←back to thread

Niantic announces “Large Geospatial Model” trained on Pokémon Go player data

(nianticlabs.com)
383 points bookstore-romeo | 10 comments | 19 Nov 24 20:02 UTC | HN request time: 0.001s | source | bottom
Show context
dankwizard ◴[21 Nov 24 03:51 UTC] No.42200923[source]
We do this at MyFitnessPal.

When users scan their barcode, the preview window is zoomed in so users think its mostly barcode. We actually get quite a bit more background noise typically of a fridge, supermarket aisle, pantry etc. but it is sent across to us, stored, and trained on.

Within the next year we will have a pretty good idea of the average pantry, fridge, supermarket aisle. Who knows what is next

replies(13): >>42200951 #>>42200954 #>>42200955 #>>42200966 #>>42200972 #>>42200976 #>>42200980 #>>42201021 #>>42201023 #>>42201114 #>>42201284 #>>42201321 #>>42202322 #
1. ryanschaefer ◴[21 Nov 24 03:59 UTC] No.42200951[source]
I’d be interested in how your privacy policy allows this. I can’t find where it mentions photos are stored or used for training purposes…
replies(2): >>42200979 #>>42201060 #
2. ipaddr ◴[21 Nov 24 04:02 UTC] No.42200979[source]
I would be more interested on why you believe something like this isn't baked into most privacy policies.

I'm not shocked but I'm shocked you are shocked.

replies(2): >>42201014 #>>42201054 #
3. ryanschaefer ◴[21 Nov 24 04:09 UTC] No.42201014[source]
I’m not exactly shocked that it could exist. But this usage (beyond the scope of processing barcodes) seems like it couldn’t be construed to fit into the normal avenues of data collection under a privacy policy. Also with regard to training specifically, this policy was created in late 2020 so I don’t know how it would cover generative models.
replies(1): >>42201041 #
4. ◴[21 Nov 24 04:14 UTC] No.42201041{3}[source]
5. moreofthis ◴[21 Nov 24 04:17 UTC] No.42201054[source]
Giving their policy an (admittedly quick) skim there doesn't seem to be any section that mentions AI, LLMs, training any kind of model, using image data from barcode pictures, etc. I'd be very curious to see the explanation of how this is baked into the policy.
6. Cheer2171 ◴[21 Nov 24 04:17 UTC] No.42201060[source]
The MyFitnessPal privacy policy says "We use photos, videos, or other data you provide to us to customize our Services." [1]

That's all they need to do to cover themselves.

[1] https://www.myfitnesspal.com/privacy-policy

replies(2): >>42201078 #>>42201280 #
7. moreofthis ◴[21 Nov 24 04:21 UTC] No.42201078[source]
The policy defines "Services" as the mobile app and website. How is building a general purpose model for what the average fridge looks like used to customise either the website or the app? This feels like the kind of flimsy reasoning that only holds so long as no one is challenging it.
replies(1): >>42201111 #
8. Cheer2171 ◴[21 Nov 24 04:25 UTC] No.42201111{3}[source]
Easy. They provide this new general purpose model through the website. Bam, that's a Service that uses photos to customize. They can also expand what counts as a Service unilaterally.

With this broad of a privacy policy, they can start MyFitnessPal.com/UncroppedCandidPhotos where they let people search for users by name, email, or phone and sell your photos to the highest bidder, and that still would count as a Service that uses photos to customize. You consented to it!

> This feels like the kind of flimsy reasoning that only holds so long as no one is challenging it.

No, it is written by professional lawyers to be as permissive as possible.

replies(1): >>42201181 #
9. moreofthis ◴[21 Nov 24 04:39 UTC] No.42201181{4}[source]
> No, it is written by professional lawyers to be as permissive as possible.

But you repeat myself.

OK, say they do all that, that isn't customisation (I would argue) it is a new service that was built from unconsented data scraped from users of the pre-existing services. Call that splitting hairs if you like, but this looks like a risk to me.

10. tgsovlerkhgsel ◴[21 Nov 24 05:00 UTC] No.42201280[source]
> That's all they need to do to cover themselves.

If this is real and not a joke, I bet some DPA will disagree if this is brought to their attention. Effective consent under GDPR requires informed consent.