I feel for artists to an extent but no way are they going to succeed „ruining AI“ by poisoning image data sets.
And even if that was feasible, what the hell do they gain?<p>This is the whole „photography is not art“ or „digital image manipulation is not art“ or „oil painting is not art“ discussion all over again and I can believe serious artists actually take pet in this luddite theatre.
there is going to be a "pre-GPT" internet training set from 2022 and earlier that will basically be the last 'complete' not poisoned data set.<p>As AI increases as an overall % of all online posts and activity it will death spiral on model quality.
> <i>altering an image’s pixels in a way that wreaks havoc to computer vision but leaves the image unaltered to a human’s eyes</i><p>Can someone who understands the original paper give an ELI5 on how that's possible?<p>I understand how labeling an image of a cat as "dog" could poison a dataset.<p>I also understand how adding images of a toaster (which sort of looks like a handbag) to a dataset of handbags could poison a dataset.<p>But I don't understand what's happening in Figure 6 in the original paper. The pairs of pictures of the dogs, cars, etc. look absolutely identical. What exactly is happening there?
Just wait for luddite political candidates becoming popular when white collar workers will start be inevitable replaced. It will be a total disaster for any sensible discourse.
This is just a race to the bottom and creating artificial work - folks creating poisoned data sets and then armies of data engineers who look at creating valid data sets for building models that can be grounded.
A nanoscopic amount of artists sabotaging a few images will not do anything to anyone, there'll just be a small version bump in vision models and the 0.0000001 contaminated images will also be classified correctly.<p>While i really feel for the artist like everyone else potentially losing their livelihood to AI, this is an annoying fantasy story.
It reminds me of a wave of comments "Deadline tomorrow !!! Everything you’ve ever posted becomes public from tomorrow. I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me. If you do not publish a statement at least once it will be tactically allowing the use of your photos, as well as the information contained in the profile status updates. DO NOT SHARE. Copy and paste."<p>But now people are posting images instead of text. And it all looks so stupid that it only deals reputational blow to some subgroup of artists who now look like a group of technically illiterate luddites.
We are on a roller coast ride of technological advancement. Gravity is pulling us inexorably forward, and we can't see where the track eventually goes. We have brakes, but not enough to stop forward movement entirely. We have <i>some</i> input on the direction we take, but our limited vision down the track makes it hard for us to anticipate and correct for any upcoming curves we don't like.<p>It's going to be a bumpy ride, but hopefully we have fun along the way.
Gotta give the team behind Nightshade and its earlier, rapidly debunked predecessor (Glaze) credit for a really strong media-relations operation.<p>But that's about it, and this isn't meaningfully going to impact AI image generation at all.
Solution:<p>1. Run a large number of verified unpoisoned images through the AI poisoning algorithm<p>2. Create a large high-quality data set consisting of the before and after poisoning image pairs<p>3. Train an AI using this data set so it can detect or even reverse the poisoning<p>4. AI train stops for no one
This reminds me of an attempt when spammers tried (and still trying, but not as often as before) to poison antispam bayes filters with all sorts of garbage in email. The result is that filters became even more powerful over time.
It's never going to matter, ignoring that they are a extremely small percentage of images on internet, if they have enough signal to almost not be noticed by a human than there is more than enough signal to train an AI.
Poison works by being able to scale its impact dramatically: attacking chemical cornerstone processes, disabling a receptor, etc.<p>ML is, to simplify, a statistical process that tries to identify probability distributions. That implies they’d have to purposefully degrade large amounts of images that the system has access to. Unless those images are impossible to distinguish from the others (because, say, they come from the same sites) I’m not sure how they’d do it consistently.<p>They could mark sources, by using an unused combination of keywords and having a unique image attached to it, but poisoning—at scale? I’m not seeing a stable equilibrium where that’s possible.
Artists are happy to use the global working plattforms (Instagram, ...) to show and monetize their art to a world-wide audience but are unhappy if these content is used to train AI. If you show your art in just your own local gallery nobody will exploit it. Its the same in software engineering with public repos. So I guess we all have to adjust and use AI for the better instead of complaining and fighting it. Or am I missing the point here?
I agree with people this is a long shot, but how can you not admire the spunk? Whether we realize it or not yet, this is the kind of resolve and energy we need to bring to the future.<p>Antagonism is not automatically luddite-ism! This is capitalism right? Dont we need the competition?
I talked to a luddite on this:<p>"What if I take my own pictures, and train the data on my own pictures?"<p>Their answer:<p>"No"<p>Luddites, nothing more. They will become obscure while everyone else advances. She uses her colored pencils, I use digital art. Guess who works at a coffee shop.