Buried as the last sentence in a collapsed box at the bottom of the page:
> For the current version, we are using a Mistral LLM (Mistral 7B) hosted within Mozilla’s GCP instance.
And why is it "...Mozilla's GCP instance", not "We quietly send all your data to Google servers, and everyone pinkie-swears that's totally privacy-respecting"?
Even on the linked page, Mozilla is arguably being evasive about the fact that they're sending the data out the Internet at all.
We don't know whether this is another time that Mozilla execs have sold out users, or shipped something half-baked and vulnerable.
I'm not saying they're leaking the data (by agreement, or negligence), but Mozilla has mediocre credibility in recent years, and there's nothing on this page that improves that reputation.
Regarding Google, for a long time, their thinking seemed to be "We're Google, so of course anything we do is privacy-respecting", not as guidance, but to justify whatever they wanted to do. Also, every time Google gets caught with their hand in the private information cookie jar, it just mints a new industry standard practice.
> I'm not saying they're leaking the data (by agreement, or negligence), but Mozilla has mediocre credibility in recent years, and there's nothing on this page that improves that reputation.
I think you read too much HN and aren’t aware about all the stuff going on in the background at Mozilla.
If there’s one company I would trust, it would be them. Their marketing has been mediocre and I’m not 100% sure about if I like their future decisions, but I trust them 100%.
Is there a profit to Google digging around in the information people send them?
Are there long and vague terms of service documents backed by a pile of lawyers?
There you go, incentive and means. I'm not even confident companies would see that as a problem when it was raised with them directly, in much the same way that Microsoft hosting all the corporate email seems to be just fine.
The disincentive is far higher than the incentive, and the TOS have been scrutinized deeply by some of the biggest enterprises on the planet. GCP is not a consumer service like Gmail or Maps.
As the comment above suggested, any information to the contrary would be business-destroying for GCloud. Many of their enterprise users have strict requirements about access to and use of their data.
Re the example of Microsoft corporate email, much the same situation applies. If Microsoft were mining that corporate customer data and using it or reselling it, enterprises would dump them in a heartbeat.
Can confirm. I worked in gcloud for years. There are so many policies in place to keep customer data secret, even when you're on-call and trying to solve customer issues, it's actually annoying.
It makes sense. Some gcloud customers are banks. Some are federal govt agencies. Some are foreign governments. Google would not only destroy it's cloud business, but also probably get fined and sued out of existence if it was poking around in cloud or gsuite data.
You get what you pay for (in terms of privacy) at Google. Regular users never pay Google a dime, so they don't get much privacy. Cloud and gsuite users fork over mountains a cash directly, and their data is kept about as safe as can be as a result.
I don't know what bit of news you are talking about. Unless you are just talking about the news in general which still doesn't prove anything. Any news that Google is stealing data out of GCP is not something you could just sweep under the rug in 24 hours.
If you aren't running an encrypted disk on any cloud provider you should absolutely fundamentally understand that your data has been scanned and that your VM data is "business data" so a copy gets sent to whomever wants it, in bulk.
Maybe it's good to assume that but at this point that is not going to purposely happen at a company like Google or Amazon. The risk, which is a near certainty to bear out if they have any decent employees among the tens of thousands (esp. with the weekly "I'm leaving because I hate this company" screeds these companies yield), isn't worth whatever little reward they might find in your data.
In this case, usually the infrastructure provider owns the keys, and if not, they would have easy access to them. So I don't see how encrypted disk really solves anything besides accidental leakage to a peer infra user, or someone sneaking into the datacenter and physically removing the disks.
> Commitment to privacy
Buried as the last sentence in a collapsed box at the bottom of the page:
> For the current version, we are using a Mistral LLM (Mistral 7B) hosted within Mozilla’s GCP instance.
And why is it "...Mozilla's GCP instance", not "We quietly send all your data to Google servers, and everyone pinkie-swears that's totally privacy-respecting"?