undefined | Better HN

0 pointsyunwal2y ago0 comments

Unless you design the LLM yourself and purposefully watermark the output. https://arxiv.org/pdf/2306.04634.pdf

0 comments

That's a digital signature, same as sending an email with GPG to prove you sent it. You wouldn't say that because some people use GPG you can somehow detect who wrote every email on earth, it's a push model vs pull. This is why I wrote "any sentence" vs "some sentences".

dns_snek2y ago

Watermarking is not at all like a digital signature and a lot like steganography. I only have a surface level understanding of the process, but it works by biasing token selection to encode information into the resulting text in a way that's resistant to later modifications and rephrasing.

I have my doubts about the effectiveness of this method and realistically, it won't make any difference because the bad actors will just use an LLM that doesn't snitch on them, so you're technically correct.

vasco2y ago

The only way to make that stenography robust is to have the encoded message be generated with some secret key that can be verified. Otherwise anyone could manually fake the stenography into human typed messages assisted by some encoder and you'd have no way of telling if it was really typed by an LLM. That line of thinking is what makes it have to be like a signature to work like you said for "any sentence". I also think these methods only work above certain character limits. Short messages are impossible to tell.

1 more reply

FergusArgyll2y ago

you can always ask it to include a '!' after every word and then sed it away. Poof, there goes your watermark

j / k navigate · click thread line to collapse

0 comments

vasco2y ago

dns_snek2y ago

vasco2y ago

1 more reply

FergusArgyll2y ago

you can always ask it to include a '!' after every word and then sed it away. Poof, there goes your watermark

j / k navigate · click thread line to collapse