This new data poisoning tool lets artists fight back against generative AI (www.technologyreview.com)
from ElectroVagrant@lemmy.world to technology@lemmy.world on 23 Oct 2023 23:56
https://lemmy.world/post/7239795

A new tool lets artists add invisible changes to the pixels in their art before they upload it online so that if it’s scraped into an AI training set, it can cause the resulting model to break in chaotic and unpredictable ways.

The tool, called Nightshade, is intended as a way to fight back against AI companies that use artists’ work to train their models without the creator’s permission.
[…]
Zhao’s team also developed Glaze, a tool that allows artists to “mask” their own personal style to prevent it from being scraped by AI companies. It works in a similar way to Nightshade: by changing the pixels of images in subtle ways that are invisible to the human eye but manipulate machine-learning models to interpret the image as something different from what it actually shows.

#technology

threaded - newest

gregorum@lemm.ee on 24 Oct 2023 00:25 next collapse

Ooo, this is fascinating. It reminds me of that weird face paint that bugs out facial-recognition in CCTV cameras.

seaQueue@lemmy.world on 24 Oct 2023 01:28 collapse

Or the patterned vinyl wraps they used on test cars that interferes with camera autofocus.

Kolanaki@yiffit.net on 24 Oct 2023 00:26 next collapse

“I can tell this is toxic by the pixels.”

ElectroVagrant@lemmy.world on 24 Oct 2023 00:26 collapse

“We like to call them poison pixels.”

guyrocket@kbin.social on 24 Oct 2023 00:38 next collapse

Invisible changes to pixels sound like pure BS to me. I'm sure others know more about it than i do but I thought pixels were very simple things.

Unaware7013@kbin.social on 24 Oct 2023 00:47 next collapse

I'm sure others know more about it than i do but I thought pixels were very simple things.

You're right, in that pixels are very simple things. However, you and I can't tell one pixel from another in an image, and at the scale of modern digital art (my girlfriend does hers at 300dpi), shifting a handful of pixels isn't going to make much of a visible difference to a person, but a LLM will notice them.

ClamDrinker@lemmy.world on 24 Oct 2023 11:16 next collapse

LLM is the wrong term. That’s Large Language Model. These are generative image models / text-to-image models.

Truthfully though, while it will be there when the image is trained, it won’t ‘notice’ it unless you distort it significantly (enough for humans to notice as well). Otherwise it won’t make much of a difference because these models are often trained on a compressed and downsized version of the image (in what’s called latent space)

vidarh@lemmy.stad.social on 24 Oct 2023 11:33 collapse

An AI model will “notice them” but ignore them if trained on enough copies with them to learn that they’re not significant.

seaQueue@lemmy.world on 24 Oct 2023 01:26 next collapse

“Invisible changes to pixels” means “a human can’t tell the difference with a casual glance” - you can still embed a shit-ton of data in an image that doesn’t look visually like it’s been changed without careful inspection of the original and the new image.

If this data is added in certain patterns it will cause ML models trained against the image to draw incorrect conclusions. It’s a technical hurdle that will slow a casual adversary, someone will post a model trained to remove this sometime soon and then we’ll have a good old software arms race and waste a shit ton of greenhouse emissions adding and removing noise and training ever more advanced models to add and remove it.

You can already intentionally poison images so that image recognition draws incorrect conclusions fairly easily, this is the same idea but designed to cripple ML model training.

wheresmypillow@lemmy.one on 24 Oct 2023 01:26 next collapse

A pixel has a binary representation. All of the significant bits for the pixel may not not be needed to display the color of that pixel so there is often excess that can be used or modified. A person wouldn’t see it but an AI reading just the binary would.

Narrrz@kbin.social on 24 Oct 2023 02:44 next collapse

have you ever seen those composite images made by combining a huge number of other, radically different images in such a way that each whole image acts like one "pixel" of the overall image? i bet AI models 'see' those images very differently than we do.

theneverfox@pawb.social on 25 Oct 2023 06:42 collapse

Pixels are very simple things, literally 3-5 3 digit numbers.

But pixels mean little too a generative AI - it’s all about relationship between pixels. All AI are high dimensional shapes right now… If you break up the shape strategically, it’ll poison the image

Will this poison pill work? Probably, for at least a while…

gsa@kbin.social on 24 Oct 2023 00:42 next collapse

Sorry "Artists" but I'm still working around your silly tools and generating beautiful AI Art 🥹

KeenFlame@feddit.nu on 24 Oct 2023 13:32 next collapse

Makes porn

the_q@lemmy.world on 25 Oct 2023 13:46 collapse

Hey! It’s the human herpe, gma! He always shows up with the shittiest takes because his mother drank while pregnant!

leaky_shower_thought@feddit.nl on 24 Oct 2023 00:47 next collapse

I am sure we already got a budget version of this called the jpeg.

seaQueue@lemmy.world on 24 Oct 2023 01:12 collapse

Speaking of jpeg I miss the “needs more jpeg” bot that used to run on reddit, that shit was hilarious.

gregorum@lemm.ee on 24 Oct 2023 01:50 collapse

Reddit was Reddit for 18 fucking years. Just abandoning it leaves a massive hole. It’s gonna take a long time to fill it.

:(

HappycamperNZ@lemmy.world on 24 Oct 2023 03:00 collapse

It really will.

Saying that, fuck spez

gravitas_deficiency@sh.itjust.works on 24 Oct 2023 04:11 collapse

So say we all:

Fuck /u/spez

MamboGator@lemmy.world on 24 Oct 2023 01:05 next collapse

This is cool. I think generative AI is great, but the way it’s being trained right now largely without consent from the artists or subjects is unequivocally unethical. Until the law catches up with the technology, people need ways of protecting themselves.

ElectroVagrant@lemmy.world on 24 Oct 2023 01:13 next collapse

Until the law catches up with the technology, people need ways of protecting themselves.

I agree, and I wonder if the law might be kicked into catching up quicker as more companies try to adopt these tools and inadvertently infringe on other companies’ copyrighted material. 😅

0xD@infosec.pub on 24 Oct 2023 03:59 next collapse

I don’t see a problem with it training on all materials, fuck copyright. I see the problem in it infringing on everyone’s copyright and then being proprietary, monetized bullshit.

If it trains on an open dataset, it must be completely and fully open. Everything else is peak capitalism.

Smoogs@lemmy.world on 24 Oct 2023 06:27 collapse

You’re not owed nor entitled to an artist’s time and work for free.

Turun@feddit.de on 24 Oct 2023 08:22 next collapse

Of course not, it’s the artists decision to put it on the internet for free.

Technically that’s the root of the issue. This does not grant a license to everyone who looks at it, but if a license is required to train a model is unclear and currently discussed in court.

kayrae_42@lemmy.world on 24 Oct 2023 09:08 collapse

The problem is the only way for artists to get people to see and eventually buy their art or commissions is to post some of their work publicly. Historically you would go out on the street and set up a stall, now social media is our digital street. Galleries don’t take everyone, having the ability to even get a meeting with one is difficult without the right connections. Most artists are never successful enough to completely live off their art, if they can make any money at all it is great for them. Then along comes an AI model that takes their work because it’s on the internet scrapes it into its training set and now any chance they had in an over saturated market is even smaller, because hey, I can just do this with AI. This idea that copyright and IP shouldn’t exist at all is kinda absurd. Would you just go through a street art walk, take high res photos of every picture they have on display, not take any business cards, and when they ask what you are doing, go “it’s ok, I’m training an AI data model so people can just make work that looks exactly like this. They shouldn’t have to ever buy from you. Capitalism is a joke. Bye!” The art walk was free, but it was also a sales pitch, because that’s how the art world works. You are hoping to get seen, that someone likes it enough to buy, and maybe buy more.

Turun@feddit.de on 24 Oct 2023 10:33 next collapse

This idea that copyright and IP shouldn’t exist at all is kinda absurd

I don’t hold this opinion at all.

I’m just saying that there are uses for which you don’t need a license. Say, visiting an art exhibition and then going home and trying to draw similar pictures. Wether AI training falls into this category or instead requires a license is currently unclear.

Btw, two spaces before the line break
Creates the spacing you want.

kayrae_42@lemmy.world on 24 Oct 2023 11:59 collapse

As an artist who studies data science, I would say doing art and generating art are an entirely different process. AI has no reference outside of the information we give it. It had no real understanding of lighting, spacial awareness. We can tell it every tank is a cat, every flashlight is a pig and it will never question it. If we tell a toddler that every tank is a cat, they may call a tank a cat, but they will never think a that “cat” is a house pet. They will never think that “pig” will oink or be turned into steaks. An AI however would if your language conventions were the same in the prompt.

If you go to the art walk and go home and try to recreate a style, you were inspired. If an AI model is trained on many styles and you tell it “portrait, woman, Van Gogh style, painterly, blue tones” then do you understand what you asked for? Was the ai inspired by Van Gogh? Did the ai study his techniques? No. It broke down his art pixel by pixel, rearranged it in a filter styled overlay over a woman, most likely a young woman-because of algorithmic bias which has been studied- in shades of blue. Humans take the time to study the why, the how. Ai does not. Humans are not just meat robots.

I should say I’m not against AI art. I’m against gathering against consent. If it was opt in, or if there was some type of pay for program that would be fine. Even if it was pennies each month. But the fact that they scrape without consent. Or are now going back and adding it into TOS where it never was before feels scummy. AI art has a place, and is a helpful tool. But it’s not a replacement for artists, it has many flaws still, that might never be worked out.

Thank you for helping me with line break.

vidarh@lemmy.stad.social on 24 Oct 2023 10:39 collapse

This idea that copyright and IP shouldn’t exist at all is kinda absurd.

For the majority of human existence, that was the default.

Copyright exists as an explicit tradeoff between the rights of the public to be able to do as they please with stuff introduced into the public sphere, and a legal limitation infringing on the publics liberty for a limited time for the purpose of encouraging the creation of more works for the public benefit. It was not introduced as some sort of inherent right, but as a trade between the public and creators to incentivise them.

Stripping it away from existing artists who has come to depend on it without some alternative would be grossly unfair, but there’s nothing absurd about wanting to change the bargain over time. After all, that has been done many times, and the copyright we have now is vastly different and far more expansive and lengthy than early copyright protection.

Personally, I’d be in favour of finding alternative means of supporting creators and stripping back copyright as a tradeoff. The vast majority of creators earn next to nothing from their works; only a very tiny minority makes a livable wage of art of any form at all, and of the rest the vast majority of profits take place in a very short period of initial exploitation of a work, so we could allow the vast majority to earn more from their art relatively cheaply, and affect the rest to a relatively limited degree, while benefiting from the reduced restrictions.

kayrae_42@lemmy.world on 24 Oct 2023 11:36 collapse

I agree that copyright lasts far too long, but the idea I can post a picture today, and in a hour it’s in an AI model without my consent bothers me. Historically there was a person to person exchange. But now we are so detached from it all I don’t think we can have that same affordance of no types of protections. I’m not saying one person can solve this. But I don’t see UBI or anything like that ever happening. As a person who has lived on disability most of their life, people don’t like to share their wealth with anyone for any reason. I’ve never been able to sell art for a living and am now going to school for data science. So I know about both ends of this. Just scraping without consent is unethical and many who do this have no idea about the art world or how artist create in general.

vidarh@lemmy.stad.social on 24 Oct 2023 11:54 collapse

I doesn’t need to be full on UBI. In a lot of countries grants mechanisms and public purchasing mechanisms for art already make up a significant proportion of income for artists. Especially in smaller countries, this is very common (more so for literary works, movies and music where language provides a significant barrier to accessing a bigger audience, but for other art too). Imagine perhaps a tax/compulsory licensing mechanism that doesn’t stop AI training but instead massively expands those funding sources for people whose data are included in training sets.

This is not stoppable, not least because it’s “too cheap” to buy content outright.

I pointed out elsewhere that e.g. OpenAI could buy all of Getty Images for ~2% of their currently estimated market cap based on a rumoured recent cash infusion. Financing vast amounts of works for hire just creates a moat for smaller players while the big players will still be able to keep improving their models.

As such it will do nothing to protect established artists, so we need expansion of ways to fund artists whether or not inclusion of copyrighted works in training sets becomes restricted.

kayrae_42@lemmy.world on 24 Oct 2023 12:10 collapse

Those grants, and public purchases make up a significant portion of income for established main stream artists. If you work on commission only online, or never went to art school those won’t cover you.

These large tech companies become so highly valued at the start because of venture capital and then in 5-10 years collapse under their own weight. How many of these have come up and are now close to drowning after pushing out all competitors? Sorry if I’m not excited about an infusion of cash into a large for profit company that is just gobbling up anything anyone posts online without consent to make a quick buck.

I’m not against AI. I’m against the ethics of AI at the moment because it’s awful. And AI leans into biases it finds and there are not a lot of oversights on this.

vidarh@lemmy.stad.social on 24 Oct 2023 12:52 collapse

If you work on commission only online, or never went to art school those won’t cover you.

There’s no reason it has to stay like that. And most people in that position are not making a living from art as it is; expanding public funding to cover a large proportion of working artists at a better level than today would cost a pittance.

These large tech companies become so highly valued at the start because of venture capital and then in 5-10 years collapse under their own weight. How many of these have come up and are now close to drowning after pushing out all competitors? Sorry if I’m not excited about an infusion of cash into a large for profit company that is just gobbling up anything anyone posts online without consent to make a quick buck.

MS, Apple, Meta, Google etc. are massively profitable. OpenAI is not, but sitting on a huge hoard of Microsoft cash. It doesn’t matter that many are close to drowning. The point is the amount of cash floating around that enable the big tech companies to outright buy more than enough content if they have to means that regulation to prevent them from gobbling up anything anyone posts online without consent will not stop them. So that isn’t a solution. It will stop new entrants with little cash, but not the big ones. And even OpenAI can afford to buy up some of the largest content owners in the world.

The point was not to make you excited about that, but to illustrate that fighting a battle to restrict what they can train on is fighting a battle that the big AI companies won’t care if they lose - they might even be better off if they lose, because if they lose, while they’ll need to pay more money to buy content, they won’t have competition from open models or new startups for a while.

So we need to find other solutions, because whether or not we regulate copyright to training data, these models will continue to improve. The cat is out of the bag, and the computational cost to improving these models keeps dropping. We’re also just a few years away from people being able to train models competitive to present-day models on computers within reach of hobbyists, so even if we were to ban these models outright artists will soon compete with output from them anyway, no matter the legality.

Focusing on the copyright issue is a distraction from focusing on ensuring there is funding for art. One presumes the survival of only one specific model that doesn’t really work very well even today and which is set to fail irrespective of regulation, while the latter opens up the conversation to a much broader set of options and has at least a chance of providing working possibilities.

kayrae_42@lemmy.world on 24 Oct 2023 14:18 collapse

I don’t see these grants or public funding ever covering a private company for one. And for two, I don’t see AI art ever actually getting to the point where it fully replaces artists. As of right now it is good. But it doesn’t understand space or lighting at all. Because of how AI works I’m not sure it ever will. Because it is trained to make a homogeneous rendering of what you are looking for, even if you use a base image, most people have an image that is lit heavily in the front, but because of this it never is able to render shadows correctly. Unless they hire people who are artist or art critics to finely train the data set, which I doubt they will, then the more you look the more uncanny valley the images get. They also have a hard bias in all of their images they generate. Which is difficult to overcome.

AI is an amazing tool, but it is a poor replacement in total. The people who act like it is a total replacement are like the people who in 2015 told us self driving cars were just one year away, and have been saying it every year since. Maybe when quantum computing becomes the standard for every person AI will be able to. But there is just a fundamental misunderstanding of art, artistic process, how art get made people seem to have.

Open AI might be sitting on Microsoft money, but how many other companies has Microsoft gobbled up over the years? Open AI if it starts to struggle will just fall under the Microsoft umbrella and become part of its massive conglomerate, integrated into it. Where are our AR goggles that we are supposed to all be wearing, Microsoft and Google both had those? So many projects grow and die with multiple millions thrown at them. All end up with crazy valuations based on future consumer usage. As we all can’t even afford rent.

There is also this idea that people wouldn’t willing contribute if just asked. The problem is no one has even asked. Hugging Face is an open source distro people willingly contribute to. And so many people upload images to Creative Commons which could be used. I’ve done it with many of my photos which I have no problem being used in a data set, for commercial use even. But my commercial images, no please. The idea that you can’t train smaller models on the vast array of Creative Commons images and public domain, you absolutely can. You can also ask people to contribute to your data set and give credit to them. A lot of people are angry at lack of credit.

There is no reason for any of this to be private enterprise if they are going to blatantly steal copyright images when sources like Creative Commons exists, not give any credit to the people they steal from, and sometime even steal from places they shouldn’t even have access to.

vidarh@lemmy.stad.social on 24 Oct 2023 19:18 collapse

I don’t see these grants or public funding ever covering a private company for one.

Companies are by far the largest recipients of public funding for art in many countries and sectors. Especially for e.g. movie production in smaller languages, but also in other sectors.

And for two, I don’t see AI art ever actually getting to the point where it fully replaces artists.

I do agree it won’t fully replace artists, but not because it won’t get to the point where it can be better than everyone, but because a huge part of art is provenance. A “better Mona Lisa” isn’t worth anything, while the original is priceless, not because a “better” one isn’t possible, but because it’s not painted by Da Vinci.

But that will only help an even narrower sliver than the artists who are making good money today.

It will take time, but AI will eat far more fields than art, and we haven’t even started to see the fallout yet.

Because it is trained to make a homogeneous rendering of what you are looking for

Diffusion models are not trained “for” anything other than matching vectors to denoising to within your own tolerance levels of matching to what you are looking for. Accordingly, you’ll see a whole swathe of models tuned on more specific types of imagery, and tooling to more precisely control what they generate. The “basic” web interfaces are just scratching the surface of what you can do with e.g. Controlnet and the like. It will take time before they get good enough, sure. They are also only 2 years old, and people have only been working on tooling around then for much less than that.

Open AI might be sitting on Microsoft money, but how many other companies has Microsoft gobbled up over the years? Open AI if it starts to struggle will just fall under the Microsoft umbrella and become part of its massive conglomerate, integrated into it. Where are our AR goggles that we are supposed to all be wearing, Microsoft and Google both had those? So many projects grow and die with multiple millions thrown at them. All end up with crazy valuations based on future consumer usage. As we all can’t even afford rent.

OpenAI is just one of many in this space already. They are in the lead for LLMs, that is text-based models. But even that lead is rapidly eroding. They don’t have any obvious lead for diffusion models for images. Having used several, it was first with the recent release of DallE 3 that it got “good enough” to be competitive.

At the same time there are now open models getting close enough to be useful, so even if every AI startup in the world collapsed this won’t go away.

There is also this idea that people wouldn’t willing contribute if just asked.

That’s fine, but that doesn’t fix the financial challenge.

kayrae_42@lemmy.world on 25 Oct 2023 10:43 collapse

So what you are saying is open ai should get the public grants for artists to give to artists?

I understand it isn’t trained for anything, I have done training with them. The training leads to homogeneous outcomes. It had been studied as well. You can look it up.

Dall-e 3 still isn’t good enough to be competitive. It is too uncanny valley. I’m not saying people have to be the masters. I don’t know where you get that from, every one who touts this tech always goes to that. It is a tool that can be useful, but it is not a replacement.

Asking and crediting would go a long way to help fix the financial challenge. Because it is a start to adding a financial component. If you have to credit someone there becomes an obligation to that person.

vidarh@lemmy.stad.social on 25 Oct 2023 17:11 collapse

So what you are saying is open ai should get the public grants for artists to give to artists?

No. What in the world gave you that idea? I’m saying artists or companies employing artists should get grants, just like is the case for a large number of grants now. I’m saying I’d like to see more of that to compensate for the effects being liberal about copyright would have.

I understand it isn’t trained for anything, I have done training with them. The training leads to homogeneous outcomes. It had been studied as well. You can look it up.

There is no “the training”. There are a huge range of models trained with different intent producing a wide variety in output to the point that some produces output that others will just plain refuse.

Dall-e 3 still isn’t good enough to be competitive.

Dall-E 3 isn’t anywhere near leading edge of diffusion models. It’s OpenAI playing catch up. Now, neither Midjourney or Firefly, nor any of the plethora of Stable Diffusion derived models are good enough to be competitive with everyone without significant effort either, today, but that is also entirely irrelevant. Diffusion models are two years old, and the pace of the progress have been staggering, to the point where we e.g. already have had plenty of book-covers and the like using them. Part of the reason for that is that you can continue training of a decent diffusion model even on a a somewhat beefy home machine and get a model that fits your needs better to an extent you can’t yet do with LLMs.

Asking and crediting would go a long way to help fix the financial challenge. Because it is a start to adding a financial component. If you have to credit someone there becomes an obligation to that person.

If there is a chance crediting someone will lead to a financial obligation, people will very quickly do the math on how cheaply they can buy works for hire instead. And the vast bulk of this is a one-off cost. You don’t need to continue adding images to teach the models already known thing, so the potential payout on the basis of creating some sort of obligation. Any plan for fixing the financial challenge that hinges on copyright is a lost cause from the start because unless it’s a pittance it creates an inherent incentive for AI companies to buy themselves out of that obligation instead. It won’t be expensive.

kayrae_42@lemmy.world on 25 Oct 2023 21:26 collapse

I feel like you are one of the people who feel that AI is just going to be the future with no real problems to anyone who matters. We can’t stop it, we can’t regulate it in any way whatever; and people should just move out of the way, give up and if they can’t find a place in the new world, die already. Artists don’t matter, writers don’t matter and anyone impacted by this new system doesn’t matter. The algorithm is all that matters.

Because I don’t use the exact correct wording, I use a short hand that is easier for my brain to remember, and you are pedantic, I can’t know anything about LLMs, machine learning or anything about this. Because I don’t say it has a training set of a large model of images that are tagged in specific ways that they can take out antagonistic images or images that create artifacts and refine the model in appropriate ways. You therefore throw out the idea that bias exists due to tagging systems.

Honestly I don’t care if you don’t think I know anything about this. You are a stranger on the internet and this conversation has gone on too long.

vidarh@lemmy.stad.social on 26 Oct 2023 17:41 collapse

I feel like you are one of the people who feel that AI is just going to be the future with no real problems to anyone who matters. We can’t stop it, we can’t regulate it in any way whatever; and people should just move out of the way, give up and if they can’t find a place in the new world, die already. Artists don’t matter, writers don’t matter and anyone impacted by this new system doesn’t matter. The algorithm is all that matters.

If I thought that, I wouldn’t have emphasised the need to sort out the funding issue, and argued that just regulation will be insufficient to solve it.

I think it will cause a massive degree of upheaval. I don’t think regulation has any hope in hell of preventing upheaval significant enough that unless a solution is found to ensure better distribution of wealth it will cause violence and uprisings and governments to fall. Not necessarily in and of itself, but in accelerating a process of reducing the monetary value of labour.

I can’t know anything about LLMs, machine learning or anything about this.

I’ve not suggested anything of the sort.

How you can interpret anything I’ve written as suggesting I don’t think there will be problems is beyond me.

You therefore throw out the idea that bias exists due to tagging systems.

I’ve done no such thing.

barsoap@lemm.ee on 25 Oct 2023 11:50 collapse

I am perfectly entitled to type random stuff into google images, pick out images for a mood board and some as reference, regardless of their copyright status, thank you. Studying is not infringement.

It’s what every artist does, it’s perfectly legal, and what those models do is actually even less infringing because they’re not directly looking at your picture of a giraffe and my picture of a zebra when drawing a zebra-striped giraffe, they’re doing it from memory.

Smoogs@lemmy.world on 26 Oct 2023 01:21 collapse

Art takes effort. You’re not entitled to that for free.

barsoap@lemm.ee on 26 Oct 2023 05:50 collapse

And if you think that working with AI does not take effort you either did not try, or don’t have an artistic bone in your body. Randos typing “Woman with huge bazingas” into an UI and hitting generate don’t get copyright on the output, rightly so: Not just did they not do anything artistic, they also overlook all the issues with whatever gets generated because they lack the trained eye of an artist.

regbin_@lemmy.world on 24 Oct 2023 06:44 next collapse

Disagree. It’s only unethical if you use it to generate the artist’s existing pieces and claim it as yours.

[deleted] on 24 Oct 2023 16:35 collapse

.

9thSun@midwest.social on 24 Oct 2023 23:18 collapse

I don’t see how AI training couldn’t be considered transformative as the whole idea is to consume input, break it down into data, and output something new. The way I’m understanding what you’re saying is like this: Instead of only paying royalties when I try to monetize a cover song, I’d have to pay every time I practiced it.

[deleted] on 24 Oct 2023 23:50 collapse

.

9thSun@midwest.social on 25 Oct 2023 00:53 collapse

I don’t understand how you’re separating the the generated artworks from the AI that’s generating the work, but I do see your point. If a company puts out a tool for free I don’t think they should be on the hook for someone using that and creating a product. At the end of it all though, I think whoever has made any hard financial gains should should payout whoever contributed.

9thSun@midwest.social on 24 Oct 2023 06:55 collapse

How is training AI with art on the web different to a person studying art styles? I’d say if the AI is being monetized in some capacity, then sure maybe there should be laws in place. I’m just hard-pressed to believe that anyone can have sole control of anything once it gets on the Internet.

Zeth0s@lemmy.world on 24 Oct 2023 07:55 next collapse

I work in AI and I believe it is different. Society is built to distribute wealth, so that everyone can live a decent life. People and AI should be treated differently in front of the law. Also, non-commercial, open source AI should be treated differently than commercial or closed source models

vidarh@lemmy.stad.social on 24 Oct 2023 10:28 collapse

Society is built to distribute wealth, so that everyone can live a decent life.

As a goal, I admire it, but if you intend this as a description of how things are it’d be boundlessly naive.

Zeth0s@lemmy.world on 24 Oct 2023 10:40 collapse

That’s absolutely not how it is now, just the goal we should set for ourselves. A goal I believe we should consider when regulating AI

vidarh@lemmy.stad.social on 24 Oct 2023 11:05 collapse

To me, that’s not an argument for regulating AI, though, because most regulation we can come up with will benefit those with deep enough pockets to buy themselves out of the problem, while solving nothing.

E.g. as I’ve pointed out in other debates like this, Getty Images has a market cap of <$2bn. OpenAI may have had a valuation in the $90bn range. Google, MS, Adobe all also have shares prices that would trivially allow them to purchase someone like Getty to get ownership of a large training set of photos. Adobe already has rights to a huge selection via their own stock service.

Bertelsmann owns Penguin Random-House and a range ofter publishing subsidiaries. It’s market cap is around 15 billion Euro. Also well within price for a large AI contender to buy to be able to insert clauses about AI rights. (You think authors will refuse to accept that? All but the top sellers will generally be unable to afford to turn down a publishing deal, especially if it’s sugar-coated enough, but they also sit on a shit-ton of works where the source text is out-of-copyright but they own the right to the translations outright as works-for-hire)

That’s before considering simply hiring a bunch of writers and artists to produce data for hire.

So any regulation you put in place to limit the use of copyrighted works only creates a “tax” effectively.

E.g. OpenAI might not be able to copy artist X’s images, but they’ll be able to hire artist Y on the cheap to churn out art in artist X’s style for hire, and then train on that. They might not be able to use author Z’s work, but they can hire a bunch of hungry writers (published books sells ca 200 copies on average; the average full time author in the UK earns below minimum wage from their writing) as a content farm.

The net result for most creators will be the same.

Even wonder why Sam Altmann of OpenAI has been lobbying about the dangers of AI? This is why. And its just the start. As soon as these companies have enough capital to buy themselves access for data, regulations preventing training on copyrighted data will be them pulling up the drawbridge and making it cost-prohibitive for people to build open, publicly accessible models in ways that can be legally used.

And in doing so they’ll effectively get to charge an “AI tax” on everyone else.

If we’re going to protect artists, we’d be far better off finding other ways of compensating them for the effects, not least because it will actually provide them some protection.

Zeth0s@lemmy.world on 24 Oct 2023 12:46 collapse

UBI is the known solution to protect workers. Solution is there, people aren’t ready for it

vidarh@lemmy.stad.social on 24 Oct 2023 12:54 next collapse

As long as people aren’t ready for it, then it doesn’t solve the immediate problem that needs to be solved today.

BearOfaTime@lemm.ee on 24 Oct 2023 15:30 collapse

Lol.

How does UBI break trademark and copyright law (and therefore legal cases)?

Do you really think the current power brokers will suddenly sit in their hands and stop trying to (mostly successfully) control as much as they can?

Zeth0s@lemmy.world on 24 Oct 2023 17:05 collapse

UBI is needed because most of the jobs people are currently doing are already not needed. They are needed just to redistribute wealth, but most of the jobs are currently already useless (if you work in corporate, public sector or retail you know what I am talking about). In the future more will become useless. Current copyright laws are already outdated and don’t work anymore. Only safe solution for people who want to dedicate their lives to visual art is UBI. Because of the known reasons. Most “artists” are not really doing art, simply a job for entertainment industry that in the future will be done by much fewer people due to technological and organizational changes. As it is already happening now, even before AI.

UBI is a solution for similar situations, that will be even more common in future. We need better solutions to redistribute wealth, from what you call “power brokers” to larger society

realharo@lemm.ee on 24 Oct 2023 09:04 next collapse

How is training AI with art on the web different to a person studying art styles?

Human brains clearly work differently than AI, how is this even a question?

The term “learning” in machine learning is mainly a metaphor.

Also, laws are written with a practical purpose in mind - they are not some universal, purely philosophical construct and never have been.

vidarh@lemmy.stad.social on 24 Oct 2023 10:27 collapse

Human brains clearly work differently than AI, how is this even a question?

It’s not all that clear that those differences are qualitatively meaningful, but that is irrelevant to the question they asked, so this is entirely a strawman.

Why does the way AI vs. the brain learn make training AI with art make it different to a person studying art styles? Both learn to generalise features that allows them to reproduce them. Both can do so without copying specific source material.

The term “learning” in machine learning is mainly a metaphor.

How do the way they learn differ from how humans learn? They generalise. They form “world models” of how information relates. They extrapolate.

Also, laws are written with a practical purpose in mind - they are not some universal, purely philosophical construct and never have been.

This is the only uncontroversial part of your answer. The main reason why courts will treat human and AI actions different is simply that they are not human. It will for the foreseeable future have little to do whether the processes are similar enough to how humans do it.

realharo@lemm.ee on 24 Oct 2023 10:40 collapse

Now you’re just cherry picking some surface-level similarities.

You can see the difference in the process in the results, for example in how some generated pictures will contain something like a signature in the corner, simply because it resembles the training data - even though there is no meaning to it. Or how it is at least possible to get the model to output something extremely close to the training data - gizmodo.com/ai-art-generators-ai-copyright-stable….

That at least proves that the process is quite different to the process of human learning.

The question is how much those differences matter, and which similarities you want to focus on.

Human learning is similar in some ways, but greatly differs in other ways.

The fact that you’re picking and choosing which similarities matter and which don’t is just your arbitrary choice.

vidarh@lemmy.stad.social on 24 Oct 2023 10:50 collapse

You can see the difference in the process in the results, for example in how some generated pictures will contain something like a signature in the corner

If you were to train human children on an endless series of pictures with signatures in the corner, do you seriously think they’d not emulate signatures in the corner?

If you think that, you haven’t seen many children’s drawings, because children also often pick up that it’s normal to put something in the corner, despite the fact that to children pictures with signatures is a tiny proportion of visual input.

Or how it is at least possible to get the model to output something extremely close to the training data

People also mimic. We often explicitly learn to mimic - e.g. I have my sons art folder right here, full of examples of him being explicitly taught to make direct copies as a means to learn technique.

We just don’t have very good memory. This is an argument for a difference in ability to retain and reproduce inputs, not an argument for a difference in methods.

And again, this is a strawman. It doesn’t even begin to try to answer the questions I asked, or the one raised by the person you first responded to.

That at least proves that the process is quite different to the process of human learning.

Neither of those really suggests that all (that diffusion is different to humans learn to generalize images is likely true, what you’ve described does not provide even the start of any evidence of that), but again that is a strawman.

There was no claim they work the same. The question raised was how the way they’re trained is different from how a human learns styles.

9thSun@midwest.social on 24 Oct 2023 15:19 collapse

I appreciate your responses, thank you!

FooBarrington@lemmy.world on 24 Oct 2023 15:50 next collapse

I agree that the training isn’t fundamentally different, but that monetization of the output has to be controlled. The big difference between AI and humans is the speed with which they create - you have to employ an army of humans to match the output of a couple of GPUs. For noncommercial projects this is amazing. For commercial projects, it destroys the artists livelihoods.

But this simply means that training shouldn’t be controlled, inference in commercial contexts should be.

rhombus@sh.itjust.works on 25 Oct 2023 13:28 collapse

The real issue comes in ownership of the AI models and the vast amount of labor involved in the training data. It’s taking what is probably hundreds of thousands of hours of labor in the form of art and converting it into a proprietary machine, all without compensating the artists involved. Whether you can make a comparison to a human studying art is irrelevant, because a corporation can’t own an artist, but they can own an AI and not have to pay it.

ayaya@lemdro.id on 24 Oct 2023 01:18 next collapse

Obviously this is using some bug and/or weakness in the existing training process, so couldn’t they just patch the mechanism being exploited?

Or at the very least you could take a bunch of images, purposely poison them, and now you have a set of poisoned images and their non-poisoned counterparts allowing you to train another model to undo it.

Sure you’ve set up a speedbump but this is hardly a solution.

MxM111@kbin.social on 24 Oct 2023 01:25 next collapse

Obviously, with so many different AIs, this can not be a factor (a bug).

If you have no problem looking at the image, then AI would not either. After all both you and AI are neural networks.

skulblaka@kbin.social on 24 Oct 2023 01:37 next collapse

The neural network of a human and of an AI operate in fundamentally different ways. They also interact with an image in fundamentally different ways.

MxM111@kbin.social on 24 Oct 2023 04:26 collapse

I would not call it “fundamentally” different at all. Compared to, say, regular computer running non-neural network based program, they are quite similar, and have similar properties. They can make a mistake, hallucinate, etc.

kayrae_42@lemmy.world on 24 Oct 2023 09:23 collapse

As a person who has done machine learning, and some ai training and who has a psychotic disorder I hate they call it hallucinations. It’s not hallucinations. Human hallucinations and ai hallucinations are different things. One is based of limited data , bias, or a bad data set with builds a fundamentally bad neural network connection which can be repaired. The other is something that can not be repaired, you are not working with bad data, your brain can’t filter out data correctly and you are building wrong connections. It’s like an overdrive of input and connections that are all wrong. So you’re seeing things, hearing things, or believing things that aren’t real. You make logical leaps that are irrational and not true and reality splits for you. While similarities exist, one is because people input data wrong, or because they cleaned it wrong, or didn’t have enough. And the other is because the human brain has wiring problem caused by a variety of factors. It’s insulting and it also humanizes computers to much and degrades people with this illness.

MxM111@kbin.social on 24 Oct 2023 15:32 collapse

As I understand, healthy people hallucinate all the time, but in different sense, non-psychiatric sense. It is just healthy brain has this extra filter that rejects all hallucinations that do not correspond to the signal coming from reality, that is our brain performs extra checks constantly. But we often get fooled if we do not have checks done correctly. For example, you can think that you saw some animal, while it was just a shade. There is even statement that our perception of the world is “controlled hallucination” because we mostly imagine the world and then best fit it to minimize the error from external stimuli.

Of course, current ANNs do not have such extensive error checking, thus they are more prone to those “hallucinations”. But fundamentally those are very similar to what we have in those “generative suggestions” our brain generates.

kayrae_42@lemmy.world on 25 Oct 2023 10:53 collapse

Those aren’t quite the same as a hallucination. We don’t actually call them hallucinations. Hallucinations are a medical term. Those are visual disturbances not “controlled hallucinations”. Your brain filtering it out and the ability to ignore it makes it not a hallucination. It’s hallucinations in a colloquial sense not medical.

Fundamentally AI is not working the same, you are having a moment of where a process from when in the past every shadow was a potential danger so seeing a threat in the shadow first and triggering fight or flight is best for you as a species. AI has no fight or flight. AI has no motivation, AI just had limited, bad, or biased data that we put there and spits out garbage. It is a computer with no sentience. You are not really error checking, you are processing more information, or reassessing once the fight/flight goes down. AI doesn’t have more information to process.

Many don’t see people with psychotic disorders as equal people. They see them as dangerous, and and people to be locked away. They use their illnesses and problems as jokes and slurs. Using terms for their illness in things like this only adds to their stigma.

MxM111@kbin.social on 26 Oct 2023 00:21 collapse

You are arguing about terminology use. Please google "controlled hallucinations" to see how people use the term in non-psychiatric way.

kayrae_42@lemmy.world on 26 Oct 2023 01:40 collapse

I know how it is used in a non psychiatric way, I brought that up it can be used in colloquially. That doesn’t diminish the way that it can be used to harm and stigmatize an already stigmatized group of people. There are other terms that can be used, but this is used because people want to humanize AI and do not care about dehumanizing people who have psychotic disorders.

The fact of the matter remains that AI creators are not people who specialize in human brains, but they act like computers and human brains are one and the same. Similarity doesn’t equal the same processes. They can choose different language but they do not. They could call it a processing error, a glitch, a distortion. All would be accurate, but no, they chose a term that is harmful to a minority group because no one cares about stigmatizing them.

MxM111@kbin.social on 26 Oct 2023 01:46 collapse

Look at 2 and 3: https://www.merriam-webster.com/dictionary/hallucination

And I just do not see how that can stigmatize a group of people. It is like saying that the use of the word "headache" in non-medical contexts (e.g., "this homework is a headache") stigmatizes people with migraines. It just does not.

kayrae_42@lemmy.world on 26 Oct 2023 11:14 collapse

Listen, I live in a state where anyone who commits a violent crime, before they catch the person the police say, “he was hallucinating, they were hearing voices” aka mental illness is why they are doing this as a way to take away more rights. Also in this state if you are in a conservatorship for mental illness you legally are barred from voting. How can you say hallucination is not a loaded term? It is different from headache because people are not stigmatized for migraines. No one is taking away your voting rights for migraines. No one is saying you are a murderer for migraines.

[deleted] on 27 Oct 2023 01:20 next collapse

.

MxM111@kbin.social on 27 Oct 2023 01:21 collapse

You can use nearly any word in derogative sense so that it becomes offensive. "he had headache so strong, he went crazy". Context matters. And I personally do not even associate hallucination with mental illness. If anything, I associate it with psychedelics. Words are like tools - you can harm with them, but you can use them appropriately.

driving_crooner@lemmy.eco.br on 24 Oct 2023 03:31 collapse

An AI don’t see the images like we do, an AI see a matrix of RGB values and the relationship they have with each other and create an statistical model of the color value of each pixel for a determined prompt.

lloram239@feddit.de on 24 Oct 2023 08:05 collapse

That’s not quite how it works. The pixels are just the first layer. Those get broken down into edges. The edges get broken down into shape. The shapes get broken down into features like eyes, noses, etc. Those get broken down into faces. And so on. It’s hierarchical feature detection. Which also happens to be what the human brain does.

The actual “drawing” the AI does is quite a bit different however. The diffusion works by starting with random noise and then gradually denoising it until an image emerges. While humans can approach painting that way, it’s rather rarely done so.

AnonTwo@kbin.social on 24 Oct 2023 01:26 next collapse

Obviously this is using some bug and/or weakness in the existing training process, so couldn’t they just patch the mechanism being exploited?

I'd assume the issue is that if someone tried to patch it out, it could legally be shown they were disregarding people's copyright.

FaceDeer@kbin.social on 24 Oct 2023 01:31 collapse

It isn't against copyright to train models on published art.

Jagger2097@lemmy.world on 24 Oct 2023 01:37 next collapse

Explain

FaceDeer@kbin.social on 24 Oct 2023 02:21 collapse

In order to violate copyright you need to copy the copyrighted material. Training an AI model doesn't do that.

AnonTwo@kbin.social on 24 Oct 2023 01:45 collapse

The general argument legally is that the AI has no exact memory of the copyrighted material.

But if that's the case, then these pixels shouldn't need be patched. Because it wouldn't remember the material that spawned them.

Is just the argument I assume would be used.

FaceDeer@kbin.social on 24 Oct 2023 02:23 next collapse

Well, I guess we'll see how that argument plays in court. I don't see how it follows, myself.

Maven@lemmy.sdf.org on 24 Oct 2023 03:44 next collapse

It’s like training an artist who’s never seen a banana or a fire hydrant, by passing them pictures of fire hydrants labelled “this is a banana”. When you ask for a banana, you’ll get a fire hydrant. Correcting that mistake doesn’t mean “undoing pixels”, it means teaching the AI what bananas and fire hydrants are.

KeenFlame@feddit.nu on 24 Oct 2023 12:46 collapse

What is “patching pixels” and who would do it?

AnonTwo@kbin.social on 24 Oct 2023 16:30 collapse

Is that not answered in the original article?

egeres@lemmy.world on 24 Oct 2023 08:43 collapse

No! It’s not using an internal exploit, it’s rather about finding a way to visually represent almost the same image, but instead using latent features with different artists (e.g, which would confuse a dreambooth+lora training), however, the method they proposed is flawed, I commented more on lemmy.world/comment/4770884

penix@sh.itjust.works on 24 Oct 2023 01:29 next collapse

There is probably a trivial workaround to this.

FaceDeer@kbin.social on 24 Oct 2023 01:36 next collapse

There's trivial workarounds for Glaze, which this is based off of, so I wouldn't be surprised.

hh93@lemm.ee on 24 Oct 2023 05:48 next collapse

The problem is identifying it. If it’s necessary to preprocess every image used for training instead of just feeding it is a model that already makes it much more resources costly

vidarh@lemmy.stad.social on 24 Oct 2023 11:36 collapse

You wouldn’t want to. If you just feed it to the models, then if there are enough of these images to matter the model will learn to ignore the differences. You very specifically don’t want to prevent the model from learning to overcome these things, exactly because if you do you’re stuck with workarounds like that forever, but if you don’t the model will just become more robust to noisy data like this.

vidarh@lemmy.stad.social on 24 Oct 2023 11:27 next collapse

Yes: Train on more images processed by this.

In other words: If the tool becomes popular it will be self-defeating by producing a large corpus of images teaching future models to ignore the noise it introduces.

There are likely easier “quick fixes” while waiting for new models, but this is the general fix that will work against almost any adversarial attack like this.

There might be theoretical attacks that’d be somewhat more difficult to overcome to the extent of requiring tweaks to the models, but given that there demonstrably exists a way of translating text to images that overcomes any such adversarial method that isn’t noticeable to humans, given that humans can, there will inherently always be a way to beat them.

Meowoem@sh.itjust.works on 24 Oct 2023 17:04 collapse

It doesn’t even need a work around, it’s not going to affect anything when training a model.

It might make style transfer harder using them as reference images on some models but even that’s fairly doubtful, it’s just noise on an image and everything is already full of all sorts of different types of noise.

wizardbeard@lemmy.dbzer0.com on 24 Oct 2023 01:52 next collapse

This is already a concept in the AI world and is often used while a model is being trained specifically to make it better. I believe it’s called adversarial training or something like that.

Mango@lemmy.world on 24 Oct 2023 03:05 next collapse

No, that’s something else entirely. Adversarial training is where you put an ai against a detector AI as a kind of competition for results.

driving_crooner@lemmy.eco.br on 24 Oct 2023 03:26 collapse

Its called adversarial attack, this is an old video (5 years) explaining how it works and how you can potentially do it charging just one pixel on the image.

youtu.be/SA4YEAWVpbk?si=xObPveXTT2ip5ICG

PipedLinkBot@feddit.rocks on 24 Oct 2023 03:26 collapse

Here is an alternative Piped link(s):

https://piped.video/SA4YEAWVpbk?si=xObPveXTT2ip5ICG

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I’m open-source; check me out at GitHub.

Blaster_M@lemmy.world on 24 Oct 2023 03:03 next collapse

Oh no, another complicated way to jpeg an image that an ai training program will be able to just detect and discard in a week’s time.

vidarh@lemmy.stad.social on 24 Oct 2023 10:21 collapse

They don’t even need to detect them - once they are common enough in training datasets the training process will “just” learn that the noise they introduce are not features relevant to the desired output. If there are enough images like that it might eventually generate images with the same features.

MargotRobbie@lemmy.world on 24 Oct 2023 03:30 next collapse

It’s made by Ben Zhao? You mean the “anti AI plagerism” UChicago professor who illegally stole GPLv3 code from an open source program called DiffusionBee for his proprietary Glaze software (reddit link), and when pressed, only released the code for the “front end” while still being in violation of GPL?

The Glaze tool that promised to be invisible to the naked eyes, but contained obvious AI generated artifacts? The same Glaze that reddit defeated in like a day after release?

Don’t take anything this grifter says seriously, I’m surprised he hasn’t been suspended for academic integrity violation yet.

p03locke@lemmy.dbzer0.com on 24 Oct 2023 04:37 next collapse

who illegally stole GPLv3 code from an open source program called DiffusionBee for his proprietary Glaze software (reddit link), and when pressed, only released the code for the “front end” while still being in violation of GPL?

Oh, how I wish the FSF had more of their act together nowadays and were more like the EFF or ACLU.

MargotRobbie@lemmy.world on 24 Oct 2023 04:41 collapse

You should check out the decompilation they did on Glaze too, apparently it’s hard coded to throw out a fake error upon detecting being ran on an A100 as some sort of anti-adversarial training measure.

vidarh@lemmy.stad.social on 24 Oct 2023 11:20 collapse

That’s hilarious, given that if these tools become remotely popular the users of the tools will provide enough adversarial data for the training to overcome them all by itself, so there’s little reason to anyone with access to A100’s to bother trying - they’ll either be a minor nuisance used a by a tiny number of people, or be self-defeating.

ElectroVagrant@lemmy.world on 24 Oct 2023 06:19 next collapse

Thanks for added background! I haven’t been monitoring this area very closely so wasn’t aware, but I’d have thought a publication that has been would then be more skeptical and at least mention some of this, particularly highlighting disputes over the efficacy of the Glaze software. Not to mention the others they talked to for the article.

Figures that in a space rife with grifters you’d have ones for each side.

Zeth0s@lemmy.world on 24 Oct 2023 07:50 collapse

Don’t worry, it is normal.

People don’t understand AI. Probably all articles I have read on it by mainstream media were somehow wrong. It often feels like reading a political journalist discussing about quantum mechanics.

My rule of thumb is: always assume that the articles on AI are wrong. I know it isn’t nice, but that’s the sad reality. Society is not ready for AI because too few people understand AI. Even AI creators don’t fully understand AI (this is why you often hear about “emergent abilities” of models, it means “we really didn’t expect it and we don’t understand how this happened”)

ElectroVagrant@lemmy.world on 24 Oct 2023 21:11 next collapse

Probably all articles I have read on it by mainstream media were somehow wrong. It often feels like reading a political journalist discussing about quantum mechanics.

Yeah, I view science/tech articles from sources without a tech background this way too. I expected more from this source given that it’s literally MIT Tech Review, much as I’d expect more from other tech/science-focused sources, albeit I’m aware those require scrutiny just as well (e.g. Popular Science, Nature, etc. have spotty records from what I gather).

Also regarding your last point, I’m increasingly convinced AI creators’ (or at least their business execs/spokespeople) are trying to have their cake and eat it too in terms of how much they claim to not know/understand how their creations work while also promoting how effective it is. On one hand, they genuinely don’t understand some of the results, but on the other, they do know enough of how it works to have an idea of how/why those results came about, however it’s to their advantage to pretend they don’t insofar as it may mitigate their liability/responsibility should the results lead to collateral damage/legal issues.

joel_feila@lemmy.world on 25 Oct 2023 11:24 collapse

By that logic humanity isnt ready for personal computers since few understand how they work.

Zeth0s@lemmy.world on 25 Oct 2023 12:21 next collapse

Kind of true. Check the law proposals on encryption around the world…

Technology is difficult, most people don’t understand it, result is awful laws. AI is even more difficult, because even creators don’t fully understand it (see emergent behaviors, i.e. capabilities that no one expected).

Computers luckily are much easier. A random teenager knows how to build one, and what it can do. But you are right, many are not yet ready even for computers

joel_feila@lemmy.world on 25 Oct 2023 14:29 collapse

I read an article the other day about managers complaining about zoomers not even knowing how type on a keyboard.

GenderNeutralBro@lemmy.sdf.org on 25 Oct 2023 14:02 collapse

That was certainly true in the 90s. Mainstream journalism on computers back then was absolutely awful. I’d say that only changed in the mid-2000 or 2010s. Even today, tech literacy in journalism is pretty low outside of specialist outlets like, say, Ars.

Today I see the same thing with new tech like AI.

Dadifer@lemmy.world on 24 Oct 2023 16:52 collapse

Thank you, Margot Robbie! I’m a big fan!

MargotRobbie@lemmy.world on 24 Oct 2023 17:57 collapse

You’re welcome. Bet you didn’t know that I’m pretty good at tech too.

Also, that’s Academy Award nominated character actress Margot Robbie to you!

TropicalDingdong@lemmy.world on 24 Oct 2023 05:21 next collapse

The AI can have some NaN, as a treat…

Smoogs@lemmy.world on 24 Oct 2023 06:26 collapse

As a topping on some Pi

lloram239@feddit.de on 24 Oct 2023 06:05 next collapse

“New snake oil to give artists a false sense of security” - The last of these tools I tried had absolutely zero effect on the AI, which is not exactly surprising given that there are hundreds of different ways to make use of image data as well as lots of completely different models. You’ll never cover that all with some pixel twisting.

egeres@lemmy.world on 24 Oct 2023 08:39 next collapse

Here’s the paper: arxiv.org/pdf/2302.04222.pdf

I find it very interesting that someone went in this direction to try to find a way to mitigate plagiarism. This is very akin to adversarial attacks in neural networks (you can read more in this short review arxiv.org/pdf/2303.06032.pdf)

I saw some comments saying that you could just build an AI that detects poisoned images, but that wouldn’t be feasible with a simple NN classifier or feature-based approaches. This technique changes the artist style itself to something the AI would see differently in the latent space, yet, visually perceived as the same image. So if you’re changing to a different style the AI has learned, it’s fair to assume it will be realistic and coherent. Although maaaaaaaybe you could detect poisoned images with some dark magic tho, get the targeted AI then analyze the latent space to see if the image has been tampered with

On the other hand, I think if you build more robust features and just scale the data this problems might go away with more regularization in the network. Plus, it assumes you have the target of one AI generation tool, there are a dozen of these, and if someone trains with a few more images in a cluster, that’s it, you shifted the features and the poisoned images are invalid

vidarh@lemmy.stad.social on 24 Oct 2023 10:01 next collapse

Trying to detect poisoned images is the wrong approach. Include them in the training set and the training process itself will eventually correct for it.

I think if you build more robust features

Diffusion approaches etc. do not involve any conscious “building” of features in the first place. The features are trained by training the net to match images with text features correctly, and then “just” repeatedly predict how to denoise an image to get closer to a match with the text features. If the input includes poisoned images, so what? It’s no different than e.g. compression artifacts, or noise.

These tools all try to counter models trained without images using them in the training set with at most fine-tuning, but all they show is that models trained without having seen many images using that particular tool will struggle.

But in reality, the massive problem with this is that we’d expect any such tool that becomes widespread to be self-defeating, in that they become a source for images that will work their way into the models at a sufficient volume that the model will learn them. In doing so they will make the models more robust against noise and artifacts, and so make the job harder for the next generation of these tools.

In other words, these tools basically act like a manual adversarial training source, and in the long run the main benefit coming out of them will be that they’ll prod and probe at failure modes of the models and help remove them.

RubberElectrons@lemmy.world on 24 Oct 2023 18:32 collapse

Just to start with, not very experienced with neural networks at all beyond messing with openCV for my graduation project.

Anyway, that these countermeasures expose “failure modes” in the training isn’t a great reason to stop doing this, e.g. scammers come up with a new technique, we collectively respond with our own countermeasures.

If the network feedbacks itself, then cool! It has developed its own style, which is fine. The goal is to stop people from outright copying existing artists style.

vidarh@lemmy.stad.social on 24 Oct 2023 18:58 collapse

It doesn’t need to “develop its own style”. That’s the point. The more examples of these adversarial images are in the training set, the better it will learn to disregard the adversarial modifications, and still learn the same style. As much as you might want to stop it from learning a given style, as long as the style can be seen, it can be copied - both by humans and AI’s.

RubberElectrons@lemmy.world on 25 Oct 2023 05:08 collapse

There’s a lot of interesting detail to your side of the discussion I may not yet have the knowledge of. How does the eye see? We find edges, gradients, repeating patterns which become textures, etc etc… But our systems can be misdirected, see the blue/yellow dress for example. NNsbhave the luxury of being rapidly iterated I guess, compared to our lifespans.

I’m asking questions I don’t know answers to here: if the only source of input data for a network is subtly corrupted, won’t that guarantee corrupted output as well? I don’t see how one can “train out” the corruption which misdirects the network without access to some pristine data.

Don’t get me wrong, I’m not naive enough to believe this is foolproof, but I do want to understand why this technique doesn’t actually work, and by extension better understand how training a nn actually works.

barsoap@lemm.ee on 25 Oct 2023 11:45 next collapse

if the only source of input data for a network is subtly corrupted, won’t that guarantee corrupted output as well?

We have to distinguish between different kinds of “corruption”, here. What you seem to be describing is “if we only feed the model data from rule34, will it ever learn proper human anatomy” and the answer is no, it won’t. You’ll have to add data which narrows the range of body proportions from cartoonish to, well, real. That’s an external source of corruption: Feeding it bad data (for your own definition of “bad”). Garbage in, garbage out.

The corruption that these adversarial models are exploiting though is inherent in the model they’re attacking. Take… ropes and snakes and cats (or, generally, mammals). Good example: It is incredibly easy for a cat to mistake a rope for a snake – it looks exactly the same to the first layers of the visual cortex and evolution would rather have the cat jump away as soon as possible than be bitten, and it doesn’t hurt to jump away from a rope (even though the cat might end up being annoyed or ashamed (yes cats can 110% be self-conscious different story)), so when there’s an unexpected wiggly shape the first layers directly tell the motor cortex to move, short-circuiting any higher processing.

That trait has been written into the network by evolution, very similar to how we train AI models – conceptually, that is: In both cases the network gets trained for fitness for a purpose (the implementation details are indeed rather different but also irrelevant):

What those adversarial models do kinda looks like this: Take a picture of a rope. Now randomly shift pixels to make the rope subtly more snake-like until you get your cat to jump as reliably as possible, in as many different situations as possible, e.g. even if they’re expecting it and staring straight at it. Sell the product for a lot of money. People start posting pictures of ropes, rope manufacturers adjust their weaving patterns. Other cats see those pictures and ropes, some jump, and others only feel a bit, or a lot, uneasy. The ones that jump will not be able to procreate, any more, being busy jumping, while the uneasy ones will continue to evolve. After a couple of generations no cat cares about those ropes with shifted pixels any more.

Whether that trains general immunity against adversarial attacks – I wouldn’t be so sure. It very likely will make the rope/snake distinction more accurate. But even if it doesn’t build general immunity, it’s an eternal cat and mouse game and no artist will be willing to continue paying for that kind of software when it’s going to get defeated within days, anyway, because that’s just how fast we can evolve models.

Oh. Back to the definition of corruption: If all the pictures of rope that our models ever see have shifted pixels then it’s just going to assume that is the norm, and distinguish it from snakes because the tags say “rope” in one case, and “snake” in the other. The original un-shifted pictures probably won’t be an adversarial attack because they’re not a product of trying to get cats to jump.

vidarh@lemmy.stad.social on 25 Oct 2023 17:25 collapse

Quick iteration is definitely the big thing. (The eye is fun because it’s so “badly designed” - we’re stuck in a local maxima that just happens to be “good enough” for us to not overcome the big glaring problems)

And yes, if all the inputs are corrupted, the output will likely be too. But 1) they won’t all be, and as long as there’s a good mix that will “teach” the network over time that the difference between a “corrupted cat” and an “uncorrupted cat” are irrelevant, because both will have most of the same labels associated with them. 2) these tools work by introducing corruption that humans aren’t meant to notice, so if the output has the same kind of corruption it doesn’t matter. It only matters to the extent the network “miscorrupts” the output in ways we do notice enough so that it becomes a cost drag on training to train it out.

But you can improve on that pretty much with feedback: Train a small network to recognize corruption, and then feed corrupted images back in as negative examples to teach it that those specific things are particularly bad.

Picking up and labelling small sample sets of types of corruption humans will notice is pretty much the worst case realistic effect these tools will end up having. But each such countermeasure will contribute to training sets that make further corruption progressively harder. Ultimately these tools are strictly limited because they can’t introduce anything that makes the images uglier to humans, and so you “just” need to teach the models more about the limits of human vision, and in the long run that will benefit the models in any case.

nandeEbisu@lemmy.world on 24 Oct 2023 12:35 collapse

Haven’t read the paper so not sure about the specifics, but if it relies on subtle changes, would rounding color values or down sampling the image blur that noise away?

RubberElectrons@lemmy.world on 24 Oct 2023 18:12 collapse

Wondering the same thing. Slight loss of detail but still successfully gets the gist of the original data.

For that matter, how does the poisoning hold up against regular old jpg compression?

Eta: read the paper, they account for this in section 7. It seems pretty robust on paper, by the time you’ve smoothed out the perturbed pixels, youve also smoothed out the image to where the end result is a bit of a murky mess.

TheWiseAlaundo@lemmy.whynotdrs.org on 24 Oct 2023 20:08 next collapse

Lol… I just read the paper, and Dr Zhao actually just wrote a research paper on why it’s actually legally OK to use images to train AI. Hear me out…

He changes the ‘style’ of input images to corrupt the ability of image generators to mimic them, and even shows that the super majority of artists even can’t tell when this happens with his program, Glaze… Style is explicitly not copywriteable in US case law, and so he just provided evidence that the data OpenAI and others use to generate images is transformative which would legally mean that it falls under fair use.

No idea if this would actually get argued in court, but it certainly doesn’t support the idea that these image generators are stealing actual artwork.

Flambo@lemmy.world on 24 Oct 2023 20:34 collapse

So tl;dr he/his team did two things:

  1. argue the way AI uses content to train is legal
  2. provide artists a tool to prevent their content being used to train AI without their permission

On the surface it sounds all good, but I can’t help but notice a future conflict of interest for Zhao should Glaze ever become monetized. If it were to be ruled illegal to train AI on content without permission, tools like Glaze would be essentially anti-theft devices, but while it remains legal to train AI this way, tools like Glaze stand to perhaps become necessary for artists to maintain the pre-AI status quo w/r/t how their work can be used and monetized.

uriel238@lemmy.blahaj.zone on 24 Oct 2023 20:35 next collapse

I remember in the early 2010s reading an article like this one on openai.com talking about the dangers of using AI for image search engines to moderate against unwanted content. At the time the concern was CSAM salted to prevent its detection (along with other content salted with CSAM to generate false positives).

My guess is since we’re still training AI with pools of data-entry people who tag pictures with what they appear to be, so that AI reads more into images than their human trainers (the proverbial man inside the Iron Turk).

This is going to be an interesting technology war.

BellaDonna@mujico.org on 24 Oct 2023 20:58 next collapse

What a dumb solution to a problem that doesn’t need a solution. The problem isn’t AI, it’s the lack of understanding for the tech that has people thinking AI is theft.

the_q@lemmy.world on 25 Oct 2023 13:44 collapse

Is it not theft? These “AI” are trained on other people’s work, often without their knowledge or permission.

BellaDonna@mujico.org on 25 Oct 2023 13:55 collapse

This is why I think people don’t know what they are talking about.

You can look at a picture from an artist without it being considered theft, so are your memories and impressions theft? That’s what training data does, it teaches AI what something looks like, with many samples. It’s literally what your brain does, the way you see multiple dogs and know what a dog looks like is the same way that AI trains pattern recognition.

It’s completely reasonable and desirable to have AI consume all available images, regardless of copyright the way your eyes and brain can do the same. Training data isn’t theft no more than going to a museum and looking at art is theft.

This take that this is bad is completely unhinged and indicates people don’t understand AI.

the_q@lemmy.world on 25 Oct 2023 14:11 collapse

I’d be careful with claiming who does and does not understand things.

First of all, a person can’t go to a museum, see a piece of art then go home and reproduce that art or style. Given enough time, sure they might be able to learn to replicate the style. Those that are particularly good at reproduction might even become forgers which is a crime.

Second, these llms aren’t AI. They can’t think in terms of how a living being can, only regurgitate information. They’re glorified search engines in a way.

Lastly, I can assume that you aren’t a creative person. You probably type in some prompt to an image generator and think “I made this”. It’s easier for someone like you to overlook issues because they don’t effect you because you lack depth, which I know is hard to accept. Maybe one day you’ll gain some insight into your own lack of understanding… But I doubt it.

BellaDonna@mujico.org on 25 Oct 2023 22:38 collapse

I used to be a musician, I also used to paint. I think my thought processes are no more complex than most computers, and I genuinely don’t believe human creativity is special even a little bit, like consciousness, it’s a subjective illusion.

I do not believe in things like copyright, or intellectual property, or even ownership of these things, I think these things should be collectively owned by society.

I don’t disagree with you from lack of experience, I disagree from fundamentally different ideological underpinnings.

I believe there is nothing special about human perception and experience, and I can see the ways that technology maps near perfectly to the way we think. AI shouldn’t be limited, it should replace us.

the_q@lemmy.world on 25 Oct 2023 23:28 collapse

Okie dokie, doc. If you think the human brain isn’t “special” then I don’t know what to tell you.

Also, you can’t know how we think when we as a species don’t know, but you being the smartest person in the room is clearly very important to you so I’ll leave you to it!

afraid_of_zombies@lemmy.world on 25 Oct 2023 00:42 next collapse

I am waiting for the day that some obsessed person starts finding ways to do like code injection in pictures.

Rootiest@lemmy.world on 25 Oct 2023 10:52 collapse
Vodik_VDK@lemmy.world on 25 Oct 2023 05:22 next collapse

New CAPCHA just dropped.

I_Has_A_Hat@startrek.website on 25 Oct 2023 11:56 next collapse

Like trying to stop a flood with a roll of paper towels.

RVMWSN@lemmy.ml on 25 Oct 2023 14:36 next collapse

I generally don’t believe in intellectual property, I think it creates artificial scarcity and limits creativity. Of course the real tragedies in this field have to do with medicine and other serious business. But still, artists claiming ownership of their style of painting is fundamentally no different. Why can’t I paint in your style? Do you really own it? Are you suggesting you didn’t base your idea mostly on the work of others, and no one in turn can take your idea, be inspired by it and do with it as they please? Do my means have to be a pencil, why can’t my means be a computer, why not an algorythm? Limitations, limitations, limitations. We need to reform our system and make the public domain the standard for ideas (in all their forms). Society doesn’t treat artists properly, I am well aware of that. Generally creative minds are often troubled because they fall outside norms. There are many tragic examples. Also money-wise many artists don’t get enough credit for their contributions to society, but making every idea a restricted area is not the solution. People should support the artists they like on a voluntary basis. Pirate the album but go to concerts, pirate the artwork but donate to the artist. And if that doesn’t make you enough money, that’s very unfortunate. But make no mistake: that’s how almost all artists live. Only the top 0.something% actually make enough money by selling their work, and that’s is usually the percentile that’s best at marketing their arts, in other words: it’s usually the industry. The others already depend upon donations or other sources of income. We can surely keep art alive, while still removing all these artificial limitations, copying is, was and will never be in any way similar to stealing. Let freedom rule. Join your local pirate party.

ElectroVagrant@lemmy.world on 25 Oct 2023 22:19 next collapse

I generally don’t believe in intellectual property, I think it creates artificial scarcity and limits creativity. Of course the real tragedies in this field have to do with medicine and other serious business.

But still, artists claiming ownership of their style of painting is fundamentally no different. Why can’t I paint in your style? Do you really own it? Are you suggesting you didn’t base your idea mostly on the work of others, and no one in turn can take your idea, be inspired by it and do with it as they please? Do my means have to be a pencil, why can’t my means be a computer, why not an algorythm?

Limitations, limitations, limitations. We need to reform our system and make the public domain the standard for ideas (in all their forms). Society doesn’t treat artists properly, I am well aware of that. Generally creative minds are often troubled because they fall outside norms. There are many tragic examples. Also money-wise many artists don’t get enough credit for their contributions to society, but making every idea a restricted area is not the solution.

People should support the artists they like on a voluntary basis. Pirate the album but go to concerts, pirate the artwork but donate to the artist. And if that doesn’t make you enough money, that’s very unfortunate. But make no mistake: that’s how almost all artists live. Only the top 0.something% actually make enough money by selling their work, and that’s is usually the percentile that’s best at marketing their arts, in other words: it’s usually the industry. The others already depend upon donations or other sources of income.

We can surely keep art alive, while still removing all these artificial limitations, copying is, was and will never be in any way similar to stealing. Let freedom rule. Join your local pirate party.

Reformatted for easier readability.

[deleted] on 25 Oct 2023 22:52 next collapse

.

Ataraxia@sh.itjust.works on 26 Oct 2023 00:12 collapse

As an artist I agree. People are being so irrational with this.

zwaetschgeraeuber@lemmy.world on 26 Oct 2023 10:39 collapse

this is so dumb and clear it wont work at all. thats not the slightest how ai trains on images.

you would be able to get around this tool by just doing the nft thing and screenshot the image and boom code in the picture is erased.