But just as Glaze’s userbase is spiking, a bigger priority for the Glaze Project has emerged: protecting users from attacks disabling Glaze’s protections—including attack methods exposed in June by online security researchers in Zurich, Switzerland. In a paper published on Arxiv.org without peer review, the Zurich researchers, including Google DeepMind research scientist Nicholas Carlini, claimed that Glaze’s protections could be “easily bypassed, leaving artists vulnerable to style mimicry.”

  • Pennomi@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    ·
    4 months ago

    Glaze has always been fundamentally flawed and a short term bandage. There’s no way you can make something appear correctly to a human and incorrectly to a computer over the long term - the researchers will simply retrain on the new data.

    • just another dev@lemmy.my-box.dev
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      2
      ·
      4 months ago

      Agreed. It was fun as a thought exercise, but this failure was inevitable from the start. Ironically, the existence and usage of such tools will only hasten their obsolescence.

      The only thing that would really help is GDPR-like fines (based as a percentage of income, not profits), for any company that trains or willingly uses models that have been trained on data without explicit consent from its creator.

      • FaceDeer@fedia.io
        link
        fedilink
        arrow-up
        13
        arrow-down
        3
        ·
        4 months ago

        That would “help” by basically introducing the concept of copyright to styles and ideas, which I think would likely have more devastating consequences to art than any AI could possibly inflict.

        • just another dev@lemmy.my-box.dev
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          4 months ago

          No, Just the concept of getting a say in who can train AIs on your creations.

          So yes, that would leave room for a loophole where a human could recreate your creation (without just making a copy), and they could then train their model on that. It isn’t water tight. But it doesn’t need to be, just better than what we have now.

          • FaceDeer@fedia.io
            link
            fedilink
            arrow-up
            5
            arrow-down
            2
            ·
            4 months ago

            That’s the same thing. Whatever you want to call it, “copyright” or some other word, the end result is that you’re wanting to give people the right to control other people’s ability to analyze the things that they see on public display. And control what general concepts other people put into future works.

            I really don’t see how going in that direction is going to lead to a better situation than we have now. Frankly it looks more like a path to a nightmarish corporate-controlled dystopia to me.

            • just another dev@lemmy.my-box.dev
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              4 months ago

              you’re wanting to give people the right to control other people’s ability to analyze the things that they see on public display.

              For the second time, that’s not what I want to do - I pretty much said so explicitly with my example.

              Human studying a piece of content - fine.
              Training a Machine Learning model on that content without the creator’s permission - not fine.

              But if you honestly think that a human learning something, and a ML model learning something are exactly the same, and should be treated as such, this conversation is pointless.

              • FaceDeer@fedia.io
                link
                fedilink
                arrow-up
                3
                arrow-down
                3
                ·
                4 months ago

                Again, it’s fundamentally the same thing. You’re just using different tools to perform the same action.

                I remember back in the day when software patents were the big boogeyman of the Internet that everyone hated, and the phrase “…with a computer” was treated with great derision. People were taking out huge numbers of patents that were basically the same as things people had been doing since time immemorial but by adding the magical “…with a computer” suffix on it they were treating it like some completely new innovation.

                Suddenly we’re on the other side of that?

                Anyway, even if you do throw that distinction in you still end up outlawing huge swathes of things that we’ve depended on for years. Search engines as the most obvious example.

                • just another dev@lemmy.my-box.dev
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  arrow-down
                  1
                  ·
                  4 months ago

                  And that’s the third time you’ve tried to put words into my mouth, rather than arguing my points directly.

                  Have fun battling your straw men, I’m out.

                • sab@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  4 months ago

                  Not OP, but I also don’t think it’s the same thing. But even if it were, the consequences are nowhere near the same.

                  A person might be able to learn to replicate an artist’s style, given enough practice and patience, but it would take them a long time, and the most “damage” they could do with that, is create new content at roughly the same rate as the original creator.

                  It would take an AI infinitely less time to acquire that same skill, and infinitely less time to then create that content. So given those factors, I think there’s an enormous difference between 1 person learning to copy your skill, or a company that does it as a business model.

                  Btw, if you didn’t know it yet - search engines don’t need to create a large language model in order to find web content. They’ve been working fine (one night even say Better) without doing that.

  • Even_Adder@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    edit-2
    4 months ago

    Reminder that the author of Glaze, Ben Zhao, a University of Chicago professor stole open source code to make a closed source tool that only targets open source models. Glaze never even worked on Microsoft, Midjourney, or OpenAI’s models.

    • FaceDeer@fedia.io
      link
      fedilink
      arrow-up
      15
      ·
      4 months ago

      Setting aside the hypocrisy, there’s simply no “service” to DDoS here. There’s hardly even a tool. According to the article:

      Hönig told Ars that breaking Glaze was “simple.” His team found that “low-effort and ‘off-the-shelf’ techniques”—such as image upscaling, “using a different finetuning script” when training AI on new data, or “adding Gaussian noise to the images before training”—“are sufficient to create robust mimicry methods that significantly degrade existing protections.”

      So automatically running a couple of basic Photoshop tools on the image will do it.

      I had to check the date on this article because I’m not sure why it’s suddenly news, these techniques for neutralizing Glaze have been mentioned since Glaze itself was first introduced. Maybe Hönig just formalized it?