Privacy

32654 readers

469 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Running local LLMs for privacy as an alternative to ChatGPT, MS Copilot etc.? (www.youtube.com)

submitted 2 days ago by [email protected] to c/[email protected]

47 comments fedilink hide all child comments

What are your thoughts on #privacy and #itsecurity regarding the #LocalLLMs you use? They seem to be an alternative to ChatGPT, MS Copilot etc. which basically are creepy privacy black boxes. How can you be sure that local LLMs do not A) "phone home" or B) create a profile on you, C) that their analysis is restricted to the scope of your terminal? As far as I can see #ollama and #lmstudio do not provide privacy statements.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 15 hours ago

you can, you just need to use the built-in tooling to build a self-contained application like a zipapp. if package maintainers did that it would break less. but they don't, and the problem there is how big the packaging tooling is.

like, imagine trying to install a js-based program the same way as you describe, pulling each dependency from apt. it would break immediately.

also, none of those listed ones used the package index as the vector. solarwind had their own infrastructure compromised, colorama was a typosquatting attack, jarkastealer was malicious from the word go. the list goes on, none of these are packaging system failures.

he problem npm has had for ages is that people are taking over legitimate packages and adding malicious code into them downstream from development using npm, and that the js ecosystem favours many small dependencies which makes the attack surface huge.

now, if all of those you listed was due to revival hijacking it would be pypi's problem, but that only works if the original dev removes their package. as it is, all of it is upstream of pypi. it's bad opsec by the devs.