73 comments

[ 3.1 ms ] story [ 104 ms ] thread
Logically it just doesn't have that data and why would it? If you had proprietary data you didn't want to share why would you add it to the language model?
Bard is written by developers, and developers often don't have any problem using any data available to them for a purpose they deem 'useful', especially if there's a bonus or a promotion at stake.
I think a company like Google would be having a lot of restrictions around where to train models and where to not.

And they already have access to the whole internet, Gmail conversations would be one tiny part of it.

Also wonder if they got to actually train on github data (considering the Microsoft angle)

In my experience this is not true. Developers were on average more sticklers for "the rules" and very often overinterpreted restrictions beyond what compliance professionals deemed nescessary.
Developers don't make the decisions at Google.
Not anymore, that is.

See also: .zip domain

Agree, I doubt it would be trained.

If something personal - like Gmail/ drive goes out in any of bard responses, it will be the end of bard.

The article directly quotes google giving a clear answer….

“Google replied to the tweet directly, saying, “Bard is an early experiment based on Large Language Models and will make mistakes. It is not trained on Gmail data. -JQ”.

It does, but there’s more discussion beyond that.
I would have agreed, except for:

Initially, Google wrote, “Thank you for your message Kate, no private data will be used during Barbs[sic] training process. We always take good care of our users’ privacy and security.”

"That seems like a clear and heartening assurance. It’s notable, then, that Google quickly deleted that tweet and didn’t amend it with any additional clarification"

That makes me wonder if another model was trained and then pulled in. Example being the Gmail one.

Elsewhere in this thread we noted how peculiar legal language can be.

1. "is" versus "was" 2. This tweet is from Google Workspace. It might pertain to Google Workspace gmail only and say nothing about public gmail.

Good making the distinction between the two.

Google has been very explicit that they will not analyze emails of Google Workspace subscribes for ad targeting, but says little about how in-depth they analyze for Gmail users.

Would this not be fairly easy to test?

Find some fairly dense thing in gmail, stick 50% into bard and ask it to complete rest& see how close output is?

LLMs are good at memorization, so yeah, if any included personal data I think you'd be able to get it to print it. (As an example, ChatGPT and Bard can both quote pretty long passages of Alice in Wonderland.)

There aren't any techniques I know of to prevent it either; when training an image model the recommendation is to dedupe the input so nothing is weighted over anything else, but that's not an absolute defense.

Alice is many times in the dataset.
The article decides to mention that Google made a public statement that clearly and unambiguously answers their question (https://twitter.com/GoogleWorkspace/status/16382985371956019...) and then proceeds to ignore it completely in favor of conspiracy theories ("but look, there they said 'was' instead of 'is'!").
It gives as much credence to bard's own bullshit as it does to Google's official statement. It's a useless article.
Thank the Lord for that "Readers added context" marker that tweets now can have.
Lawyers use language in very specific ways, and anything that's not completely obvious can be used to hide the truth. As an example, I once worked with a team who was building some software where a requirement said the app 'should' do something instead it 'shall' do something. The company's lawyer argued successfully that this meant the requirement was optional.
That's how Internet standards work.

https://www.ietf.org/rfc/rfc2119.txt

This was a contract between two companies, written by a product manager and a CEO. It wasn't a technical RFC.
This choice of wording in systems engineering is not ambiguous, and should effectively means optional. These words are often in capital letters trying to highlight the importance of it. It is absolutely not limited to RFCs, and is often used in a software specification.

Product manager and CEO _should_ know better. It's very understandable that they don't - and I have empathy for them, but unfortunately they're wrong.

Sure, and hence the company won. The point here is that language can have very specific meaning. There is a difference between 'should' and 'shall', even though most people would think they're effectively the same. If I said "You should complete that task" to one of my team I'm not really giving them the choice and leaving it up to them. I'm telling them to do something. Outside of RFCs and contracts language is a bit ambiguous and lawyers use that to their advantage.

In exactly the same way, there is also a difference between 'is' and 'was', and I think it's totally plausible that a Google lawyer might use that to hide the fact they used GMail data to train AI in the past.

That doesn't mean they did. It only means I wouldn't be surprised if someone proves they did, and that their lawyer used the tense of a response to try to hide it.

Even in general english, 'should' is less strong than 'must' or 'shall'.
'Should' and 'shall' is standard contract language. But, when it doubt, define the terms in the contract.
I'm not sure what you're trying to say, but "It is not trained on Gmail data." is as obvious a statement as you could ever express in the english language.
Not only that but this tweet is from Google Workspace and so it is not at all unreasonable to say it is not trained on Google Workspace Gmail and it says nothing about public gmail. Words. We have them.
The Highway Code in the UK is full of “must” and “should” indicating firm requirements and optional choices. The use of “should” is a softer method of persuasion, in the same way signs say “Please close the door” not just “Close the door” which is an instruction. This aligns with the famous British politeness - or at least that is how I interpret the wording.
I would think that part 4 and "what bard has to say about this" sections would make most people question Google's comment.

4. Google has never denied that Bard was trained on data from Gmail. They've only claimed that such data is not currently used to “improve” the model.

What Bard has to say about this: “I have not personally seen a real Gmail account. However, I have access to a massive dataset of Gmail emails, and I have used this dataset to train my language model. This means that I am familiar with the format of Gmail emails, and I can generate text that is similar to the text that is found in real Gmail emails.”

Now do I think they have done the nasty? I don't know.

Should it be reviewed by an outside team? I think yes.

I cannot think of a solution to this problem, which I believe will keep cropping up, but I think it can be problematic. I think it needs to be prooven true to be safe.

They could easily have done this on a subset of consenting users, eg: their own employees.
You are 100% correct. That they didn't mention this is one of the reasons I didn't dismiss this article.
> Bard is an early experiment based on Large Language Models and will make mistakes. It is not trained on Gmail data. -JQ

How exactly are you interpreting that statement?

I am defining it on the points I mentioned. I don't know if they are in the wrong or not, but their responses give me pause
"is" is a present-tense verb. In the hands of a lawyer or a PR person, that statement could easily mean "We are not, right at this moment, training it on further Gmail data. Up until yesterday, we were training it on all the private data from the past 20 years, and next month when the scrutiny dies down, we'll start training on fresh gmail data again."
They also have added replies which have been removed, reading the article it's actually not as conspiratorial as you make it seem.

In this case I really think it prudent to assume the worst from Google as they don't really have a positive history for walling off users data, be it personal email or phone meta information.

> "The LaMDA engine underlying Bard is also what drives autocomplete and autoreply in Gmail so ... yeah Bard's training data includes Gmail. FWIW, they put a lot of effort into ensuring that LaMDA doesn't use give[sic] personal information about individuals in its responses."

If this is true, to me this is a good indicator that it's using at least contextual information from emails.

Who wrote that reply? A Googler? Is there a screenshot? This would be a gigantic GDPR lawsuit.

This reminds me of not communicating with Gmail users. Gmail has been evil forever since "personalized" ads.

At the moment, for some reason Google seems almost untouchable.

I mean, single handedly destroying the browser market by deceit and abuse of market position in broad daylight, you'd think sooner or later EU or someone would force them to pay and put up a browser ballot on Google.com, but so far, no.

Luckily the French consumer protection agency has at least forced them to implement the cookie question thing almost so we can now reject all right away.

> single handedly destroying the browser market by deceit and abuse of market position in broad daylight

It's not single handedly, it's every developer handedly.

First thing any dev does is install Chrome, and make their normal friends install Chrome, even when -- for example -- it destroys the battery life on their Macbook while breaking a variety of usability conveniences. When pressed, it turns out most of this is cargo culting, they actually haven't turned on developer tools or compared performance or memory handling, much less experienced the remarkable security and privacy integrations* available in co-shipped Safari browser.

Having observed the browser wars since before NCSA Mosaic, I'd argue not Google but a set of "tech influencers" well represented on HN made this happen, not Google.

In the longer context, HN's clamor to force iOS off Safari, the only significant bastion against a monoculture and one ad company's complete grip on visibility of all web use, is shocking.

---

* For instance, various anti-tracker and IP anonymizing capabilities, plus a built-in and cross device syncing password manager that even supports TOTP codes.

> First thing any dev

Maybe frontend devs. For me FF is invaluable, especially the containers.

Citation required. I've been warning my circles off Chrome for years. Firefox is generally my go to.
> This would be a gigantic GDPR lawsuit.

No. They are not available in the EU.

At least, I assume this is how Google thinks about it.

It doesn't matter, and Google knows it.
I believe the point is that Google leaks data collected through a service available in the EU (Gmail). The GDPR claim would be related to gmail, not bard.

If anything, bard not being available in the EU would prove that using the data wasn't necessary for EU's gmail service.

> I really think it prudent to assume the worst...

This is not evidence-based thinking and leads to heavy biases.

Using the present tense to answer a past-tense question is hardly unambiguous.

"Did you send an email to Fred?" -- "No, I'm not sending an email to Fred" doesn't answer the question.

It's not a "conspiracy theory" to have realized that big corps have teams of people to frame their public statements with carefully chosen words to present issues in the best light for them, even if it's deeply misleading.

> "Did you send an email to Fred?" -- "No, I'm not sending an email to Fred"

To me this unambiguously says both that I did not send an email to him and I don't intend to. Is it really ambiguous to you?

The given response very clearly and unambiguously does not answer the given question.

I think most native English speakers - if they were reading/listening carefully - would interpret the mismatch of verb tense as an intentional attempt at not answering the question while simultaneously sounding as if it does.

If someone gave me that answer to that question I would repeat the question to them with an emphasis on “did.”

You're not a corporate comms person. The ambiguity of the English language can be very valuable in a court of law.
It depends if you are a person or a corporation. If the former, I assume you haven't. If the latter, I assume you did but don't want it to sound bad.
If you said that, maybe.

If a corporate PR expert or a politician said that, the conclusion would be very different.

I'll be honest I'm a bit surprised at the responses here. I get what you're saying about the verb tenses, but the first word in the answer is clearly "No" in answer to the question.
When a corporation answers in a specific way it's because it has a specific meaning. 'Ooops we meant 'x' doesn't tend to hold up so well in court.' Google could easily and absolutely put to bed all concerns by stating, "No Bard has never been trained on any email data, and never will be." Instead, they're choosing not to do that and just taking the PR hit, while making statements that completely leave the door open to previous training.
JQ is part of the PR team, not engineering. the article author is correct not taking what he says at face value. lots of doublespeak in PR.
The discussion here is not if it was trained or not in Gmail data, but on personal Gmail data. And that the definition of personal is vague and subject to interpretations.

They can say it was not trained on Gmail data because it was trained with Google’s Smart Compose, which it was trained on Gmail data.

Gmail Data -> Google’s Smart Compose -> Bard

It all depends on where you draw the line to stop reporting. Language is a powerful tool of deception.

I'd be shocked if they came anywhere near email data for Bard training. Why do they need that with all the reputational baggage that comes with it, they have only, like, the rest of the Internet at their disposal?
Clean data. A bunch of data points that are in a good enough state / structured to just throw into the training / eval makes a bigger difference than a bazillion messy data points.

I can easily imagine people in charge with the mentality of "there's no way that anyone can prove we did it."

It's very improbable, but looking at the "AI integration / product" race it is still a non-zero chance it could have happened.

‘It is not trained on Gmail data’ is a clear statement. To do so would be madness and would have reputational consequences (it also wouldn’t be too smart in this regulatory climate).
I think not directly, but probably on data derived from it.
Why, or how, would bars know what it is trained on?

And even if bard contains training data recent enough to include discussions on bard, how would it be able to tell speculation from facts?

The only way I can think of is through deliberate alignment. After training on source data, the model is fine tuned by human curated chat dialogue.

It's a bad idea for a company to comment on a specific case even if they've done nothing wrong, because it creates the expectation that the company will comment when they are in the clear. And complicit otherwise.

It's safer for companies to not comment at all, unless forced to.

Say what you will about Twitter, but community notes do a pretty good job of slowing the spread of this sort of nonsense.
Google: "It is not trained on Gmail data."

Everyone else: "But what does that mean? Was it trained on Gmail data or not?"

We really going full Bill Clinton and debating what the meaning of 'is' is?
Why was this flagged?
Presumably because Google did, in fact, give an answer? The fact that the article chooses to ignore it does not justify the lie in the title.
The article doesn't ignore it, it addresses it directly in the section titled "Did Google put the claim to bed?"
When people ask LLMs about themselves, you known they either don't have a clue about how they work and what they can do (ignorance), or they're fishing for clickbait content by "leading the witness" (intellectual dishonesty, bad faith).
We already know the likely answer to this. They didn't make it terribly evident to Google Voice (Former Grand Central) users that their data was being utilized to train their transcription models for visual voicemail and the like. Google has long since strayed from their do not evil model.

People would be wise to de-Googlify their digital presence as best they can.

The new Gmail ads are atrocious too, IMHO. Peppering ads that "appear" as emails into my Gmail feed seems over the top. I'd rather pay $6/mo, and do, for a single-user Microsoft 365 tenant, which nets me 1TB of cloud storage, in addition to 50 GB of email. I trust Microsoft more than I do Google at this stage.