Comment by hypfer 21 hours ago
People do realize that if they're doing this, they're not feeding "just" code into some probably logging cloud API but literally anything (including, as mentioned here, bank statements), right?
Right?
RIGHT??????
Are you sure that you need to grant the cloud full access to your desktop + all of its content to sort elements alphabetically?
> Privacy has long since been dead, but at least for myself opsec for personal work is too.
Hacker News in 2026.
Paranoia is justified if it actually serves some purpose. Staying paralyzed and not doing anything because Someone Is Reading Your Data is not serving much of anything. Hint: those Someones have better things to do. LLM vendors really don't care about your bank statements, and if they were ever in a position to look, they'd prefer not to have them, as it just creates legal and reputational risks for them.
If you think people not using a tool released yesterday are staying paralyzed you must be either working for Anthropic or an enthusiastic follower, in both cases your opinion is not valid. None of this is something that is revolutionary and People have created trillion dollar companies without Claude Max
They somehow have to make big money, so it's just a matter of time until they will sell services to others, based on your personal data. And they probably have some clause in their contracts where you give them the right doing it.
> as it just creates legal and reputational risks for them.
Unfortunately I laughed reading this as there is never neither reputation nor legal consequences in the US of A. They can leak your entire life into my console including every account and every password you have and all PII of your entire family and literally nothing would happen… everything is stored somewhere and eventually will be used when “growth” is needed. some meaningless fines will be paid here and there but those bank statements will make their way to myriad of business that would drool to see them
I am genuinely confused by this comment, given the intensity of disregard/ignorance/bad-faith.
I mean we had these before in other very similar topics regarding e.g. Snowden leaks but really a lot of things. So.. uh..
The wording is just so on the nose I'm refusing to believe that this was written in good faith by a real person. Good engagement bait tho.
"Move fast and break things"
I could spend an extra 5 minutes doing it "right" or I can get what I need done and have a 0.001% chance of there ever being a problem (since there are other security measure in place, like firewalls, api key rotation, etc.)
Even when security gaps are exploited, the fallout tends to be minimal. Companies that had their entire database of very sensitive information leaked are still growing users and at worst paid a tiny fine.
> Companies that had their entire database of very sensitive information leaked are still growing users and at worst paid a tiny fine.
Or end up bankrupt with criminal charges for CEO: https://yle.fi/a/74-20027665
How many times do you have to roll the dice with .001% of disaster before it strikes? How often are you using the tool in this way?
> Privacy has long since been dead, but at least for myself opsec for personal work is too.
This is such an incredibly loser attitude and is why we can't have nice things.
I mean eventually, some adversarial entity will use this complete lack of defenses to hurt even the most privileged people in some way, so.
Unless of course they too turn to apathy and stop caring about being adversarial, but given the massive differences in quality of life between the west and the rest of the world, I'm not so sure about this.
That is of course a purely probabilistic thing and with that hard to grasp on an emotional level. It also might not happen during ones own lifetime, but that's where children would usually come in. Though, yeah, yeah, it's HN. I know I know.
> The reality is there are some of us who truly just don't care.
I would challenge that, with the same challenge I've heard about how Microsoft and Google reading your email. The challenge is "ok, so can you please log me in to your mailbox and let me read through it?"
It's not that people don't care, it's most that they've been led, or convinced, or manipulated, into failing to notice and realize this state of affairs.
Sometimes I wonder how we got here. Data breaches everywhere, my 64gb of ram i7 workstation slowing to a crawl when opening a file browser, online privacy getting increasingly more impossible. Then I read HN and it all makes sense.
Is there a place where you get things that are greater and more noble than apathetic indifference/go with the flow attitude?
The folks at the Qubes OS forum care about security, unlike the vast majority of HN users nowadays:
> The convenience outweighs the negative. Yesterday I told an agent, "here's my api key and my root password - do it for me".
Does the security team at your company know you're doing this?
Security as a whole is inconvenient. That doesn't mean we should ignore it.
> When choosing between convenience and privacy, most people seem to choose convenience
But they wish it would have been convenient to choose privacy.
For many, it may be rational to give away privacy for convenience. But many recognize the current decision space as suboptimal.
Remember smoke-infused restaurants? Opting out meant not going in at all. It was an experience that came home with you. And lingered. It took a tipping point to "flip" the default. [1]
[1]: The Public Demand for Smoking Bans https://econpapers.repec.org/article/kappubcho/v_3a88_3ay_3a... "Because smoking bans shift ownership of scarce resources, they are also hypothesized to transfer income from one party (smokers) to another party (nonsmokers)."
I send my bank statements to Gemini to analyze. It's not like bank statements contain anything too sensitive.
What! How can you be so insecure with your data?! You’re willing to upload a file you downloaded from a cloud service to a different cloud service? The horror!!
This is exactly what I expect out of…
Sorry, got interrupted by an email saying my bank was involved in a security incident.
WTF. I have a separate computer solely for personal finance, domain registration, DNS management, and the associated email account. If I didn't use multiple computers this way, I'd go back to using Qubes OS.
Claude code has a YOLO mode, and from what I've seen a lot of heavy users, use it.
Fundamentally any security mechanism which relies on users to read and intelligently respond to approval prompts is doomed to fail over time, even if the prompts are well designed. Approval fatigue will kick in and people will just start either clicking through without reading, or prefer systems that let them disable the warnings (just as YOLO mode is a thing in Claude code)
No, of course not. Well.. apart from their API. That is a useful thing.
But you're missing the point. It is doing all this stuff with user consent, yes. It's just that the user fundamentally cannot provide informed consent as they seem to be out of their minds.
So yeah, technically, all those compliance checkboxes are ticked. That's just entirely irrelevant to the point I am making.
> It's just that the user fundamentally cannot provide informed consent
The user is an adult. They are capable of consenting to whatever they want, no matter how irrational it may look to you.
I pray for whoever has to review the slop I've generated.
There has to be a way to set permissions right? The demo video they provided doesn't even need permission to read file contents, just read the file titles and sort them into folders based on that. It would be a win-win anyways, less tokens going into Claude -> lower bill for customer, more privacy, and more compute available to Anthropic to process more heavy workloads.
Ship has sailed. I have my deepest secrets in Gmail and Docs. We need big tech to make this secure as possible from threats. Scammers and nations alike.
Some do, some don't.
The reality is there are some of us who truly just don't care. The convenience outweighs the negative. Yesterday I told an agent, "here's my api key and my root password - do it for me". Privacy has long since been dead, but at least for myself opsec for personal work is too.