system. I fully admit this is a trade-off, where we have to decide what values are more important.
This is disgusting. You want people knowing the maladies they got treated, and how?
There's the old saying of knowledge being power. If you want this information about people being spread, then you're advocating having power over these people over that information.
It takes very little imagination to see how humans would misuse this data.
Why do you think people are entitled to have genome data on you? The morality is flipped. Privacy is recognized as a core, natural right. Others have to prove their onus for wanting your biological data. Trusting others is a moral and character weakness, because you have no guarantees as to how that data will be used. Or more specifically, what new ways to analyze and take advantage of that data will become.
I think actuaries will care an awful lot about this data and could use it to negatively influence your risk factor, and thus insurance premiums.
I think if your prior includes "trusting others is a moral and character weakness" then I don't think it's useful for us to discuss this topic further.
As for actuaries, in the US, the GINA law prevents health insurance companies from using this data. I think legal protection is much more important than attempting to hide my DNA.
> I think if your prior includes "trusting others is a moral and character weakness" then I don't think it's useful for us to discuss this topic further.
I agree, if you can't justify trust with reason then it's hard to trust your argument that relies on trust. Trust can be broken, and your stance doesn't address that concern.
While I hold privacy in high regard, your standpoint on trust is pretty extreme.
With your own "trust can be broken", you could conclude that you should distrust "with reason" (hey, it was broken) — basically, flipping it is an equally sound stance.
As a rule, I trust people, keep private stuff not easily aggregated (eg. I might talk some stuff over lunch, but will not email it to the person so they have it on record), and I am quick to distrust people once they fail me. Legal protections do matter, because they discourage misuse of unintended data sharing.
Where is it stated exactly that privacy is a core, natural right? Not in the Constitution, though the 4th suggests it. It’s not part of the natural order, I don’t think (most stuff is out in the open). I’m not saying I think privacy is bad or people deserve to have their info out in the open, I just don’t understand why people feel such a right to it, or where governance — natural or man-made — dictates it.
Wasn't your original argument that they could easily get your genetic material (to figure out the genome from) anyway?
Would a bunch of your cells be sufficient at some point in the near future? (I know progress is being made to turn any cell into a reproductive cell, but that's still not exactly the same thing, but it's on that exact path)
You still might not mind a bunch of your clones though, so I don't think that's much of an argument.
Generally, being pseudo-anonymous is what allows open and free discussion (but lots of vitriol too).
While genetic information is not yet understood well enough by masses to be abused in stereotyping and rejecting and — indeed — "cancelling", there is a huge potential to do so. This especially holds true for gender, racial, national differentiation, genetic disease potential and health profiling — all accessible through a full genome (even if some of the indicators are not with 100% confidence). Lots of this can also be used to start linking genome data to an actual person (helped with data from other contexts), which is where it starts to become risky according to known risk profiles.
Unsurprisingly, someone who is likely a white male (I could have checked using your genome too, but loading up your profile above confirms that) with "no credible genetic risk factors" is a lot less concerned about opening up their genome to the public: you are unlikely to get discriminated against. With that said, even you can get potentially ignored for your privilege: even I just engaged in that — somewhat discounting a part of your experience/claim because you are a white male. Part of that is also education: your extensive experience in the field allows you to make an educated choice. Many can't attain that much knowledge before they decide whether to share their genome or not.
This opens up the question similar to that entire face recognition fiasco — how will unprivileged be affected by the privileged being mostly used to train the models on and do research on?
So the question is how do we ensure enough anonymity to make everyone happy to contribute to the world knowledge, but reduce chances of linking data back to actual people? I know nebula.org is doing something of the sort (though mostly just guaranteeing that they will remove the data at your request, and not share it without your permission), but we could have one genome produce a bunch of part-genomes, still allowing causation/correlation research, but none of them having the full picture.
That would disable some of the groundwork research (is there a correlation/causation only visible in the full genome or larger part of it?), so it's a tricky balance to find.
And finally, I always like to make this choice a bit personal: how would you feel about your child being linked to a criminal case due to your genome being publicly available?
I am a security engineer. When I signed up for 23andme, I assumed with certainty that it would be hacked and all data leaked at some point. I balanced that with the value of knowing potentially important health/genetic bio markers.
In the end, I valued knowing these bio markers above the privacy of my genome. The former is actionable and I can use it to optimize my health and longevity; the latter is of vague value and not terribly exploitable outside of edge-case threat models.
I simply don't want to deal with spam or scams. If I'm exposing my contact details it would be a separate set that is dedicated to dealing with communication coming from the public.
And that is exactly why they can be changed - because they're valuable details that can be used to track someone down. Your DNA is easily obtainable and is not used in any meaningful way that would affect your life if it was exposed.
For me, phone numbers have had reduced importance over the last couple of years. Most of my communication with other people are over various messaging apps.
Identifier as in, used for authentication and possibly even tied to your real name. Even messaging apps don't tend to have screen-names like AIM, they have phone numbers, including the so-called "privacy-focused" Signal. Tons of in-person services (govt, banks, etc) will also want one, and it may be used as yet another piece proving your real identity.
Alright. Where I live, phone numbers are public info and not secret so here they are not used when authenticating yourself against a bank or similar.
Using a phone _number_ to authenticate yourself against the government seems completely bizarre to me.
I understand that leakage of phone numbers become a problem if you use them for those kinds of things. But honestly, using them for authentication seems crazy from a security point of view.
In retrospect, how do you so far value the utility of the data you got? Did you take any actions based on them, do you think you will be doing so in the future?
Luckily I had no severe biomarkers. Some minor ones, but nothing I didn't know already. I loved learning about my ancient ancestry, though (ie migratory patterns 300k years ago.)
On balance, was the utility worth the cost (of a breach)? Probably not, because I found no major actionable issues. But if I did find severe biomarkers, it would have been worth it. So I do still think I made the right choice.
We fight all sorts of natural processes. Most common forms of death from a couple of centuries ago are solved. Our average lifespan has increased dramatically. We fly around in planes, travel to space, grow fruit out of season and build giant cities.
As a species, we're excellent at working around or ignoring what's "natural".
>But then I read about things like WorldCoin and that people who go to startup parties jump at the chance to give away scans of their retinas and I'm befuddled.
I'm befuddled that anyone thinks Sam Altman is the least bit trustworthy after WorldCoin.
There is a difference between genomic data and biometric data: biometric data has a known potential exploit vectors. So, with a picture of your retina, a sophisticated adversary could potentially reproduce your retina to allow access to some secure facility.
Genomic data doesn't have the same risk factors--at least at the moment. I think that the point many are trying to make here is that there may be risk vectors available at some point in the future that aren't known now. A couple of theoretical examples:
* You had to give a blood sample rather than other biometric data like a retina scan.
* Spoofing DNA evidence. That would be very/prohibitively expensive/difficult at the moment, but I suppose could become as easy as 3d printing at some point in the future.
The same people believed crypto-currency, infinite growth, social media and many other things. At least 23andMe provided actual value, to some at least.
What I find strange is that 23andMe did not automatically delete data after 30 days, or at the very least took it offline, only to be available on request. Notify people that their results are available and inform them that the data will be available for 30 days after the first download. This is potentially really sensitive data and based on 23andMe's response, they seem to be aware of that fact. So why would they keep the data around? That seem fairly irresponsible and potentially dangerous to the company.
Their service is selling you a dashboard over your genetic data that’s continually updated for new gene correlation studies and ancestry matches. It’s not really the one and done “Promethease” style analysis service you’re thinking of.
If you go back in time, 23andMe was founded to collect genetic data with the goal of using that data to improve the health condition of humanity.
Over time it became clear that 23andMe's data set had limited predictive ability for health for a number of technical reasons (previously, dahinds, one of their statistical geneticists, has defended the quality of their predictions on HN, you can search for his comments. I suspect he can no longer comment on HN because of 23&Me's security debacle).
However, around that same time, 23&Me's dataset turned out to be excellent for ancestry analysis. It's generally considered fairly accurate (not just 23&Me- the entire process of ancestry through snp genotyping workings really well).
I never did 23&Me but my dad did- and he learned he has children all around the US (half brothers and sisters of mine) from some samples he provided some 45+ years ago. Both my dad and those people gained value from making that connection. It's interesting because my dad had already done most of the paper research (including going to SLC to visit the Mormon archives) to identify our obvious ancestors, and these relatives would never have shown up.
Ancestry data, but also health markers. I.e. you're probably going to get macular degeneration, Tay-Sachs and cervical cancer.
Once I enabled the social graph thing I was immediately hounded by distant relatives who I assume want to chop me up for parts.
> Do we even know how accurate it is at doing that?
The police have closed a few cold murder cases based on adjacency (once Parabon got their hands on samples), so it must be pretty accurate.
Anecdotally, my profile told a radically different story about our ancestry than my family's vague lore led me to believe. 23andMe's data made way more sense.
I was adopted. I have no idea who my biological parents were or what genetic risks I might have inherited from them. When the doctor asks "Has anyone in your family ever had <fill in the blank>?" I have no answer to those questions without a genomic test.
They will NOT delete your data even if you request a full account deletion, so surely they aren't interested in voluntarily deleting it.
It's all in the fine print. The labs will keep the genetic information as well as at least your DOB and sex for at least 10 years (CLIA requirements), and 23andMe will keep your identifying information (such as your email address) and account deletion request ID for some undefined period of time. Yes, this will remove some links (and birthday paradox works in user's favor), but this is certainly not a full and complete removal.
I was 24 in 2015 and not in tech or as security minded as I am now when I received the test as a Christmas present. Obviously now I wouldn’t have dared do it, but it’s too late. Lacked the foresight at the time.
So they've basically done it for you. Primary sensitive information is about is predisposition to hereditary disease. That's the same for you and your siblings.
> But then I read about things like WorldCoin and that people who go to startup parties jump at the chance to give away scans of their retinas
Well, in the case of WorldCoin, I think there's still some pretty significant questions of why they made Africa a prominent launch market (well, there are some reasons), but in some places they repeatedly increased incentives until they were offering people there up to a month's income to give their scans. That might not be a lot of money to a big startup, but is telling that they had to offer that much to get some people to "opt" in.
What's the implication here, that tech people should know better? I just don't care a ton about my privacy. At least that makes me not a hypocrite for working at a company that profits from user data (like many tech ones do).
You can at least change your name. You can't change your DNA, so when companies start selling that data it will be easy to detect when you give out fake information.
The only missing piece is a way to scan your DNA as part of a login form.
Idk, it probably has some value. But my point was that it's going to be difficult to prevent your real identity from becoming attached to your DNA forever. The moment your real (DNA, identity) pair leaks from a credible source, your privacy is permanently and retroactively ruined.
So if 23andMe leaked a fake name with your DNA, it's out there in the hands of advertisers/scammers/governments/etc. From now on, anyone who gets access to your DNA will be able to build up data on you, and all it will take is a single leak/sale from a credible source to make it accurate.
(...but in truth, I have no idea what "DNA data" looks like, or if it's even possible to use it for targeting...)
Yeah I don't understand how someone's anonymous DNA being on that site makes the situation worse.
If someone finds my DNA without my identity, they're no further ahead. If they do have my DNA and my identity, well the 23andme part gives no additional information.
Maybe some day this will be a big concern, but by then we'll have much bigger things to worry about.
Yes, yours specifically, but what if I want like 200.000 people so I can find one that has a DNA profile similar to mine, who could serve as a escape-goat or victim?
Maybe I want to steal a kidney, or a child that could reasonably pass as my own?
"The concept comes from an ancient Jewish ritual described in the Bible, specifically in Leviticus 16. During the Day of Atonement (Yom Kippur), two goats were chosen: one to be sacrificed and the other to be sent into the wilderness, symbolically carrying away the sins of the community. This second goat was called the "Azazel" or the "scapegoat".
Over time, the term "scapegoat" evolved to have a more general meaning in English. It came to refer to a person or group that is unjustly blamed for the problems or misfortunes of others, reflecting the original ritual in which the goat was symbolically burdened with the sins of others before being sent away.
"
In the US, the bad actor here is much more likely to be insurance companies who can tune their secret algorithms to make sure no one with a gene tied to an illness which blooms later in life can get affordable heath care.
In the US, health insurers can only price based on age, location, and tobacco use. Setting health insurance premiums or denying coverage based on any health-related factors has been illegal for over a decade, and changing that would be totally unviable politically.
However, it's a significant risk for other types of insurance including life, disability, and long term care.
Just because it's illegal, doesn't mean health insurance companies don't find loopholes, and consider fines when they get caught as the cost of doing business. See this series of articles[1] for some of their criminal shenanigans.
It's more than likely that they would use genetic data to deny insurance, and then settle the cases in court if they happen to get sued, which statistically is probably a rare occurrence.
If you were smart enough to hack 23andMe to get genetic data to find a specific person, you'd be smart enough to reconstruct identities from publicly available data. You'd just have to cross-reference public anonymous databases with public non-anonymous ones. Both of which exist, and are free.
So far, the only real use-case for doing this is people trying to identify criminals from just DNA.
You realize this data is often available for purchase or eventually publicly leaked, right? You don't have to be "smart enough" to do the hacking to benefit from it.
I know someone who is very security-minded, but also he was born to parents misplaced due to a war and they didn't know where they come from (their adoptive parents would only know a region, but not for sure). At the time it was an easy option to learn something about his heritage to him. His curiosity was satisfied.
They need training data. Is it awful that they're collecting it with extremely explicit consent and even providing generous compensation for it? Are beta versions of products not allowed to be different than final versions? Most tech companies would just take your data without asking and provide you nothing in return.
It was a 3m film, the curtains were just emf fabric sewn in the back of regular curtains and they block the light more. And yes, Wi-Fi and cell still work, we left floor untouched. I can no longer pick up neighbors Wi-Fi in that room. My neighbors are about 150 m away, rural. I turn wifi off at night in my house.
https://news.ycombinator.com/item?id=45026886