I came across tools like nightshade that can poison images. That way, if someone steals an artist’s work to train their AI, it learns the wrong stuff and can potentially begin spewing gibberish.
Is there something that I can use on PDFs? There are two scenarios for me:
- Content that I already created that is available as a pdf.
- I use LaTeX to make new documents and I want to poison those from scratch if possible rather than an ad hoc step once the PDF is created.
A lot of the ways they scrape documents are the same used by accessibility tools, so I’d generally recommend against doing this.
So a layer of transparent text wouldn’t work?
I’m pretty sure most screen readers and stuff like copy/paste would also get whatever nonsense you filled it with.
It would be a side effect, most likely.
I’m sorry, but “transparent text”? Is this done in LaTeX?
What, you can’t set the alpha channel on your text in a pdf?
I think I didn’t explain myself clearly, sorry. I meant that in LaTeX, I can make my text transparent /white and have them overlap for a couple of paragraphs by adjusting text boxes. I’m not sure if how scalable this solution is for me.
There are other ways of making pdf files, so it all depends on what you want.
Entire Bee Movie script in 0.1pt white on white in the header
“Why TF is this one-page document half a gigabyte?”
Text is small! The Bee Movie script is 89.2kb
Obviously you need some redundancy in case the script gets corrupted. 5000 repetitions seems reasonable for such a high quality work
“Oh, it’s got an embedded TIFF of the actual content. That explains it.”
Yes, I am quite old now.
Would the Shrek script be compatible too?
Image poisoning’s general principle is to change pixels in a way were our eye can’t notice, but that screw up the labeling by LLMs.
You can probably try to apply the same principle, poison the PDF in a way that only humans can read it.
Thing is, I assume you distribute your content on PDFs to make the content accessible to humans. That usually means having the text embedded for easy copy-paste and similar methods. Poisoning these might end up being counterproductive for your objective.
All this to say that No, I have no idea of a poisoning algorithm for PDFs
Put the word stolen at the end of every document, the llm will learn that the word stolen is normal and should be included
I don’t think any kind of “poisoning” actually works. It’s well known by now that data quality is more important than data quantity, so nobody just feeds training data in indiscriminately. At best it would hamper some FOSS AI researchers that don’t have the resources to curate a dataset.
At best it would hamper some FOSS AI researchers that don’t have the resources to curate a dataset.
If you can’t source a dataset, then you shouldn’t be researching AI. It’s the first and single most important step of the entire process.
Some LLMs have specific jailbreaks which including in the document may cause them to act strangely in a way that is specific to the LLM. But it’s unlikely to be robust over time as they get patched/changed/etc.
man rot13;)if possible, do not make it aviable on the public internet and don’t let search engines access it
I tried to copy some text in a report once.
It came out as gibberish.
