Muse Image, Grok 4.5, Alex Karp on CNBC
The batter for verifiable data is increasingly defining the AI race, from Meta to Grok to the frontier labs.
The batter for verifiable data is increasingly defining the AI race, from Meta to Grok to the frontier labs.
Amazon has been accused several times for ripping off merchants on its platform. And every single time they denied any wrongdoing. A merchant, or anyone really, can create a product (or source it from China), then resell it on amazon. Amazon is the service provider, and hosts all the metrics concerning the products. If Amazon themselves were in the business of creating and selling products, then that creates a potential of conflict of interest. Because they have the data of all products that sell and sell well. They could replicate that success without doing any further research since the merchant has already confirmed the existence of demand. It's not surprising that Amazon Basics quickly became the best selling "private-label brand" on Amazon. They already know what sells because they have access to the data. Yet they continued to deny it, and state that they only ever use publicly available data from sellers . An Amazon spokesperson said the company believes the allegations are "factually incorrect and unsubstantiated," adding that Amazon strictly prohibits the "use or sharing of non-public, seller-specific data for the benefit of any seller, including sellers of private brands." Yet the results are right there for all to see . If you sell any product through Amazon, you are exposing your company's operations to them. If you want to keep that information to yourself, then you don't get to reach your customers, which in reality are Amazon's customers . If you want to buy something online, and get it shipped as quickly as possible, then Amazon is a blessing. Most often than not, you are not buying the product directly from Amazon. An independent store or vendor with a presence on Amazon will fulfill your order. The seller only has minor identifying characteristics on the platform. On the search result page, the space designated to the seller is small and insignificant. The customer has very few reminders that products are offered by anyone but Amazon. (Although if you want to dispute a sale, you are starkly reminded that the item is from a 3rd party vendor.) So there is no surprise when companies embrace AI internally, they are putting themselves at the risk of sharing their product with their competitors. Maybe the most obvious example is when Antropic came up with Claude Design. A tool to help users generate designs, wireframes, etc. Kinda like Figma. That's not a problem on its own, but when Antropic's chief product officer sits on Figma's board of directors, you can't say that there isn't a conflict of interest there. In fact, the chief product officer resigned from the board merely days before Claude Design was announced. He basically extracted all value from Figma then resigned. Figma's AI features are built on top of Claude. So Anthropic literally pulled an Amazon Basic on Figma . When companies force their own employees to use AI to do their day to day work, they are basically asking employees to upload company data to a 3rd party that may become a competitor. Sure something in the contract clause says that the AI company won't train on enterprise customer data, but nothing stops them from peaking at successful product data. Whenever someone tells me that they used AI to build an app and boast of its values or uniqueness, I want to remind them that if you can just prompt-create a product, so can the AI provider. In fact, they might have better resources to create a competing product if it displays any sign of success (see Figma). While it looks like plenty of people are benefitting from AI today, all this information is being shared with AI providers. We are giving them full access to our thought process. When you include them in your workflow, you are basically providing them with a step by step approach on how to do your job. Don’t be surprised when you see a native Antropic/OpenAi project management application suite. Or a CRM, or any software that is trying to integrate with AI and may experience success. A few years back, when I worked in Customer Service Automation, we discovered that most companies used Zendesk to manage their customer service. Since customers mainly contacted support via email, an intentional database had been built that tracked users through their shopping experience throughout the web. While so much could be done with that data, like identifying “problematic” customers, or recommending products based on their history, we ended up finding something more helpful. We could easily detect a pattern of issues for certain shipping carriers. We could see when UPS was having delays in certain cities, or when Fedex was having technical issues when updating the last mile status. None of these things were features designed or provided by anyone. However, having access to businesses’ data gave us insight where we had none before. That became a feature for us, only because we were not competitors to all these online retailers. When you expose your company's internal data to a potential competitor, don’t be surprised when they build a competing business to rival you.
Two years ago, I published a post entitled Unfinished . It was a way for me to share some thoughts without having to work on them as much as I do on regular posts. As I wasn’t sure if these “lesser thoughts” were worth my efforts and my time, I compiled them in a different post format, inspired by a song: This post is inspired by the excellent track entitled Lamb’s Garbage (Unfinished) , from the classic album and one of my favourites, Mr Oizo’s Lambs Anger . The concept of the song, as its title suggests, is to regroup bits of songs that were never completed to be full tracks. Well, here we are again. The text file where I jot down all my ideas, quick thoughts, and potential topics for blog articles is starting to get a bit too long for my liking, so I think it’s time for a little clean-up. What you will see below is what was saved from the big flush, and what I don’t share on social media since I am no longer participating . Think of this as a list of intros, tweets, and blurbs of what was going on in my head recently. I believe some of these themes can be used later for a full post; in the meantime, feel free to use them for your own blog. And if you don’t have a blog, please, start a blog . I love spreadsheets. This is something I find a bit difficult to admit, but I do like working in spreadsheets. I even firmly believe that Google Sheets is their best product. I already like lists, but a spreadsheet is on another level. I like to make my spreadsheets look pretty, I like to plan how they will look, I like to build, I like to make them functional, legible, easy to read. For me, it’s a very pleasing and interesting thing to do at work: there are so many possibilities. When I create a spreadsheet, I feel like an app developer. I feel like I’m a graphic designer. I had a co-worker once whose job included the creation and design of very complex spreadsheets for other teams, using Microsoft Excel, Microsoft Power BI, and such. The resulting spreadsheets were glorious: fully featured and interactive dashboards, gathering data from different sources in real-time. Works of art. Are answers from A.I. chatbots recycled for other users asking the exact same thing, or are answers always generated from scratch? Wouldn’t it be cheaper and more energy-efficient ? If I ask “ explain the difference between irony and happenstance ”, will the A.I. chatbot just paste an existing, perfectly fine answer (one that received positive feedback in previous chats), or will it work to generate a brand new answer? Why do so many people keep saying “Samsung charger” or “iPhone charger” instead of USB-C, USB Type C, or just USB? I mean, despite these cables and connectors being ubiquitous in our lives, I see a lot of people completely ignoring what they are called. I wonder why. Don't brag so much about using A.I. It’s great that you used A.I. to do this thing you’re presenting. I can see how it has been useful and how much faster it helped you reach your goals. I understand that without A.I. you could never have pulled this off. I know it’s a way to show how you are part of the A.I. revolution, that you’re not left behind. No shame in that. I work with A.I. a lot too, I’m not judging you for that. But please, don’t present your use of A.I. as a skill. It’s just a tool. Your skills are elsewhere. Having access to tokens is a weird flex. The tools you use and how you use them may interest a few of your peers, but what you create with these tools is what truly matters. Do you know what type of video cameras were used in your favourite film? Do you care? By the way, the same piece of advice applies to air fryers. If we work so hard on automating our current tasks and projects with A.I. agents, how will we tell which ones are worth doing at all? Does everything need to be A.I.-enabled and optimised? Are we reproducing the same mistake that we made with social media, shoving it everywhere we could? On that topic, I highly recommend this excellent article on The Verge . Efficiency is not the ultimate goal for most people: efficiency for what? For whom? Besides, friction is not always a problem : sometimes friction is how new ideas spark to life. If you are like me, an avid consumer of Techmeme , you will have noticed that A.I. companies get a huge part of the coverage these days. I don’t know if it’s an editorial choice of Techmeme or if it’s just a reflection of the public reception of said news, but my gosh it seems that Gemini or ChatGPT or Claude gets an incremental update every day, and they float on top of the site’s homepage seemingly forever. I wouldn’t mind a new site just for A.I. news, just like Mediagazer does what Techmeme does but for everything media-related. I’d call it Datacenter and it would make Techmeme a bit more interesting. I recently discovered that something I immensely dislike has a name: the Rae Dunn style for household items. Billionaires cannot stand the idea of a democracy where their individual vote is, technically, worth exactly as much as the vote from the person who takes care of their laundry. They hate that. So what do they do? They buy media or social media companies to try to influence thousands to vote like them. Side note on the ridiculous LinkedIn habit that consists of putting a link in the comments of a post, and writing in the post “Link in the comments”. Just put the link in the post, as you’re supposed to, so we can have a nice preview of the post, and we don’t have to look at the even more ridiculous comments of every LinkedIn post. How messed up is that? I know it’s for better “reach” and to trick the algorithm, but you just look thirsty for likes. Isn’t that link the thing you wanted to share? Do you prefer a click or a like? What’s a like good for if nobody visits your link? Thankfully, I don’t have a LinkedIn account, and I can ignore this nonsense most of the time, but I do check on a few LinkedIn posts for work and this is making me both sad and angry. On Instagram, the whole “Link in bio” was necessary because that was the only way to share links back then. But LinkedIn? No excuse. Yes, it sucks that their algorithm prefers posts that won’t send users out of their precious, shitty platform. I’m with you. But you don’t have to play their silly little game. You’re better than this.
It now has eight live endpoints , a tiered pricing page and an alpha banner warning people the schemas might still move under them. None of that was the plan. The plan was to understand how UK rail data actually fits together, and to work out how to use an LLM properly on something real instead of a toy. The product is just what happened while I was doing that. I'm still not sure it becomes a business. I'm completely sure the way I learned to work on it was worth the time, and that part I now use every day on everything else. One station has more names than you'd believe, and that's the whole problem. King's Cross is KGX to the fares system, KNGX to the timetable and 54311 to the movement feeds, with a handful more codes besides (NLC, ATCO, UIC), each from a different corner of the railway. You don't need to hold those in your head. Nobody ever agreed on one name, so every feed brought its own. It gets worse with size: a big terminus like London Bridge doesn't have one timetable code, it has a cluster of them, roughly one per platform group, so even "which code is the station" isn't a clean question. Then there's the live side. Darwin (the real-time running feed) pushes updates at you as a stream, while the reference data turns up separately, each source on its own schedule and in its own shape. Before you can render a single departure board you've written a reconciliation layer and a code-mapping table, and now you own both of them. That mess is exactly why it was good to learn on. Bounded enough that you can actually finish it, awkward enough that you can't bluff your way through. You either understand how the feeds relate or your departure board quietly shows the wrong train. The workflow I use now didn't arrive fully formed. It evolved, and the project is where each step earned its place. I started where most people start: a prompt and a plan. Ask for a thing, get a plan back, let it build. That's fine for small, self-contained work. It fell apart the moment a task touched code the model hadn't really looked at. It would produce something plausible and confidently wrong, and then I'd spend longer unpicking it than the thing was worth, either fixing it by hand or trying to prompt my way back out, which sometimes just dug the hole deeper. The failure wasn't the model being bad. It was me asking it to act on intent it didn't have. So the requirement moved to the front. Before any code, I'd work up a proper PRD with the model: I'd set the direction and push back, it would draft and fill in. These weren't a paragraph of good intentions. They grew into real documents, with the goals stated plainly and the out-of-scope list stated just as plainly, functional requirements (what it does) sitting next to non-functional ones (how fast, how reliable, what the limits are), a sketch of the technical architecture, the phases it would be built in, how it would be tested and what might go wrong along the way. Then I'd break that down into tasks small enough to review one at a time. The output got noticeably better, because the model was working to a brief instead of filling in the gaps itself. It stayed focused on the thing in front of it, and it had helped write the thing that kept it there. The step that changed the most came later, and it wasn't obvious to me at the start. A PRD is only as good as your understanding of the code it lands in. So before writing the PRD, I'd have the model research the existing codebase and write up how the relevant part actually works, what's already there, which patterns to follow. The thing that made the research useful was a hard rule: document the codebase as it exists today, and nothing else. No suggested improvements, no root cause analysis, no critique, no refactoring proposals, no architecture it wished were there. Only what exists, where it lives, how it works and how the parts connect. Left to its own instincts a model will reach for the fix, because pointing out problems reads as helpful. Forbidding all of that kept the output objective, a technical map of the system as built with the opinion stripped out. Adding that step changed the relationship. The model stopped being the author and became something that I directed, sent to find things out and report back rather than left to decide what to build. The research feeds the PRD, the PRD feeds the tasks, and I'm steering at every handoff. Review runs through all of it. I read the research, the PRD, the tasks, the plans, not just the final diff. That order matters more than it sounds. If the research is wrong, the PRD inherits the error and every task underneath it inherits it again, and by the time you're reviewing code you're three layers downstream of the actual mistake. The review at the top is worth far more than the review at the bottom. That's the honest line between this and vibecoding. It was never about whether I used the AI. It was about whether I ever let go of understanding what it was doing, and I made a point of not letting go. It wasn't all done this way from the start. The early parts of Headcode were built the way most things get built with an LLM, by prompting, getting something working and moving on. The discipline came later. As the research-into-PRD-into-tasks process settled, designing before implementing became the default, and the project quietly split into a scrappy first phase and a deliberate second one. You can see the join. The later work, the bulk of the API surface, the endpoint groups, the schema as it stands now, was designed before any of it was written, the spec settled while the code was still hypothetical. The early prompted bits I've mostly gone back and rebuilt to the same standard, because once you've felt the difference the scrappy version nags at you. What fell out of that patience is an API where the schema is the contract. It's OpenAPI-first, with a downloadable spec you can point a client generator or contract tests at. Identifiers resolve cleanly: hand it any code system and it gives you back all of them, so the reconciliation table that would normally be a thing you maintain becomes a field you read. Vibecoding the same idea would have got me a convincing departure board demo and a wall the moment the identifier resolution got hard. Rail data punishes building before thinking, which is precisely what made it a good teacher. Headcode is in alpha. There's no self-serve signup. Access is by request, you email me with what you're building and I send a token. That's deliberate while the data and the schemas are still settling. I genuinely don't know whether there's external demand for it. It might just stay a personal project, something I experiment with and build other things on top of, now that I've got the rail data in a clean format to start from. That alone was worth doing. I want to build visualisations on top of it, possibly a small app, and a clean API I control is reason enough to have built the thing. If people turn up actually wanting the data, it might grow into a small SaaS. What I'm not going to do is manufacture a roadmap I don't believe in, or pretend there's urgency around a project I started in order to learn. Whatever Headcode turns into, the workflow has already paid for itself. I went in wanting to learn how to use an LLM well on a real codebase, and the research into PRD into tasks pipeline, with review at every layer, is now simply how I work with one. The product is a maybe. The method, I kept. If you want to see what came out of it, Headcode lives at headcode.dev , and the API docs — endpoints, schemas and the OpenAPI spec — are open to browse at docs.headcode.dev .
The lines between transactional systems, analytical systems, hybrid systems, and shared storage architectures are getting blurry. This post proposes a small taxonomy for describing the different ways systems, workloads, storage tiers, visibility, and durable copies relate to each other. OLTP, OLAP, HTAP, and now LTAP? We can think of the first two as two types of workload which have specialized query engines and storage systems to support them. OLTP such as the RDBMS like Postgres and MySQL use row-based storage engines. OLAP, such as Clickhouse, cloud data warehouse and the lakehouse use column-based storage. HTAP is a hybrid workload system: one system -> both transactional and analytical workloads. The HTAP system therefore has specialized storage and specialized query engine to stitch together the row-based and columnar data. So far, we’re dealing with a single system. A Postgres (OLTP), a Clickhouse (OLAP), a SingleStore or TiDB (HTAP). So what is the recent Databricks’ LTAP announcement? LTAP is the two workloads (OLTP and OLAP) but also two systems (e.g. Postgres and lakehouse/Spark) and some blend of two different storage systems. As well single single vs multi-system, single vs multi-workload, there are other relevant concepts such as tiering and materialization: A single system can tier (move) data from hot to cold storage (for cost efficiency). One system, one copy, two tiers. Hot and cold might be the same storage format (both row-based or both columnar), or might be different formats (hot is row-based, cold is columnar). We can have two systems share the same storage tier. System A tiers (move) hot data to the storage of System B. Two systems, one copy, though System B doesn’t see the newest data yet which only exists on A. Materializing One system can materialize (copy) data into another system. Two systems, two copies. Note when I say “copy of the data”, I mean durable copy, so caching doesn’t count. If the number of copies really matters to you as a metric, then maybe caching does count, depending on how much cached data you need to make it work? If only life were simpler. It would be nice to have some shared vocabulary around this, so we can talk about system architecture more easily. So I defined some terms last year for this, and expanded it as seen below. Vis means Visibility (when is data available in the other workload). The broad classification scheme: Single tier, one system, one workload. Example: Postgres with SSD, single tier CockroachDB, standard Kafka cluster. Internal Tiering, one system, one workload, commonly tiers from hot to cold storage for cost efficiency, e.g. hot=SSD, cold=S3. Though tiering could also serve other purposes than cost. Example: Apache Kafka tiered storage, ClickHouse MergeTree tiered storage. Hybrid-Sync (aka HTAP), one system, two workloads, two or more storage with potentially different formats/tiers, e.g. hot row-based data on SSD, long-term columnar data on S3. Data is immediately available to both workloads (e.g. OLTP queries and OLAP queries). Example: SingleStore and TiDB (Pingcap). Hybrid-Async , one system, two workloads. Like Hybrid-Sync except hot row-based data is asynchronously tiered to long-term columnar format. OLAP queries do not see the very newest data. Example: Snowflake Hybrid tables. Materializing , two workloads, two systems, two copies. System A copies data to System B. Each system is dedicated to one workload, with specialized query engine and storage. Example: ETL in general, many Kafka-compatible services have automatic Iceberg materialization of topics e.g. Confluent Tableflow, Databricks Synced tables asynchronously materialize from lakehouse to lakebase (Postgres). Shared Tiering , two workloads, two systems. one copy across hot tier + shared colder tier (e.g. hot row-based data on SSD for System A, colder columnar data on S3 for System A + B). Example: Apache Fluss tiers hot data (Fluss servers) to lakehouse (lakehouse is a shared tier), LTAP. Potentially, a 7th and 8th category could hypothetically exist: Shared-Sync-RR and Shared-Sync-MM. Two systems, two workloads, one synchronous storage (each write is immediately visible in the other system. Read-replica (RR) variant has one master system and one read-only system (e.g. writes to Postgres are immediately visible for reads in lakehouse). Multi-master (MM) allows both systems to write (hard!!). At the time of writing the details on LTAP are scarce, but it seems like LTAP will fall into Shared Tiering. The thing that differentiates HTAP from LTAP is that HTAP is a single hybrid system which makes data visible to both transactional and analytical queries at the same time. LTAP is a way of unifying the data of two different systems (each targeting a different workload) and sharing the colder data such that there is no (durable) data copy required. It is fundamentally asynchronous: hottest data is only in System A and the remaining colder data is stored in System B but made available to System A (as it’s cold tier). Of course LTAP could potentially move towards the hypothetical category Shared-Sync-RR , given both systems exist in the same platform, then it gets murky again because its one platform, its veering towards HTAP (Hybrid-Sync). One thing that the marketing material of unified OLTP-OLAP system commonly glosses over are the different data models used in each, such as Third Normal Form (3NF) common in OLTP and Kimball (star and snowflake schema) common in analytics. This adds another dimension, on top of query engine, storage layout and storage substrate. If you want 3NF for OLTP and Kimball for analytics, then it’s probably going to be Materialization (as star schema is not viable as a cold tier for 3NF). What you you think of this broad classification scheme? Find on me social media :) ps, some thoughts on data copies… With Shared Tiering, you can think of the data-copy question as a dial: Dial it to no-copies-at-all means evicting data as soon as it has been tiered. Lower storage cost, but maybe it would be good to hang onto to the hot data a little longer for performance. Dial it to lots-of-data-overlap means aggressively tiering to System B but hanging onto the data in System A for the better performance profile, at the additional storage cost. And technically it would now count as cached data which might not count as a data copy, depending on how you define that. However, the data-copy question is also murky with Materialization. Because we have two (or more) independent systems, each can potentially use independent data expiration policies. For example, in Kafka, it might store 7 days, but in the lakehouse, it might store 7 years. In that case, while theoretically it is a two-copy system, the total duplication would only be 0.0027%. I generally dislike the whole “zero-copy” or “one-copy” thing, it’s too much marketing. Focusing on how many copies you have is just weird as a primary design point when you’re building data systems, the real world is more nuanced. Tiering A single system can tier (move) data from hot to cold storage (for cost efficiency). One system, one copy, two tiers. Hot and cold might be the same storage format (both row-based or both columnar), or might be different formats (hot is row-based, cold is columnar). We can have two systems share the same storage tier. System A tiers (move) hot data to the storage of System B. Two systems, one copy, though System B doesn’t see the newest data yet which only exists on A. Materializing One system can materialize (copy) data into another system. Two systems, two copies. Single tier, one system, one workload. Example: Postgres with SSD, single tier CockroachDB, standard Kafka cluster. Internal Tiering, one system, one workload, commonly tiers from hot to cold storage for cost efficiency, e.g. hot=SSD, cold=S3. Though tiering could also serve other purposes than cost. Example: Apache Kafka tiered storage, ClickHouse MergeTree tiered storage. Hybrid-Sync (aka HTAP), one system, two workloads, two or more storage with potentially different formats/tiers, e.g. hot row-based data on SSD, long-term columnar data on S3. Data is immediately available to both workloads (e.g. OLTP queries and OLAP queries). Example: SingleStore and TiDB (Pingcap). Hybrid-Async , one system, two workloads. Like Hybrid-Sync except hot row-based data is asynchronously tiered to long-term columnar format. OLAP queries do not see the very newest data. Example: Snowflake Hybrid tables. Materializing , two workloads, two systems, two copies. System A copies data to System B. Each system is dedicated to one workload, with specialized query engine and storage. Example: ETL in general, many Kafka-compatible services have automatic Iceberg materialization of topics e.g. Confluent Tableflow, Databricks Synced tables asynchronously materialize from lakehouse to lakebase (Postgres). Shared Tiering , two workloads, two systems. one copy across hot tier + shared colder tier (e.g. hot row-based data on SSD for System A, colder columnar data on S3 for System A + B). Example: Apache Fluss tiers hot data (Fluss servers) to lakehouse (lakehouse is a shared tier), LTAP. Dial it to no-copies-at-all means evicting data as soon as it has been tiered. Lower storage cost, but maybe it would be good to hang onto to the hot data a little longer for performance. Dial it to lots-of-data-overlap means aggressively tiering to System B but hanging onto the data in System A for the better performance profile, at the additional storage cost. And technically it would now count as cached data which might not count as a data copy, depending on how you define that.
" When I die, delete my browser history. " — Unknown When you die, there are lots of processes in place to deal with your body, your burial, your physical possessions, subscriptions and bank accounts. But what about your digital accounts and possessions? As our lives become more and more digital, taking these into account when tying up the affairs of a dead person is increasingly important. Think about it: This can involve e-mail accounts, social media accounts, messengers, LLM conversations, hard drives, cloud storage, crypto wallets, websites, your digital media licenses, intellectual property you released (like four (F)OSS projects, for example), and more. In a broader sense, you might count browser history and other metadata, too! What's interesting is that so many of these do not fall under the laws you might expect them to, like succession/inheritance law or privacy law. Services that offer you licensed content (like Steam) have made clear in the past that family members are unable to inherit the accounts or licenses, like they would with physical items. In terms of privacy and data protection, the GDPR applies only to living people, so you lose these rights upon death; the task of legislating the rights of the dead in these regards has been given to the Member States, which results in quite a patchwork of rights 1 . This patchwork makes things difficult, because it means your European country can have different laws than another, and companies will have to see how to comply with them all. France, for example, has one of the most developed post-mortem data protection regimes in Europe. The French Data Protection Act (the Loi Informatique et Libertés ) actively considers death in data protection and explicitly allows a person to give instructions regarding the retention, deletion, and communication of their personal data after death and appoint a person responsible for implementing those instructions. It mandates that controllers must follow the deceased's valid instructions, and heirs can obtain access to data necessary to settle the estate, to identify assets and liabilities, or to close user accounts and manage digital affairs. Germany, on the other hand, is pretty much the opposite: Protection of deceased persons' data arises from a combination of post-mortem personality rights (postmortales Persönlichkeitsrecht) concluded from civil law and constitutional law, inheritance/succession law, confidentiality obligations and possibly some sector-specific laws. It's a lot more complicated and full of holes for specific types of digital data. I wish we had a law like France has! Regardless of when we might have a European law harmonizing this aspect across Member States, it's still important to ask yourself: Who is allowed to have access to your accounts and data after you pass? You might still want to give your younger sibling access to your Steam account later, or you need your spouse to be able to log in and keep a personal website up and running, or save pictures from the cloud. For this, you should make sure that the correct people can have access to your accounts in case of death, and know what to do with them. How you do that is up to you: You might set up something that automatically notifies them about how to access your accounts in times of death when you don't check in for a while, or you tell them a physical location where they can find the device passwords and the Master password to your password manager. I personally mention it in my when i die page. Remember to keep this information updated! Some companies and services, like Apple, Google and Meta, offer settings about what should happen after your death (usually called Digital Legacy tools, Inactive Account preferences, or Memorialization). You're able to set a successor/manager, deletion preferences and more, depending on the service. You have to dig a little in the settings, but if you're reading this right now, I encourage you to go find it. Good to know: Despite setting someone as a legacy contact, these companies might still request additional documents to prove that you really died. On the other hand, it's also okay to want things to be deleted, either by family members, or automatically by the platform itself. At CPDP 2026, I participated in a workshop about digital remains, and my discussion partner said that her Instagram feels so personal that it should be deleted upon her death, but something like a LinkedIn she'd keep up. So decide for yourself: What accounts do you want deleted, which ones can remain up/dormant? You should communicate this clearly in a way the people tasked with your digital legacy can see it, and talk to these people about it beforehand, if possible, or set it up in the settings. If you want to keep data up, is there a maximum retention period you want to set so that the data would be deleted afterwards? As a next step, you have to think about the future. The world will move on without you, and even right now as you are reading this, we are building tech that promises to bring people "back to life" via AI. Even just a decade ago, you likely couldn't have foreseen where we are at the moment with tech being trained to impersonate you. So where will we be decades down the line? That may require the restraints you set in a will to be more on the tech-agnostic side instead of just banning very specific processes and products. This is not just about the recent Meta AI thing; there are several companies in this space, as it looks to be a profitable new market niche: Bereavement tech . So, how do you want your data to be processed? Do you want tech to be trained on it? Do you allow the platform, or your relatives, to train AI on your accounts and other data and media they have on you? Your account might keep posting for you as if you were still alive, generate selfies or videos with your likeness, or it will respond to messages people send to it so they can keep chatting with "you". Side note : Does this truly help the grieving process? I guess we'll have to find out. A physical removal of items, telephone numbers going out of business, and a burial help saying goodbye and accept the finality of it all. Yet social media accounts can exist visually unchanged for years afterward, as the platform may nudge you to message them, reminds you of their birthday, or shows memories from a couple years ago out of nowhere on your feed. If we soon have the option to have people posting as if nothing happened to them, they stay stuck how they were when they died forever. If you never have to deal with the deafening silence from the other party, do you ever really have to grapple with death? And will the person die a second time for you when they stop offering the model? Maybe that's something you wanna blog your thoughts about :) It doesn't have to be so personal and focused on social media platforms as well. How about archives? Museums? You might laugh at the idea, but most stuff in museums is by ordinary people; we might not even know their name. Some people become famous after their death and their possessions and likeness are displayed for people to learn about them (for example: Anne Frank). We get great insights from the things they left behind that they thought no one would read, and if we're honest, likely wouldn't have consented to be out there. This will increasingly happen with digital means. How okay are you with a holo-you or virtual avatar greeting people in a museum? You might not care about any of this at all - if you're dead, then what does privacy and the data matter? It's not like it can still affect you! And that's fair. The views on this can be pretty diverse. Others see the digital remains as a digital version/informational "body" that should also be untouchable and remain undisturbed, and that there should be a general right not to "become a bot". Reading papers and studies about this topic is interesting, because it seems if you belong to the current older generations, you are more in favor of deleting it all, while the younger generations want to keep it up 2 . This makes sense: They might have way more online friends they'd wanna keep this up for. Women seem more in favor to deleting everything than men are 2 , which I can totally see; women tend to make a lot of negative experiences online that center the loss of control over their data and misuse of it. Death, without being able to lock down or delete anything based on developments online seems like the biggest loss of control of all. There are country and cultural differences as well. Unfortunately, unless you control the data (your own Mastodon instance, your self-hosted personal website, etc.), you are reliant on these services to heed your/your loved ones' requests about this. As the big social media companies' business model relies on data harvesting and using existing data for new projects and growth, this might be a hard fight in the future, as they see it as their property. Companies can hold the data hostage because of a lack of laws in your region and no goodwill from their side. There have also been cases already where the companies have refused giving access of a deceased's account to the relatives until a court decided they had to. How many would just give up? For good digital hygiene, we should remember death and make it as easy as possible or sensible for the people we leave behind to get the access they need to manage our stuff how we want them to. Organize your data well (maybe you also want to do some recurring digital version of Swedish Death Cleaning ?), leave instructions, set emergency/legacy access when available, include digital assets in your will, decide how your data is allowed to be used after death, especially around AI replicas. Families should talk about this openly, and relatives and nurses should learn to ask affected parties about these things. Previous related entry: plans for your blog after you die Reply via email Published 15 Jun, 2026 France is very invested in this aspect and its data protection authority (CNIL) has made it one of their main points and even wrote a paper on it. ↩ The CNIL paper has some study summaries about this on page 15. Generally speaking, another good study to read is this one . ↩ France is very invested in this aspect and its data protection authority (CNIL) has made it one of their main points and even wrote a paper on it. ↩ The CNIL paper has some study summaries about this on page 15. Generally speaking, another good study to read is this one . ↩
As usual - not counting the personal blogs I read :) Not much appealed to me this week. The AI ‘Revolution' is Not a People's Revolution - AI companies overusing the term revolution is just a marketing ploy, and we should challenge it. Banger quote: " Accepting Blair’s revolution requires agreeing that using unconsented data harvested from populations, processed through biased algorithms and presented to people in addictive interfaces that overwhelmingly generate wealth to US elites, is the change that people want. " Trump Signs Previously Shelved AI Executive Order - summary of the EO. Widerstand gegen Kameras - German article about resistance against surveillance cameras; its history, methods and legal consequences. Person in the comments has an interesting tip: A brush, and acrylic paint mixed with sand. UN-Report zu KI-Umweltkosten - German article about how the UN had the chance of holding tech companies accountable in a new report, but instead only asks consumers to adjust their behavior. I am not opposed to also asking people to rethink their consumer decisions (otherwise, I would not resist using animal products, flying, getting a driver's license etc.; if there's no buyer, there's no product), but for the biggest impact, we need to focus on the source and hold companies to a high standard - or ban their business model or product entirely. The report was also seen as low quality by experts in the field(s). Appeals Centre Europe Transparency Report April 2025 - March 2026 - The Appeals Centre is an independent out-of-court dispute settlement body active due to the Digital Services Act; they've only been around for 18 months. If you are in the EU, you can use them to challenge social media platforms’ decisions on groups, pages accounts or other content which has been removed or kept up despite reporting (if it is about anything other than impersonation, hacked accounts, copyright or CSAM, but hopefully those too at some point). Most cases seem to be about account suspensions, nudity, fraud and scams. So far, they have processed more than 24,000 disputes, where 12,000+ of those fell within their scope. The report has some stats about their work, how many times they disagreed with the platform and overturned the result, and more. DSA User Support Guide also by the Appeals Centre; good breakdown of your rights under the Digital Services Act. The platforms are supposed to tell you that orgs like the Appeal Centre exist, but somehow still don't, and many people don't know their rights. Hold them accountable! Know your rights and make use of the newly established bodies. Under Article 20 of the DSA, users must be able to lodge complaints, free-of-charge, against decisions taken by the platforms within the last six months. Dark Patterns in AI Chatbots - self explanatory; basically about design and interaction/output choices that maximize usage and data collection, lie about the capabilities and emotional intimacy etc. I learned a new term: Privacy Zuckering! Also made me read this about Gemini encouraging a guy to kill others, steal a mannequin, and then kill himself. Arbeitspapier Identifizierbarkeit - German BayLfD summary and interpretation around identified and identifiable personal data in edge cases/gray areas, especially around pseudonymous data. What means to identify "count"? Not just your own! There's a difference between relative/subjective identification and absolute/objective identification. Sidenote: Love that they recommend RSS-Feeds or a Mastodon Account to keep up to date on legislation in this. From intent to action: the leaders' guide to building AI-powered workplace - paper sponsored by Kyocera and done by Economist Impact, based on a survey of 639 senior executives conducted in October and November 2025, with in-depth interviews with businesses and "thought leaders" in AI, digital transformation and workforce strategy. So... take it with a grain of salt, it is very corporate and very incentivized to be pro-AI in the workplace. Their key findings show that they want more investment, more adoption. But: Despite the "propaganda" (so to say), it exposes a lot of weaknesses everyone is already talking about in the workplace. To name one thing I scoffed at: Page 12, the fact that so many measure ROI of AI use in vague "employee productivity", which is probably just increased output or increased closed cases, without looking at the quality. Sad. 4% are not even measuring any ROI for it! Our Data After Us - paper by the CNIL about our digital remains. Covers questions like: Do you want the content to remain after your death? Who gets to have access and manage it? Should that person delete it, or should the platform automatically delete it? Should your remains be used to train an AI to impersonate you to help your loved ones? There seem to be age and gender differences to these answers. You Trust Your Chatbot With Everything - Should You? - paper by Theodore Christakis from AI-Regulation.com. The findings are as expected: Every major provider now trains on consumer chats by default, providers typically reserve safety and abuse-prevention uses and feedback actions to override the training opt-out, and they all reserve the right for humans to read the conversation. The author suggests a " Sealed Mode " where the default settings/options constrain reuse and human access, allows no training, has no advertising, little personalization, and cryptographic hardening. In my view, it could be a good first step, but I fear in practice, it would be bastardized, as meaningless and misleading as Incognito Mode in browsers has been. Ideally, the things of a Sealed Mode should be the default you can then opt out of one by one, and it can be legislated so. We have seen that hidden settings within different menus and specific modes you have to first know about and then turn on do not help the average user, since they are never actively prompted about them or told about them by the company. This stuff only aids a risk-transfer from controller to data subject. So do not offer a silly little compromise - make them default, and do not allow it to cost anything. Choosing between payment or privacy sucks. We should sometimes ask ourselves: If LLMs are just another tool, would I want Microsoft to always have access to and review my Excel sheets? Of course not! So why should we accept this here? At times, the author is too timid for me (" Yet the purpose of adopting this prism is not to export the GDPR as a universal template, nor to argue that the world should converge on European legal categories of individual control. " hey, why not? We don't have the Brussels Effect for nothing; privacy legislation worldwide has been shaped by the GDPR, one example being Brazil!). Favorite chapter was the second one (Ghost in the Machine), as it goes in on how incomplete and lacking the warning labels are, together with how contradicting they are when everything else encourages you to freely share anything. Least favorite are the parts where chatbots are asked to answer something; I am sorry, but I will never see these as genuine, truthful, verifiable answers. This is treating them as a conscious employee that an regurgitate internal policies, not a probability machine who can be nudged to give specific output. Gewalteskalation als System: Nihilistic Violent Extremism in Deutschland - German paper on NVE that's mostly done by children and teens, who connect online over misanthropic and nihilistic tendencies and then see extreme violence and vandalism as the only way forward. Not always far-right or incels, but often. The paper explicitly mentions the Com network, 764, MKY and NLM. Aside from Telegram, Discord is the biggest place for it. I was surprised how lax and wide the definition of violent extremism is (imo, that would make a significant portion of the population violent extremists), and I think the way the authors narrow it down a bit is a good attempt. 28.05.2026 – 26 O 869/26 aka the big one currently making the rounds about Google being responsible for the AI summary output. It will be interesting to see how that progresses and if it will be overruled. This one for noyb. In total, that is roughly ~ 350 pages, if we count an online article as two pages on average; difficult to judge for 17776, I'd put it as 40 pages, maybe. Reply via email Published 14 Jun, 2026 The AI ‘Revolution' is Not a People's Revolution - AI companies overusing the term revolution is just a marketing ploy, and we should challenge it. Banger quote: " Accepting Blair’s revolution requires agreeing that using unconsented data harvested from populations, processed through biased algorithms and presented to people in addictive interfaces that overwhelmingly generate wealth to US elites, is the change that people want. " Trump Signs Previously Shelved AI Executive Order - summary of the EO. Widerstand gegen Kameras - German article about resistance against surveillance cameras; its history, methods and legal consequences. Person in the comments has an interesting tip: A brush, and acrylic paint mixed with sand. UN-Report zu KI-Umweltkosten - German article about how the UN had the chance of holding tech companies accountable in a new report, but instead only asks consumers to adjust their behavior. I am not opposed to also asking people to rethink their consumer decisions (otherwise, I would not resist using animal products, flying, getting a driver's license etc.; if there's no buyer, there's no product), but for the biggest impact, we need to focus on the source and hold companies to a high standard - or ban their business model or product entirely. The report was also seen as low quality by experts in the field(s). Appeals Centre Europe Transparency Report April 2025 - March 2026 - The Appeals Centre is an independent out-of-court dispute settlement body active due to the Digital Services Act; they've only been around for 18 months. If you are in the EU, you can use them to challenge social media platforms’ decisions on groups, pages accounts or other content which has been removed or kept up despite reporting (if it is about anything other than impersonation, hacked accounts, copyright or CSAM, but hopefully those too at some point). Most cases seem to be about account suspensions, nudity, fraud and scams. So far, they have processed more than 24,000 disputes, where 12,000+ of those fell within their scope. The report has some stats about their work, how many times they disagreed with the platform and overturned the result, and more. DSA User Support Guide also by the Appeals Centre; good breakdown of your rights under the Digital Services Act. The platforms are supposed to tell you that orgs like the Appeal Centre exist, but somehow still don't, and many people don't know their rights. Hold them accountable! Know your rights and make use of the newly established bodies. Under Article 20 of the DSA, users must be able to lodge complaints, free-of-charge, against decisions taken by the platforms within the last six months. Dark Patterns in AI Chatbots - self explanatory; basically about design and interaction/output choices that maximize usage and data collection, lie about the capabilities and emotional intimacy etc. I learned a new term: Privacy Zuckering! Also made me read this about Gemini encouraging a guy to kill others, steal a mannequin, and then kill himself. Arbeitspapier Identifizierbarkeit - German BayLfD summary and interpretation around identified and identifiable personal data in edge cases/gray areas, especially around pseudonymous data. What means to identify "count"? Not just your own! There's a difference between relative/subjective identification and absolute/objective identification. Sidenote: Love that they recommend RSS-Feeds or a Mastodon Account to keep up to date on legislation in this. From intent to action: the leaders' guide to building AI-powered workplace - paper sponsored by Kyocera and done by Economist Impact, based on a survey of 639 senior executives conducted in October and November 2025, with in-depth interviews with businesses and "thought leaders" in AI, digital transformation and workforce strategy. So... take it with a grain of salt, it is very corporate and very incentivized to be pro-AI in the workplace. Their key findings show that they want more investment, more adoption. But: Despite the "propaganda" (so to say), it exposes a lot of weaknesses everyone is already talking about in the workplace. To name one thing I scoffed at: Page 12, the fact that so many measure ROI of AI use in vague "employee productivity", which is probably just increased output or increased closed cases, without looking at the quality. Sad. 4% are not even measuring any ROI for it! Our Data After Us - paper by the CNIL about our digital remains. Covers questions like: Do you want the content to remain after your death? Who gets to have access and manage it? Should that person delete it, or should the platform automatically delete it? Should your remains be used to train an AI to impersonate you to help your loved ones? There seem to be age and gender differences to these answers. You Trust Your Chatbot With Everything - Should You? - paper by Theodore Christakis from AI-Regulation.com. The findings are as expected: Every major provider now trains on consumer chats by default, providers typically reserve safety and abuse-prevention uses and feedback actions to override the training opt-out, and they all reserve the right for humans to read the conversation. The author suggests a " Sealed Mode " where the default settings/options constrain reuse and human access, allows no training, has no advertising, little personalization, and cryptographic hardening. In my view, it could be a good first step, but I fear in practice, it would be bastardized, as meaningless and misleading as Incognito Mode in browsers has been. Ideally, the things of a Sealed Mode should be the default you can then opt out of one by one, and it can be legislated so. We have seen that hidden settings within different menus and specific modes you have to first know about and then turn on do not help the average user, since they are never actively prompted about them or told about them by the company. This stuff only aids a risk-transfer from controller to data subject. So do not offer a silly little compromise - make them default, and do not allow it to cost anything. Choosing between payment or privacy sucks. We should sometimes ask ourselves: If LLMs are just another tool, would I want Microsoft to always have access to and review my Excel sheets? Of course not! So why should we accept this here? At times, the author is too timid for me (" Yet the purpose of adopting this prism is not to export the GDPR as a universal template, nor to argue that the world should converge on European legal categories of individual control. " hey, why not? We don't have the Brussels Effect for nothing; privacy legislation worldwide has been shaped by the GDPR, one example being Brazil!). Favorite chapter was the second one (Ghost in the Machine), as it goes in on how incomplete and lacking the warning labels are, together with how contradicting they are when everything else encourages you to freely share anything. Least favorite are the parts where chatbots are asked to answer something; I am sorry, but I will never see these as genuine, truthful, verifiable answers. This is treating them as a conscious employee that an regurgitate internal policies, not a probability machine who can be nudged to give specific output. Gewalteskalation als System: Nihilistic Violent Extremism in Deutschland - German paper on NVE that's mostly done by children and teens, who connect online over misanthropic and nihilistic tendencies and then see extreme violence and vandalism as the only way forward. Not always far-right or incels, but often. The paper explicitly mentions the Com network, 764, MKY and NLM. Aside from Telegram, Discord is the biggest place for it. I was surprised how lax and wide the definition of violent extremism is (imo, that would make a significant portion of the population violent extremists), and I think the way the authors narrow it down a bit is a good attempt. 28.05.2026 – 26 O 869/26 aka the big one currently making the rounds about Google being responsible for the AI summary output. It will be interesting to see how that progresses and if it will be overruled. This one for noyb. Don't know if it counts as it is a web format, but I finished reading 17776 by Jon Bois.
How SkaldMaps generates a confidence score for data attributes that helps you gauge how accurate data is (or isn't).
Listen to this post: Good morning, I don’t normally give away my interview subjects ahead of time, but I’m going to make an exception this week given the subject and the below Update. I am writing this in San Francisco where I interviewed Microsoft CEO Satya Nadella after his Build developer conference keynote ; normally I would want to publish that immediately so that you have the full context of my analysis. In this case, however, I came to the opinions below during the keynote, and before the interview, so for that reason (and a few logistical ones) I wanted to articulate them first (before you see my questions), and follow up with Nadella’s view on them (and a number of other topics) afterwards. So with that noted, on to the Update: From CNBC : Nvidia has emerged as the world’s most valuable company by dominating the market for artificial intelligence chips in the data center. Now the company is expanding its prowess to chips that will serve as the main processor for personal computers, entering an arena that’s long been ruled by Intel, Advanced Micro Devices, Qualcomm and Apple. During a keynote address at Taiwan’s Computex conference on Monday, Nvidia CEO Jensen Huang unveiled a new PC processor made alongside Microsoft. The RTX Spark superchip, which Huang also referred to as the N1X, debuts in the fall on a fresh line of Windows PCs from Microsoft, Dell, HP, ASUS, Lenovo and MSI. I’m actually starting in Taipei on Sunday, where Huang introduced the long-rumored Nvidia PC chip; from Tom’s Hardware : At full strength, this chip offers up to 20 Arm CPU cores, a Blackwell GPU with 6,144 CUDA cores, 128GB of LPDDR5X RAM, and up to 300 GB/s of memory bandwidth. That powerful CPU and GPU, connected over NVLink C2C, and the large memory pool give AI agents and 120-billion-parameter models plenty of power and space for long-running tasks with context lengths stretching to a million tokens, according to Nvidia. We don’t have any benchmarks yet, but the RTX Spark appears to be broadly similar to the DGX Spark; that’s a decent chip that excels at prefill, but is slower than an M5 Max at decode (thanks to lower memory bandwidth), and significantly slower at CPU tasks. Huang appeared during the keynote via live video to discuss the chip. Satya Nadella: Suddenly, this concept of unmetered intelligence right at the edge is so hot again. So maybe you want to talk a little bit about this: you have thought about this, talked about this, and now, of course, with RTX Spark really delivered, I think, what’s a breakthrough system for AI to be much more ubiquitous. But maybe, Jensen, you can just share a little bit your vision around where you see this going. Jensen Huang: Well, this all started about three years ago between a conversation between you and I. And we were talking about how we could build a new class of PCs that’s incredible for designers and creators. And it would be incredible for artificial intelligence. And it would be one of these systems that has the processing capability, but also the software stack that’s integrated into the world’s design packages and creator packages. And, of course, all the things that we’re doing with AI. And here we are, three years later, we built an incredible new chip. And this system is supported by all of this new software that you created for Windows. And we now have the ability to have essentially an autonomous agent running on the PC. This clip explains why I find this chip specifically, and AI PCs generally, pretty underwhelming. Three years ago we were still in the ChatGPT era of AI, and I was very excited about the possibility of local inference. Then came the reasoning era, blowing up KV cache (which increases the need for more memory) and emphasizing the importance of decode (to generate that many more tokens). Now we’re in the agentic era, where CPU performance is incredibly important. To that end, the ideal setup for a local agent is strong local CPU performance and calling out to the cloud for inference. The RTX Spark, however, spends tons of die space on GPU cores that are inferior to the cloud (because of memory size and bandwidth if nothing else) at the expense of CPU. It’s a suitable chip if you just want a chatbot circa 2023; it’s hard to see it being worth the price — or the software compromises that are the reality of Windows on ARM — in 2026. Jump ahead to the Build keynote, which I found very underwhelming to start. Nadella opened with a brief overview of the AI stack, then started talking about Windows, and I was honestly pretty surprised at the lack of vision and enthusiasm. That’s when it occurred to me: I think that Nadella agrees with me! Sure, some local inference is nice, but that’s not where the AI that matters is going to be located. Nadella, keep in mind, has no real loyalty to Windows; indeed, I credit him with The End of Windows . Specifically, Nadella didn’t end Windows as a product, but he ended its run as the organizing principle around which the entire company operated, focusing on software that ran everywhere and a cloud that ran everything. That leads to a surprising takeaway, and the most interesting part of the Build keynote: what if Microsoft is actually well positioned to get back into AI devices? From GeekWire : A team inside Microsoft has been quietly building a platform for devices that run AI agents instead of apps, based on Android instead of Windows, with two working hardware designs so far, and an initial set of big-name companies lined up to run pilots. The platform, dubbed “Project Solara,” is Microsoft’s bet that AI will open up entirely new scenarios for computing — using agents to avoid the constraints of traditional software, and off‑the‑shelf components to develop new devices quickly and inexpensively. Project Solara is, to be clear, vaporware at this point, although the company did show real devices and has signed up Qualcomm and MediaTek as chip partners. It is also extremely compelling. Here’s how Nadella introduced it: So far, we’ve talked about the edge and the cloud. The current form factors, right? I mean, when I saw that Jensen picture from the weekend where he had all the desktops, I felt like, man, I’m back in the 90s, right? Because it was so cool to see the lineup of all the machines that I loved and I grew up with back yet again with new functionality, right? It’s the same form factor, but unbelievable new functionality because of the onboard AI capability, right? So that’s sort of what we’ve seen with the laptop, the desktop, and of course with the cloud. But it also, you know, sets up that next question: if you have that capability, which is new function, and you can put it into existing form factors, can you even purpose-build new form factors for the new function? Can you build a new platform even for the agent era? And that is the motivation behind Project Solara, which we’re introducing today. First off, note the framing: the PC is old tech with agents; what about new tech uniquely enabled by agents? And note the classic Microsoft hook: could that new tech sit on top of a new platform? Corporate Vice President Steve Bathiche, the head of Microsoft’s Applied Sciences Group, explained the vision: Before I talk about those awesome new devices you just saw, let me start with the why. Back at Build 2023, I talked about the outside AI application structure, where AI moves from operating within the application frame to operating globally, working across multiple apps and services to connect, coordinate, and maintain context across entire workflows, devices, and time scales. What if there were an ecosystem of devices specifically designed for that new type of application structure, for those types of agents, for that transformational interaction technology? That is the impetus behind Project Solara. But with so many possible forms, which one do you pick? What is the next device? You see, the big aha for us is that it’s not about choosing one specific form factor. It is about creating a system that extends your agent across a constellation of devices. The next computer is not one device. It is all these devices working together as one system, with agents showing up closer to where and when you need them. There was one brief moment in the promotional video that preceded Bathiche’s appearance that made the concept click for me: The problem with wearable devices is the interaction model: they are only useful when you are interacting with them, when the human is in the loop, but being in the loop with a wearable is annoying and inefficient. What is being demonstrated here, however, is a brief interaction, and then an agent doing work in the background. In other words, the usefulness happens in the cloud without the human needing to be involved, because an agent is doing the work. That’s what I find compelling. On one hand, you can make the case that of course Microsoft would be interested in a device model that uses the cloud as a platform, given that Microsoft doesn’t control a mobile device like an iPhone. What occurs to me, however, is that even if Microsoft doesn’t succeed with Project Solara, this model — where the cloud is the hub and multiple devices are the spoke, instead of the phone being in the center — is clearly a better one for agents. Agents work best in the cloud, and across apps and devices; yes, the phone might be one of those devices, but when it comes to agents it shouldn’t be the hub. Again, this is vaporware, and very much in Microsoft’s interest, so take Project Solara with the appropriate grain of salt. It’s a vision of the future, however, that does make a lot of sense, particularly in an enterprise scenario where all of the context and compute is already in the cloud (and Project Solara is focused on enterprise, not consumer). It’s also something completely different from the past, and fits my thesis that, in the age of AI, thin is in . From GeekWire : Microsoft has based much of its AI business on models from OpenAI, before expanding more recently to Anthropic. On Tuesday, the company showed how it plans to rely less on both. At the Build developer conference, the Microsoft AI Superintelligence Team unveiled a family of seven models built from scratch. It’s part of an ongoing effort by the company to build credible in-house alternatives to models from partners and rivals with competing allegiances… The flagship of the seven newly announced MAI models is MAI-Thinking-1, a reasoning model that Microsoft says draws even with Anthropic’s Claude Sonnet 4.6 in blind human testing, and matches the more capable Claude Opus 4.6 on a widely used coding benchmark. [CEO of Microsoft AI Mustafa] Suleyman stressed that MAI-Thinking-1 was trained from the ground up with no distillation from other companies’ models, looking to appeal to enterprises that care about clean data lineage. These models seem pretty decent, all things considered, but what was interesting to me was the framing: Microsoft emphasized that enterprises could take these models and make them their own. Suleyman said: This is what owning the full stack end-to-end looks like. It’s the foundation of Microsoft Frontier Tuning, it lets you customize the MAI models using our full stack hill climbing machine right where you want it. And it means that the disciplined and very relentless engineering that has gone into building our models is now available to all of you on a platform that you can trust, working on your behalf to create custom agents that you will control. So the really big thing, of course, that’s happened in the last year is these RLEs, reinforcement learning environments, these unique training gyms for your AIs. They create company and task-specific agents adapted only to you, built on MAI models. So for example, within Microsoft, we use our RLEs combined with our MAI models to climb towards the best agentic use cases on Excel. Our MAI-tuned model is now on par with GPT 5.4 on public and private benchmarks, whilst at the same time being 10 times more efficient on cost, and many other early adopters are seeing similar results. When we’ve tuned our models on McKinsey’s tasks, MAI delivered the highest win rate, even outperforming GPT 5.5, and again delivering 10x greater efficiency on cost. So to us, this is the advantage of very carefully calibrated frontier tuning. And importantly, unlike with some of the other companies, with MAI, you don’t rent intelligence from a shared model that learns from everybody. Only you keep the benefits of your hard-earned workflows, know-how, knowledge, and your own institutional data. Only you get to control the resulting model. And so with us, the RLEs and the models that you build inside of them, they become your moat. I really think this is distinct. It marks a new era in AI that we’re all very, very excited about. This has shades of AWS’s Nova Forge offering , which lets enterprises add their data at a checkpoint in pre-training; it’s a little different in that it’s more focused on reinforcement learning, but those lines are getting blurred. The concept is that enterprises get to have their own model for their own data, without sharing it with the frontier labs that want to eat their lunch, and it’s a concept that is certainly appealing in theory; the real test will be to see if enterprises that choose this route aren’t penalized by not being on the cutting edge of functionality. Then again, helping cautious enterprises embrace the future on their terms, without necessarily having to win on pure performance, is exactly how Microsoft has long maintained its position. This Update will be available as a podcast later today. To receive it in your podcast player, visit Stratechery . The Stratechery Update is intended for a single recipient, but occasional forwarding is totally fine! If you would like to order multiple subscriptions for your team with a group discount (minimum 5), please contact me directly. Thanks for being a subscriber, and have a great day!
Headcode is a unified, developer-friendly JSON API that takes the fragmented, legacy feeds of the UK rail network and turns them into clean, enriched real-time data.
Previously I put out a post explaining “ how science funding literally pays for itself ” that takes you through the math and some data that backs it up. Now two new data points further bolster this claim. First, the Congressional Budget Office (CBO), the nonpartisan federal agency that provides budget and economic information to Congress, published a report entitled “ Estimating the Economic Effects of Federal Investment in Research and Development . ” Usually the CBO only projects out 10 years per their mandate, but because the effects of science funding can take longer to fully manifest, they projected out 30 years. Thanks for reading Gabriel Weinberg! Subscribe for free to receive new posts and support my work. The relevant headline takeaway is highlighted below in their primary table (Table 1), showing that over this period the effects of a $30B increase in science funding for 10 years ($300B in total and about a 33% increase from today) would result in decreasing the overall deficit over 30 years (see green arrows). The decrease is about -2% on average if the “R&D funding increase [is] financed by reducing noninvestment spending” and about -1% on average if the “R&D funding increase [is] financed by borrowing.” This means that the increased science funding would grow the economy so much that the tax revenues received from this growth alone would outweigh the spending increase, leading to an overall decrease in the budget deficit. In other words, increasing science funding (at least by this amount) is a complete no-brainer, so let’s do it already! A few years ago the CBO did a similar report for infrastructure spending and compared the two in this report, finding the ROI effects of science funding to be about seven times greater than infrastructure spending. Again, so let’s do it already! The effect on the present value of GDP over the next 30 years (discounted using Treasury rates) that a dollar increase in deficit-financed R&D spending would have is about seven times larger than the effect that CBO, in its August 2021 report, estimated the same increase in infrastructure spending would have. Second, the Clark Center regularly polls a panel of economists , and recently they asked about this specific topic . The panel essentially universally agreed that historically U.S. science funding has paid for itself. In particular, 82% agreed “historical federal support for scientific research has paid for itself through a substantial positive effect on long-run U.S. productivity growth.” 0% disagreed, with the rest either not answering, or declaring either “no opinion” or “uncertain”. They also ask respondents about the confidence in their answer, and when weighted the results are even more striking with a whopping 97% in the agree category. Are you sold yet? Government science funding, the bulk of which goes to medical research, extends our lifespans and healthspans by inventing new medicines and other technologies that grow our economy so much it literally pays for itself. I get that this is not the most flashy policy area, but it is the most obviously good for our long-term future. Finally, and also new this year, the Pew Research Center put out a survey on Americans’ views of science and science funding , and among other things found broad bipartisan support for government science funding. 84% of U.S. adults say “government investments in scientific research aimed at advancing knowledge are usually worthwhile investments for society over time.” That breaks down by part as 76% of Republicans and 93% of Democrats (including independents who lean one way or the other). Thanks for reading! Subscribe for free to receive new posts or get the audio version .
Among all this talk of European sovereignty and switching to European alternatives in a move to better privacy and less support of Big Tech, I wish for more emphasis on not just blindly copying US products and slapping an EU label on it. I see news like the Germany’s Federal Office for the Protection of the Constitution backing away from using Palantir and using a software solution from France instead. I’m supposed to feel happy reading this, and admittedly I did not yet dig into ArgonOS deeply - but all I can think of as a first reaction is “I don’t want an EU version of Palantir.” I don’t want ‘GDPR-compliant’ facial recognition and behavioral surveillance in our cities. I don’t want more privacy-friendly warfare (???). I don’t want more tech-enabled discrimination from next door. I don’t want supposedly European alternative that’s still based on AWS and Microslop. We need to be critical and take a stand against EU-washing, in which unethical business concepts or structures get painted in a more ethical light using the (increasingly less warranted) good reputation of the EU about human rights. We aren’t better for being from a different area, or just because it’s a different company name slapped on; it’s because we are supposed to have strong consumer protections and rights, resist the promise of easy money through unlimited data mining, and stand up against fascism. I don’t want us to compete with evil; I don’t want us to stoop to that level at all. Go hard on these copycats. Taking concepts from Fascism Land isn’t worthy of praise and they don’t deserve you as a customer or fan. Make them prove it first and ask them the hard questions. Boycott their shit if it is the same garbage, go to protests, write to representatives, be vocal online, support NGO’s that work against this. No one gets a pass for being European. I won’t lower my standards and values. Reply via email Published 24 May, 2026
I attended the Computers, Privacy and Data Protection Conference (CPDP) in Brussels for the first time. The conference has lots of different rooms mostly in the same building where multiple panels, workshops and other things are happening at the same time in specific slots, so you gotta choose what you participate in (was difficult at times!). Next to that, you have some fun rooms, some quiet working spaces and spaces to just hang out and talk. Based on the programme, the focus this year was definitely on age verification/youth 'protection', human AI relationships, consumer rights and marginalized groups. Lots of different groups and people present; people from the EU Commission and Parliament, AlgorithmWatch , Bits of Freedom , noyb and Max Schrems, IGLYO , EDRi , Equilabs , Equinox Initiative for Racial Justice , INTITEC , the EDPS and Wojciech Wiewiórowski, Privacy International , the International Committee of the Red Cross , the Office of the United Nations High Commissioner for Human Rights , the European Consumer Organization (BEUC), Future of Privacy Forum , AIRegulation.com , data protection authorities of different countries (CNIL, BFDI, etc.), ALTI , European Disability Forum , d.pia.lab , AI Now Institute , OECD , the IAPP , and all kinds of universities, plus companies like Mozilla, Mastodon, Signal, Wikimedia, Microslop, Uber, TikTok, Google and more. I was there for the opening remarks, then went on to visit: My takeaways/new things learned: Microsoft co-wrote parts of the EU's Energy Efficiency Directive , which allows data centers to keep their energy use confidential under the guise of business secrecy. The draft literally had paragraph's of Microsoft's proposal copied in unchanged. The Dutch government used racial/ethnic profiling via algorithms in the assessment of childcare benefit applications, which led to false allegations of fraud against thousands of families, particularly affecting those from ethnic minorities. I heard about this before, but learned more about it that day. To contest it all and defend democracy, we all need to train our AI literacy skills , support and have good tech journalism that questions and exposes it all (404media is, imo, a good example of what they meant), crafting and changing the social media narrative around AI and Big Tech, listening to affected people, demanding transparency via standards and audits etc. We cannot forget that officials know ; many of the effects we criticize are not accidents or side effects, they are the entire point. Like when tech predominately negatively targets marginalized communities, this is a bonus to people in power, and nothing to be fixed. Workers can resist by reminding their leaders of the liabilities and legal risks, strategic issues, money issues etc. that AI brings; demand specific definition of the needs that AI will fulfill at the workplace, instead of letting AI become the purpose instead of the tool. Age verification is racist and migrantphobic : Many people have issues with their ID, or have none, or are undocumented, and age verification in their country requires them to have contact with officials, police, etc. Age verification is transphobic : Relying on ID means many trans people are forced to reveal their deadname or are forced to come out, as it reveals they are trans if the ID is not or cannot be updated. The platforms are harmful, but we have so many ways and ideas against that that doesn't take away important spaces and support groups or bar entire groups of people. Age verification makes it possible for platforms to avoid working on their problems and becoming better, enables avoiding legislation and regulation, and enables control and surveillance by them; meanwhile, the truth is that you don't suddenly turn 16-18 and know how to handle porn, gore, harassment and all other negative parts of social media. The negative sides to social media that are named as the reason for age verification and banning of social media for specific age groups also affect adults negatively . We need to put more effort into education on how to handle these things. Yes, we can protect children's privacy by banning them off of platforms, but this also affects their other (digital and offline) rights, and privacy rights don't trump all . Children and teens should learn and be encouraged to control their own spaces and moderation via FOSS : Matrix, Mastodon, etc. where they can also seclude from adults and aren't reliant on Big Tech. Age verification and banning would take this away from them and also make it harder for FOSS projects. If children only ever enter the political discourse as victims, the only response can be rescue; that it why we have to make sure they enter as participants. Protection is not (just) space away from the risk, but confronting the systems that cause harm and eliminating them. 16-18% of US citizens report having engaged romantically with a bot, 45% of them said it made them feel more understood, 36% said it gave them stronger emotional support than their human partner. Problem: Current version of AI Act doesn't cover romantic and sexual use, no guidance for safeguards for emotionally responsive AI systems that protects around the risk of suicide, crimes, distress when service slows down or shuts down or model changes, discrimination as you get more if you pay etc.; drafts mention some of it now in Art. 50. With all the talk around becoming emotionally dependent on AI, nudging into harmful behaviors, etc. we cannot forget that you are also vulnerable on other services and in human romantic relationships, where the same routinely happens (weak argument, but to be fair, I also often forget this). We also cannot forget that it is not always a replacement - it often just supplements social life, and there are also surprisingly many people who just don't want or need romantic or sexual relations with a human ; they want bots specifically , and only bots. Disclosure agreements (meaning: labels everywhere that this is just a bot and not real) are most often useless, because people know and intentionally seek it out (exception for Insta/Snap DMs etc.) The latter about Human-AI intimacy was extra interesting because it had someone on the panel who directly works with people who use bots for romance and sex, and her experience has been mostly positive and that it helps her clients. Afterwards, I sadly was too overwhelmed, exhausted and in pain to continue and went back to the apartment to rest. Unfortunately, all the stress around the apartment and the generally more exhausting day triggered my digestive tract badly (Crohn's disease), but within the first few hours, all toilets in the venue were out of service due to an issue outside the venue or the organizer's control, and the alternative toilets were much further away. I didn't wanna have to deal with that with upset intestines. I missed the ' Designing Fairness ' Workshop, and the ' Consumer Rights at the age of acceleration' panel. Didn't meet anyone that day. Look at this ridiculous Gemini Photobooth they had that I saw no one use in the entire 3 days. This day, I managed to attend everything on my list, thankfully, as I felt a bit better. I attended: My takeaways/new things learned: The digital omnibus is mostly there to enable AI made in Europe to aid sovereignty and be competitive with US and China; AI here needs a framework to access data without much regulatory risk - that is what the EU Commission person said. Enforcing the law and and making it sharper is actually leveling the playing field and furthering innovation, because there is a massive power concentration of a handful companies that can do what they want, barely pay fines, have the fines suspended because of the US government bargaining with the EU, or who see them as a cost of doing business. Competition is impacted this way, as small companies are hit harder than the big ones. If the omnibus goes through with changing definitions of personal data etc., it will take years for case law, literature, standards etc. to catch up, it wastes money in companies who need to re-do everything to comply; so it doesn't simplify anything and makes praxis harder. You may set ChatGPT/Claude/Gemini etc. to not send feedback or training data in your settings, but when you react thumbs down/up to their request of whether the output was good or not, or choose between two different versions, the entire chat log until then gets sent for training and potential human review. So, these popup feedbacks override your settings . I need to read more papers by Theodore Christakis. Here is one of them. US and UK discovery and disclosure laws/principles go directly against EU data minimization principles; as long as data is relevant to a case it should be accessible, which is why in their cases, they can just have access to million's of people's data if necessary, and in a divorce case, they have the right to ask for AI chatlogs. There is no AI protection or privilege: If you use AI for legal stuff, you have no expectation of confidentiality like you would with a lawyer, so it is not safe from discovery. There is tension between tracking for harmful behavior/threats vs. data privacy rights ; what if someone threatens to kill themselves, kill others, etc.? Should company look for it, track it, report it, alert anyone, suspend the account, send help resources? Still unclear. There is also tension between people wanting the bonus features/ease of use coming from pesonalization and free services, while also not wanting to be tracked or charged. Advertisers see themselves as enablers of a good thing, as people want fitting ads, good algorithms, good suggestions, and free access; so if their business model is challenged or fails, people will have worse access and worse user experiences in their view. They also fear that if their business model is hindered, things will move into a more extreme, embedded, hard to avoid direction that you don't control or decide (Black Mirror ad type of stuff). I previously wrote about Consenter on the blog, and one panel had people from it there and showing screenshots; changed my mind on it a lot and made me understand the new features and goal better, I will probably write an update on it some time. We have different other options all covering something different about tracking, cookies, consent, or going about things differently, old and new: ADPC, GPC, ConStand, Global Privacy Control, DoNotTrack etc.; important for new stuff is granular consent, sent to the website, user given explanations etc. Uninformed decisions and bad practices lead to unfair competition ; bad actors erode trust level overall, so users resignate, experience fatigue and say yes in the same rates between "good" and "bad" services. Will read soon: Our data after us by the CNIL , and future release: Model rules on succession and access to digital remains by Eigenmann und Harbinja Digital remains can be split into assets (copyright, crypto, business tools, money), personal (messages, photos, identities, AI replicas), and third party data. GDPR only addresses living people; dead people's digital remains are subject to member state laws. There might be a need for something harmonized and European, though. For good digital hygiene , we should remember death and make it as easy as possible or sensible for the people we leave behind to get the access they need to manage our stuff how we want them to. Leave instructions, set emergency/legacy access when available (Google, Facebook, Instagram and Apple have it), include digital assets in your will, decide how your data is allowed to be used after death, especially around AI replicas. Hospice, nurses, families etc. should learn to ask affected parties about these things. Thanks to the focus on agentic AI, there is massive need for inference compute, which is super expensive. Almost all of it is in the control of, or can only be afforded by, the hyperscalers. At the same time, anything that seeks to enable or disable things for AI agents on the web can also affect accessibility programs like screen readers. It is in the best interest of the Big Tech companies to keep things individual, because it distracts from the collective issues and changes they'd have to do; it is easier to blame the person for agreeing to tracking than make sweeping changes to how much can be tracked. Individual consent doesn't consider the fact that data doesn't just affect you, but reveals things about your family, friends, partners, coworkers and more, as data is deeply interconnected. If your friend agrees to share his data and it also includes you, that is your data, still going to the service you'd have disagreed to. We as users have no collective bargaining tools yet; even big worker unions aren't negotiating with Microsoft about the terms of their employer using Microsoft Teams, when they actually should. We should also build up data unions made from users who bargain with the platforms. Strikes could look like boycotting the service, blocking trackers, scrambling data, massive amounts of access requests etc. Look into something called a Worker Data Trust ; this was used to prove Uber's predatory dynamic pricing (Worker's Info Exchange). Lots of workers made access requests, the data was combined and analyzed by researchers. After a failed attempt to meet up during lunch, I managed to meet up with another Country Reporter from noyb for a little while until the next panel happened, and sadly we didn't go to the same one. At this point, I was miffed about lunch at the conference. They made a big deal at registration about how the event will be mostly vegan and vegetarian to offset the climate impact of everyone traveling there, and they asked you to select your preference. I chose vegan. But for the entire three days, the food wasn't clearly labeled, some food was mislabeled as vegan when it wasn't, and there was way too little of it and wasn't restocked. It was more like "vegetarian snacks for birds". Vegan people had no warm food option at all, just sandwiches or wraps all three days that would have been enough for maybe 10 people. I mostly starved and I accidentally ate real cheese one time too because the food situation was so confusing. Here was one of the buffet menu cards, which were a bit to the side removed from the food, partially hidden by other stuff, and incorrect (anything with lactose is not vegan). I have no idea how, on a sea of silver platters with lots of bread, I am supposed to be able to differentiate the vegan gluten free bread option and the vegetarian gluten free bread that has scarmoza (italian cheese). It was a roundtable buffet, so everyone was waiting on you to hurry and grabbing stuff; I can't just grab bread and lift off the top to see the ingredients and then put it back, man. At least group the vegan stuff together or put labels directly in front of each thing. Also, while I am not reliant on gluten-free food, I think the people sensitive to it or having celiac disease don't appreciate that either. I skipped the Cocktail parties and big CPDP party, because it's not really feeling fun when you don't drink alcohol, have trouble just going up to people with your mask and hoping they hear you, and have no one to meet or go with. Last day was rather empty in the programme, so I arrived later and left earlier. I attended: My takeaways/new things learned: The AI warfare one was a bit of a letdown, because they all just accepted war as a right, an inevitable thing that has to happen. There was not even a nuance of fighting war itself, or banning AI weapons, etc; it focused more on the dual nature of the data , in which through surveillance, tracking, etc. not only can military use it to target people, NGO's and others can use it to warn, evacuate, render humanitarian aid etc. and document realities on the battlefield. There was also no possibility for the idea that we could enter an age where drones fight drones automatically and no one needs to get hurt or be traumatized or get to kill people like a game, and that is only because everyone is so attached to the idea that war has to have human casualties. It's hard to legislate and restrict because the data is taken from a whole ecosystem : Telecommunications, cloud services, civilian infrastructure, social media etc. and most of the data is collected during times of peace. Warfare is often explained with national security as a reason, which then again is a legitimate interest or fulfills other opening clauses in data protection and privacy laws. It is a problem that the richest men in the world, close to the US admin, lead the biggest companies worldwide, almost all in the US, and control almost all of AI and AI warfare. Project Maven from 2017 was continuously developed on and is now the Maven Smart System , which was used in Venezuela and Iran recently. Our Art. 15 GDPR right of access as it is right now is making up for Germany and Austria's lack of discovery and disclosure rights respectively. Controllers can usually drag stuff out, cite trade secrets and rights of others to evade data access, but the data subject barely has any power. Not having to justify the access request and it not having to be limited to data protection rights is good in this regard and needs to be kept up. Otherwise, also too much confusion and court cases whether a request was abusive or not if now, any request for a court case instead of privacy rights is deemed possibly abusive. We don't only need to focus on reidentification in general, but about the ability to single people's data out; you might not be able to identify them, but you can build a profile anyway. Learned about the term digital twin , or in terms of user data, a data twin that can be used for similation and is similar enough. AI-act-standards.com exists. Many don't know that the AI Act isn't a GDPR for AI, but serves more as market classification, as it sorts AI into different boxes who have to fulfill different requirements. The details of these requirements are/will be set with CEN/ISO standards and frameworks . You can see the progress of development on these standards on that website, and what they cover and how they interact. Hovering over the elements gives additional info. This is done by the JTC21 , and you can also get involved by registering with your national standardization body (in Germany, this is DIN) or when they do public consultations. Disabled people experience both extremes of AI - better accessibility options, often more reliant on AI, so also more subject to surveillance and having their privacy rights violated, while bad governments can use the data to harm disabled people, all under the guise of research. Marginalized groups are often the first trial group in anything, while not being stakeholders in the tech, or even invited to the table. See: AI used in immigration etc. and with deregulation and AI everywhere, we see a loss of reasonable suspicion thresholds in law enforcement and other groups. Learned about adversarial auditing . The previous two days, I did the whole fancy dress pants and blazer thing (one black blazer, one dark red/purple blazer), but for the last day and the drive home, I wore my Bearblog shirt and wide orange jeans: Someone from noyb staff thankfully recognized me and approached me, so we talked for a bit until he had to leave for another lunch meeting. That concludes the human contact I had. And then I left to drive home with my wife. She will hopefully soon write a guest post on my blog about how she navigates a new city in another country without mobile data/a smartphone (she has a tablet with WiFi only), because while I was at the conference, she explored the city on her own. It's kind of difficult to show up to these conferences as someone who isn't sent there for work, who doesn't have coworkers or ex-coworkers also attending, and who doesn't have much or any industry contacts yet. Most people there know each other from work or previous/other conferences, and I don't. These events are primarily for networking, keeping in touch, and talking about what you have seen and learned though. I couldn't discuss anything with anybody present, and it made me feel really lonely and silly. Just going up to people and striking up a conversation is not my strong suit, and it's something I am working on and has already gotten better, but the mask I am usually wearing in these big crowds and gatherings because I am on immunosuppressive medication is actively keeping me isolated. I know people have trouble understanding me, can't see me smiling at them, and think I am sick, so that keeps both sides hesitant. Unfortunately, if I attend next year, I will have to leave away the mask and maybe try out these protective sprays for nose and throat that are supposed to reduce viral load. It seems like you can only 'afford' to wear a mask if you are already in a group of people. Weeks before the event, I asked some people if they would attend, they said they will and we had a group chat of 10 to coordinate meetups. But during the entire conference, I was the only one trying to make something happen - saying where I am/where I will be, identifiers you could spot me with (as we never met before and you can't see name tags well on the lanyard), meeting points etc. and the two people mentioned were the only ones who took me up on it. The others just ghosted me/ignored my messages. That saddened me a lot during the conference. And unfortunately, these types of events are always really exhausting to me beyond the normal amount everyone experiences, because of things that trigger my conditions, my lower energy, my needs to lie down sometimes, sensory issues, food restrictions etc. so I really have to weigh if it's worth it to me. I'm not sure it is, without the social aspect. Many of the panels I chose had an issue of being not well organized. Instead of short speaker times, precise audience questions, interactions, dialogue, disagreements, different sides, answering the panel's topic and offering solutions etc., it often resulted in every speaker having a 10 minute monologue saying their peace, the other speakers not reacting or intervening because it's too much, everyone more or less saying the same thing or zoning out, and then having too little time to really give much attention to audience questions. Some gathered audience questions to answer them in batches and predictably, that resulted in nuance being lost and almost nothing being precisely answered. From many panels, I walked away with less learned than I wanted to, and just being reaffirmed in what everyone knew already. There were almost no further or new resources, or real takeaways of what the next steps should be and how we can tackle or solve an issue. They say " there should be more transparency " but not how we ask for it, how we legislate it, how it should happen. It's often just a vague " Someone should do more of something, and fast. " It was easy for people from the EU Commission to dodge mine and others' questions about the omnibus bullshit with no convincing answer. (: It disillusioned me a bit about my own goal to be speaking at a panel one day, because so often it felt like it was just there to platform someone to give them a chance to ramble and that's it, or just so that they can put this on their CV. Looking into the panelists, so many of them are genuinely great, very accomplished and admirable people with a lot of expertise, but the way things were set up, it couldn't shine through. You would have been better off talking to them directly. As a final bonus for reading this far, help me delete this (fortune) cookie. Reply via email Published 23 May, 2026 Contesting AI & Defending Democracy ; Possibilities for European AI Futures ( x ) Youth protection through inclusion and empowerment : a rebuttal of the exclusion-based narrative ( x ) Intimacy by Design: Governing Human AI relationships ( x ) Microsoft co-wrote parts of the EU's Energy Efficiency Directive , which allows data centers to keep their energy use confidential under the guise of business secrecy. The draft literally had paragraph's of Microsoft's proposal copied in unchanged. The Dutch government used racial/ethnic profiling via algorithms in the assessment of childcare benefit applications, which led to false allegations of fraud against thousands of families, particularly affecting those from ethnic minorities. I heard about this before, but learned more about it that day. To contest it all and defend democracy, we all need to train our AI literacy skills , support and have good tech journalism that questions and exposes it all (404media is, imo, a good example of what they meant), crafting and changing the social media narrative around AI and Big Tech, listening to affected people, demanding transparency via standards and audits etc. We cannot forget that officials know ; many of the effects we criticize are not accidents or side effects, they are the entire point. Like when tech predominately negatively targets marginalized communities, this is a bonus to people in power, and nothing to be fixed. Workers can resist by reminding their leaders of the liabilities and legal risks, strategic issues, money issues etc. that AI brings; demand specific definition of the needs that AI will fulfill at the workplace, instead of letting AI become the purpose instead of the tool. Age verification is racist and migrantphobic : Many people have issues with their ID, or have none, or are undocumented, and age verification in their country requires them to have contact with officials, police, etc. Age verification is transphobic : Relying on ID means many trans people are forced to reveal their deadname or are forced to come out, as it reveals they are trans if the ID is not or cannot be updated. The platforms are harmful, but we have so many ways and ideas against that that doesn't take away important spaces and support groups or bar entire groups of people. Age verification makes it possible for platforms to avoid working on their problems and becoming better, enables avoiding legislation and regulation, and enables control and surveillance by them; meanwhile, the truth is that you don't suddenly turn 16-18 and know how to handle porn, gore, harassment and all other negative parts of social media. The negative sides to social media that are named as the reason for age verification and banning of social media for specific age groups also affect adults negatively . We need to put more effort into education on how to handle these things. Yes, we can protect children's privacy by banning them off of platforms, but this also affects their other (digital and offline) rights, and privacy rights don't trump all . Children and teens should learn and be encouraged to control their own spaces and moderation via FOSS : Matrix, Mastodon, etc. where they can also seclude from adults and aren't reliant on Big Tech. Age verification and banning would take this away from them and also make it harder for FOSS projects. If children only ever enter the political discourse as victims, the only response can be rescue; that it why we have to make sure they enter as participants. Protection is not (just) space away from the risk, but confronting the systems that cause harm and eliminating them. 16-18% of US citizens report having engaged romantically with a bot, 45% of them said it made them feel more understood, 36% said it gave them stronger emotional support than their human partner. Problem: Current version of AI Act doesn't cover romantic and sexual use, no guidance for safeguards for emotionally responsive AI systems that protects around the risk of suicide, crimes, distress when service slows down or shuts down or model changes, discrimination as you get more if you pay etc.; drafts mention some of it now in Art. 50. With all the talk around becoming emotionally dependent on AI, nudging into harmful behaviors, etc. we cannot forget that you are also vulnerable on other services and in human romantic relationships, where the same routinely happens (weak argument, but to be fair, I also often forget this). We also cannot forget that it is not always a replacement - it often just supplements social life, and there are also surprisingly many people who just don't want or need romantic or sexual relations with a human ; they want bots specifically , and only bots. Disclosure agreements (meaning: labels everywhere that this is just a bot and not real) are most often useless, because people know and intentionally seek it out (exception for Insta/Snap DMs etc.) Simplification for Whom? Unpacking the Consumer Impact of the Digital Omnibus ( x ) My Chatbot, My Confidant: Protecting User Privacy in Generative AI Conversations ( x ) Informed consent: The breakthrough in Art. 88b GDPR / Digital Omnibus and current initiatives in the field of PIMS and technical standardisation ( x ) Digital Legacy Beyond GDPR: Succession, Data Protection, Access Rights, and Platform Power ( x ) The Agentic Assistant: What does Big Tech’s goal of creating a universal digital intermediary mean for society? ( x ) Designing Collective Technology Governance ( x ) The digital omnibus is mostly there to enable AI made in Europe to aid sovereignty and be competitive with US and China; AI here needs a framework to access data without much regulatory risk - that is what the EU Commission person said. Enforcing the law and and making it sharper is actually leveling the playing field and furthering innovation, because there is a massive power concentration of a handful companies that can do what they want, barely pay fines, have the fines suspended because of the US government bargaining with the EU, or who see them as a cost of doing business. Competition is impacted this way, as small companies are hit harder than the big ones. If the omnibus goes through with changing definitions of personal data etc., it will take years for case law, literature, standards etc. to catch up, it wastes money in companies who need to re-do everything to comply; so it doesn't simplify anything and makes praxis harder. You may set ChatGPT/Claude/Gemini etc. to not send feedback or training data in your settings, but when you react thumbs down/up to their request of whether the output was good or not, or choose between two different versions, the entire chat log until then gets sent for training and potential human review. So, these popup feedbacks override your settings . I need to read more papers by Theodore Christakis. Here is one of them. US and UK discovery and disclosure laws/principles go directly against EU data minimization principles; as long as data is relevant to a case it should be accessible, which is why in their cases, they can just have access to million's of people's data if necessary, and in a divorce case, they have the right to ask for AI chatlogs. There is no AI protection or privilege: If you use AI for legal stuff, you have no expectation of confidentiality like you would with a lawyer, so it is not safe from discovery. There is tension between tracking for harmful behavior/threats vs. data privacy rights ; what if someone threatens to kill themselves, kill others, etc.? Should company look for it, track it, report it, alert anyone, suspend the account, send help resources? Still unclear. There is also tension between people wanting the bonus features/ease of use coming from pesonalization and free services, while also not wanting to be tracked or charged. Advertisers see themselves as enablers of a good thing, as people want fitting ads, good algorithms, good suggestions, and free access; so if their business model is challenged or fails, people will have worse access and worse user experiences in their view. They also fear that if their business model is hindered, things will move into a more extreme, embedded, hard to avoid direction that you don't control or decide (Black Mirror ad type of stuff). I previously wrote about Consenter on the blog, and one panel had people from it there and showing screenshots; changed my mind on it a lot and made me understand the new features and goal better, I will probably write an update on it some time. We have different other options all covering something different about tracking, cookies, consent, or going about things differently, old and new: ADPC, GPC, ConStand, Global Privacy Control, DoNotTrack etc.; important for new stuff is granular consent, sent to the website, user given explanations etc. Uninformed decisions and bad practices lead to unfair competition ; bad actors erode trust level overall, so users resignate, experience fatigue and say yes in the same rates between "good" and "bad" services. Will read soon: Our data after us by the CNIL , and future release: Model rules on succession and access to digital remains by Eigenmann und Harbinja Digital remains can be split into assets (copyright, crypto, business tools, money), personal (messages, photos, identities, AI replicas), and third party data. GDPR only addresses living people; dead people's digital remains are subject to member state laws. There might be a need for something harmonized and European, though. For good digital hygiene , we should remember death and make it as easy as possible or sensible for the people we leave behind to get the access they need to manage our stuff how we want them to. Leave instructions, set emergency/legacy access when available (Google, Facebook, Instagram and Apple have it), include digital assets in your will, decide how your data is allowed to be used after death, especially around AI replicas. Hospice, nurses, families etc. should learn to ask affected parties about these things. Thanks to the focus on agentic AI, there is massive need for inference compute, which is super expensive. Almost all of it is in the control of, or can only be afforded by, the hyperscalers. At the same time, anything that seeks to enable or disable things for AI agents on the web can also affect accessibility programs like screen readers. It is in the best interest of the Big Tech companies to keep things individual, because it distracts from the collective issues and changes they'd have to do; it is easier to blame the person for agreeing to tracking than make sweeping changes to how much can be tracked. Individual consent doesn't consider the fact that data doesn't just affect you, but reveals things about your family, friends, partners, coworkers and more, as data is deeply interconnected. If your friend agrees to share his data and it also includes you, that is your data, still going to the service you'd have disagreed to. We as users have no collective bargaining tools yet; even big worker unions aren't negotiating with Microsoft about the terms of their employer using Microsoft Teams, when they actually should. We should also build up data unions made from users who bargain with the platforms. Strikes could look like boycotting the service, blocking trackers, scrambling data, massive amounts of access requests etc. Look into something called a Worker Data Trust ; this was used to prove Uber's predatory dynamic pricing (Worker's Info Exchange). Lots of workers made access requests, the data was combined and analyzed by researchers. Data-driven warfare : AI, civilian risks, and corporate responsibility ( x ) Digital Omnibus meets the Charter of Fundamental Rights ( x ) Toward a Standard for Fair AI-driven Recruitment ( x ) Data protection law as a shield, not a weapon: empowering historically marginalized communities in the EU in times of de-regulation ( x ) -> this choice was especially rough, because I was also very interested in ' The U.S. Deregulatory Effect ' happening elsewhere at the same time The AI warfare one was a bit of a letdown, because they all just accepted war as a right, an inevitable thing that has to happen. There was not even a nuance of fighting war itself, or banning AI weapons, etc; it focused more on the dual nature of the data , in which through surveillance, tracking, etc. not only can military use it to target people, NGO's and others can use it to warn, evacuate, render humanitarian aid etc. and document realities on the battlefield. There was also no possibility for the idea that we could enter an age where drones fight drones automatically and no one needs to get hurt or be traumatized or get to kill people like a game, and that is only because everyone is so attached to the idea that war has to have human casualties. It's hard to legislate and restrict because the data is taken from a whole ecosystem : Telecommunications, cloud services, civilian infrastructure, social media etc. and most of the data is collected during times of peace. Warfare is often explained with national security as a reason, which then again is a legitimate interest or fulfills other opening clauses in data protection and privacy laws. It is a problem that the richest men in the world, close to the US admin, lead the biggest companies worldwide, almost all in the US, and control almost all of AI and AI warfare. Project Maven from 2017 was continuously developed on and is now the Maven Smart System , which was used in Venezuela and Iran recently. Our Art. 15 GDPR right of access as it is right now is making up for Germany and Austria's lack of discovery and disclosure rights respectively. Controllers can usually drag stuff out, cite trade secrets and rights of others to evade data access, but the data subject barely has any power. Not having to justify the access request and it not having to be limited to data protection rights is good in this regard and needs to be kept up. Otherwise, also too much confusion and court cases whether a request was abusive or not if now, any request for a court case instead of privacy rights is deemed possibly abusive. We don't only need to focus on reidentification in general, but about the ability to single people's data out; you might not be able to identify them, but you can build a profile anyway. Learned about the term digital twin , or in terms of user data, a data twin that can be used for similation and is similar enough. AI-act-standards.com exists. Many don't know that the AI Act isn't a GDPR for AI, but serves more as market classification, as it sorts AI into different boxes who have to fulfill different requirements. The details of these requirements are/will be set with CEN/ISO standards and frameworks . You can see the progress of development on these standards on that website, and what they cover and how they interact. Hovering over the elements gives additional info. This is done by the JTC21 , and you can also get involved by registering with your national standardization body (in Germany, this is DIN) or when they do public consultations. Disabled people experience both extremes of AI - better accessibility options, often more reliant on AI, so also more subject to surveillance and having their privacy rights violated, while bad governments can use the data to harm disabled people, all under the guise of research. Marginalized groups are often the first trial group in anything, while not being stakeholders in the tech, or even invited to the table. See: AI used in immigration etc. and with deregulation and AI everywhere, we see a loss of reasonable suspicion thresholds in law enforcement and other groups. Learned about adversarial auditing .
Welcome back to This Week in Stratechery! As a reminder, each week, every Friday, we’re sending out this overview of content in the Stratechery bundle; highlighted links are free for everyone . Additionally, you have complete control over what we send to you. If you don’t want to receive This Week in Stratechery emails (there is no podcast), please uncheck the box in your delivery settings . On that note, here were a few of our favorites this week. This week’s Stratechery video is on The Inference Shift . Data Center Discontent. The impact of AI is, at least for now, being felt digitally: that is where AI is useful, and the more digital a job, the more it is threatened by LLMs. AI, however, depends on data centers in the physical world, and building data centers needs permission. This gives normal people the sort of veto power over AI they didn’t have in the face of globalization; I make the case in Monday’s Update and on Sharp Tech that understanding this dynamic is more important that trying to correct misinformation, which is a symptom, not a cause, of data center opposition. — Ben Thompson Agent Economics. What will the internet look like when ad-supported models are rendered obsolete by shifting user behavior and the rise of agentic web traffic? Ben considered this question last summer with The Agentic Web and Original Sin , and I was surprised to learn this week that Parag Agarwal, former CEO of Twitter, is now focused on devising solutions for exactly this reality. This week’s Stratechery Interview with Agarwal dives deep into the economics of content on the Internet, why ads make sense for humans, and why incentivizing content for agents will be different, and how Agarwal and Parallel are trying to solve them. I learned a ton from this interview, and I bet you will, too — and don’t worry, we did get a few bonus questions on the ride at Twitter. — Andrew Sharp Never Count Out the Slime Mold. Wednesday’s Daily Update on Google I/O reminded me of an iconic leaked memo about the ungovernable and poorly coordinated mold in Mountain View, as the company seems to be throwing 10 different types of AI spaghetti at the wall to see what sticks. Then again, Google is now a nearly $5 trillion company and its transformer architecture supercharged the AI era. That second part is why, when Ben highlights a DeepMind approach to building AGI that’s distinct from the approaches at OpenAI and Anthropic, I’m compelled to both pay attention, and remember: for all of Google’s faults and misses, they do in fact have plenty of historic hits. — AS Data Center Discontent, Understanding the Opposition, Fixing the Problem — There are understandable reasons for people to oppose data centers; the only solution that will work is simply paying them off. Google I/O, World Models, I/O Spaghetti — Google I/O put AI everywhere, for better and for worse. Meanwhile, is DeepMind aligned with Google’s business objectives? An Interview with Parallel Founder Parag Agarwal About Valuing Content on the Agentic Web — An interview with Parallel founder Parag Agarwal about valuing content and incentivizing its creation in a world of agents (plus questions about Twitter). Data Center Unpopularity Google Being Google The Little Vertical Laser That Everyone Uses Intel’s 30 Years in Costa Rica Constructing US-China Stability; Trump’s Taiwan Comments and More Summit Takeaways; Putin in China Wemby, Harper and an Instant Classic from the Spurs in Game 1 vs. OKC A Note on the Future of GOAT and An Emergency Top Five Much Ado About Data Centers, What Tech Gets Wrong About Its Critics, Q&A on SpaceX, Chinese AI, Elon Musk
There are understandable reasons for people to oppose data centers; the only solution that will work is simply paying them off.
I've been thinking more about the future we might be heading towards if things continue the way they do, relatively unstopped, especially in regards to data harvesting and leaks, and how digitalized our society continues to become. I wonder if we are simply headed for a society in which there is bleak acceptance and normalization of most pieces of information being out there already. Everything you put out there voluntarily/openly (like a blog, or social media) and the things passively collected about you (via your devices) being trained on, analyzed, in some database that cannot withstand the latest AI release or whatever, together with vibecoded insecure software. Your cloud, your social media posts, your DMs, your purchase history on different platforms, health data in your eFile, the journal entries you did in that aesthetic journaling app, the poop pictures you gave to an AI app to analyze, the recordings of your Alexa and smart TV, etc. that all may or may not be combined. We have lost so many of the previous barriers. Compared to previous times in history, many things aren't automatically private in your own home, or just saved in just people's brains anymore. Less and less things are exclusively physically in some cabinet you have to locate and get several keys for or lie your way in (social engineering) for. Digital things are written down and stored in a more accessible way, and while there is a metaphorical door, it can be broken down from anywhere in the world, and you no longer need to rely on pressuring things out of people or enduring any of the prep and risk of a physical break in. Your home can be broken into from half the planet away. All of this is making secrecy and privacy hard; it is all a technology arms race. Data protection and privacy is only seen as a hindrance, an annoyance in the eyes of many. Unnecessary when things are going fine until they aren't. It's annoying when a website asks you to consent, but it's suddenly important when you need to know what data a company still has from you, or when there's a breach. I see privacy laws overall being weakened, employees in those teams, authorities and organizations terminated, all because data is the new gold, or an even better oil. I see the EU trying to use our rights and data as a bargaining chip for US travel and exports. As usual, human rights stand in the way of big money. Historically, we are used to seeing the privacy of the rich as something rather physical; they move to gated communities, or land in bumfuck nowhere, to have no neighbors and peace from paparazzi and weird stalkers. They get to have certain media pulled from the shelves when it is not favorable to them. Increasingly, we have seen them remove digital content: Blog posts, Reddit threads, specific images and videos, stats tracking their whereabouts, meetings and flights. Unfortunately, the richer you are, the more protection of your data and privacy you can buy. You can see it even now: We need to give up so much information just to travel and pass airport checks, down to social media checks or the EU bartering over sharing biometric data with the US for EU travellers. Meanwhile, Taylor Swift and Elon Musk can restrict the activity of their private jets. They can obscure or limit their real-time location exposure, acquire surrounding properties to create buffer zones, forbid aerial photography and maritime tracking around their properties, tighten security around family information and their children’s identities, can afford security teams and compartmentalized travel arrangements, can subject others to NDA's, and influence powerful government officials - can you do the same? As you are told you need these devices with all these data mining features, all these privacy-disrespecting apps and LLMs, all these social media accounts to be successful, or happy, or organized, or be seen and loved, or get a chance at an additional income stream or fame, they are already rich and known enough. They get to be private, not overshare on socials, and leave posting and taking calls and messages to their assistants. It's okay for them not to be overly online and active. They probably get to be exempt from their own companies' tracking for "security reasons", despite using the same products. They know the data their services mine is harmful if you have a stalker or abuser; they only care if it affects them, though. And think of the legal repertoire they have when they have their likeness stolen, deepfakes of their voice and visual characteristics made in a way that harms them. You don't have the same options. When data leaks that makes you uninteresting to employers, you have to potentially live with that; they are the employers. Continuing on, having any privacy will be even more of a privilege. It is maddening, because very rich and powerful techbros like Musk, Altman, Zuckerberg, etc. get rich off of our data that we can no longer afford to protect against them, eventually always funding their dominance over us, and enabling their own exemption status in this data mining society. They benefit from collecting and analyzing information at industrial scale while attempting to selectively limit information flowing the other direction. In their ideal little world, they don't invest it back into us; they use it to further fund AI replacement workers, weapons, and their doomsday bunkers away from us all. It makes me wonder if we will end up in a society where people will deliver as much information up front as they deem necessary to be in control of the narrative and tell themselves they have not been spied on and instead have shared it voluntarily in an act of bravery. Reply via email Published 16 May, 2026
For Kami's Carnival "Bear Blog Carnival: Your favorite ____ in your niche hobby" , I'm writing about what my favorite General Data Protection Regulation (GDPR) article is. Initially, this came up in our Matrix server. I wrote: " If you ask me my favorite anything, I blank [...]. Except games. And GDPR articles maybe. Food too " Kami then asked me what my favorite article is, and it is Article 6 ( x )! It's the first thing I think of when I think of the GDPR; it decides so much, as it holds all of the legal bases data processing can have in 6(1). They are easy to remember and understand too: consent, fulfillment of a contract, compliance with a legal obligation, vital interests, public interest, and legitimate interest. Short, sweet, relatively easy to read for laymen. The rest of Article 6 is more about specifying parts of this via an opening clause so Member State law can narrow some of this down. I just find it so satisfying to have one article to refer to for different routes of legal data processing. Just one "only lawful if" and a nice list. They could have given each of these an article separately, spread out throughout the regulation, with a huge text every time, and it would have sucked. Or it could have been a single wall of text that vaguely describes these 5, which you then have to distill out of the text. Other laws I know are like that, and it's a slog! They infer specific rights and concepts out of a text that can be hard to even detect inside of it, so you learn all that by heart. Not here! A structure like this (easy to read and remember, collected in a single place, short) makes it so much easier to have definitive guidance and recognize when a right has been violated. And that's why I said " Article 6! It's like the heart of the GDPR to me, it's so important, it shows up all the time, it has all the legal bases you can possibly base data processing on. It's short, nicely structured, and even easy for laypeople to understand. It's chefs kiss law " If you wanna know what the competition is: Second place in my ranking would be Article 4 ( x ), which holds all relevant legal definitions for the regulation, meaning: what is processing, what is a controller, etc. I love when laws and regulations (mostly EU-wide ones) do this! It's so rare in the laws I have to learn for my degree (German laws), so I appreciate when I can just look definitions up instead of learning them by heart. It's also easier to refer people to this official, already included resource, than going " This is the definition I learned, coined by this author in this legal literature, but there are other literature voices that disagree, or have a slightly wider/narrower definition. " Less ambiguity and guesswork and " but so and so said so " involved when the definition is already in the law. The third contender would be Article 7 ( x ), which sets the conditions for consent. It says consent needs to be demonstrated (= proven), can be withdrawn anytime and should be as easy as giving consent, and you shouldn't be misled into consent by confusing design, conditional linking, or mixing it up with other matters. It needs to be clearly distinguishable, in an intelligible and easily accessible form, using clear and plain language - otherwise it is not binding. Companies and their lawyers love to forget the "plain language" part, and another upcoming blog post of mine will mention a bit about that... I could also talk about an article or two I don't like, just to offer a bit of contrast. Article 18 ( x ) is a super messy affair for me in my head; it's the right to restrict . While it has the same structure as Article 6 and tries its best to explain plainly and shortly the different situations, in the end it's lots of different complex situations lumped together, and it can be hard when you first learn about it to keep it mentally separated from Article 21 ( x ), which is the right to object . Both intervene in ongoing data processing, but Article 18 temporarily freezes the processing, and Article 21 wants to stop the processing altogether and challenges the legal basis. I also have started developing a dislike to Article 15 ( x ; the right to access your data) through no fault of its own, just because soooo many court cases deal with delayed or incomplete responses to these requests, and it bores me at this point. Everyone and their mama has opinions on what needs to be included, what can be left out, what counts as a copy and what doesn't, and whether a request was excessive or not. Anyway, that's it! Reply via email Published 06 May, 2026
A bit of a streamlined edition, this month. Lots of interesting links still, but less commentary. You can put that down to me prevaricating on getting my previous blog about Materialized Tables in Apache Flink finished, and leaving myself little time to work on this one :) Not including the detailed narration actually knocks a bunch of time off the preparation—I’d be interested in your feedback as to how much the absence of narration impacts (if at all) your enjoyment of reading it. Let me know in the comments below! Something that I’m slowly changing is how I categorise links to do with AI. A few months back anything "AI" got its own section. It wasn’t much more than a novelty really; certainly not something worth distracting the regular link sections with. But now AI is just part-and-parcel of many people’s workflows, a regular component in their toolbox. So where an article is about credibly using AI as part of an existing topic (such as data engineering), I’ll file it in that section. (And if this news makes you cross because you abhor anything AI, well, I’ve got news for you ) .
When you search for privacy/data protection stuff, what you will usually come across are things like privacy guides , the privacy subreddit, interested tech-y privacy blogs and YouTube channels. They give you great advice and overviews over different kinds of alternative services or additional software you can use to protect yourself, and they rank them, rate them, give additional context and keep up with them in case anything changes. It's this stuff that initially got me interested in privacy, and I wouldn't know a lot of services if it wasn't for their work. I love that I can just refer people to those if they have any questions about specific alternatives, and they deserve their space in the privacy sphere. Anyway, this type of privacy material tends to do well online: It's easy to read, it gives you actionable steps to take, and immediately presents a solution. It says: You're still using Google services? Switch to the Proton Suite. You hate ads? Here are ad-blockers that also block trackers and popups and more. You "just" need to switch, or install more, and you're good. Crisis averted, you're safe/r. Meanwhile, more dry, theoretical, law-based stuff is harder to engage with and harder to write. The reason why I am not really interested in writing about privacy or data protection in the product-focused way isn't only because I am a law student and therefore more interested in law; it's because I prefer to talk more about why something is a problem (or a bad service), and I want to give people the tools to spot it, a legal justification for the bad gut feeling they have, and I don't want to end up just advertising products. The usual type of privacy content isn't always great at educating people on what the problem even is. This service is bad, this service is good (or at least better) is easy to believe at face value, especially when one is a big company and the other is smaller - but why is this bad, and why is this good? Okay, so one does more tracking and one does less tracking, but why is tracking bad? What stops this other service from also becoming "bad"? Nothing is really safe from enshittification, or bankruptcy, or losing their maintainer, or being steered by investors and existing under capitalism for profit. I'd feel bad having the majority of my posts in my area of interest to do the work of the sales department for these services, just for them to become another thing to move away from in a couple years. That is the downside of this sort of approach: You can install and switch all you want, but in the end, it puts a lot of responsibility onto the consumer and involves them in the never-ending arms race of avoiding something; whether that is not supporting an unethical company, or avoiding AI implementation, avoiding ads, avoiding trackers, avoiding becoming training data, etc. as both sides seek new loopholes and ways to get you to either comply and be subject to it anyway, or continue to be able to avoid it via another service or software. It's an unfair fight, where one side heavily depends on smaller companies or FOSS maintainers, and the other side are billion dollar companies that are having a monopoly on many things and have a huge influence on the most powerful government(s) of the world. Consumer choices are good and you should use yours to no longer support what doesn't align with your values, but they aren't everything, especially as the companies make it harder and harder for consumers to have this choice, or for that choice to even make a dent in their finances. That's where we need laws and consumer protections to hold them accountable and grant users who rely on these services better rights - even rights making migrating off of them easier, like the data portability aspect mandated by the GDPR. Indulging in the above sort of privacy content a lot can make you feel like you're outsmarting the Big Guys and you got it all under control while just the "normies" struggle who are just " too lazy to switch!11! ", but to me, that is a flimsy house of cards that can easily collapse. I say that while I too use these things - I am a Linux user, I have several browser extensions to reduce tracking and ads, I use forks like LibreWolf, I am a Proton user, I use a VPN, Signal, Matrix etc. - but I just want to be realistic about it and recognize that it just takes a little here and there for my products and services to vanish or get significantly worse, and that I don't want to foster a false sense of security. If you're like me and a millennial or older, you probably still remember all the past mass migrations between services. I also recognize how many people are left behind with this approach, or at least makes them rely on people around them who are knowledgeable in this stuff. In private, you have a choice, but you might be limited by your knowledge/awareness of alternatives, your understanding of tech, the complexity of the task, the network effect, or how willing the people around you or online are to help. Switching can be hard; transitioning cloud contents, or mail providers, and remembering to change your email address everywhere or at least implement a forwarding rule on the old one(s) can be a task that spans days or weeks next to all the other responsibilities you have. Then every now and then, you might wanna check in to see if your solution is still "good" or whether something changed. That's a lot more labor than just staying where you're at and where the majority is. Maybe you are the one to install a Linux distro for your grandparent, or an adblocker for your parents, and then you're on the hook when things break and have to take the time to sort it out, and they rely on your skills and time until their device is functional again. LibreWolf, for example, has broken many payment transactions for me in the past. At work, or in school or university, you probably don't have a choice at all. They force you into Microsoft and Google products or at least don't present alternative solutions in their setup guides. My work, for example, provides an MFA setup guide that only mentions Google Authenticator, even when any type of authenticator app would work. All of that is not ideal. Putting too much emphasis on switching one product out for another can sometimes produce this vibe of " If you're still using that proven-to-be-awful service, you consent to being exploited and tracked, and it's your fault for staying. " among privacy-interested people, but we can't let that run unchecked to basically mean that you can't expect better from platforms and the users deserve whatever is coming their way. Unless the laws make distinctions between company sizes, they apply to your sacred privacy-conscious competitor as well and might help to prevent them turning out "bad". I also think you'd want your friend, who cannot bring themselves to switch or delete a service, to still have at least some protections here and there, instead of pointing and laughing from your moral high ground. Your child deserves protections when they have to use Microsoft products on their school tablet or when they install TikTok to engage with their friends. They deserve to migrate as easily as possible. They deserve to have permanent deletions of their content. They deserve to not have their likeness uploaded to the platform used for advertising and AI deepfakes without their consent. They deserve to not be targeted by advertisers and political groups via the algorithm that attempts to radicalize them. They deserve not to have all their private data and especially location data leaked or sold, their DMs and art used for training data without consent, and so on. Even if they could switch/abstain and just don't do it. Switching from one service to another when both have the same profit goal and exist under the same system feels, and often is, a temporary bandaid. I don't wanna be a bandaid seller. I don't care about product names, I care for mechanisms, cash flow, dark patterns and settings options. I talk more about why things happen the way they do and make people aware that yes, this thing bothering you is very much illegal or should be handled differently. I write about what the root cause is (usually: attention economy, data brokerage business model etc.), and discuss (potential or actual) laws and other ways on how the root cause is contained, redirected or partially mitigated. We are also constantly hit with attempts by the US government to weaken and dissolve our EU consumer protections and that deserves more attention. I find that more productive and fitting to me/my style than being another " 50 privacy-focused services to consider " in a thousand, forced to make clickbait like " Is this service still safe in 2026??? ". Reply via email Published 25 Apr, 2026
OpenAI released ChatGPT Images 2.0 today , their latest image generation model. On the livestream Sam Altman said that the leap from gpt-image-1 to gpt-image-2 was equivalent to jumping from GPT-3 to GPT-5. Here's how I put it to the test. First as a baseline here's what I got from the older gpt-image-1 using ChatGPT directly: I wasn't able to spot the raccoon - I quickly realized that testing image generation models on Where's Waldo style images (Where's Wally in the UK) can be pretty frustrating! I tried getting Claude Opus 4.7 with its new higher resolution inputs to solve it but it was convinced there was a raccoon it couldn't find thanks to the instruction card at the top left of the image: Yes — there's at least one raccoon in the picture, but it's very well hidden . In my careful sweep through zoomed-in sections, honestly, I couldn't definitively spot a raccoon holding a ham radio. [...] Next I tried Google's Nano Banana 2, via Gemini : That one was pretty obvious, the raccoon is in the "Amateur Radio Club" booth in the center of the image! Claude said: Honestly, this one wasn't really hiding — he's the star of the booth. Feels like the illustrator took pity on us after that last impossible scene. The little "W6HAM" callsign pun on the booth sign is a nice touch too. I also tried Nano Banana Pro in AI Studio and got this, by far the worst result from any model. Not sure what went wrong here! With the baseline established, let's try out the new model. I used an updated version of my openai_image.py script, which is a thin wrapper around the OpenAI Python client library. Their client library hasn't yet been updated to include but thankfully it doesn't validate the model ID so you can use it anyway. Here's how I ran that: Here's what I got back. I don't think there's a raccoon in there - I couldn't spot one, and neither could Claude. The OpenAI image generation cookbook has been updated with notes on , including the setting and available sizes. I tried setting to and the dimensions to - I believe that's the maximum - and got this - a 17MB PNG which I converted to a 5MB WEBP: That's pretty great! There's a raccoon with a ham radio in there (bottom left, quite easy to spot). The image used 13,342 output tokens, which are charged at $30/million so a total cost of around 40 cents . I think this new ChatGPT image generation model takes the crown from Gemini, at least for the moment. Where's Waldo style images are an infuriating and somewhat foolish way to test these models, but they do help illustrate how good they are getting at complex illustrations combining both text and details. rizaco on Hacker News asked ChatGPT to draw a red circle around the raccoon in one of the images in which I had failed to find one. Here's an animated mix of their result and the original image: Looks like we definitely can't trust these models to usefully solve their own puzzles! You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options .