I personally had the completely opposite takeaway: Intelligence, at its core, really might just be a bunch of extremely good and self-adapting search heuristics.
We actually do, and often - depending on who our speaker is, our relationship with them, the tone of the message, etc. Maybe our intellect is not fully an LLM, but I truly wonder how much of our dialectical skills are.
You're describing the same answer with different phrasing.
Humans do that, LLMs regularly don't.
If you phrase the question "what color is your car?" a hundred different ways, a human will get it correct every time. LLMs randomly don't, if the token prediction veers off course.
Edit:
A human also doesn't get confused at fundamental priors after a reasonable context window. I'm perplexed that we're still having this discussion after years of LLM usage. How is it possible that it's not clear to everyone?
Don't get me wrong, I use it daily at work and at home and it's indeed useful, but there's is absolutely 0 illusion of intelligence for me.
> Because when you don't do this, people get scammed out of money.
No, only when you don't do this and nothing else to improve security. You're presenting a false dichotomy.
> If there is a series of buttons you can press to circumvent the anti-scam measures, then the scammers simply walk you through pressing those buttons.
If the scammers can walk somebody through doing all that, why would they stop at just asking them to send money over to them "to safekeep it because of a compromised account" or whatever the social engineering scheme of the week is?
> everyone will need at least a cheap-ish android or iphone, perhaps $300
No, the much more secure while at the same time liberty-preserving way to do this are heavily sandboxed secure enclaves with attestation, or even better standalone tamper-proof devices capable of attestation.
Like the ones practically every bank customer already has in their wallet, and for which most phones have a built-in reader these days... The only thing missing is a secure input and output channel, like a small built-in display and a button or biometric input.
In any case, I somewhat empathize with banks in that they want to ensure that my transaction confirmation device is not compromised, but getting to dictate what software does and doesn't run on my own hardware outside of maybe a narrow sandbox needed to do that is a no-go.
In principle I'm certainly on board with the idea, but the problem is - at least in the Anglosphere, probably further - that the financial system is part of the military and policing systems. They are a powerful and persistent lobby that want a phone to be able to provide enough who-what-when-where to be able to put someone in jail or in extreme cases drop a missile on them.
That is one of the reasons the crypto market is behaving like some radical innovation instead of just a group of bozos speedrunning financial history. For the first time since the invention of capital we have an asset class where it doesn't take the cooperation of a group of armed thugs to guarantee the integrity of the system.
Merkle trees can prevent tampering after the fact, yes.
But if you include collusion, there's no way for the blockchain itself to know who is colluding and where they are so.
Smart contracts may be vulnerable or malicious.
Wallets can be emptied.
Centralized exchanges and similar entities still exist.
Policing systems are still needed, because as long as there is something of value and there is still "evil" in the world, someone will try to steal it or damage it.
I would like to have the opportunity to consider a decentralized consensus algorithm that could accommodate nation state adversaries regularly. Not simply something cryptographically secure and distributed but something which can retroactively route around nodes who are temporarily bad due to external circumstances.
I don't see how a separate dedicated piece of hardware is less secure. It has zero contact whatsoever with your other comm devices. It can be switched off when not needed, to prevent any chance of tracking you. Think of it as of an advanced yubikey.
It's not money-preserving though. You need an extra device, and an extra phone number. The separate phone number is another privacy-preserving feature though.
There's a second layer to the conflict here, in that (e.g.) the banks will want to move the entire flow into whatever secure device, enclave, or "agent" they supply - meanwhile, the whole point of me having a general-purpose computer is to be able to do general-purpose computing that I want within this flow.
My favorite, basic example is this: I'd like to create my own basic widget showing me my account balance on my phone's home screen. Doesn't have to be real-time, but accurate to +/- few minutes to what the bank app would say when I opened it. It has to be completely non-interactive - no me clicking to confirm, no reauthorizing every query or every couple hours. Just a simple piece of text, showing one number.
As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
It should not be that way. This is a basic piece of information I'm entitled to - one that I can get, but the banks decided I need to do it interactively, which severely limits the utility.
This is my litmus test. Until that can be done easily, I see the other side (banks, in cooperation with platform vendors) overreaching and controlling more than they should.
The point of the exercise isn't to just see the number occasionally; I can (begrudgingly) do that from the app. The difference here is that having the number means I can use it downstream. Instead of a widget on the phone screen, I could have it shown on a LED panel in my home office or kitchen[0], or Home Assistant dashboard. Or I could have a cron job automatically feeding it to my budgeting spreadsheet every 6 hours. Or I could have an LLM[1] remind me I've spent too much this week, or automatically order a pizza on Saturday evening but only if I'm not below a certain threshold. Or...
Endless realistic, highly individual applications, of a single basic number. The whole point of general-purpose computing empowering individuals. If only I could get that single number out.
> the banks will want to move the entire flow into whatever secure device, enclave, or "agent" they supply - meanwhile, the whole point of me having a general-purpose computer is to be able to do general-purpose computing that I want within this flow.
Sure, you should definitely be able to do what you want with your computer, but you're actually demanding more here (at least in the case of transaction initiation and confirmation): For others to also trust the outcome of whatever you did on your own computer.
Banks are often legally required to cover losses resulting from unauthorized account access, so I can somewhat understand them wanting to minimize the chance of that happening. Sandboxed trusted computing, when done well, can strike that compromise much better than annoying non-solutions like root detection heuristics or invasive full-system attestation.
> As far as I know it, there's no way of making it happen without breaking sandboxing or otherwise hacking the app and/or API endpoints in a way that's likely to break, and likely to get you in trouble with the bank.
Banks should probably be required to make such a read-only API available (and in the EU, they are, to some extent – unfortunately only to "trusted", i.e. regulated and registered, service providers, raising the old question of who determines who is and isn't trusted). This is a very different story from transaction initiation.
Unfortunately, there are also caveats here. It's getting more and more common for companies to require me to "connect my bank account", which often means nothing less than granting them full and persistent account view access.
I think having the API still outweighs the downsides of others also starting to make demands for that access, but it's a slippery slope. For example, Airbnb not too long ago wanted full access to all(!) my Chase accounts to "verify my credit card".
> On one hand, nice that we prevent rich guys from running away to other planets
Kessler syndrome has little to no effect on trajectories only briefly transiting any given orbital shell. The collision probability of anything going straight "up"/"out" is negligible.
> On the other hand, a lot of services require GPS
GPS is in MEO, Starlink is in LEO. There's absolutely no chance any material will be propelled up to MEO via a series of even very unlucky LEO collisions, as far as I know.
> Debit cards do not share these protections by law
No, debit cards are covered by Regulation E, which also caps liability for fraudulent transactions, requires your issuer to provide provisional credit until the dispute case has been resolved etc.
The only practical difference in terms of the minimum fraud protections afforded by law is that you're out your own money instead of the bank's until you get that provisional credit, which can be a problem if it causes other transactions (utility bills etc.) on your checking account to bounce.
Where the two really differ significantly is for non-fraud disputes (goods/services not as expected etc.): Reg Z has explicit protections there; Reg E doesn't really talk about these.
But practically, it also doesn't really, because...
> though many banks offer some of them).
No, both Visa and Mastercard require require issuers to extend zero liability protections going beyond these regulations, so it's effectively all banks. (Capital One might be able to relax their own rules now that they own Discover, but I highly doubt they'd risk the consumer backlash for questionable benefit, since they can also just make merchants pay for card-not-present lost/stolen/card credential theft fraud and cover card-present fraud like everybody else in the US.)
The UK still has EU-equivalent interchange rate caps that they inherited form pre-Brexit times. The only thing that's changed so far is that transactions between the UK and EU can be charged higher interchange rates again.
Even as somebody really disliking the current interchange fees in the US, 4% is a money grab on the merchant's side that I find hard to empathize with.
Even if the merchant pays the sticker price for card acceptance, it's usually just below 3%, unless international cards are involved. Add to that the fact that cash transactions in restaurants are often accounted for in "more tax efficient ways", and it feels even more icky.
> It’s not being paid with my own money. If I can get 2% cash back, then the situation is I either pay 98% of $x, or $x.
The counterfactual isn't getting or not getting 2% cash back, it's the merchant paying or not paying ~3% in fees, a part of which you get back from your issuing bank as a kickback to keep participating in and advocating for this scheme.
Of course this would require regulatory action. Absent that, the status quo represents the stable equilibrium.
reply