You’re paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.
Claude:
- Six parallel telemetry pipelines.
- A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
- Intercom running a persistent WebSocket whether you use it or not.
- Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.
ChatGPT:
- proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
- uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn’t enough.
- Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
- Also runs a proof-of-work challenge before you’re allowed to type anything.
Gemini:
- play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you’ve ever done across every Google product since 2004.
- Also creates a Web App Activity record in your Google account timeline. Also has “ads” in one of the telemetry endpoint subdomains.
When uBlock blocks Gemini’s requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.
KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.
Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.
All three of these products cost money.
One of them is also running ad infrastructure.
Touch grass. Install @ublockorigin
| You’re paying AI companies a monthly subscription fee to be fingerprinted like a parolee.
No, I’m not.
Crazy about ChatGPT or then again maybe not.
It’s like a race to see which company can become the most insidious.
Eat the rich asap obvsly, the Epstein class is completely out of control.
@k3ym0@infosec.exchange @ublockorigin@lemmy.ml are you able to test out the ecosia ai? i haven’t purposely used it yet.
@k3ym0 @ublockorigin Thanks for your analysis, good stuff. Confirms my suspicion that GenAI LLM are a kind of AdTech Surveillance Capitalism on steroids, draining way more data from the victim than ‘traditional’ TechBro corporate eavesdropping.
I suggest to establish digital self defence:
-
Use common sense and avoid bullshit products based on stolen data (GenAI LLMs use HUGE amounts of energy and water for … what?). Practice good thinking and figure what you can do on your own, with your brain, and without an electric parrot crutch.
-
Harden your browser > uBlock Origin, and get to protect your network on DNS level > e. g., with Pi-hole. There, add AI blocklists.
-
Get independent, and off TechBro ripoff services and subscription products. Reclaim your digital freedom.
-
@k3ym0 @ublockorigin
I don’t understand all of that but it sounds worse than what Snowden told us!@k3ym0 Now you will tell me but it stay’s slop while I kept proving that it is not the case and that you can learn it if you took the trouble and time to read the official docs of those open source models.
You can do or make your own RAG system as making your own checker that no API can do for those that pay.
I oppose the fact that they push it ( Big tech Corp’s ) to even GitHub and so many things where the consumer has no choice ( as some mobile phones ) or the search engines AI likes or the ones you use in fact and pay for it that really scrape the web aggressively for the cash.
But do not tell me that all AI is what you seem to use.All telemetry and websocket etc issues are a no brainer as solution to run it on local host no internet needed.
Wishing you a good day@k3ym0 I pay them 0 $ but I use those my RAM permit, what about that?
Here the saying is adverse you see?
“If you don’t pay a product, you are the subject” from Kevin M ( may he rest in peace ) do not count for me and many many others that opened their mind to it as one day you’ll have to compete, or troubleshoot your network problem offline etc etc while I use the product and them not me.YOu appear to be quite versed in privacy and security regarding AI’s. Which AI is ‘safe’ to use?
If you can’t run it locally Duck Ai and Lumo (proton) are probably the safest bet.
Knowing that duck ai still sends your prompts to OpenAi or other AI services through API but anomalously.
Otherwise you could set up an Ai service on a trusted cloud provider and run api request to it. I unfortunately don’t know which would be good for privacy.
The safest would be to run it yourself, though if you don’t have some pretty beefy hardware and some time to set things up you won’t be able to get very close to the performance of any of the big-name hosted AIs on more complex things, but it might be enough for simpler stuff.
Grab LM Studio (or llama.cpp if you’re comfy with a CLI) and some models off of Huggingface if you wanna give local AI a spin.
@finallymadeanaccount i am indeed very passionate about data privacy :)
this is less about which AI is “safe to use,” and more about the fact that these AI websites track us in the exact same way 99% of the internet does.
whether or not that is “safe” for you depends entirely on your personal identity. these third parties that collect and aggregate data on you can sell that data to anyone - including government institutions. The US CBP (Border Patrol) has notoriously used this method of data collection to track peoples’ movements
(shout-out to @josephcox and @404mediaco for the incredible reporting - i <3 you)
regardless of whether or not it is dangerous for someone, I personally don’t believe it is ethical to abuse peoples’ privacy like this.
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
-- Edward Snoden
I only use the free models on offer by duck.ai, and do it sparingly and in a self-contained manner. I decided that if those models are not enough for a problem, then I would probably be better off seeking a source with real authority and intelligence. They can track my anonymous private (network and browser) sessions all they want 😎, if they wish to.
(And that annoying non-cross-poster can go fuck itself. I’m deliberately posting this here because of it. So, mission accomplished!)
