this post was submitted on 11 Aug 2024
265 points (95.5% liked)

Technology

59390 readers
2840 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Am I missing something? The article seems to suggest it works via hidden text characters. Has OpenAI never heard of pasting text into a utf8 notepad before?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 97 points 3 months ago (14 children)

The arstechnica article speculated it was more of a pattern of words thing.

I think it is lies, and doesn't exist or work anywhere near as good as they claim. Or, its incredibly easy to bypass.

https://arstechnica.com/ai/2024/08/openai-has-the-tech-to-watermark-chatgpt-text-it-just-wont-release-it/

[–] [email protected] 32 points 3 months ago (5 children)

Research on this topic exists, and it is possible to alter the output of an LLM in minor ways, that statistically "watermark" the results without drastically changing the quality of the output. OpenAI has probably implemented this into ChatGPT.

https://www.youtube.com/watch?v=2Kx9jbSMZqA

I think the tool exists, and is (at least close to) as good as they claim it is. They can't release it, because once the public can tell with high accuracy whether ChatGPT wrote some text, another AI can be developed to circumvent detection from this method, making the tool useless.

[–] [email protected] 11 points 3 months ago (1 children)

That is a long video, is the paper published somewhere?

Im willing to accept that you can statistically "watermark" the text, but I'm not convinced that it would be tamper resistant, which is a large part of what makes a watermark useful. If it can't survive an idiot with a thesaurus, its probably not gonna be terribly useful.

[–] [email protected] 7 points 3 months ago (1 children)

It can likely also be defeated by adding "In the style of X" to a prompt, changing the distribution and pattern of the responses.

[–] [email protected] 2 points 3 months ago (1 children)

...but that output is also from the AI so it would still be watermarked lol

[–] [email protected] 2 points 3 months ago (1 children)

You could feed it through a different, smaller model that could even be self-hosted. It isn't difficult to make a model that rephrases an input in another style.

[–] [email protected] 2 points 3 months ago

Ah, okay. That's fair. It wasn't clear they meant a different system lol.

load more comments (3 replies)
load more comments (11 replies)