1) This will be a new source of fingerprinting information and this is difficult to fake to fool fingerprinting scripts, so it can be abused for "device verification". There should be no ability to "verify" a browser, and anyone should be able to emulate any browser. This is the most important point, I thought Google people are smart enough to see it.
2) LLMs use lot of memory and CPU time, for many users they would slow down their system significantly, and given current RAM prices, upgrades are very expensive. If the website relies on local model, it would work slow on cheap devices.
3) The API seems to be tailored for specific LLM like OpenAI.
4) This can be used to push competitors who do not have an AI model from the browser market - the sites would break because they will be made with expectation of having Google Gemini model and would not work with other models. For example, the sites would break in national browsers not having an AI model. There should be no "first-class" and "second-class" browsers.
The explainer claims that this would allow the user to process the data locally without sending it anywhere. But why does Google Gemini local model have "Prohobited Use Policy" then? Why should they bother about prompts and responses they never learn about?
While offline LLM access seems like a good idea, the website could use WebGPU for this without building LLM into the browser (or they could improve WebGPU for better handling ML models). Or everyone should use the same, open source, LLM.
> This is the most important point, I thought Google people are smart enough to see it.
Google just points towards the money like other bacterium and beats its flagella until it gets there. I don't know why or how anyone would EVER think Google is going to do something good for the web or humanity.
>I don't know why or how anyone would EVER think Google is going to do something good for the web or humanity.
i dislike google as much as the next guy, but sometimes it can be good to remember that actual humans work at google. some of them want to improve things for people. some of them even have a conscience.
one immediate "good" that comes to mind, from google, is the project zero team.
It doesn’t really matter what the people working there want. It matters what the higher ups say, as they control the cash flow and consequently where resources are spent.
And, surprise surprise, the higher ups are generally the ones fucking things up because they also need to see those numbers and lines go up, regardless of actual impact on people’s lives.
So yeah, there surely are good people working for Google, but Google itself is not a person nor is it a “good” company. It is evil, end of. And, unfortunately, when you work for Satan, you don’t get to go around doing charity work.
So is it reasonable and helpful to see the same comments over and over again any time Google/Microsoft/OpenAI/Meta is mentioned in a comment - "X is bad, money drives all their decisions, they are anti-user, etc. etc." or should we actually expect to see relevant comments discussing the topic at hand?
It's inane and annoying to have to wade through the same, predictable, might-as-well-be-copy-and-paste comments on every post.
What do you have to say about the Prompt API specifically?
This same point should have been made to the grandparent as well... claiming some good people are working inside the system at a bad company is also a tired trope.
Sure actual humans work at Google. These actual humans are actively choosing to continue doing a job that makes the web worse. I don't see how "but they're human!" means automatic forgiveness of their actions.
>I don't see how "but they're human!" means automatic forgiveness of their actions.
it doesnt, if the actions are bad.
but if your blind hatred makes you think that google will not "EVER" produce something of value to the web or humanity, then you are just being obtuse.
i have already provided one example of something good that is directly attributable to google. there are several more examples, i am sure.
I'm not the other guy you think I am. I didn't say that. But congrats on finding the one teensy tiny good thing Google has done. I'm sure that exonerates the other 99%. I mean, it's not like they scrapped "don't be evil" as a guiding principle or anything. Oh wait...
Maybe it's also helpful to point out that all evil is done by actual humans, and that google will actually fire humans who don't do what google wants them to do.
google can (and has) done good things for the web and humanity. there are people working there that actively try to do things that are a net positive to society.
they do a lot of shit, too. and i have no qualms with calling that out. but categorical statements of google being incapable of anything good, at all, ever, are not well thought out positions. only people who have let their hatred blind them to reality would believe that in earnest.
comparing google to auschwitz is ridiculously insulting and insensitive to the families who suffered there.
Double edged sword. They have & they've have not. They've fueling technology for war, yet they've enabled us to communicate further and wider than before. The "don't be evil" & "good things" end up tainted; or thrown to the graveyard. You can't apply those morals to a corporation like Google.
Anything that had an positive effect to the internet ended up in the graveyard years ago. Maybe in the early years, yes they expanded the capabilities of the internet, but in recent years? nah. It's all about the money.
I think the issue might be that some people don’t actually mean “every” when they say “every”, and don’t recognize when they are speaking hyperbolically?
> the example in my first comment, project zero, is still active today.
So? Many smaller players actually contribute more.
It's not about a single contribution but about what is better - a lot of power in the hands of a large corp which can afford to obstruct with impunity and do the opposite of "do no evil" versus several smaller players who have to actually compete and are concerned about their image.
>So? Many smaller players actually contribute more.
the claim was that no one should expect google to do anything good for the web or humanity "EVER". the existence of even one good thing is to refute that point.
but your sibling comment is probably correct. people say "EVER" but dont mean it literally, or something. its very confusing to me.
The sheer amount of OSS projects that have come out of Google would suggest otherwise...
Stuff like Go, Bazel, Ninja, V8, Dart, MLIR, Tensorflow, Chromium, Android, and countless others I can't remember off the top, plus their contributions to Linux, LLVM, Python, and so on... I can't think of any company that has given as much sheer volume of open source code as Google.
On the fingerprinting concerns: I have to imagine there will be an option in Chrome (certainly in Firefox) to "never download an LLM, turn off all LLM functionality". I suppose I can see an angle where a website could issue a small LLM request to try and fingerprint the model itself, which is another fingerprinting parameter. But as long as it can be turned off I don't see why this is a problem.
There's a broader class of concern here that reduces to the form: "The web platform should not be able to do this." For people who believe this, I think they'll invent any reason they can to push this narrative. E.g.: Well, sure, the user could turn it off, but then websites would say 'your browser isn't supported because it has no LLM' and now the web just got worse for me because I wanted to turn off LLMs.
But this reduces to "the web platform should not be able to do this" because at the end of the day it was the website operator's decision to turn off their website if an LLM is unavailable. Its not really the platform's fault, or the fault of its maintainers, that they built this capability and JP Morgan or whoever decided to screw over people who don't want to enable this feature. Similar to turning off Firefox support even though it would work fine, because they can't be assed to test their site in Firefox.
I don't know how to counter that take tbh. The web is the world's most successful application platform. It is not competing with PDF; it competes with SwiftUI. Of the options presented in front of you, you are hallucinating an option that reads like "we'll just keep the web nice and static and the way it is and nothing will ever change about it, the web is done". In reality your two options are: "We adapt the web to the evolving needs of its users" or "The web fails to serve the evolving needs of its users, and SwiftUI or WinUI steps in to fill that gap". This second option is far worse!
Fingerprinting concerns here are really overblown. At least in Chrome's implementation, the model version / responses will give you ~2 bits over the browser major version: whether the machine can support the model, and whether the model is downloaded yet or not. (Really <2 bits, since these ratios aren't 50/50 in the population.)
> There should be no ability to "verify" a browser, and anyone should be able to emulate any browser.
Hard disagree. The AI industry has absolutely shredded the various anti-scraping and anti-botting social contracts that were in place prior to the covid pandemic. Like it's now common knowledge that robots.txt isn't a hard requirement and can be avoided entirely, for example. They have absolutely turned the open web into a dark forest.
Having a browser session able to be verified as untampered and/or "trusted" is probably going to be a thing going forward. Sucks a ton, but we all did this to ourselves.
> it's now common knowledge that robots.txt isn't a hard requirement and can be avoided entirely, for example
Was it ever not? It's a text file, not law.
> They have absolutely turned the open web into a dark forest.
Only if you have an ideological problem with people you don't like using the things you publish on the open web.
I'd say the web can be very open even without being copyleft. It makes some business models non-viable, but it doesn't prevent anyone from publishing what they want.
On the other hand, I don't think I would call something that preserves copyright at the cost of only admitting "approved/certified non-LLM scrapers" via attestation or similar "the open web".
> Having a browser session able to be verified as untampered and/or "trusted" is probably going to be a thing going forward. Sucks a ton, but we all did this to ourselves.
Protocols like HTTP or formats like HTML were initially made to be machine-readable. You humans make your site machine-readable, publish on the internet and then get unhappy when machines start actually reading it.
Anyway, just put a captcha or require a cryptocurrency payment if you are unhappy with bots, but several people unhappy about scraping are less important than billion people unhappy about tracking their activity.
You're looking at that pre-covid time with rose tinted glasses. Half the reason sites like reddit or twitter offered free/open APIs was to ensure that the bots were being as efficient as possible rather than hammering the sites (The other half was altruistic but that good will is a very small line item to an MBA). Scrappers got so much better at just going to what's presented to humans because these kinds of APIs are no longer common so they had to. So now the lazy option is to no longer check if a site offers an API, rather than to check if it did and save time / not worry about maintenance by coding for an API.
we already live in that world, Google and Apple cooperates with vendors like Cloudflare to make, essentially, the PAT / WEI implementation that they wanted.
1) This will be a new source of fingerprinting information and this is difficult to fake to fool fingerprinting scripts, so it can be abused for "device verification". There should be no ability to "verify" a browser, and anyone should be able to emulate any browser. This is the most important point, I thought Google people are smart enough to see it.
2) LLMs use lot of memory and CPU time, for many users they would slow down their system significantly, and given current RAM prices, upgrades are very expensive. If the website relies on local model, it would work slow on cheap devices.
3) The API seems to be tailored for specific LLM like OpenAI.
4) This can be used to push competitors who do not have an AI model from the browser market - the sites would break because they will be made with expectation of having Google Gemini model and would not work with other models. For example, the sites would break in national browsers not having an AI model. There should be no "first-class" and "second-class" browsers.
The explainer claims that this would allow the user to process the data locally without sending it anywhere. But why does Google Gemini local model have "Prohobited Use Policy" then? Why should they bother about prompts and responses they never learn about?
While offline LLM access seems like a good idea, the website could use WebGPU for this without building LLM into the browser (or they could improve WebGPU for better handling ML models). Or everyone should use the same, open source, LLM.