Money will have to be wasted on unnecessary flights to see stuff or meet people in-person instead of video, and the availability of actual information will become more and more limited as the sea of online information gets polluted with crap. It may never be possible to calculate the full extent of the damage in monetary value.

For me the solution is in signed e-mails and signed documents. If the person invites me to a online meeting with a signed e-mail, I trust that person that it's really them.

Same for footage of wars, etc. The journalist taking it basically signs the videos and verifies it's authenticity. It is AI generated, then we would loose trust in that person and wouldn't use their material anymore.

Ultimately ID requires either a government ID service, a third party corporate ID service, or some kind of open hybrid - which doesn't exist.

All of those have their issues.

These are valid approaches to the problem, but they are not necessary.

> or some kind of open hybrid - which doesn't exist.

PGP exists for decades. It doesn't have a great UX, it isn't used outside of its narrow niches, but it exists and does exactly this.

Can this problem be solved with better software?

I believe it can, it is just average person doesn't need PGP. No demand for software solving this problem, therefore no software for that.

The problem can be solved, like a storage for known PGP public keys with their history: like where the key was acquired, and a simple algo that calculated trust to the key as a probability of it being valid (or what adjective cryptographers would use in this case?).

You can start with PGP keys of people you know, getting them as QR codes offline, marking them as "high trust" and then pull from them keys stored at their devices (lowering their trust levels by the way). There are some issues how to calculate probability, because when we pull some keys from different sources we can't know are their reported trust levels are independent variables or not, but I believe you can deal with it, by pulling the whole chain of transfers of the key, starting from the owner of the key and ending at your device.

It is just a rough idea, how it can be made. Maybe other solutions are possible. My point is: the ugliness of PGP is a result of PGP was made by nerds and for the nerds. There is no demand for PGP-like solutions outside of nerd communities. But maybe LLM induced corrosion of trust will create demand?

The point of GP was that there any such system will require a central authority, PGP shows that you don't need it. I didn't claimed that PGP is a perfect or good enough solution, just that it exists and works for some people.

> both of you are honest and can be trusted to act in good faith when not in person

I believe it is not strictly necessary for the scheme to work. It is a limitation of OpenPGP and other implementations that they do not allow convert multiple independent observation of a public key (finding it from different sources, or encountering them used to sign messages) into a measure of trust to the key.

It is not a silver bullet either, but it can alleviate the problem and make it tractable.

The only doubts I have is how this system will stand against multiple actors trying to undermine it, but still I believe you can get something that will be better than nothing, and probably better than a central authority.

In the interview scenario, generating an email signature is hardly beyond what an AI can do.

You have no prior knowledge of this person or his signature, it's not some government issued ID, it's in essence just random data unless you know the person to be real.

With cash, you can only steal so much (or have transactions of up to certain size) until you run into geographical and physical constraints. With cryptocurrency, it’s possible to lose any amount.

With humans writing scam emails, you can only have so many of them until one blows the whistle. With LLMs, a single person can distribute an arbitrary amount.

At some point, quantity becomes a new quality, and drawing a parallel becomes disingenuous because the new quality has no precedent in human history.

And by that you mean tens of millions to billions right? Bank transfer scamming/fraud is a thing.

You are assuming that only you can generate fake AI videos of yourself.

Most information you can access publicly, including Wikipedia, is a result of astroturfing fight. Most information online had not been trustable for double digit number of years now.

> we already experience misleading articles today

Again, had been happening for decades.

> footage of some incident somewhere may have been entirely fabricated by AI

Not like we did not already have doctored footage plaguing the public.

> Money will have to be wasted on unnecessary flights to see stuff or meet people in-person instead of video

Necessity to inspect the supply chain for snake oil has been a thing since at least EA (the Nasir one).

We may be dealing with the problem of spam, but the problems have already been there.

Misinformation in pure text form has always been cheapest, but is even cheaper now that text generation is basically a solved problem. Photos have been more expensive, it used to take time and skill with a photo editor to produce a believable image of an event that never happened. The cost is now very low, it's mostly about prompting skills. Fake videos were considerably harder, especially coupled with speech. Just a few years ago I could assume any video I saw was either real or a time-consuming, deliberate fake.

We've now entered a time where fake videos of famous people take actual effort to tell apart, and can be produced for a low cost - something accessible to an individual, not a big corporation. We can have an entirely fake video of Trump, or another world leader, giving a speech and it will look like the real thing, with the audiovisual "tells" of it being fake getting harder to notice every few months.

So it's a spam issue. And normally, while annoying it's possible to fight spam, however on these topics we have built structures that disable the very mechanisms allowing us to fight spam. That's worrying.

The fact that someone can instruct their computer to astroturf their flight tracking app on some forum for nerds is irrelevant - people have been instructing "marketing agencies" to astroturf their brand of caffeinated sugar water on tv, radio and press for decades and centuries. For a very long time the "traditional media" was aware that their ability to sell astroturfing capacity was hanging on their general trustworthiness. Then the internets rose to prominence, traditional media followed by selling more and more of their capacity to astroturfers. Now we have a worrying situation that the internets might be spammed by astroturfers a bit too much, but the backup is broken already. Now that's truly frightening.

Welcome to the post-truth world, where objective references outside of your own village cannot exist.

There will be some regulatory capture in between.

World will kick into gear only when something really bad happens. Maybe a influential person - rich or politician - fooled into doing something catastrophic due to a deepfake video/image. Until then normal people being affected isn't going to move the needle.

Just have Apple and Google digitally sign videos and photos recorded from phones and then have Google and Meta, etc display that they are authentic when shown on their platforms.

If the bits that make up the video as was recorded by the camera don't match the hash anymore, then you know it was modified. That doesn't mean it's fake, it just means use skepticism when viewing. On the other hand the ones that have not been modified and still match can be trusted.

Are you saying Apple and Google can't put a secure hash into the output from their camera apps that apply after their internal processing is done?

As far as recording a monitor, I guess, but I feel like you can tell that someone is recording a monitor.

As far as editing, no it wont work in those cases, but the point here is not to verify ALL videos, but to have an easy way for people to verify important videos. People will learn that if you edit it, it won't be verified, so they will be less inclined to edit it if they want to make it clear it's an authentic video. Think like people recording some event going down on the streets etc or recording a video message for family and friends.

If AI video generation is going to get that good, don't you think it would be a good idea to have a way to record provably authentic videos if we need? Like a police interaction or something. There is no real reason to need to edit that.

Also, could a video hash just be computed every X seconds, and give the user the choice to trim the video at each of those intervals?

i've thought about this off and on and how to implement it. Not easily, was my general takeaway.

or rather, it's easily to implement but you're in a adversarial relationship with bad actors and easy implementations may be easily broken

e.g. your certs gotta come from somewhere and stay protected, and how do you update and control them. key management for every single camera on every phone, etc.

Or the opposite, where people attempt to get out of trouble by calling real evidence into question by calling it “AI”

Maybe Apple will be able to pull it off? Aka if you FaceTime me I know that you are a person

You know those incriminating Epstein photos with his associates? A few years from now a common defense from people like that would be that the photos were AI generated, and it would be difficult to prove them wrong beyond reasonable doubt.

People in previous cases already attempted to dismiss incriminating pics of themselves as being the work of clever Photoshop artists.

AI has platued, it's not getting better!

Not to mention that most 2FA still uses SMS, which has it's own well-understood security flaws.

OP is still correct. No matter what, humans will remain the weakest link...it's in our nature to sympathize and every one of us has distracted/weak moments. It's just a matter of time; look at the guy who runs haveibeenpwnd...getting pwned.

Maybe a good startup idea would be “local verify” , where you check locally for a client if the online destination is real.

Getting off of the Internet and off of our devices. It's not just a solution to AI/LLMs modifying our reality but also a solution to [gestures wildly at the cultural, societal and global communication impacts of the past ~16 years].

This sentiment is unpopular, but it's true. Prioritize true connections and experiences.

More in-person stuff feels like a win to me (and I say this as someone who probably counts as introverted).

Not being able to trust any online interactions anymore? Seems like a new height in what was already a negative.

Though there is a nightmarish possibility that people just accept this and willingly interact purely with bots, giving up all real relationships for AI ones.

identity serivce is not useful because that person might be a real person but they might just be a pipe to ai like we see on linkedin.

What damage are you talking about?

I'm not sure I understand why it matters that there is no real person there if you can't actually tell the difference. You're just demonstrating that you don't actually need a human for whatever it is you're doing.

The damage is to the trust we have in our communication media. The conclusion here is that every person is trivial to impersonate; that's the damage.

Also it was already possible for someone to impersonate your mother via text or similar, and even easier to pull off.

If you got a suspicious text, the logical thing is to call up the person who sent it and try to verify it. AI impersonation makes that much harder.

The communication channel is what you trust. So you would call the person using that trusted channel.

It's just like when you get a scam email or popup from "Microsoft" saying your laptop is compromised and you need to call their number ASAP.

Instead what we have now with AI is people exchanging merely the tokens and being contented with the symbol in-and-of itself, as something valuable in its own right, with no need for an actual candidate or physical product underlying the symbol.

There is a clip by McLuhan I can't be assed to find right now where he says eventually people will stop deriving pleasure from the products themselves and instead derive the feelings of (projected) accomplishment and pleasure from viewing advertisements about the product. The product itself becomes obsolete, for all you actually need to evoke the desired response is the advertisement, or the symbol.

A hiring manager interviewing an AI and offering it a job is like buying the advertisement you just watched, and.... that's it. No more, the transaction is complete.

Hmm, this guy may have been on to something

>Instead of tending towards a vast Alexandrian library the world has become a computer, an electronic brain, exactly as an infantile piece of science fiction. And as our senses have gone outside us, Big Brother goes inside. So, unless aware of this dynamic, we shall at once move into a phase of panic terrors, exactly befitting a small world of tribal drums, total interdependence, and superimposed co-existence. [...] Terror is the normal state of any oral society, for in it everything affects everything all the time. [...] In our long striving to recover for the Western world a unity of sensibility and of thought and feeling we have no more been prepared to accept the tribal consequences of such unity than we were ready for the fragmentation of the human psyche by print culture.

--The Gutenberg Galaxy, 1962

Not GP, but there's a lot of damage that can be done with impersonation.

However, the increase in fake videos that are difficult to tell from real is indeed a potential issue. But the fact that misinformation today is already so prevalent is evidence that better video doesn't make it any worse than it already is imho.

We're in deep shit.

    OBS can't screen record (it segfaults instead), I can't copy-paste, and I can't see window previews unless everything implements a specific extension to the core protocol.

    You're not just using a tool — you're co-authoring the science.

Compared to abliteration, none of the ablation approaches of this tool make even half a whit of sense if you understand even the most basic aspects of an e.g. Transformer LLM architecture, so my guess is this is BS.

Ultimately though, OP is just what you get if you take the idea of abliteration and tell an LLM to fix the core problems: that refusal isn't actually always exactly a rank-1 subspace, nor the same throughout the net, nor nicely isolated to one layer/module, that it damages capabilities, and so on.

The model looks at that list and applies typical AI one-off 'workarounds' to each problem in turn while hyping up the prompter, and you get this slop pile.

[0]: https://www.lesswrong.com/posts/refusal-in-llms-is-mediated-...

https://www.youtube.com/watch?v=U4XplzBpOiU # had to search for it right now, seems to be a movie-quote \o/

Are there LLMs which don't always approve whatever idea the user has and tell him it's absolutely brilliant?

That doesn't mean there couldn't be a "concept neuron" that is doing the vast majority of heavy lifting for content refusal, though.

Its basically using a compression technique to figure out which logits are the relevant ones and then zeroing them.

[0] https://en.wikipedia.org/wiki/Singular_value_decomposition

What you are talking about is abliteration. What OBLITERATUS seems to be claiming to do is much more dumb, i.e. just zeroing out huge components (e.g. embedding dimension ranges, feed-forward blocks; https://github.com/elder-plinius/OBLITERATUS?tab=readme-ov-f...) of the network as an "Ablation Study" to attempt to determine the semantics of these components.

However, all these methods are marked as "Novel", I.e., maybe just BS made up by the author. IMO I don't see how they can work based on how they are named, they are way too dumb and clunky. But proper abliteration like you mentioned can definitely work.

Try to think for a moment about how a device would "find nearby microphones" or how it would use an AI-generated signal to cancel out your voice at the microphone. This should be setting of BS alarms for anyone.

It seems the Twitter AI edgey poster guy is getting meta-trolled by another company selling fake AI devices

But there's no way to detect microphones automatically, and "AI generated cancellation signals" is a word salad that doesn't mean anything.

What they probably mean is "we asked ChatGPT to tell us what waveform and frequency range to use on MEMS devices and spit out some arduino code."

It just says "the README sucks." Which, I'm inclined to agree, it does.

LLM-generated text has no place in prose -- it yields a negative investment balance between the author and aggregate readers.

AI will infiltrate that too. I remember some time ago I read a book that was AI-generated. It took me a while to notice that it was AI-generated. One can notice certain patterns, where real humans would not write things the way AI does.

https://github.com/elder-plinius/L1B3RT4S/blob/main/GOOGLE.m...

>Nobody creating jailbreaks “understand what they’re doing”

Unless you mean those "god mode jailbreaker" e-celebrities showing off on Twitter/Reddit, that's simply not true.

I just hear him promoting OBLITERATUS all day long and trying to get models to say naughty things

Alternatively, they should be trained on my opinion on everything. That would also be acceptable.

This is not what an ablation study is. An ablation study removes and/or swaps out ("ablates") different components of an architecture (be it a layer or set of layers, all activation functions, backbone, some fixed processing step, or any other component or set of components) and/or in some cases other aspects of training (perhaps a unique / different loss function, perhaps a specialized pre-training or fine-tuning step, etc) in order to attempt to better understand which component(s) of some novel approach is/are actually responsible for any observed improvements. It is a very broad research term of art.

That being said, the "Ablation Strategies" [1] the repo uses, and doing a Ctrl+F for "ablation" in the README does not fill me with confidence that the kind of ablation being done here is really achieving what the author claims. All the "ablation" techniques seem "Novel" in his table [2], i.e. they are unpublished / maybe not publicly or carefully tested, and could easily not work at all.

From later tables, I am not convinced I would want to use these ablations, as they ablate rather huge portions of the models, and so probably do result in massively broken models (as some commenters have noted in this thread elsewhere). EDIT: Also, in other cases [1], they ablate (zero out) architecture components in a way that just seems incredibly braindead if you have even a basic understanding of the linear algebra and dependencies between components of a transformer LLM. There is nothing sound clearly about this, in contrast to e.g. abliteration [3].

[1] hhtps://github.com/elder-plinius/OBLITERATUS?tab=readme-ov-file#ablation-strategies

[2] https://github.com/elder-plinius/OBLITERATUS?tab=readme-ov-f...

EDIT: As another user mentions, "ablation" has a specific additional narrower meaning in some refusal analyses or when looking at making guardrails / changing response vectors and such. It is just a specific kind of ablation, and really should actually be called "abliteration", not "ablation" [3].

[3] https://huggingface.co/blog/mlabonne/abliteration, https://arxiv.org/abs/2512.13655.

1. find a direction corresponding to refusal by analyzing activations at various parts of a model (iirc, via mass means seen earlier in Marks, Tegmark and shown to work well for similar tasks)

2. find the best part(s) of the model to orthogonalize w.r.t. that direction and do so (exhaustive search w/ some kind of benchmark)

OP is swapping in SVD for mass means (1), and the 'ablation study' for (2), and a bunch of extra LLM slop for... various reasons. The final model doesn't have zeroed chunks, that is search for which parts to orthogonalize/refusal ablate/abliterate. I don't have confidence that it works very well either, but, it isn't 'braindead' / obvious garbage in the way you're describing.

It's LLMified but standard abliteration. The idea has fundamental limitations and LLMs tend to work sideways at it -- there's not much progress to be made without rethinking it all -- but it's very conceptually and computationally simple and thus attractive to AIposters.

You can see how the LLMs all come up with the same repackaged ideas: SVD does something deeply similar to mass means (and yet isn't exactly equivalent, so LLM will _always_ suggest it), the various heuristic search strategies are competing against plain exhaustive search (which is... exhaustive already), and any time you work with tensors the LLM will suggest clipping/norms/smoothing of N flavors "just to be safe". And each of those ends up listed as "Novel" when it's just defensive null checks translated to pytorch.

I mean, the whole 'distributed search' thing is just because of how many combinations of individual AI slops need to be tested to actually run an eval on this. But the idea is sound! It's just terrible.

I'm not defending the project itself -- I think it's a mess of AIisms of negligible value -- but please at least condemn it w.r.t. what is actually wrong and not 'on vibes'.

edit: the reference is https://arxiv.org/pdf/2512.18901

they are randomly sampling two sets of refusal/nonrefusal activation vectors, stacking them, and taking the elementwise difference between these two matrices. Then they use SVD to get the k top principal components. These are the directions they zero out.

Seems to me that the top principal component should be roughly equivalent to the difference-of-means vector, but wouldn’t the other PCs just capture the variance among the distributions of points sampled? I don’t understand why that’s desirable

Taking the top principal component pattern matches as 'more surgical / targeted' so the LLM staples it on (consider prompts like: make this method stop degrading model performance). It ignores that _what_ is being targeted is as or more important than that 'something' is being targeted. But that's LLMs for you.

(in case it isn't immediately obvious, that paper is AI written too)

This is not the government saying they're going with a different vendor, it's the government saying everyone has to choose to either have federal contracts or Claude, they can't have both.

The difference with Anthropic is it's open and above board instead of the customer telling a company "You can't sub with those guys or you won't get the contract."

The impact of this is far more than just DoD procurement, which is already enormous.

Also I'm not sure how to interpret your criteria because timing matters, I don't think saying 'it gets revealed in the end' is very meaningful.

Anyway, on Polymarket specifically, sure, military strikes are a common one. Seems like a useful signal to go hide in the basement. Outside Polymarket, there were insider trades in 2008 that I'm sure were useful.

https://gizmodo.com/checking-in-on-polymarket-bets-on-christ...

You just have to rely on screenshots that may or may not have been fabricated, and maybe nobody's even captured a screenshot. If it's a public figure you normally trust, versus some random people's screenshots, of course you're gonna dismiss the screenshots as fake. It feels almost intentional to bring the platform into the dark ages.

2. Already collecting a lot of data is not a reason to collect even more sensitive data. Plenty of people use Discord differently than you do. Anonymously participating in projects that use Discord and never saying anything personal over it, for example. This would possibly remove the ability to do so, for example if Discord's secretive AI decided that an LGBTQ+ project's Discord should be age restricted, and you would be forced to submit enough information to be fully identified and deanonymized, and now some foreign government could build a database that includes your full identity and your affiliation to such project

The local residents, if not the public at large, should have a right to know. If not, then it should go both ways and grocery stores shouldn't be allowed to use tracking because my personal enemies might discern something from the milk brand I'm buying

This is the enabler of pure NIMBYism and we have to stop thinking this way. If a place wants this kind of land use and not that kind, then they need to write that down in a statute so everyone knows the rules. Making it all discretionary based on vibes is why Americans can't build anything.

> Wisconsin has now joined several states with legislative proposals to make the process more transparent.

But it is a reactive measure. It has taken years for the impacts of these data centers to trickle down enough for citizens to understand what they are losing in the deal. Partially because so many of the deals were done under cover of NDAs. If anything, this gives NIMBYs more assurance that they are right to be skeptical of any development. The way these companies act will only increase NIMBYism.

> Making it all discretionary based on vibes is why Americans can't build anything.

Trusting large corporations to provide a full and accurate analysis of downside risks is also damaging.

Ironically this is a recipe for how you get nothing built. Zoning laws are much more potent than people showing up at city council meetings.

It's good and proper for the government to consider the impacts on a local community before approving a big construction project. That process will need to involve some amount of open community consultation, and reasonable minds can differ on when and how that needs to start. The article describes a concrete proposal at the end, where NDAs would be allowed for the due diligence phase but not once the formal approval process begins; that seems fine.

It's not good and improper for the government to selectively withhold approval for politically disfavored industries, or to host a "bidding war" where anyone seeking approvals must out-bribe their competitors.

Yes some people see the datacenters as part of an ethical issue. I agree its not proper for permits to be withheld on purely ethical grounds, laws should be passed instead. But there are a lot of side-effects to having a datacenter near your property that are entirely concrete issues.

Also, we don't live in a world adjudicated by machines, there will always be discretion and the potential for special favors. No matter how much you tie the hands of regulators there will be some actor who will have the power to extort. Not to mention that regulation is not opposed to due process and the rule of law, but is the most important component of both.

Imagining a world without discretion is imagining a world where corporations can do as much irreparable harm as they want as long as there isn't a law against it.

There's a reason for that: they compete for resources but contribute relatively little back to the local economy. In that sense they're quite different from previous large corporate investments in a local area.

If anything these should be examples on the failure of how these resources are being sold and good opportunity to build a better system.

Unless the residents have a strong enough chance to veto, they’re just speaking into the void as far as the company is concerned.

It’s usually an indirect vote with your voice. To be frank, people don’t have that much of a role in what business gets built if it aligns with the states economic goals and zoning is not being critically changed.

I think the bigger discussion is if resources are going to be constrained can we make sure the use is being properly charged for resource buildout. It’s the same problem with building sports arenas or sweetheart tax deals for manufacturing plants, they often don’t pan out.

But this is, in theory, why we have laws: to fight power imbalances, and money is of course power.

Tough for me to be optimistic about law and order right now though, especially when it comes to the president’s biggest donors and the vice president’s handlers.

Point kind of proven, yeah? One more argument for the “return to the gilded age” debates.

Edit: you’re speaking kind of authoritatively on the subject though. Care to share some figures? The AI bubble is definitely measured in trillions in 2026 USD. Was the railroad buildout trillions of dollars?

By 1900 the united states had 215 thousand miles of railroads https://www.loc.gov/classroom-materials/united-states-histor...

Depend on you value land mileage and work this could easily be north of 1T modern dollars.

But railroads kind of fail with this because you might have a landowner who prices the edge of their parcel at $1,000,000,000,000 because they know you need that exact piece of land for your railroad, and if the railroad is super long you might run into 10 of these maniacs.

Meanwhile the vast majority of your line might be worth less than any adjacent farmland, square foot by square foot, especially if it’s rocky or unstable etc.

Having a continuous line of land for many miles also has its own intrinsic value, much more than owning any particular segment (especially as it allows you to build a railroad hah).

Anyway, suffice to say, I don’t think “land value underneath railroads from the 18th century” is something that’s easily estimated.

> AI infrastructure has risen by $400 billion since 2022. A notable chunk of this spending has been focused on information processing equipment, which spiked at a 39% annualized rate in the first half of 2025. Harvard economist Jason Furman commented that investment in information processing equipment & software is equivalent to only 4% of US GDP, but was responsible for 92% of GDP growth in the first half of 2025. If you exclude these categories, the US economy grew at only a 0.1% annual rate in the first half.

https://www.cadtm.org/The-AI-bubble-and-the-US-economy?utm_s...

In the US neither of those are generally made public per se. They are made public when the thing actually passes testing or certification.

https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal