Maybe it will be a cyberpunk future.

I suggest you buckle up.

I don’t trust them either. But I can’t not trust them unless I trust you, which I don’t.

This feels like a variation of that two guard riddle except the warning is “both guards lie all of the time” and the two guards still don’t agree.

Which is resolved by the riddle itself being the lie. Applying that here means we should do the opposite and not (never trust anyone).

Now which way does that not apply?

• sometimes trust anyone
• never distrust anyone
• never trust noone
• sometimes distrust anyone
• never distrust noone
• sometimes trust noone
• sometimes distrust noone

We don’t control what Google puts on their search page. Ideally, yeah, they wouldn’t be pushing their LLM out to where it’s the first thing to respond to people who don’t understand that it isn’t reliable. But we live in a reality where they did put it on top of their search page and where they likely don’t even care what we think of that. Their interests and everyone else’s don’t necessarily align.

That comment was advice for people who read it and haven’t yet realized how unreliable it is and has nothing to do with the average person. I’m still confused as to why you have such an issue with it being said at all. Based on what you’ve been saying, I think you’d agree that Google is being either negligent or malicious by doing so. So saying they shouldn’t be trusted seems like common sense, but your first comment acts like it’s just being mean to anyone who has trusted it or something?

Yeah, I think there is a lot of potential for code analysis. There’s a limited cross section of ways malware can do interesting things, but many permutations of ways to do that.

So look for the interesting things, like:

• accessing other programs’ address spaces
• reading/writing files
• deleting/moving files
• sending/receiving network traffic
• os system calls and console commands
• interacting with hardware
• spawning new processes
• displaying things on the screen
• accessing timing information

Obviously there’s legitimate uses for each of these, so that’s just the first step.

Next, analyze the data that is being used for that:

• what’s the source?
• what’s the destination?
• what kind of transformations are being applied to the data?

Then you can watch out for things like:

• is it systematically going through directories and doing some operation to all files? (Maybe ransomware, data scrubbing, or just maliciously deleting stuff?)
• is it grabbing data from somewhere and sending it somewhere else on the internet? (Stealing data?)
• is it using timing information to build data? (Timing attacks to figure out kernel data that should be hidden?)
• is it changing OS settings/setup?

Then generate a report of everything it is doing and see if it aligns with what the code is supposed to do. Or you could even build some kind of permissions system around that with more sophistication than the basic “can this app access files? How about the internet?”

Computer programs can be complex, but are ultimately made up of a series of simple operations and it’s possible to build an interpreter that can do those operations and then follow everything through to see exactly what is included in the massive amount of data it sends over the network so that you can tell your file sharing program is also for some reason sending /etc/passwords to a random address or listening for something to access a sequence of closed ports and then will do x, y, z, if that ever happens. Back doors could be obvious with the right analysis tools, especially if it’s being built from source code (though I believe it’s still possible with binaries, just maybe a bit harder).

Ok, I agree that Google isn’t a good guy in this situation, but that doesn’t mean advice to not just trust what Google says is invalid. It also doesn’t absolve Google of their accidental or deliberate inaccuracies.

It was just a “In case you didn’t know, don’t just trust Google even though they’ve worked so hard at building a reputation of being trustworthy and even seemed pretty trustworthy in the past. Get a phone number from the company’s website.”

And then I’ll add on: regardless of where you got the phone number from, be skeptical if someone asks you for your banking information or other personal information that isn’t usually involved in such a service. Not because you’ll be the bad guy if you do get scammed, but to avoid going through it because it’s at least going to be a pain in the ass to deal with, if not a financially horrible situation to go through if you are unable to get it reversed.

Why not both? Plus, not just trusting LLMs is something any of us can decide to do on our own.

I don’t see any blaming of anyone in the original comment you replied to but just general advice to avoid falling for a scam like this. There isn’t even a victim in this case because the asking for banking info tipped them off if I’m understanding the OP correctly.

So I’m confused about what specifically you are objecting to in the original comment and if it is the general idea that you shouldn’t blindly trust results given by Google’s LLM, which isn’t known for its reliability.

But he’s not Donald Trump old.

They are phrasing it in a way that makes plausible deniability harder!