Privacy

The Case for a Private AI

by

So when I started paying for ChatGPT, I’d hesitate before putting anything into it. I had to make conscious decisions about what I was okay sharing and what I wasn’t. In some cases it was easy. I don’t care about this, so fine. In others it was something I did care about, but the convenience won out and I’d bend my own rules a bit.

Come May or June 2024, I read about Venice.AI. It was intriguing because I wanted a private AI, and what these guys had built was designed from the ground up around privacy. Nothing stored, no logs kept. Yes, there’s still that moment in time where they’re processing your data, but they’re keeping nothing after that. Their entire business model is built on trust.

Are they 100% trustworthy? No. The only way to truly guarantee that is to run your own model. But they were offering something real, so I was intrigued.

The reason I hadn’t gone the local model route already was my hardware. I had an M3 MacBook Air with 16 gigs of RAM. I could download LM Studio and run stuff, but it was slow and clunky. Just not the experience I was looking for. I looked into cloud-hosted GPU options too, the kind of thing a friend had mentioned, but it was a lot of configuration and effort I just didn’t want to deal with. Funny enough, nowadays I could probably have Claude Code help me set that up in an afternoon. But I’m getting ahead of myself.

So when Venice came out with a pro plan at $49 a year as their introductory offer, which has since tripled, though as of my last renewal I was still grandfathered in, I figured for that price it was worth trying. It’s definitely more rudimentary than ChatGPT, but the privacy confidence is real. I’m still careful about what I put in it, but I’m more willing to share certain things there than I am with the public models.

They’ve since launched different models with different privacy levels, which is worth knowing. Some are fully private, some are anonymised but not fully private. You have to pay attention to which is which.

Fast forward to summer 2025. Proton, who I’ve been writing about for over ten years now, and at this point calling them just my email provider doesn’t really cover it, they do storage, VPN, and a bunch of other stuff, launched Lumo, their own privacy-focused LLM. I gave it a try.

The free version was pretty limited, so I added their paid tier for a few months while waiting for my main Proton plan to renew in December. The jury’s still a bit out on it. It did some things okay. From a pure trust perspective I probably trust it more than Venice just because I’ve been a paying Proton customer for a decade. But the way Venice has architected things, it’s actually more private. Lumo is more convenient though, and private enough for most of what I need.

One of the trade-offs with Venice’s full privacy mode is that nothing persists. No data moves between devices or browsers when you log in. Lumo does sync, but you’re trusting that it’s still zero-knowledge on their end.

I’ve actually been using Lumo recently for some things that are genuinely private, things I wouldn’t put near a public model. My logic is simple. I’ve been paying Proton for years to store sensitive documents privately. So why not use that same platform’s LLM to process those same documents? I’m not going to get into specifics here for obvious reasons, but it’s been useful.

The broader point is that I don’t always trust the public models, and honestly you shouldn’t either. But over time I’ve become more relaxed about certain things. It’s a constant cost-benefit calculation. The privacy models are getting better, and even the public ones will sometimes tell you that for certain tasks you don’t need high-level reasoning anyway, so a privacy model is probably fine.

The hard part now is knowing which model to reach for. Which is a whole other post.

As with the first post in this series I used AI to generate my banner image. I am not saying it’s good. I am just saying what I did.

My Google Pixel 8 Experience And Allergic Reaction to Fingerprinting, The Digital Kind At Least

by

This blog has been around for 22 years, so there are definitely themes I circle back to. One of them is my strange, recurring relationship with Android phones. Even though I’m primarily an Apple user, I’ve probably owned more Android devices than most self-identified Android fans. The pattern is always the same: I buy one as a secondary device, I use it for a while, then it sits unused, and eventually I sell it. Time passes, I forget why I swore them off, and I start the cycle again. I even wrote a note to Future Scott to warn me away from doing it again.

In principle, I avoid Google services wherever I can. I don’t use Chrome, I don’t use Gmail, and I shut down Google accounts once I’m done with them. And yet, every so often, I’ll find myself picking up a Pixel or some other Android device, which of course requires opening yet another Google account. I tell myself it’s just a dabble, nothing serious.

Late last year I bought a Pixel 8. At first, I was happy enough with it. It was a solid device, smooth to use, and it scratched that itch of trying something different. But right after I bought it, Google announced they were changing how tracking would work on their phones and browsers. Instead of traditional identifiers you could reset or mask, they were moving to device fingerprinting. In plain terms, that means every Google phone and browser gets a permanent, unique tag. You can’t get rid of it, you can’t change it, and you certainly can’t hide from it.

For someone like me, who’s allergic to oversharing by default, the idea of being permanently tagged at the device level was a dealbreaker. It didn’t matter how polished the hardware was; I couldn’t stomach it. I did a bit of threat modeling on my own use case, read up on the details, and then stopped using the Pixel. A few months later I sold it. I should have sold it sooner, but it was only a secondary device and I didn’t feel much urgency. I defaulted back to an older iPhone I had lying around.

Not long after I sold the Pixel, Google partially backtracked on their fingerprinting plans. Sort of. The walk-back wasn’t enough to matter to me. By then I had already closed out my latest Google account, and I’m hoping that’s the end of the cycle. No more Groundhog Day moments of buying another Pixel, dabbling for a bit, and regretting it all over again.

For me, the line was crossed when the tag became something I couldn’t remove. Control matters. Once that was gone, so was my willingness to keep using the phone.

Why Do We Always Have to Choose Between Convenience and Privacy?

by

It was a bit disturbing how fast using Global Entry got me through Passport Control at JFK today. I did not show my passport at all. I just had my picture taken and then walked by a guy at a terminal and he said my name as I walked by saying I was good to go. Entire process was maybe 2 minutes including the one minute for a kiosk to open up to let me take my photo.

In one way that entire process was right out of several movies. So cool us. On the other hand is having a US government agency have my facial recognition profile on file for a few minutes quicker passport control? I am struggling to answer that after looking at the passport control line as I walked briskly to the exit.

Spoilers, I am in New York for 3 days this weekend. Surprise everyone I did not mention that to. That is not the focus of this post but kind of a tip off that I am in the states going through Global Entry. This trip may spawn some other posts especially since I may have time to write while further traveling.

The Great Facebook Purge of 2018

by

With the news in April about a 3rd party company stealing tons of Facebook user data is in the headlines it envouge to delete Facebook accounts.  For me I have limited my Facebook exposure for years.  I deleted my account once a in 2013 and started over with no content.  I have also limited what goes onto the platform.  Prior to deleting my account i looked for a way to purge en mass content.  Facebook suprise doesn’t make it easy for you to do that.  That was why i deleted my account in the first place.

Early last year I stopped looking at and updating Facebook.  Late last year I came back for specific reasons I wrote about here.  Those reasons still are valid so I do not want to go as far as deleting my Facebook account however I have little trust in their motives to collect so much data about me or their ability to safeguard that data.

Instead of deleting my account I found a script that sort of worked to remove content or hide content from the past 6 months. It scrubbed posts, likes, etc.  It is perfect for my use.  It should have worked for my entire timeline however i had issues with it. Thankfully I have been very sparce on my usage of Facebook over the years so cleaning up manually was not too bad. For anyone who used it every day for years may not be able to do the same thing.

What I am now left with is simply posts from my blog that are public on the internet. A few group discussions i took part in and mainly birthday posts from people. What I am not able to get rid of easily is tags of me in posts. I had to settle for manually hiding them from my timeline.

For many what i did in an hour or two would not be possible without significant effort due to the volume o content people post and the fact that Facebook does not let you easily get rid of stuff.