- >For example, our systems sometimes failed to flag violating content when the user asked Claude to translate from one language to another. Clio, however, spotted these conversations.
Why do they even consider translation of existing content "harmful", policy-wise? The content already exists. No machine translator I know would refuse translating something based on the content. That makes their language models unpredictable in one of their major use cases.
- I don't think I would describe a system in which a human ends up looking at your conversation if the algorithm thinks you're suspicious as "privacy-preserving". What is the non-privacy-preserving version of this system? A human browsing through every conversation?
- I find this sort of thing cloying because all it does is show me they keep copies of my chats and access them at will.
I hate playing that card. I worked at Google, and for the first couple years, I was very earnest. Someone smart here pointed out to me, sure, maybe everything is behind 3 locks and keys and encrypted and audit logged, but what about the next guys?
Sort of stuck with me. I can't find a reason I'd ever build anything that did this, if only to make the world marginally easier to live in.
- I wrote up some notes (including interesting snippets of the video transcript) here: https://simonwillison.net/2024/Dec/12/clio/
- There’s absolutely nothing privacy preserving about their system and adding additional ways to extract and process user data doesn’t call for any additional privacy, it weakens it further.
Until they start using nvidia confidential compute and doing end to end encryption from the client to the GPU like we are, it’s just a larp. Sorry, a few words in a privacy policy don’t cut it.
- Of course this doesn't need to be used on "AI use" as they frame it. So far, your activity was a line in the logs somewhere, now someone is actually looking at you with three eyes, at all times.
- A lot of negativity in these comments. I find this analysis of claude.ai use cases helpful — many people, myself included, are trying to figure out what real people find LLMs useful for, and now we know a little more about that.
Coding use cases making up 23.8% of usage indicates that we're still quite early on the adoption curve. I wonder if ChatGPT's numbers also skew this heavily towards devs, who make up only ~2.5% of the [American] workforce.
- While the highest catergoies are vague (web development vs cloud development) the specific clusters shown in the language specific examples expose a nation specific collectiev activity. While anonimized its stil exposing a lot of this collection of privat chats.
Good that the tell, but they did it before telling. I really hope they delete the detailed chats afterwards. They should and probably wont delete the first layer of aggregation.
- Footnote on website is quite confusing > For safety investigations, we also run Clio on a subset of first-party API traffic, keeping results restricted to authorized staff. Certain accounts are excluded from analysis, including trusted organizations with zero retention agreements. For more information about our policies, see Appendix F in the research paper.
They clarify API's excluded > "Because we focus on studying patterns in individual usage, the results shared in this paper exclude activity from business customers (i.e. Team, Enterprise, and all API customers)."
- I was surprised to see "Business Strategy and Operations" as #6, at 5.7%. Part of me finds it somewhat concerning; but then again, I'm using Claude for that purpose myself, and found it pretty helpful, so...
- "Xenon Deficiency Syndrome", mentioned in one of the examples on talking about medical conditions.
I knew it just had to be a made up thing for demonstration purposes but still I had to google that, haha... on the off chance there is some weird biological use for trace amounts of xenon.
- Seems like this might infringe the trademark belonging to the legal tech company Clio.
- In case you were wondering, Anthropic does in fact have a reply to the inevitable Hacker News comments:
> Risk: Despite our privacy mitigations, the existence of a system like Clio might be perceived as invasive by some users. This perception could lead to an erosion of trust in AI assistants.
> Mitigation Strategy: First, we plan to be radically transparent about Clio’s purpose, capabilities, and limitations to the public through this report, rather than building and not disclosing the system. For example, Clio is a tool that can be used to make systems safer, as well as a tool that can be used to gain insights that can be used to gain a better understanding of and improve the product. We are also transparent about how we designed Clio with important privacy protection features that safeguard user data and privacy. Second, beyond these use cases, we are committed to turning Clio’s insights into a public good—for example, we released information about our most common use cases in Figure 6 because we believe it is in the best interest of society to know how AI systems are being used in the world, despite the fact that this information could be commercially harmful for Anthropic to publish from a competitive intelligence standpoint. We plan to share further insights from Clio in the future, and hope these disclosures contribute to an emerging culture of empirical transparency in the field that can inform broader AI safety and governance efforts. Finally, we plan to actively engage with user communities, addressing concerns and incorporating feedback into our development process—for example, during our work on Clio we met with a number of civil society organizations to gather feedback on our approach and made adjustments in response to their comments.
Unfortunately the feedback they gathered is not included in the paper.