Privacy is a shield. It is useful to protect against a threat. It doesn’t have to perfectly protect against the threat. But the important thing is to have a threat model and construct your privacy concerns around it.

Ask yourself what you believe will be a threat to you and then criticize those beliefs. Use this self-critical process to decide on your first idea of a threat model.

Piped should build out better error messages so that users know this is a problem with Piped getting the video from YouTube.

The only surefire form of privacy is to not store information digitally in the first place, ideally not at all.

But sometimes we do have information that needs storing. And in that case privacy requires that you control the data at rest and encrypt the data at transit. All free cloud services can snoop your data if they really want to. If you value privacy, minimize your use of them.

You should assume that every social network is ride with spying, both for corporate and governmental purposes. For example, the main reason TikTok is currently getting threatened with a banning is because they have a less fed-friendly algorithm, so large masses of people are actually seeing the horrors in Gaza. If you watch the nightly news, you won’t see that content. If you go to YouTube, you won’t see that content. You also will barely see it on Reddit (which literally hired someone that worked at the CIA to be their community manager person lol). Do your best to dissociate your online activity from your personal identity. Use a good VPN that you pay for with cash or a proxy system like a voucher that can’t be traced back to you. Use burner email accounts. Etc etc.

lmao

You are almost on point here, but seem to be missing the primary point of my work. I work as a researcher at a university, doing more-or-less fundamental research on topics that are relevant to industry.

This is something I’m very familiar with.

As I wrote: We develop our libraries for in-house use, and release the to the public because we know that they are valuable to the industry. If what I do is to be considered “industry subsidies”, then all of higher education is industry subsidies. (You could make the argument that spending taxpayer money to educate skilled workers is effectively subsidising industry).

This is largely the case, yes. Research universities do the basic research that industry then turns into a product and makes piles of cash from. And you are also correct that subsidizing STEM education is a subsidy for industry. It very specifically is meant to do that. It displaces industry job training and/or the companies paying to send their workers to get a degree. It also has the benefit of increasing overall supply in theur labor market, which helps drive down wages. Companies prefer having a big pool of potential workers they barely have to train.

We respond to issues that are related either to bugs that we need to fix for our own use, or features that we ourselves want. We don’t spend time implementing features others want unless they give us funding for some project that we need to implement it for.

That’s good!

In short: I don’t work for industry, I work in research and education, and the libraries my group develops happen to be of interest to the industry. Most of my co-workers do not publish their code anywhere, because they aren’t interested in spending the time required to turn hacky academic code into a usable library. I do, because I’ve noticed how much time it saves me and my team in the long run to have production-quality libraries that we can build on.

I think your approach is better. I also prefer to write better-quality code, which for me entails thinking more carefully about its structure and interfaces and using best practices like testing and CI.

If the government is the US (federal), I think you are technically supposed to release your code in the public domain by default. Some people work around this but it’s the default.

But anyways, the example you’ve given is basically that you’re paid with government funds to do work to assist industry. This is fairly similar to the people that do the work for free for industry, only this time it’s basically taxpayersl money subsidizing industry. I’ve seen this many times. There is a whole science/engineering/standards + contractor complex that is basically one big grift, though the individual people writing the code are usually just doing their best.

I’m also an idealist of sorts. The way I see it, I’m developing publicly funded code that can be used by anyone, no strings attached, to boost productivity and make the world a better place. The fact that this gives us publicity and incentivises the industry to collaborate with us is just a plus.

Perhaps it makes the world a better place, perhaps it doesn’t. This part of the industry focuses a lot on identifying a “social good” that they are improving, but the actual impact can be quite different. One person’s climate project is another’s strategic military site selector. One person’s great new standard for transportation is another’s path to monopoly power and the draining of public funds that could have gone to infrastructure. This is the typical way it works. I’m sure there can be exceptions, though.

Anyways, I would recommend taking a skeptical eye to any position that sells you on its positive social impact. That is often a red flag for some kind of NGO industrial complex gig.

Calling it a self-imposed unpaid internship, when I’m literally hired full time to develop this and just happen to have the freedom to be able to give it out for free, is missing the mark.

Well you’re paid so of course it wouldn’t be that.

Also, we develop these libraries primarily for our own in-house use, and see the adoption of the libraries by others as a great way to uncover flaws and improve robustness. Others creating closed-source derivatives does not harm us or anyone else in any way as far as I can see.

Sometimes the industries will open bug reports for their free lunches, yes. A common story in community projects is that they realize they’re doing a lot of support work for companies that aren’t paying them. When they start to get burned out, they put out calls for funding so they can dedicate more time to the project. Sometimes this kind of works but usually the story goes the other way. They don’t get enough money and continue to burn out. You are paid so it’s a bit different, but it’s not those companies paying you, eh?

You aren’t harmed by closed source derivatives because that seems to be the point of your work. Providing government subsidy to private companies that enclose the derivative product and make money for their executives and shareholders off of it.

Oh no I mean that there are companies that just don’t care about licensing and plod ahead hoping it’s never an issue. Like having devs build a “prototype” that they know uses AGPL code and saying, “we will swap this out later” and then 6 months later the “prototype” is in production.

Personally, I make a lot of my personal projects’ code closed because I specifically don’t want it to be useable by others. Not for jerky reasons, but strategic ones. IMO common licenses don’t achieve what a lot of people hope they do.

Software licenses don’t change ownership. That requires transfer of copyright, like with contributor agreements.

Though I am aware that a small set of people seek less copyleft licenses because they think they’re better. They are usually wrong in their thinking, but they do exist.

I’m not sure what you are referring to about ontologically bad. Has someone said this?

Yes you can. You just change the license that lives with the code.

What it changes depends on the project, how it’s used, who uses it, etc. It’s really a social question of how people might interact with your project differently.

The MIT license guarantees that businesses will use it because it’s free and they don’t have to think about releasing code or hiding their copyright infringement. The developers I’ve seen using that license, or at least those who put some thought into it, did do because they want companies to use it and therefore boost their credibility through use and bug reports, etc. They knowingly did free work for a bunch of companies as a way to build their CV, basically. Like your very own self-imposed unpaid internship.

The GPL license is also good for developers, as they know they can work on a substantial project and have some protections against others creating closed derived works off of it. It’s just a bit more difficult to get enterprise buy-in, which is not a bad thing for many projects.

If you do run local, properly use a firewall to prevent it from phoning home. Or airgap.

Of course!

I think you are confused. The dismissive behavior was not to just give advice and I pointed out what it actually was. And it is not dismissive to meet people where they are at. I think you’re now reaching for some fairly basic defensive behaviors (straw men and even the “I’m rubber your glue” kind of retorts) so I’m going to disengage.

Please do try to interact with others with more empathy.

I was going to let them reply first. You are being rude and dismissive of them, however. Please show your fellow humans a bit more empathy.

They have already stated that they think they should be speaking to someone but are clearly having a hard time. If a chatbot is helping them right now I’m not going to lecture them about “pretending”. I recommend the approach of a polite and empathetic nudging when someone is or may be in crisis.

It is very difficult to run an email provider and not get banned by the others. Google, Microsoft, and Apple control the US market, for example. If they decide your domain is spam, you suddenly can’t email anyone with a Gmail or Hotmail or Apple account. Avoiding getting banned means you have to regulate your own outgoing emails very carefully, rate-limit them just right, and yet also build up a reputation of trustworthiness by sending a lot of emails that don’t get marked as spam.

The only privacy-secure way to do your email would be DIY but this risks getting banned like… all the time.

Personally, I recommend having your own domain and setting up MX records to a reliable email provider that is not one of the big ones and ideally offers some kind of theoretical inbox protection (please note that they could always still read everything if they just copied all incoming messages to another database as well).

Email is itself not very secure. You can use GPG to make it better but most people won’t know how to receive your messages or send secure ones. For security, I recommend using a dedicated e2e chat service or in-person communication.

Oh that’s totally valid. Sometimes we just need to talk and receive the validation we deserve. I’m sorry we don’t have a society where you have people you can talk to like this instead.

I haven’t personally used any of the offline open source models but if I were you that’s where I’d start looking. If they can be run inside a virtual machine, you can even use a firewall to ensure it never leaks info.

I’m unaware of any substantial research on Alzheimer’s or diabetes that has been done using LLMs. As generative models they’re basically just souped up Markov chains. I think the best you could hope for is something like a meta study that is probably a bit worse than the usual kind.

Is it really that useful for you? LLMs are basically parlor tricks.

Any online service into which you enter information has the capability to save that information for its own purposes. This includes all the people entering personal or identifying or really any information into “AI” products.

Given that it’s not even particularly useful, I recommend just not using “AI” if you’re not sure how to protect yourself.