> I’m a US citizen and absolutely will not be uploading additional information just to use a company’s models.
I can't speak to your specific use of Anthropic's models, but I find it interesting that people will identify themselves (to set up and pay for an account) and provide all sorts of personal (and often sensitive if not confidential) information to these models on a daily basis, but balk at a 5-minute identity verification.
It’s not the five minutes that I balk at, it’s entrusting a third party with all they need to steal my identity. But of course, they’ll never get hacked…
It's not like Anthropic is the only company in the world that would have the basic details contained on a driver's license or passport. Odds are all of the PII required for someone to steal your identity is already in criminal hands.
The National Public Data breach alone exposed the social security numbers of potentially upwards of 100 million Americans. Numerous companies have literally "all" of your personal data and you never did business with them/gave it to them directly.
It's not right but the identity theft cat is out of the bag, which is why precautions like credit freezes, are recommended for all Americans.
But they have all other data as well and this concentration is dangerous.
And to me, it's specifically that that third party is Peter Thiel. Not the guy I want to trust with my data.
How can someone steal your identity? What does that even mean?
It is a legal fiction invented by corporations to pass the blame onto you when criminals convinces the companies to give them money in your name.
Where possible, I believe it's our duty to educate those who know or care little about how their devices work. Unfortunately stats aren't persuasive for my family, but they might be for some as a starting point.
https://bjs.ojp.gov/library/publications/victims-identity-th...
Victims of Identity Theft, 2021
October 2023, NCJ 306474
https://bjs.ojp.gov/document/vit21.pdf
These links claim that identities are stolen, but do not explain how.
What happens to the victims, who are now presumably left unidentifiable? How are they tracked if they can’t be identified? Do their families recognise them? How does that work if they were married, had children or something? Does the identity thief just take over their whole life?
As far as I know, “identity theft” is a boogeyman invented by the banks. Traditionally, when someone would go to a bank and get a loan by pretending to be another person, we just called it “fraud”.
The banks realised that it would be nice to get you to feel some responsibility when they get defrauded, so after a bunch of focus grouping they came up with this new term to imply that you are somehow also a victim when the bank gets defrauded by someone else.
I would maybe reframe it as fraud being a natural downstream effect of identity theft. I don't need to steal anyone's identity to forge a check but that's also categorized as fraud.
Identity theft also paints a clearer picture of what is required to remedy the situation. If your details have been pwnd hard enough, you might need to get new government documents entirely in order to protect yourself long term.
If a contractor takes my money to install a pool and then disappears, I don't need to reset my entire financial identity. I think it's worth having a separate idea to describe the situation as a whole and not just the specific vector in which a crime might have been committed.
> Identity theft also paints a clearer picture of what is required to remedy the situation. If your details have been pwnd hard enough, you might need to get new government documents entirely in order to protect yourself long term
Okay, but in the US (for example) you simply can’t do that, and your details are already available to everyone for a dollar or two.
I’ll concede that “identity theft” could conceivably have a reasonable meaning in the context of e.g. Estonian digital identities where you could in a sense steal someone’s private key.
It is because you think the contention is about being identifiable, while that is hardly the case.
Most people understand or at least accept that in order to facilitate payments and a company to follow various laws that are generally understood as "good for all" (like AML and tax avoidance), but require ID to access is not the same.
It is identical to accepting to paying for National Parks car pass or camp ground fees but protesting access fees. Not the same thing.
It is just the standard performative outrage over and over. The same person will be uploading their ID a few days after it is introduced.
So many people have internalized an anonymous audience that they are performing to in terms of what they think the anonymous audience wants to hear that they can't tell what is their own actual thoughts and motivations.
That is why the motivation changes two weeks later and the ID gets uploaded.
Some of us hold grudges on account of performative outrage. Ubisoft made invasive DRM the norm in gaming ~20 years ago. While other companies now do the same thing, I'm still boycotting. Fuck'em.
I'd say before Ubisoft, Valve was the one to really spearhead DRM by introducing online verification to play Half-Life 2. Before HL2, it was almost unthinkable for a game to require Internet access to be played and most copy protection relied on serial numbers and/or presence of the original game CD. HL2 was high profile enough to make people accept the restriction.
Well, if all the data people uploaded to these models provided ironclad personal identification, would Anthropic need to have these identity verification processes? They could have directed Claude to disconnect all non-citizens when the order came, for example. Perhaps they don't to frighten people with that ability. But most likely all the inputs together only add to a rough identity hash.
> Well, if all the data people uploaded to these models provided ironclad personal identification, would Anthropic need to have these identity verification processes?
> But most likely all the inputs together only add to a rough identity hash.
You literally provide your name, email address, address and credit card number when you create an account and subscribe.
The identity verification they're doing is for legal purposes. Even if they have a way to take your name and IP address and figure out who you are with near-absolute certainty (including through the use of third-party databases), they're doing this so they have a legally-defensible process by which identities were established.
> You literally provide your name...
Not if you are using through your employer.
> they're doing for legal purposes
The USA is becoming a Banana Repulic. Having grown up in one, you end up learning that "the law" is never meant to be used for the benefit of the people but only to give the veneer of legitimacy for the authoritarian abuse by those in power.
“To my friends, anything; to my enemies, the law”: https://www.undp.org/latin-america/blog/graph-for-thought/%E...
Differential application of the law has been a part of American society for a very long time. I suppose you could argue that it's more brazen and accepted (or even celebrated in some cases) these days, but that could also be a function of people just being more willing to see it because America's reputation/standing in the world is in decline.
Right, but do you agree then this explains why people are not willing to give their identity details to a company, even if the company is able to deduct/obtain these details through other means if it wanted?
No. I really don't see the connection in this instance.
Many companies are required by law to verify the identities of their customers (for money laundering, sanctions compliance, etc.) and to do so in a certain way they can document.
Thinking that the US is a Banana Republic in which laws are applied differentially doesn't inherently mean that every rule that requires you to go through a process you don't like is unfair/unjust.
It's not a matter of being "unfair", it's a matter of people not trusting the institutions.
And? Yes, people have good reason to not trust institutions these days. But does not trusting institutions mean that you no longer have to comply with the rules, or that every rule is not based on a legitimate concern?
> not trusting institutions mean that you no longer have to comply with the rules
Not if you can avoid it, no.
> every rule is not based on a legitimate concern?
This particular rule is not based on a legitimate concern.
> You literally provide your name, email address, address and credit card number when you create an account and subscribe.
I don't recall Anthropic's payment systems, but I use Paypal wherever supported. I don't think Paypal sends my address, but am not sure. I'm pretty sure they don't send the CC information.
And often, not even the name (e.g. have often had people use my CC to buy stuff (with my permission)).
Also, I still routinely buy stuff from one service that thinks I'm in a state I haven't lived in for over 20 years, because that's the address I provided back then.
So no, generally, sending your payment info doesn't equate to sending them my address.
PayPal sends everything you listed to the merchant except for CC number.