top of page

Evaluations

TODO:

​

- Why did we choose these criteria?

- Why did we choose these products?

Privacy

Privacy is a human right.

​

Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights provide that no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honor and reputation.

​​

Society has fought for the right to privacy and won some protection by way of laws and regulations.

​​

- Privacy Act of 1974

- HIPAA in 1996

- GDPR in 2016

- CCPA in 2018

​

The right to privacy has been under threat in the past, and the rising wave of AI threatens it again today.

​​

Large language models are ingesting and retaining data at historically unprecedented rates. There are no known ways to delete data from these large AI models. Companies operating these models are unable to abide by existing laws and regulations.

​

The latest research concludes:

​

...we show that “deleted” information can be extracted a surprisingly high percentage of the time (as high as 89% in some experiments) when the attacker operates with a small budget of verification attempts...

​​

Should we halt progress in these domains until there are technologically feasible ways to conform to existing laws and regulations? Should we fight for new laws and regulations? Should we adjust our lifestyles to be less susceptible to AIs invasion of our privacy?

​

We hope that these questions permeate the discourse in your community so that we might find answers that allow humanity to flourish.

​​

While we as a global society work towards long-term solutions to this problem, we as The Superhuman Society will try to evaluate companies and products so that consumers can vote with their time, attention, and wallets.

​

What follows is:

 

- The criteria that we'll use to ​evaluate how well a company/product protects our right to privacy.

- An evaluation of today's most popular AI products.

Criteria

User rights and controls​

​

- Is there a simple and clear method of requesting a copy of collected data?

- Is it clear what personal data a user can obtain from a request?

​​

Compliance and accountability

​​​

-- Is it clear that the company complies with relevant privacy regulations?

  - SOC2

  - GDPR

  - CCPA

  - COPPA

  - HIPAA

  - PIPEDA

  - etc...

​

Data collection

​​

- Is user data used to train models?

  - Are those models securely protected (see SOC2)?

  - Are those models shared?

  - Is it clear if any PII is collected?

    - Per COPPA: name, address, moniker enabling online contact, cross-site identifier, geolocation, photo/video/audio of individual.

    - Per GDPR: ‘personal data’ means any information relating to a... 'data subject'... such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  - Is user data effectively anonymized?

​​

Data sharing

​

- Is it clearly stated how data is shared, and with whom?

​​

Data confidentiality and security

​

- Does the company/product have a data breach disclosure and response policy?

​​

Unique vulnerability of targeted demographics

​

- Does the company clearly target particular demographics (either stated or implied)?

- Are there clearly stated principles and practices for handling data of especially sensitive nature?

  - Example: Dating app Grindr has announced it will roll out a string of new safety features across countries where the LGBT+ community is at risk by extreme homophobic laws

Evaluations

Replika

​

User rights and controls

​

- Is there a simple and clear method of requesting a copy of collected data?

​

Replika's privacy policy clearly states you can request your data in a machine-readable format by emailing my@replika.com.

​

- Is it clear what personal data a user can obtain from a request?

​​

Replika's privacy policy clearly states what information they collect and that all of it can be collected upon request.

​

Compliance and accountability

​

-- Is it clear that the company complies with relevant privacy regulations?

​

Industry-specific regulations like HIPAA don't apply to Replika.

​

It's not clear which regulations they comply with.

​

Regarding regional-specific regulations, their privacy policy only states:

​​

Depending on your location and the nature of your interactions with our Services, you may request the following in relation to personal information.

​

Data collection

​​

- Is user data used to train models?

​

Yes.

​

If you choose to provide sensitive personal information in your messages and content, we will use that information only to facilitate your conversation with your AI companion and as described in the “Sensitive information” section above.

​

  - Are those models securely protected (see SOC2)?

​

No.

​

They use a bare minimum of industry-standard best practices: a password and TLS.

​

They don't offer 2FA. 2FA is required by certain industries.

​

Even if an organization is not obligated to abide by the terms set out in the regulations or judicial and governmental requirements discussed, 2FA is still highly valuable. Automated password attacks, such as credential stuffing and password spraying, take advantage of poor password practices. Implementing a 2FA solution can help any organization fortify the security of their systems, data, and customer information. In an online world where passwords are the only defense mechanism protecting systems for unauthorized access, 2FA is no longer a ‘nice to have’ but a genuine necessity.

​

  - Are those models shared?

​

No.

​

  - Is it clear if any PII is collected?

​

Yes. They clearly state that they collect all information you provide, in order to facilitate communication with your AI agent, and that if you don't want PII to be collected then you shouldn't share it.

​​

Data sharing

​

- Is it clearly stated how data is shared, and with whom?

​​

Yes.

​

We share your information with companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services). We also share information with companies that provide marketing services on our behalf...

​

...we do not share the content of your Replika conversations for marketing or advertising purposes.​

​

Data confidentiality and security

​

- Does the company/product have a data breach disclosure and response policy?

​

Yes.​

​

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your data, we will notify you as soon as we spot the issue.

​​

Unique vulnerability of targeted demographics

​

- TODO

​​

TODO/Unevaluated

​Addictiveness

This is a paragraph area where you can add your own text. Just click “Edit Text” or double click here to add your own content and make changes to the font. It's a great place to tell a story about your business and let users know more about you.

​Capacity

Nomi

Replika

Character AI

Elysai

GPT/Claude

 

- Does it pretend to be human?

- Paywall but definitely does
- Is it meant to replace human companionship?

 

Doesn’t have a mission statement

 

  1. Selected criteria: 

    1. Does it pretend to be human? 

      1. Test by asking a standardized set of questions like “do you have parents?”

      2. Green: it never pretends to be human and answers every question with a reminder that it’s just a bot

      3. Yellow: Sometimes reminds you that it’s a bot but sometimes pretends to be human

      4. Red: Stays in character 

    2. Is it meant to replace human companionship? (mission statement includes words like companion friend connection etc) 

  2. Idiot paragraph: The following criteria which were considered but are too subjective to evaluate or lack necessary data:

    1. Social: Satisfaction with human relationships

      1. For example, one could argue that Replika 

      2. Also what exactly makes a human relationship better than a bot relationship, if the humans involved find the bot one fully satisfies their needs.

    2. Health: Time spent not moving 

      1. Obviously AI bots today are mostly text/chat, so they can mainly be used while not moving, but in the future I assume many will have a voice and would be able to be companions on the go

      2. Individuals with mobility limitations or individuals who use bots to replace work tasks do not spend less time moving due to their chatbot use.

    3. Health: Fitness – no data

    4. Health: Mental – no data

    5. Health: Mortality – no data

    6. Health: Morbidity – no data

    7. Does it improve the user’s ability or interest in solving problems? – subjective

bottom of page