undefined | Better HN

0 pointsrovr1381y ago0 comments

Not a false dichotomy. I'm just calling out the rhetorical gymnastics.

You said you "don’t trust the big corporation" even if they go through independent audits and legal contracts. That’s skepticism. Now, you wave it off as if the audit itself is meaningless because a company did it. What would be valid then? A random Twitter thread? A hacker zine?

You can be skeptical but you can't reject every form of verification. SOC 2 isn’t a pinky promise. It’s a compliance framework. This is especially required and needed when your clients are enterprise, legal, and government entities who will absolutely sue your ass off if something comes to light.

So sure, keep your guard up. Just don’t pretend it’s irrational for other people to see a difference between "totally unchecked" and "audited under liability".

If your position is "no trust unless I control the hardware," that’s fine. Go selfhost, roll your own LLM, and use that in your air-gapped world.

0 comments

namaria1y ago

If anyone performing "rhetorical gymnastics" here is you. I've explained my position in very straightforward words.

I have worked with big audit. I have an informed opinion on what I find trustworthy in that domain.

This ain't it. There's no need to pretend I have said anything other than "personal data is not safe in the hand of corporations that profit from personal data".

I don't feel compelled to respond any further to fallacies and attacks.

rovr138OP1y ago

You’re not the only one that’s worked with audits.

I get I won’t get a reply, and that’s fine. But let’s be clear,

> I've explained my position in very straightforward words.

You never explained what would be enough proof which is how this all started. Your original post had,

> Do you just completely trust them to comply with self imposed rules when there is no way to verify, let alone enforce compliance?

And no. Someone mentioned they go through SOC 2 audits. You then shifted the questioning to the organization doing the audit itself.

You now said

> I have an informed opinion on what I find trustworthy in that domain.

Which again, you failed to expand on.

So you see, you just keep shifting the blame without explaining anything. Your argument boils down to, ‘you’re wrong because I’m right’. I also don’t have any idea who you are to say, this person has the credentials, I should shut up.

So, all I see is the goal post being moved, no information given, and, again, your argument is ‘you’re wrong because I’m right’.

I’m out too. Good luck.

j / k navigate · click thread line to collapse