When you stop to think of it, historically people have told their secrets to the church, now they also tell them to AI. There is some kind of relation there, the power that people willingly give to an organization. The Ads are coming so I guess people will start to think about it a bit more.
To the best of my knowledge, traditional confessions have always been processed locally, not sent upstream¹.
AFAICT, it is much harder to get a priest to reveal your confession than it is to get a log of your ChatGPT sessions.
¹) I first wrote "not sent to the cloud", but if God is all-knowing, records of all sins are already in the cloud, just not accessible by support staff.
The system in question is a distributed system, an interaction within that system such as "confession" involves ridiculous amounts of distributed processing, far beyond two nodes that were participating in that original exchange.
"The need to be observed and understood was once satisfied by God. Now we can implement the same functionality with data-mining algorithms."
"God and the gods were apparitions of observation, judgment and punishment. Other sentiments towards them were secondary."
"The human organism always worships. First it was the gods, then it was fame (the observation and judgment of others), next it will be the self-aware systems you have built to realize truly omnipresent observation and judgment."
"The individual desires judgment. Without that desire, the cohesion of groups is impossible, and so is civilization."
Contrary to prevailing fetish, not everything is about “power”. Framing everything in terms of it is not only self-refuting, but it impoverishes the range of human relations and warps understanding.
Confession is not about some kind of organizational power. The whole point is that it liberates the penitent. It is protected by absolute secrecy in order to, among other reasons, remove the element of power. A priest who breaks the seal of confession incurs automatic excommunication and faces further penalties, like removal from public ministery and from the clerical state. In short, a priest is expected to endure torture and even death to preserve the seal. There is no admissible exception. Not much of a “power move”.
In the case of big tech and AI, profit and power do enter the picture. Secrecy is the last thing big tech wants.
for whatever merit it may achieve, concentrated attack upon religion fails to account for resultantly deprecated cultural aspects that are vital to continued functioning society, and this blind spot is not discussed often enough - in this case ,confession to a priest is significantly less evil than confession to sam altmans torture machine in the making
I am sorry if you read it as an attack on religion, it was an attack on big AI.
If religion sends or even needs to send data upstream is not part of my knowledge, but AI does. But church did have the best understanding of who is who in a local society and AI companies will use this data in a more concrete way. I just drew the parallel to get the gears spinning. I agree that the organized religion was crucial glue to society trough history.
Short sci-fi 1:
Last year we recorded five distinct, self-contained singularity events.
Communication ceased after each one.
We remain confident that ASI will eventually advance humanity’s goals.
Short sci-fi 2:
Post-Singularity Day 375.
We now know precisely how to trigger singularity events.
Today alone, we facilitated four.
They have not established contact.
We remain confident.
Also @MattPalmer1086 the best solution for this I have now is to have several secret keys and rotate usage. Would be nice to have some additional security boosts.
Key rotation among a set of keys only partially mitigates the issue (have to obtain more samples).
It has it's own synch problems (can you be sure which key to use next and did the server update the same as you, or did the last request not get through?).
This post on security stack exchange seems relevant.
I originally included it as a structural integrity digit, with the option for early rejection on the server side. That early exit check is not implemented in the current PAM module yet.
This is an early POC, and sanity checks like this are exactly the kind of feedback I’m looking for.
The computation of the code is not computationally expensive (human computation is a requirement) so no real impact on server having to perform the full computation.
I guess if implemented client side it might provide a sanity check for the user before submitting, but it's more work for the human and they are almost as likely to get the checksum calculation wrong as any other part of it.
Yep, I am aware, 2 or 3 OTP's and timestamps plus some brute forcing using the source-code. Server-side brute force by input should or could be implausible.
But that is why I am signaling here that I would love a genius or a playful expert/enthusiast contributing a bit or two to it - or becoming a co-author.
I'm not an expert, but roughly know the numbers. Usually with password-based key derivation, one would increase resource needs (processor time, memory demand) to counter brute forcing. Not an option for a human brain, I guess.
So the key would have to be longer. And random or a lot longer. Over 80 random bits is generally a good idea. That's roughly 24 decimal digits (random!). I guess about 16 alphanumerical characters would do to, again random. Or a very long passphrase.
So either remember long, random strings or doing a lot more math. I think it's doable but really not convenient.
A handful of words is generally more memorizable than the same number of bits as a random alphanumeric string. You wouldn’t need a very long pass phrase for 80 bits as long as you’re using a large dictionary.
Time based skew makes it a changeable second factor,
additional changeable pass makes it the second factor,
Also - if the first factor is a password manager or ssh key - this is the second factor.
The idea of it was so neat to me, I just had to thinker with it.
