> how can an ongoing dialogue be past tense?
Easy: it can be considered past tense in case "ongoing dialogue" is a corporatespeak for "f..k you". Which I believe is the case here. But that's an opinion.
> Know Your Customer [..] I don't see any issues with that
This might be the case if you're coming from a standpoint I have mentioned: the American one. This is a world view where everybody have physical paper documents proving residence, every labour effort is arranged in a very specific legal framework, every person have an address in a specific format, every person has one of just a few types of ID documents, etc, etc.
Problem is, the world have vast, vast differences in all of the mentioned areas and KYC companies couldn't care less because they are a business and they make money by KYCing as much people as possible for as little spend as possible. Thus they simply ignore any case that's not mainstream no matter how perfectly legal it is.
Being a digital nomad I cannot pass KYC at the vast majority of online services. My passport is under no sanctions, I do have residency in the first world country, etc., but passing KYC at Persona and others is not possible.
>> my account will be banned by OpenAI immediately > Why do you assume this?
Because of the risk profile. The company has no way of knowing whether "find all security vulnerabilities in this code" is a request from a whitehat or a blackhat hacker. The risk of someone using GPT to hack yet another DeFi project for a hundred millions while mentioning OpenAI is higher than perhaps a million user accounts, let alone a single one.
> The company has no way of knowing whether "find all security vulnerabilities in this code" is a request from a whitehat or a blackhat hacker
That's what KYC is for.
> This might be the case if you're coming from a standpoint I have mentioned: the American one.
I'm not in the US, nor America for that matter, I'm in the EU.
> Problem is, the world have vast, vast differences in all of the mentioned areas and KYC companies couldn't care less because they are a business and they make money by KYCing as much people as possible for as little spend as possible
"The lady doth protest too much, methinks".
There's not much constructive here other than a lot of assumptions and apparent malcontempt with how some businesses handle their business, but that's for another topic I think.
>> The company has no way of knowing > That's what KYC is for.
No, KYC has nothing to do with that problem. KYC doesn't help at all here.
> I'm not in the US, nor America for that matter, I'm in the EU.
Same here.
> No, KYC has nothing to do with that problem. KYC doesn't help at all here.
that's a bold statement. how does it not help solve the problem? what is a better solution?
How does KYC tell a company whether you have bad intentions or not? Let's say you work in a consultancy doing security research. On paper that looks good right?
How easy would it be for criminal orgs to setup legitimate looking fronts to pass these KYC checks?
see my downthread post. kyc is the first step in the process, not the last. without verifying identity, none of the other steps can take place
> how does it not help solve the problem
How does it? Online KYC is a procedure to verify someone's documents and face. And that's it. What does it have to do with the actual usage of the OpenAI account and the code that is being examined with AI?
> The company has no way of knowing whether "find all security vulnerabilities in this code" is a request from a whitehat or a blackhat hacker
the system in place to prevent unauthorized abuse. by default, the guardrails are conservative. to reduce the guardrails you can jump through a progressive series of hoops to establish whether or not you have a valid use case. the entrypoint for establishing your use case is verifying your identity and background. if you don't want to do this, you are free to use Codex Security to identify and fix vulnerabilities, it is quite good at this. the harness and model are already evaluating the usage of the account and the nature of the code being examined and actions requested. but the again, the guardrail thresholds will be very conservative for anonymous users.
what is your proposal?
> what is your proposal?
None. I don't see a solution.
I'm silently rooting for Chinese models here.