Difference between revisions of "AI in the Browser"
(→Cycle Stealing) |
(→User Profiling) |
||
Line 10: | Line 10: | ||
===User Profiling=== | ===User Profiling=== | ||
− | The web site will be able to ask the AI loaded on the user's device for a UI would would match what the user would see has the local AI is used in that personal user device. | + | The web site will be able to ask the AI loaded on the user's device for a UI would would match what the user would see has the local AI is used in that personal user device. Trying different responses to the same user (via the local AI agent) would give the website information about the user's preferences and behavior. Clearly this is a way to avoid asking the user to share information by trying to extract in from the user's AI without the user's permission or knowledge. |
===Prompt Injection=== | ===Prompt Injection=== |
Revision as of 08:06, 21 September 2024
Contents
Full Title
AI is getting added to everything, including the Web Browser, which will have some severe unanticipated downside for the user.
Author: Tom Jones 2024-09-21
Context
Google has been trying to make web apps, that are downloaded from web sites, as attractive and useful as native apps, that are downloaded from the app store. Now that AI is getting added to
Problems
User Profiling
The web site will be able to ask the AI loaded on the user's device for a UI would would match what the user would see has the local AI is used in that personal user device. Trying different responses to the same user (via the local AI agent) would give the website information about the user's preferences and behavior. Clearly this is a way to avoid asking the user to share information by trying to extract in from the user's AI without the user's permission or knowledge.
Prompt Injection
Mixing data and control over a single channel is akin to cross-site scripting. The use of data input to the AI to modified future behavior of the AI creates such a mixture of data and control that is proposed to be fully accessible to any attacker's web site via JavaScript.
Cycle Stealing
Optimization of web sites has long included pushing more of the web site code into JavaScript which runs on the browser both to make the site more responsive as well as to reduce the compute load on the server. For the point of view of the web server, cycles on the browser are free compute resources. It would even possible now for the web site to try several different user prompts on the local AI to see what the user would see if they asked their local AI about the display on the browser. This kind of feedback could be sent to the web site enabling it to learn from any and all of their user's what text is best. Allowing the web site's user to help the web site optimize their content at the user's expense.