this post was submitted on 11 Aug 2024

263 points (95.5% liked)

Technology

59161 readers

2140 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

263

OpenAI has built a text watermarking method to detect chatgpt written content (www.tomshardware.com)

submitted 2 months ago by [email protected] to c/[email protected]

69 comments fedilink hide all child comments

Am I missing something? The article seems to suggest it works via hidden text characters. Has OpenAI never heard of pasting text into a utf8 notepad before?

(page 2) 19 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 2 months ago (1 children)

In other news, mathematicians have been working hard on calculator detector software. Upon request for comment, leading mathematicians suggested a variety of ideas, such as such as secretly embedding a watermark “58008” (BOOBS) into the decimal parts of pi and e to more easily identify derived calculations. There was consistent sentiment among leading minds that “back in my day we had to work hard to do math, and walk up hill both ways in the snow to school”… and that “there’s nothing wrong with a good ol’ fashion abbicus, dag nabbit!”

load more comments (1 replies)

[–] [email protected] 21 points 2 months ago* (last edited 2 months ago) (4 children)

This has been known in the ML space forever. LLMs don't actually output words/tokens, but probabilities for a long list of tokens, and the sampler picks one (usually the mostl likely token). And if you arbitrarily weigh these probabilities (eg 50% of possible token outputs are more likely than the other 50%, as a random example), it creates a "signature" in any text thats easy to measure. The sampler randomizes it a tiny bit, but that averages out in long texts.

It's defeatable. I'm sure if you maken enough OpenAI queries, you can find the bias. I think a paper already tackled this. But this likely will stop the lazy absures, aka 99% of abusers, who should just use some other LLM if they really care.

Another open secret in LLM land is that OpenAI is actually falling behind open research efforts, hence its hilarious it took them this long to implement something so simple.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago) (1 children)

So if cheating on homework, use self hosted only then. Cool. I mean, they can't possibly use that algorithm for every model on hugging face especially if I don't tell anyone which one I use. I'm done with school after this semester anyway, I feel sorry for everyone in the future that has to complete assignments in the age of ai warfare.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

You have full control of your logit outputs with local LLMs, so theoretically you could "unscramble" them. And any finetuning would just blow that bias away anyway.

OpenAI (IIRC) very notably stopped giving the logprobs of their models. They did this for many reasons, and most of them boil down to "profits" and "they are anticompetitive jerks," but another reason is to enable watermark methods just like this.

Also, thing about this is that basically no one uses self hosted LLMs compared to OpenAI (or really any API) LLM.

[–] [email protected] 5 points 2 months ago (1 children)

Ye, it'll stop the casual abuse for all of 5 minutes. There are already tools to obscure the use of AI and, as you say, it won't take much to update them.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago) (2 children)

It's not so trivial if OpenAI cycles the logit bias or makes it really convoluted.

And it's not like certain "words" or language patterns are more probable with this method, its different than what any kind of human or words based algorithm would detect, which is what I suspect most "anti AI detection" software does.

Its doable... but seems inconvenient for a small business to keep up with. Maybe.

load more comments (2 replies)

[–] [email protected] 3 points 2 months ago (1 children)

That's cool, but literally any other implementation won't have that, or will have an incompatible watermark.

[–] [email protected] 4 points 2 months ago

Exactly. The cat is out of the bag. I can still run my own LLM.

[–] [email protected] 5 points 2 months ago

Is “The Algorithm” just “we stuffed all our GPT responses into a Lucene index and look for 80% matches”?

Because that’s what I’d do.

[–] [email protected] 1 points 2 months ago (1 children)

It's probably some type of cypher. Which will take people exactly one (1) afternoon to crack.

[–] [email protected] 1 points 2 months ago

A whole afternoon or just a portion?

[–] [email protected] 31 points 2 months ago (1 children)

no. i bet it uses an algorithm setting optional words to specific variants over a given set of text.

but it sounds to me like they are figuring out how to monetize the cure for their disease

[–] [email protected] 7 points 2 months ago (1 children)

Which, if ChatGPT has or is getting parity with human writers then, by definition, it’s going to be impossible to tell the difference.

And if it can tell the difference it’s either going to prove their product is substandard, they can identify snippets of copyrighted material they have in their training set, or falsely identify people whose content and styles their training on.

I’m not sure what the angel here is for OpenAI but it’s problematic to their brand and, potentially, legally no matter how they go about it.

load more comments (1 replies)

[–] [email protected] 96 points 2 months ago (3 children)

The arstechnica article speculated it was more of a pattern of words thing.

I think it is lies, and doesn't exist or work anywhere near as good as they claim. Or, its incredibly easy to bypass.

https://arstechnica.com/ai/2024/08/openai-has-the-tech-to-watermark-chatgpt-text-it-just-wont-release-it/

[–] [email protected] 31 points 2 months ago (1 children)

Research on this topic exists, and it is possible to alter the output of an LLM in minor ways, that statistically "watermark" the results without drastically changing the quality of the output. OpenAI has probably implemented this into ChatGPT.

https://www.youtube.com/watch?v=2Kx9jbSMZqA

I think the tool exists, and is (at least close to) as good as they claim it is. They can't release it, because once the public can tell with high accuracy whether ChatGPT wrote some text, another AI can be developed to circumvent detection from this method, making the tool useless.

[–] [email protected] 11 points 2 months ago (4 children)

That is a long video, is the paper published somewhere?

Im willing to accept that you can statistically "watermark" the text, but I'm not convinced that it would be tamper resistant, which is a large part of what makes a watermark useful. If it can't survive an idiot with a thesaurus, its probably not gonna be terribly useful.

load more comments (4 replies)

[–] [email protected] 16 points 2 months ago (2 children)

I think it exists and works but that its simply not in their best interest to have people use it and be found out that they used chatgpt, for OpenAI's business/profit potential. I have nothing to back it up but have just lost all faith in OpenAI.

[–] [email protected] 5 points 2 months ago (1 children)

They sell the cheating tool and the detection software

load more comments (1 replies)

[–] [email protected] 10 points 2 months ago (3 children)

Im willing to believe it exists, but not that its any good. 99% is a crazy accuracy claim.

load more comments (3 replies)

load more comments (1 replies)

load more comments