The bouba/kiki effect is the phenomenon where humans show a preference for certain mappings between shapes and their corresponding labels/sounds.
The above image of 2 theoretical objects is shown to a participant who is then asked which one is called a ‘bouba’ and which is called a ‘kiki’. The results generally show a strong preference (often as high as 90%) for the sharply-pointed object on the left to be called a kiki, with the more rounded object on the right to be called a bouba. This effect is relatively universal (in languages that commonly use the phonemes in question), having been noted across many languages, cultures, countries, and age groups (including infants that have not yet learned language very well!), although is diminished in autistic individuals and seemingly absent in those who are congenitally blind.
What makes this effect particularly interesting is less so this specific example, but that it appears to be a general phenomenon referred to as sound symbolism: the idea that phonemes (the sounds that make up words) are sometimes inherently meaningful rather than having been arbitrarily selected. Although we can map the above two shapes to their ‘proper’ labels consistently, we can go much further than just that if desired.
We could, of course, re-draw the shapes a bit differently as well as re-name them: the above image is a picture of a ‘maluma’ and a ‘takete’. If you conformed to the expectations in the first image of this section, it’s likely that you feel the maluma is the left shape in this image as well.
We can ask questions about these shapes that go far beyond their names too; which of these shapes is more likely to be calm, relaxing, positive, or explanatory? I would certainly think the bouba and maluma are all four of those, whereas the kiki and takete seem more sharp, quick, negative, or perhaps even violent. If I was told that the above two shapes were both edible, I can easily imagine the left shape tasting like sweet and fluffy bread or candy, while the right may taste much more acidic or spicy and possibly have a denser and rougher texture.
The idea that large sections of our languages have subtle mappings of phonemes to meaning has been explored extensively over time, from Plato, Locke, Leibniz, and modern academics, with different figures suggesting their theorized causes and generalizations.
For fun I asked some of my friends with no prior knowledge of Japanese some questions about the above words, instructing them to pair them to their most-likely definitions, and their guesses were better than one would expect by random chance (although my sample size was certainly lacking for proper scientific rigor). The phonestheme page on Wikipedia tries to give us some English examples as well, such as noting that the English “gl-” occurs in a large number of words relating to light or vision, like “glitter”, “glisten”, “glow”, “gleam”, “glare”, “glint”, “glimmer”, “gloss”. It may also be worth thinking about why many of the rudest and most offensive words in English sound so sharp, often having very hard consonants in them, or why some categories of thinking/filler words (‘hmm’… ‘uhhh…’) sound so similar across different languages. There are some publications on styles of words that are found to be the most aesthetically elegant, including phrases such as ‘cellar door’, noted for sounding beautiful, but not having a beautiful meaning to go along with it.
Sound Symbolism in Machine Learning with CLIP
I would guess that many of the above aspects of sound symbolism are likely to be evident in the behavior some modern ML models as well. The reason for this is that many recent SOTA models often heavily utilize transformers, and when operating on text, use byte-pair encoding (original paper). The use of BPE allows the model to operate on textual input smaller than the size of a single word (CLIP has a BPE vocab size of 41,192), and thus build mappings of inputs and outputs between various subword units. Although these don’t correspond directly to phonemes (and of course, the model is given textual input rather than audio), it’s still likely that many interesting associations can be found here with a little exploration.
To try this out, we can use models such as CLIP+VQGAN or the more recent CLIP-guided diffusion, prompting them to generate an image of a ‘bouba’ or a ‘kiki’. One potential issue with this is that these words could have been directly learned in the training set, so we will also try some variants including making up our own. Below are the first four images of each object that resulted.
The above eight images were created with the prompt “an image of a bouba | trending on artstation | unreal engine”, and the equivalent prompt for a kiki. This method of prompting has become popular with CLIP-based image generation models, as you can add elements to your prompt such as “unreal engine” or “by Pablo Picasso” (and many, many others!) to steer the image style to a high-quality sample of your liking.
As we anticipated, the bouba-like images that we generated generally look very curved and elliptical, just like the phonemes that make up the word sound. I have to admit that the kiki images appear slightly less, well, kiki, than I had hoped, but nonetheless still look cool and seem to loosely resemble the word. A bit disappointed with this latter result, I decided to try the prompt with ‘the shape of a kikitakekikitakek’ instead, inserting a comically large amount of sharp phonemes all into a single made-up word, and the result couldn’t have been better:
Having inserted all of the sharpest-sounding phonemes I could into a single made-up word and getting an image back that looks so amazingly sharp that it could slice me in half was probably the best output I could have hoped for (perhaps I got a lucky seed, but I just used 0 in this case). We can similarly change the prompt to add “The shape of” for our previous words, resulting in the shape of a bouba, maluma, kiki, and takete:
It’s cool to see that the phoneme-like associations within recent large models such as CLIP seem to align with our expectations, and it’s an interesting case study that helps us imagine all of the detail that is embedded within our own languages and reality – there’s a lot more to a word than just a single data point. There’s *a lot* of potential for additional exploration in this area and I’m definitely going to be having a lot of fun going through some similar categories of prompts over the next few days, hopefully finding something interesting enough to post again. If you find this topic interesting, some words you may want to search for along with their corresponding Wikipedia pages include: sound symbolism, phonestheme, phonaesthetics, synesthesia, ideathesia, and ideophone, although I’m not currently aware of other work that explores these with respect to machine learning/AI yet.
Thanks for reading! I appreciate feedback via any medium including email/Twitter, for more information and contact see my about page
17α-estradiol is a relatively (or completely) non-feminizing form of estradiol (E2), or estrogen. It is a naturally occurring enantiomer of 17β-estradiol (the much more common form of estradiol, usually just referred to as ‘estradiol’) which is found in both male and female humans. This post a a brief essay that discusses the prospect of it extending lifespan in humans. There are two primary types of estrogen receptors, ERα and Erβ, and as you may expect, 17α-estradiol appears to show a stronger binding affinity for ERα. It has a very low binding affinity in locations that generally induce feminization (which appear to be sometimes be both ERα and ERβ), so it’s also possible to take as a male without significantly altering one’s appearance towards the opposite gender. Although we can definitively point to a plethora of effects of regular estrogen, it is difficult to tell what the true purpose of 17α-estradiol is in humans, with Stout et al. (2016) stating “the physiological functions of endogenous 17α-E2 are unclear”. There is evidence it has neuroprotective properties, can help treat Parkinson’s disease, cerebrovascular disease, and much more. This likely involves ER-X, which in turn activates MAPK/ERK and many, many other things down the line (as usual..), but it’s difficult to know for certain. Although these reasons were among the reasons that researchers took into account when deciding to dedicate funding to testing 17α-estradiol in mice for longevity effects, subsequent papers have found more exciting mechanisms of action which are elaborated upon below. For some interesting further reading on this topic that goes into more detail exploring possible mechanisms of action here I’d also suggest reading the following papers: Castration delays epigenetic aging and feminizes DNA methylation at androgen-regulated loci, Hypermethylation of estrogen receptor-alpha gene in atheromatosis patients and its correlation with homocysteine.
17α-estradiol has been found to consistently and significantly extend the median lifespan of male mice, including by the NIH’s Intervention Testing Program, the closest thing we have to a gold standard of longevity RCT experimentation in mice, where three studies are rigorously performed at three separate locations, allowing the results to be instantly compared and reproduced by the two other parties and locations upon completion. Strong et al. (2016) find that 17α-estradiol extends median lifespan of male mice by an average of 19% (26%, 23%, and 9% from the three independent testing sites), and increased the maximum age by an average of 12% (21%, 8%, and 8% from the three testing sites, using the 90th percentile). Harrison et al. (2014) similarly find that median male lifespan was increased by 12%, but did not find an increase in maximum lifespan, and these results have been replicated even more in recent years.
These are some impressive results for such a common and simple endogenous substance! One of the first things we notice is that this effect only applies to males, with female lifespan (both median and maximum) being unaffected. As the substance in question is an estrogen, we can assume that this is either due to female mice already having this benefit, as they already have a sufficient level of it, or that something more complex is at play, and there is a different downstream pathway that is only being activated in males for some reason (more on this later). I had initially assumed the former hypothesis was at least a partial explanation, having known that females consistently live longer than males when it comes to humans, and that this was obviously biological in nature. However, it’s much more complicated in mice as females do not always outlive males, and in fact many times the opposite is true. One meta-analysis (good overview, original book source) finds 65 studies where males lived longer and 51 where females lived longer, with this often depending on the strain of mice used, which varies greatly depending on the type of reseasrch and time period. Regardless, it’s clear there is much more at play in this scenario, and perhaps something special about 17α-estradiol in particular.
Although the ITP studies initially included 17α-estradiol due to the reasons mentioned in the first paragraph, later research such as Stout et al. (2016) has now found that 17α-estradiol not only increased AMPK levels (as some other notable longevity substances such as Metformin also do), but also reduced mTOR activity (complex 1!) in visceral adipose tissue, which is rather reminiscent of Rapamycin, which has extended the lifespan of every orgasm we have performed an RCT with thus far (and likely can in humans too, if you ask me). In a way, this is significantly more exciting, because it gives us a much more plausible way to explain the lifespan extension effects we are noticing. However, it is also partially a disappointment: if these effects are the real reasons why 17α-estradiol extends male mice lifespan, then this substance may offer us nothing that we do not already have via rapamycin and metformin, among others. The paper also noted that fasting glucose, insulin, and glycostlated hemoglobin were reduced along with inflammatory markers improving. These are similar to the types of positive side effects we would expect from a longevity agent, and the study also notes that no feminization nor cardiac dysfunction occurred.
How do these effects (such as AMPK and mTOR modulation) occur? I don’t know, and apparently neither does anyone else. As is often the unfortunate case in biology, the paper has this to say: “The signaling mechanism(s) by which 17α-E2 elicits downstream effects remains elusive despite having been investigated for several decades”. Perhaps just a few more decades to go and this section will be updated with more information, then. Mann et al (2020) find that male mice without ERα do not benefit from 17α-estradiol, which helps us narrow down the first step by excluding Erβ, ER-X and other less-predictable initial mechanisms. Interestingly, they also note that “both 17α-estradiol and 17β-estradiol elicit similar genomic binding and transcriptional activation of ERα”, which would leave us with the question of why we are focusing on 17α-estradiol specifically, if 17β-estradiol (which is much more common) suffices as well. Importantly, they also seem to think changes in the liver might be involved. Garratt et al. (2018) add that distinct sex-specific changes in the metabolomic profile of the liver and plasma were found, and also notes that the longevity benefit for males disappears post-castration. They first supplement males and females, showing many differences related to metabolism including with amino acids. Then they use castrated males and notice that their profiles are the same as the control group, and thus conclude that they are no longer being positively affected by 17α-estradiol. I am unsure if we should be focusing on the AMKP/mTOR effects (which arevery relevant to longevity) or on the liver/metabolic effects (which are also very relevant), or if these are in fact just two different temporal points on the same biological pathway which we don’t yet fully understand, but this helps us connect at least a few more dots.
All of the above sounds exciting, but it’s also all in mice. Sometimes this is useful, as mice are actually quite similar to humans (more so than many may expect), but a lot of it is also less useful or outright misleading. I cannot find a way to take only 17α-estradiol in a safe way as a human, however there is a topical cream of it (alfatradiol) which is used to treat pattern hair loss.
Luckily, one thing that the ITP study found was that 17α-estradiol was among one of the substances that seems to work decently (if not fully) when given later in life, contrary to some others which have the best effect when started in youth and continued until death. As such, I don’t mind waiting 5-20 years for this research to hopefully pan out into a more fruitful and actionable path until I start experimenting with it (although if anyone has more to say on this, please get in contact with me as I’d love to hear about you experience with 17α-estradiol).
It is worth reminding ourselves that 17α-estradiol is already present in humans, and in both sexes, with women generally having significantly higher levels, as one expects of estrogen. Similarly, regular estrogen binds to both estrogen receptors, including our target, which we now know to be the alpha receptor. Given this, is it possible that just taking normal estradiol and increasing the levels of all types of estrogen is a potential longevity treatment? This is a difficult question to answer, although there are millions of people that are already on estradiol for various reasons, one of them being to assist in gender transition from male to female. As the lifespan benefit only applied to male (assigned at birth) mice, there would be benefits to analyzing this target demographic for more information, however this turns out to be quite difficult. We have few deaths due to aging to analyze, as most individuals that transition decide to do so during an earlier period of their life. Of those, we have little data on the entirety of their life, as transitioning has increased significantly in the past few decades, so most of the relevant group is still quite young. Lastly, even if we did have this, the data would be terribly confounded in a large number of ways, and is definitely very far from the type of human RCT we would prefer.
Even so, one of the following must be true:
17α-estradiol does not extend male human lifespan
17α-estradiol does extend male (assigned at birth) human lifespan, however this does not apply to most/any transgender (m->f) individuals. This could be due to insufficient dosage, insufficient affinity for the alpha receptor, the inclusion of 17β-estradiol, the common addition of other substances such as anti-androgens, or another unknown factor
17α-estradiol does extend male (assigned at birth) human lifespan, and this effect therefore does apply to most transgender (m->f) individuals, however we have either failed to notice it completely, or other effects/confounding variables ablate this, for example an increased risk of blood clots from estrogen supplementation or various potential side-effects from anti-androgen usage
Option one is certainly a possibility, but if the AMPK/mTOR pathways are indeed the mechanism of action (and are still somehow modulated in humans by 17α-estradiol), this would imply that other potential human longevity agents such as rapamycin and metformin, which use these same pathways, will in fact, not work. If the pathway is related more to the metabolism of food, then this is easier to believe, as this is one of the areas where mice (which are herbivores) differ from us notably. On the other hand, there are enough differences between humans and mice that it’s very feasible the stars simply do not align for us here, and some critical part of this pathway has been modified past being useful (although do keep in mind that a large amount of important and interesting pathways have been evolutionary conserved for exceptionally long periods, of which mTOR is definitely included amongst).
Option two is, in my opinion, moderately plausible. It could the case that when we do have 17α-estradiol, the dosage is nowhere near sufficient for a noticeable longevity effect, and that if we would simply increase it by 10x or 50x, then we would very quickly notice something big. If not, there is a second sub-explanation here as well. Most male→female transgender individuals don’t just take an estrogen to increase estrogen, but also an anti-androgen to decrease testosterone. As we saw in mice however, castrated males did not experience the improvements as regular males did, although we cannot point specifically as to why. It seems quite possible that since most transgender (m->f) individuals take both an estrogen and an anti-androgen, they may be missing out on the potential opportunity of longevity benefits due to something the anti-androgen is doing. But again I have to add that this is pure speculation, and is just one of many guesses built on top of other guesses (we have only seen the original lifespan extension in mice).
I would like it if we were doing human trials on this right now, but I doubt we’ll get them for far too long, as is generally the case for anything that would significantly extend human lifespan and save us trillions of dollars (even if you think the chance this works is only 1%, multiply that by what we would get – billions of additional human years and trillions in less healthcare spending, and realize the massive expected value that all potential longevity interventions have).
As for option three, it would seem difficult to think that male→female transgender individuals are all supplementing a substance that may increase their lifespan by 5-20%, but yet none of us (or them) are aware of it. There is little useful data on this and we have no good reason to currently believe that this is the case, as we already are making quite a few leaps by first jumping from mice to humans, and secondly moving from 17α-estradiol to estradiol. I’d like to add a lot more to this later, but for now I’ll briefly summarize all of the above in one final paragraphs.
In conclusion, 17α-estradiol might notably extend human lifespan for those assigned male at birth. It may do this by modifying the liver and altering subsequent metabolic properties and processes, and this may also be related to its potential effects on key areas related to longevity such as AMPK and mTOR. If the former is the case, its lifespan effects are likely not additive with other drugs such as metformin or rapamycin, which although disappointing, could still offer other improvements in areas such as safety. If 17α-estradiol does extend human lifespan in this manner, some transgender individuals either do experience the benefits, but we have not yet noticed, or they do not experience the benefits, likely due to either having insufficient levels of 17α-estradiol, or due to the inclusion of an anti-androgen attenuating possible benefits. Further research, including direct human RCTs of 17α-estradiol supplementation itself, is required.
Disclaimer: I’m a random person on the Internet, and also not even a doctor. I have little formal background in biology and just click links on the Internet, read them, and then type things about them for fun. Please mention any corrections or comments to me (see: Contact section of About paget).
A: NFTs are a novel method for some people to make boatloads of money off of others, and in doing so create an entire new ecosystem that primarily uses misinformation to justify its own existence in order to perpetuate profiteering from those at the top.
As one would expect, many previous methods with this MO have existed, including within the cryptocurrency ecosystem, such as ICOs. However, most ICOs ended up being illegal as they not only involved selling unregistered securities to non-accredited investors, but also involved a lot of fraud and deception. NFTs solve this debacle by having a significantly lower legal risk, as they’re unlikely to be considered securities.
Technically, an NFT is an entry (digital file) on a blockchain (large sequence of blocks made up of data and transactions) that is unique, and thus not fungible (interchangeable) with any other token or asset.
Q: How does an NFT put art on the blockchain?
A: It doesn’t. The reason for this is simple: the blockchain is too inefficient to store large amounts of data on; storing as much as a 4MB image on the Ethereum blockchain would currently cost around $72,000, as it needs to be stored on every copy of the blockchain in existence (The math for this is (10^9 / 10*18) * 1000^2*4 * 68 * 150 * 1800, where the constants are the following: wei per gwei, wei per eth, bytes in 4MB, gas per byte, gwei per gas, usd per eth).
Q: If an NFT is not on the blockchain, then where is it?
On a web server somewhere, just like everything else on the Internet. Specifically, the blockchain may have a link to media content, which in the best case would be an ipfs link (which is still sitting on one or multiple computers somewhere), and in the worst case is an http(s) link. Neither of these are guaranteed to remain in existence forever, but at least ipfs can be partially decentralized, replicated more easily, and verified more easily. As the blockchain is public, all files are generally public as well.
Q: What about other NFT information like traits or NFTs listed for sale on websites? That’s the blockchain, right?
Nope. Again, due to the blockchain being prohibitively expensive to store information on, even NFT traits (identifying characteristics/labels for the given token) are generally not stored on the blockchain, but are instead provided via a JSON api, just like the rest of the Internet uses.
Although NFTs are intended to be minted on the blockchain in order to exist, the cost of this started to get too high as fees increased, so now popular websites that users use to create NFTs such as Mintable have a ‘gasless’ minting method, where no blockchain transaction occurs until someone purchases the asset on the website, thus the blockchain is yet again bypassed and a centralized entity is used instead.
Q: If transactions on the blockchain are so expensive, how are users using Ethereum to make cheap and instant transactions?
A: They aren’t, at least not right now. Currently the cost to transfer an Ethereum ERC20 token is $22 and the cost to trade a token with Uniswap is $65. A regular transaction can still be performed for around $6, although this can of course increase arbitrarily according to the market. This price may decrease at some point, but you also never know when the market will increase it drastically, potentially even making ether you own worthless (for example, if the fee to send eth is $6 and you only have $5 of eth in your address, you are out of luck).
Q: How do I receive ownership and the rights to the art I purchase as an NFT?
A: You don’t. As far as ownership goes, there is nothing but a digital signature by an Ethereum address you have the private key to, which is placed on a contract that has a link inside of it of something you happen to like. Anyone can see the link and view the file. Additionally, there is nothing legally binding about this transaction, and there is no guarantee you will have the IP rights to whatever it is you spent your money on.
Q: How can I ensure the original artist is the person selling the NFT?
A: You can’t. Anyone can create an NFT that has any link to any file in it, and there is nothing preventing this from being published on the blockchain by anyone.
As you would expect, there are many instances ofusers selling art that they did not create. In addition to art being stolen and sold by someone unrelated, resources such as machine learning models and art tools have been used to create valuable NFTs, with the original programmers not only left uncompensated, but un-credited entirely. But at least some random person got $10,000.
Q: Why has the popularity of NFTs been increasing so much?
A: Because people are making easy money with them. Similar to cryptocurrencies, every person that owns them has a vested interest in hyping them up to others in order to profit. The ecosystem as a whole uses many techniques in order to increase its own virality, including stories about how Everything Is Getting Super Rich Quick Doing Nothing Except For You, significant hype both from excited individuals and from extensive paid shilling campaigns from those that are set to profit from them, and new technical jargon like “Ethereum NFTs on the blockchain using ERC721+ERC1151”.
Q: How can I verify that an NFT purchase was legitimate?
A: You cannot. Although the transaction is on the blockchain and you can verify that it occurred, you do not know who the addresses involved in the transaction belong to. This enables one to create NFTs and then buy them from themselves using different addresses that they own in order to give the appearance that they are valuable and in high demand, effectively painting the tape with the hope that someone else (who, unfortunately, doesn’t understand this is occurring), will then will pay a large amount for something no one else actually wanted. For example, the recent NFT purchase for $69 million which garnered significant media coverage was even publicly known to have been someone that already had a prior business relationship with the seller. Regardless, it seemed to have made a good enough story to make it to just about every ‘news’ website.
Q: Why do you hate cryptocurrencies and Ethereum so much? You must be a fiat supporter!
A: I don’t hate either, I actually love them, have invested in them on and off, and think bitcoin was a revolutionary idea. I do support fiat though, so you have me there. I need it to pay my bills and my taxes or I will have no power and be thrown in jail. Additionally, an inflationary currency is necessary in order to encourage spending, among other things.
This post is a summary of some of the things that I dislike about Mozilla and Firefox. Given how passionate I am about user rights, privacy, decentralization, FOSS, etc, sometimes these remarks surprise people. I still am grateful Mozilla exists, I still use some of their products, and there are many amazingly smart and good people there However, donations to Mozilla for the purpose of improving Firefox are ineffective and are better spent elsewhere, and I really wish they would stay focused on making better products.
Mozilla has a lot of money, most of which does not go towards Firefox
Mozilla constantly mentions that they are a nonprofit, encouraging you to donate to them to help Make The Internet A Better Place. While the Mozilla Foundation is legally classified as a nonprofit, their subsidiary, Mozilla Corporation, is not. Its revenue is around $450,000,000 per year, almost all of which comes from their contracts with Google (Yandex and Baidu as well). Google pays Mozilla half a billion dollars per year because Mozilla has contractually agreed to keep Google as their default search engine, and presumably this gives Google a net profit, as having more ad views and user information is very, very valuable (I heard an explanation that Google also wants to avoid antitrust issues, but I’m unsure of the veracity of that).
The CEO of Mozilla (both the foundation and the corporation), Mitchell Baker, had an annual income of over $3,000,000 (official source, cannot find 2020 document yet) or around $1,000/hour, which has managed to increase for several years in a row, despite metrics related to Mozilla’s primary product, their web browser, significantly decreasing (do note: her salary is technically from the for-profit, not the non-profit). In case you haven’t seen a report on browser market share in the last few years, Firefox currently has around 3-4% of the market share, with the highest estimates I can find being around 7-8%.
Most of Mozilla’s spending does not go to software development nor Firefox, but rather to administration, marketing, and similar expenses (this is true both for the non-profit and for-profit, but the non-profit’s information is publicly available). Checking their most recent form 990, there was $4.5M spent on grants to random universities and groups, $3M spent on management fees, $1.8M spent on travel fees, and $0.8M spent on conference fees, which combined is significantly more than what is spent on employee compensation. This means when you donate to Mozilla’s nonprofit, your money is more likely to be spent on universities, management, and travel than an employee’s compensation.
Although there are not many publicly available details about the specific spending of the for-profit section of Mozilla (which would be ~10x more), the distributions appear to be relateively similar from what sources I can find. One reason why Mozilla spends so much on marketing is because their products are generally not as good as their competitors’, and attempting to purchase your way to a larger userbase is an expensive and constant uphill battle.
Firefox does little to stop you from being tracked by Google
One of the most popular reasons to use Firefox instead of Chrome is a dislike for being tracked by Google. While it’s true that Google recieves more information from Chrome users than it does from Firefox users, the majority of information flow remains a constant, and Mozilla relies on a plethora of Google services for basic browser functionality. Here are some examples:
Firefox uses Google search by default and sends all queries/address bar typing to Google
Firefox uses Google’s safe browsing service for ‘unrecognized downloads’, sending Google the filename and url that you visited
Firefox uses Google services for basic APIs such as their location API, despite Mozilla having attempted its own implementation, which one may assume they’d use. As Firefox polls your OS for information to send to this API, this sends information such as your wifi-network or nearby phone towers in addition to your IP address and a biweekly-rotating Google client identifier.
Apart from Firefox relying heavily on Google’s services, unless you use extensive tracking/blocking addons, you’re being tracked everywhere you go to begin with, as the majority of websites use Google Analytics, Google APIs, Google fonts, Google ReCAPTCHA, among many others.
There is truth to Mozilla working on and implementing important privacy improvements in browsers, such as DNS over HTTPS, third party cookie blocking by default, tracker blocking, and so on. Some of these appear to be helpful, however are easily mitigated by other parties, while others are more questionable (for example, the implemention method of rolling out DoH by opting users into it, bypassing their network configuration preferences, and sending all DNS queries to a single company’s servers, was not optimal). As of firefox 86 on Feb 23rd 2021, Firefox appears to be attempting full per-site cookie isolation, which if successful and usable could be a great improvement here.
Firefox includes tracking, advertisements, and backdoors
Mozilla takes almost every chance it can to tell you how much they love your privacy, and for that reason the tracking and default features that are included in distributions of Firefox are pretty surprising (this does not mean Firefox is worse at this than other browsers!).
– the number of open tabs and windows, the number of websites visited, the number and type of addons installed, the length of your browser session, all interaction events with ‘Firefox features offered by Mozilla or our partners’, your device information, OS information, hardware information, and your IP address
“Firefox uses your IP address to suggest relevant content based on your country and state”
“When you choose to click on a Snippet link, we may receive data about the link you followed”
“Firefox sends basic information about unrecognized downloads to Google’s SafeBrowsing Service, including the filename and the URL it was downloaded from”
Some of this information is reasonable, such as crash reports and the base OS/Firefox version, but I still found this to be more than many may expect.
Firefox now comes with a feature called studies, which allows Mozilla to remotely install and run custom changes and featuresets to your browser without asking you. This is turned on by default, which is generally all that matters as almost no users go through every setting in software to turn things off manually. In the past Mozilla used their ability to remotely control browser installations to install an addon into users’ browsers that gave them cryptic messages which were intended to be advertising for a TV show. I don’t know why they thought that was a good idea, as it seemed to be almost unanimously agreed upon that it was a terrible idea, but it still happened. If you visit about:studies in Firefox you can see which studies you have/are currently participating in. I could not find any resource from Mozilla that lists all studies that they run, or anything remotely like this.
Firefox continually pushes sponsored and clickbait content into their products
Firefox comes with many features for sponsored content and advertisements, such as Sponsored Top Sites. The Mozilla page about this feature says they send ‘anonymized technical data’, which is hyperlinked to a near-empty Github repositry. Firefox partners with adMarketplace for this, which states “We may also receive technical information such as your approximate location, browser type, language settings, user agent, timestamp, cookie ID and IP addresses”, which is very dissimilar to what Mozilla says about this tracking, but perhaps they have a special agreement with Mozilla to opt their users out of this or something.
There is also Pocket, which comes with all distributions of Firefox and shows sponsored stories and other content ‘curated by our editors’ by default. I’m not even going to pretend this is decent. This is is a terible feature, and the last thing I want to see when I open my web browser is a bunch of advertisements for clickbait. I find it sad that mozilla says Pocket “Trades clickbait for quality content”, when the majority of content Pocket offers is complete trash designed to make you click and waste your time, including a lot of content that suggests that surveillance and censorship of the Internet is required to keep me informed and safe.
Fortunately several of the worst features of Firefox are easy to turn off, and some features that are even worse such as Ion, which literally just sends your browsing history to ‘researchers’, are disabled by default and must be opted into. I’m unsure why these features are included in Firefox to begin with, as I can’t imagine the small revenue stream they introduce is significant nor in Mozilla’s best interest.
Firefox is generally a slower browser than Chrome
Using Chrome for a few minutes instantly allows me to understand why it has dominated Firefox in market share over the last decade. While it’s true that Google has many inherent advantages in promoting software, I think its performance, speed, and UX alone goes a long way in demonstrating why Firefox has fallen behind so far.
Mozilla has strange and contradictory ideological goals
When visiting the homepage mozilla.org, the first article that is shown to me is titled ‘We need more than deplatforming’ written by the CEO Mozilla, which implores us to do things like “Turn on by default the tools to amplify factual voices over disinformation”, kindly linking us to a NYT article that discusses how ‘authoritative sources’ such as the NYT and CNN should be prioritized over independent voices.
Continuing to read blogposts from Mozilla (this is from their foundation’s website, I should add that they have some good technical blogposts in other locations) is a rather interesting endeavor as it becomes more and more apparent that Mozilla has large segments of their organization that don’t seem to have any clear goals, and just kind of write about random social and political things on the Internet and their opinions on it, sometimes throwing six-figure grants to random groups of students to make a game that no one ever plays to show us about how something is obviously bad, which I assume they thought was a better use of their money than hiring someone to work on Firefox (which 250 people were laid off from last year).
While Mozilla attempts to provide commentary on many important social issues, there appear to be many suggestions that go directly against their manifesto, which suggests that open expression and individuals freedoms should be prioritized. I respect the right for Mozilla to spend its funding on any social or political content it chooses, and I also think that many of the issues they dedicate time to are very important for our society and for the Internet, but I would rather their organization focuses on making a good web browser, because I would be much more excited about donating to them if my money went towards that.
I’m still glad Firefox exists
I’ve written some negative views about Firefox, but I’m still glad it exists. Making a perfect web browser is difficult, and trying to respect user privacy is difficult. I think Mozilla would be much better off if they were a product-focused company, and spent more money on technical innovation and additional engineers and innovators. For this reason I don’t think donating to Mozilla is a good choice, and as far as similar organizations go, prefer the EFF instead.
This article started to turn into a bit of a rant as I’ve continually found myself disappointed with decisions Mozilla has made, and I’m not surprised that their browser market share has decreased by almost 90% over time as a result. It’s easy to criticize, but difficult to build, so I do want to include this disclaimer to restate that I’m glad Firefox and Mozilla exist, and I wish the best for them and their browser, but I think their modern directions are distracting them from making products good enough to be widely used. I hope things improve, because it would be nice if more than one or two web browsers existed. In fact, I think that’s very important.
This Anime Does Not Exist was launched on January 19th, showcasing almost a million images (n=900,000 at launch, now n=1,800,000 images), every single one of which was generated by Aydao‘s Stylegan2 model. For an in-depth write-up on the progression of the field of anime art generation as well as techniques, datasets, past attempts, and the machine learning details of the model used, please read Gwern’s post. This post is a more concise and visual post discussing the website itself, thisanimedoesnotexist.ai, including more images, videos, and statistics.
The Creativity Slider and Creativity Montage
Although the above two are among my favorite examples of creativity montages, many users found some other interesting things that increased creativity could do:
The best way to demonstrate the stunning potential of this model is to show some of the samples that users have enjoyed the most:
Incidentally, it also seems that users love sharing images that are not the most beautiful, but the weirdest as well. The below four were among the most popular images on the website during the first few hours, when there was only n=10,000 of each image:
Sometimes the result collapses enough to lead to an image that, although pretty, does not at all resemble the ideal target:
In many cases the model will produce writing which looks distinctly Japanese, however upon closer introspection, is not legible, with each character closely resembling distinct counterparts in Japnese scripts, however diverging just enough to produce confusion with a lingering feeling of otherworldlyness.
Videos and gifs
As it’s possible to produce any number of images from the model, we can also use these images to produce videos and animated gifs. The primary style of this is referred to as an interpolation video which is produced by iterating through the latent variables frame by frame, transitioning in between different samples seamlessly:
The field of AI artwork, content generation, and anything related is moving very quickly and I expect these results to be surpassed before the year is over, possibly even within a few months.
If you have a technical background and are looking for an area to specialize in, I cannot emphasize the extent that I’d strongly suggest machine learning/artificial intelligence: it will have the largest impact, it will affect the most fields, it will help the most people, it will pay the most, and it will cause you to be surrounded by the best and smartest people you could hope for.
Thanks for reading and I hope you enjoyed the website! For more about myself, feel free to read my about page or see my Twitter.
The Everything Store – Jeff Bezos and the Age of Amazon by Brad Stone is a book detailing some factors that led to the rise of Amazon as one of the largest corporate success stories of all time. I opened it expecting to skim through some parts, but ended up reading it in full in one sitting, and enjoyed it thoroughly. It left me with a strong sense of what makes Amazon, well, Amazon. And the best answer to that question is without a doubt, Bezos himself.
Rather than a full book review, I’m going to share some quotes from The Everything Store that stood out to me. One fun thing to note is that when this book was published in 2013, Amazon was ‘only’ a $150B company, but today is worth over 1.5 trillion. It’s a wonderful book and is worth buying if you want to read stories about Jeff Bezos’ extreme confidence in himself and his company as they overcome challenges one after another full-speed ahead, from local stores to Barnes and Noble to Ebay to Walmart and beyond. Below are some quotes that I particularly liked, only from the first fourth of the book. I was quoting the book more than anticipated, so I stopped this post early but will leave it up as an advertisement for the book.
Bezos is an excruciatingly prudent communicator for his own company. He is sphinxlike with details of his plans, keeping thoughts and intentions private, and he’s an enigma in the Seattle business community and in the broader technology industry. He rarely speaks at conferences and gives media interviews infrequently.
There is so much stuff that has yet to be invented. There’s so much new that’s going to happen. People don’t have any idea yet how impactful the Internet is going to be and that this is still Day 1 in such a big way. Jeff Bezos
Amazon’s internal customs are deeply idiosyncratic. PowerPoint decks or slide presentations are never used in meetings. Instead, employees are required to write six-page narratives laying out their points in prose, because Bezos believes doing so fosters critical thinking. For each new product, they craft their documents in the style of a press release. The goal is to frame a proposed initiative in the way a customer might hear about it for the first time. Each meeting begins with everyone silently reading the document, and discussion commences afterward
“If you want to get to the truth about what makes us different, it’s this,” Bezos says, veering into a familiar Jeffism: “We are genuinely customer- centric, we are genuinely long-term oriented and we genuinely like to invent. Most companies are not those things. They are focused on the competitor, rather than the customer. They want to work on things that will pay dividends in two or three years, and if they don’t work in two or three years they will move on to something else. And they prefer to be close-followers rather than inventors, because it’s safer. So if you want to capture the truth about Amazon, that is why we are different. Very few companies have all of those three elements.”
Bezos interpolated from this that Web activity overall had gone up that year by a factor of roughly 2,300—a 230,000 percent increase. “Things just don’t grow that fast,” Bezos later said. “It’s highly unusual, and that started me thinking, What kind of business plan might make sense in the context of that growth?”
Jackie Bezos suggested to her son that he run his new company at night or on the weekends. “No, things are changing fast,” Bezos told her. “I need to move quickly.”
Internet records show that during that time, they registered the Web domains Awake.com, Browse.com, and Bookmall.com. Bezos also briefly considered Aard.com, from a Dutch word, as a way to stake a claim at the top of most listings of websites, which at the time were arranged alphabetically.
Bezos and his wife grew fond of another possibility: Relentless.com. Friends suggested that it sounded a bit sinister. But something about it must have captivated Bezos: he registered the URL in September 1994, and he kept it. Type Relentless.com into the Web today and it takes you to Amazon.
They set up shop in the converted garage of Bezos’s house, an enclosed space without insulation and with a large, black potbellied stove at its center. Bezos built the first two desks out of sixty-dollar blond-wood doors from Home Depot, an endeavor that later carried almost biblical significance at Amazon, like Noah building the ark.
During that time, the name Cadabra lived on, serving as a temporary placeholder. But in late October of 1994, Bezos pored through the A section of the dictionary and had an epiphany when he reached the word Amazon. Earth’s largest river; Earth’s largest bookstore.3 He walked into the garage one morning and informed his colleagues of the company’s new name. He gave the impression that he didn’t care to hear anyone’s opinion on it, and he registered the new URL on November 1, 1994. “This is not only the largest river in the world, it’s many times larger than the next biggest river. It blows all other rivers away,” Bezos said.
One early challenge was that the book distributors required retailers to order ten books at a time. Amazon didn’t yet have that kind of sales volume, and Bezos later enjoyed telling the story of how he got around it. “We found a loophole,” he said. “Their systems were programmed in such a way that you didn’t have to receive ten books, you only had to order ten books. So we found an obscure book about lichens that they had in their system but was out of stock. We began ordering the one book we wanted and nine copies of the lichen book. They would ship out the book we needed and a note that said, ‘Sorry, but we’re out of the lichen book.’
A week after the launch, Jerry Yang and David Filo, Stanford graduate students, wrote them an e-mail and asked if they would like to be featured on a site called Yahoo that listed cool things on the Web. At that time, Yahoo was one of the most highly trafficked sites on the Web and the default home page for many of the Internet’s earliest users.
In the meetings, Bezos presented what was, at best, an ambiguous picture of Amazon’s future. At the time, it had about $139,000 in assets, $69,000 of which was in cash. The company had lost $52,000 in 1994 and was on track to lose another $300,000 that year. Against that meager start, Bezos would tell investors he projected $74 million in sales by 2000 if things went moderately well, and $114 million in sales if they went much better than expected. (Actual net sales in 2000: $1.64 billion.)
Bezos later told the online journal of the Wharton School, “We got the normal comments from well-meaning people who basically didn’t believe the business plan; they just didn’t think it would work.”11 Among the concerns was this prediction: “If you’re successful, you’re going to need a warehouse the size of the Library of Congress,” one investor told him.
When his goals did slip out, they were improbably grandiose. Though the startup’s focus was clearly on books, Davis recalls Bezos saying he wanted to build “the next Sears,” a lasting company that was a major force in retail. Lovejoy, a kayaking enthusiast, remembers Bezos telling him that he envisioned a day when the site would sell not only books about kayaks but kayaks themselves, subscriptions to kayaking magazines, and reservations for kayaking trips—everything related to the sport. “I thought he was a little bit crazy,” says Lovejoy.
The IPO process was painful in another way: During the seven-week SEC-mandated “quiet period,” Bezos was not permitted to talk to the press. “I can’t believe we have to delay our business by seven years,” he complained, equating weeks to years because he believed that the Internet was evolving at such an accelerated rate. Staying out of the press soon became even more difficult. Three days before Amazon’s IPO, Barnes & Noble filed a lawsuit against Amazon in federal court alleging that Amazon was falsely advertising itself to be the Earth’s Largest Bookstore. Riggio was appropriately worried about Amazon, but with the lawsuit he ended up giving his smaller competitor more attention. Later that month, the Riggios unveiled their own website, and many seemed ready to see Amazon crushed. The CEO of Forrester Research, a widely followed technology research firm, issued a report in which he called the company “Amazon.Toast.”
It was a distilled version of the dissatisfaction felt by many early Amazon employees. With his convincing gospel, Bezos had persuaded them all to have faith, and they were richly rewarded as a result. Then the steely-eyed founder replaced them with a new and more experienced group of believers. Watching the company move on without them gave these employees a gnawing sensation, as if their child had left home and moved in with another family. But in the end, as Bezos made abundantly clear to Shel Kaphan,family. But in the end, as Bezos made abundantly clear to Shel Kaphan, Amazon had only one true parent.
“You seem like a really nice guy, so don’t take this the wrong way, but you really need to sell to Barnes and Noble and get out now,” one student bluntly informed Bezos. Brian Birtwistle, a student in the class, recalls that Bezos was humble and circumspect. “You may be right,” Amazon’s founder told the students. “But I think you might be underestimating the degree to which established brick-and-mortar business, or any company that might be used to doing things a certain way, will find it hard to be nimble or to focus attention on a new channel. I guess we’ll see.”
“There will be a proliferation of companies in this space and most will die. There will be only a few enduring brands, and we will be one of them.”
During that time, no one placed bigger, bolder bets on the Internet than Jeff Bezos. Bezos believed more than anyone that the Web would change the landscape for companies and customers, so he sprinted ahead without the least hesitation. “I think our company is undervalued” became another oft- repeated Jeffism. “The world just doesn’t understand what Amazon is going to be.”
As the company grew, Bezos offered another sign that his ambitions were larger than anyone had suspected. He started hiring more Walmart executives.
Around that time, Wright showed Bezos the blueprints for a new warehouse in Fernley, Nevada, thirty miles east of Reno. The founder’s eyes lit up. “This is beautiful, Jimmy,” Bezos said. Wright asked who he needed to show the plans to and what kind of return on investment he would have to demonstrate. “Don’t worry about that,” Bezos said. “Just get it built.” “Don’t I have to get approval to do this?” Wright asked. “You just did,” Bezos said. Over the next year, Wright went on a wild $300 million spending spree.
“Walmart did not even have Internet in the building back then,” says Kerry Morris, a product buyer who moved from Walmart to Amazon. “We weren’t online. We weren’t e-mailing. None of us even knew what he meant by online retail.”
The venture capitalists backing eBay asked around and heard that one did not work with Jeff Bezos; one worked for him.
Bezos went skiing in Aspen that winter with Cook and Doerr and finally told them what was coming. “He said, ‘We’re going to win, so you probably want to consider whether to stay on the eBay board,’ ” says Cook. “He thought it would be the only natural outcome.”
If you liked these quotes, consider reading the full copy (perhaps even buying it from Amazon), it’s definitely a nice read about an amazing company and individual.
Midday on July 15th, 2020, many high-profile Twitter accounts were compromised and began posting scams to entice users into sending them cryptocurrency (generally BTC, but also some others such as XRP for Ripple’s account). I’m not going to write about this in detail since everyone else already has, but for more information check out an article on the topic: Coindesk, TheVerge, TechCrunch, BBC, infinite others
What if instead of posting low-quality cryptocurrency scams, the attackers did something else?
Sure, they could have tried to use CEO accounts such as Musk and Bezos to make millions (or possibly billions) on the stock market by tweeting about earnings and purchasing large amounts of far-out-of-the-money near-expiration call options on the underlying stocks. But we have a lot of ways to catch people that try that, and many regulations and organizations that would make it more difficult (many more than just the SEC) to get away with (although as a side note, $TLSA’s stock+option trading volume is absurdly high, and it would be very difficult).
But, what if they had tried something else entirely, something not motivated by short-term financial gain?
What if the attackers wanted to cause chaos and violence, perhaps alongside putting certain political movements and goals forward? What if they had pre-written thousands of tweets about a topic, perhaps a fake and outrageous event occurring, paired with fake images and videos, perhaps even some higher-quality deepfakes? How many people could they get killed? Could they start a war?
You might think this sounds absurd at first glance. But remember, most of the world’s most influential people use Twitter, including the leaders of most national governments. Although a private corporation that plays by its own rules, Twitter is still the means with which many elected officials communicate with the public. Entire social movements have started and ended through the power of a single viral tweet, sometimes resulting in significant violence or many deaths. Social media platforms have been used by extremists of every type imaginable in the past, and this isn’t going to stop any time soon.
What if the next exploit affects much more than some Twitter accounts?
But, I want to go much further than talking about Twitter. What if instead of an exploit that allowed attackers to compromise Twitter accounts, it had been something much worse? What if they were able to compromise any web server, or any online Windows machine, or industrial control systems for utilities, power plants and military operations? None of these scenarios are by any means impossible. Enough software and hardware exists at enough layers of abstraction that there’s generally always 0-days lurking in critical systems, sometimes for years or decades, before they’re found. We know that 0days are found often by securityresearchers, private companies, governments, and others (sometimes rewarding up to $2,500,000), but also that they are less commonly exploited in obnoxious and harmful ways (generally being hoarded by government security agencies or reported in good faith).
We were unprepared for covid despite epidemics throughout all of history
It was said by many that the covid pandemic could have been predicted, in a sense (which is why it was not a true black swan event). Perhaps not the specifics of it such as the date, virus, and origin. But the general idea of “at some point in the future, something bad is going to happen like this, and we need to prepare for it.”
Another one of these “something really bad is going to happen in the future” categories involves cybersecurity, data privacy, and AI. Just one of these topics individually can be involved in a terrible catastrophe, and indeed have been before, but I think we’re coming close to a combination of all three that can lead to events much worse than we’re currently prepared for.
Security: Billions of humans live digital lives, including the most influential, famous, and dangerous. These people all have email accounts, phones, Twitter accounts, and more, all of which can be compromised, controlled, and manipulated by others.
Data Privacy: The amount of data that social media giants (among others) have on most people is massive, and in my opinion vastly underestimated both in quantity and power. The majority of human communication is now owned by private companies that store things forever. A large proportion of all human social connections, conversions, movements, opinions, and thoughts are stored in databases that not only will not forget, but that the user does not have any control or often even knowledge of.
So, take the three above topics of security, data privacy, and AI, and combine them all. Bonus points if you throw in some political tension, which we’re certainly not lacking right now either.
We are not prepared for a true disaster involving technology
As a society, we’re woefully under-prepared for disasters in all of these areas.
We’re not prepared for critical infrastructure, both physical and digital, to be compromised or attacked by highly-funded and competent groups, maybe even state-ran.
Not prepared for the massive campaigns of disinformation, fake news, and propaganda that lie ahead. If you thought things were bad in the last few years, just wait, because we’re on the verge of accelerating it by 10x, and fact-checking is not a solution. China’s government seems to be working very hard both on the offensive and defensive here. Is anyone else truly competing?
Not prepared for how to deal with database leaks that will contain the life history of millions of people, including their ‘private’ conversations and deepest secrets, and items so egregious that they instantly spark violence. Plenty of data breaches have led to murders and suicides already. There are still many countries where you can face imprisonment or death for being gay, being atheist, being of a certain ethnicity, or speaking outagainst thegovernment (yes, we really don’t have it as bad here, huh!). Do you know what happens when these people have their private information carelessly leaked? It’s not pretty. And this is just for normal database leaks, let alone if a database leak had some information in it falsified (with the majority left intact, thus offering plausibility for the fake parts) to maximize its effect.
Not prepared for how to face that humanity is becoming increasingly controlled by viral algorithms that do not prioritize human values of happiness and love and truth, but rather nothing but outrage and in-group bias as the only bottom line. Most of us already feel powerless against this, but it may only just be beginning.
Not prepared for how anonymity is becoming a luxury only achievable by ultra-competent tech gurus, with most people having been forced to move their communication into more and more centralized ways over time, feeding all of the above issues. Not prepared for how one of the many reasons anonymity is getting much more difficult to obtain is because the easiest way to tell if someone is a bot or a human is to require verification of phone numbers, addresses, and more. And don’t let me forget to mention how many governments are eyeing up ways to ban end-to-end encryption.
I’m supposed to end on an optimistic note
How can we do a better job of addressing these problems?
Promote education on the importance of cybersecurity, especially at the government and corporate levels
Promote decentralized solutions instead of centralized social media platforms, allowing users to have control over their discourse, their platform, and their own data
Promote anonymity, even when it is difficult, and fight to ensure end-to-end encryption is a right for everyone forever
Promote better regulations around privacy and data security so that hoarding large amounts of personal data is less of an asset and more of a liability
Although a lot of this post might read as alarmist and pessimistic, I’m still (mostly) optimistic about these things in the long-long-term. The best part about terrible events like covid is that they make us stronger and better prepared for the next (similar) storm to hit us. Security used to be a second thought (or not a thought at all) for most companies, but we’ve improved significant in the last decade, and bug bounty programs and significant security spending are now common. I used to get looked at like I was insane for talking about how big of an issue the amount of tracking and data-collecting our society performs was a big problem, but even this is something that a lot of everyday people believe now as well. I just hope the stepping stones along the way to becoming prepared for the future aren’t so terrible that we don’t make it there in one piece.
It’s interesting how many people view fact-checking as a simple problem, where you just identify something that is not factual, then correct it. Problem solved! Misinformation has been defeated, the Internet is only full only of Truth, and now The People finally realize we were right all along!
Fact-checking is a very hard problem. A lot of people want to ignore this fact, because correcting people feels good, especially when they’re your enemies.
It takes a lot of virtuousness, of empathy, of vigor, and of rationality to decline the temptation to correct other people. We are driven insane by the fact that not only are other people wrong on the Internet, but they are wrong about basic facts! This is part of why websites like Twitter are so terrible. People cannot stand others being wrong on the Internet. They will gladly spend hours of their daily life willfully being miserable and angry just to have the chance to correct others, even if those they correct do not even change their beliefs at all, or even change them in the opposite direction.
Although some may think the reason why Mark Zuckerberg has come out against fact-checking politicians is so that he can reap profits and sow division while cackling maniacally, I think instead he has simply put a lot of thought into the problem, and not only realized how difficult it is, but also that it cannot work well long-term. He is much more concerned about the long-term future (decades) of Facebook than he is about some upsetting posts made by an upsetting person.
Difficulties with fact-checking
I. There’s no such thing as an unbiased fact-checker
Fact-checkers, whether humans, scripts, or AI, cannot be unbiased. Reality is always a state of incomplete information, and the ways that humans interpret statements vary from person to person. It’s possible for us to disagree on the veracity of a statement, but if we were to discuss things further with more specificity, actually agree on the state of reality. Many statements can not reasonably be interpreted as a boolean of true or false, and instead have subtle amounts of potential bias and nuance within them. Facts are constantly changing, and no single actor has perfect and unbiased information about all of them.
II. Even if there was, someone has to decide which content should be fact-checked
Even given impossibly-perfect moderation, someone has to cherry-pick the content that is to be moderated and checked in the first place, as the Internet has far too much content to police every thought and post manually. Most individuals in favor of fact-checking tend to focus on a very small subset of individuals or organizations that they think should be fact-checked, but this set itself is cherry-picked according to their preferences and attention. This is another process that inevitably introduces bias, potentially in many directions depending on the people and processes involved. Similar to how two completely opposing news networks may only report true information, but still promote entirely opposing narratives because they cherry-pick what is news and what is not news, fact-checking cannot avoid this selection problem. It’s very unlikely that any large organization can do a reasonable job at this.
III. Even given quality fact-checking, the results may not be what you seek
A lot of people do not trust certain fact-checkers, certain news networks, and especially certain social media companies. Even if you perform good fact-checking, there is little evidence that this will achieve your goal, which is not actually correcting text on the Internet, but correcting peoples’ beliefs in their own minds, which turns out to be pretty difficult. Fact-checking could sometimes have an effect similar to the Streisand effect, potentially even causing harm to one’s cause, although I can’t find recent studies on this specifically. Regardless, it should be well-known by now that many people will not instantly and flawlessly change their minds when presented with new opposing facts, especially when done so by their outgroup.
If an Internet platform undertakes significant fact-checking, it could even drive heavily-affected groups off of the platform and onto their own platform, where they would then be even more free to spread their own information in whichever way they want. Similarly, the amount of trust that is given to many companies could decrease significantly and cause greater problems further down the road that can then not be solved with fact-checking.
Long-term affects of big changes are impossible to predict, but it’s not too hard to think about a lot of unintended consequences not just for social media, but for governments, democracy, and humanity, further down the road. Most people don’t have to try too hard to imagine some pretty dystopian results and major failure modes when trillion dollar corporations and governments become arbiters of truth and information.
IV. alternative narratives are important for society
Fact-checking has been desired and attempted by those in power throughout history, often leading to disastrous results, even without considering the political extremes of events such as WWII, which entire books of tragedy are written on. Many may view the Copernician revolution as ancient history, being 500 years ago, but it was only 170 years ago when Ignaz Semmelweis’ controversial hypothesis that doctors should wash their hands and maintain cleanliness was mocked and ridiculed for decades, until it eventually became common practice and saved millions of lives.
History is full of countless examples of individuals that went against the grain of their encompassing culture in order to accomplish amazing things and drive progress. These people often armed themselves with what may have been originally considered to be misinformation by those in power during their zeitgeist. I’m glad that we didn’t have the centralization of communication and power we have now throughout history, because many rights that you take for granted were only gained thanks to the failures of past powers to control the narrative as strictly as they wanted to.
V. The narrative cannot be controlled
Just like everyone else, I too wish that everyone that was wrong on the Internet could be corrected. I wish my favorite narratives, facts, and causes were supported and known by more people. To not attempt to correct and control the narrative is a tough bullet to bite, but it’s something that a lot of thought and consideration must be put into, requiring very long-term thinking and awareness of history.
As long as people are free, they will come up with their own narratives, causes, desires, and even facts and entire worldviews. It’s been said that we live in a post-truth world, but that has always been the case. It’s just more apparent now that you can see people from every other background and culture when you use the Internet. No single person, company, or government can control information flow and peoples’ beliefs to the extent that they wish, and any that grasp for such an unattainable level of control will find that it doesn’t work long-term. Even the countries with the strictest controls on information, reporting, and speech, historically, have never fared well after a long enough time.
Different people have different lives, different values, and even different facts that they live by. It’s possible for you to co-exist with them, but perhaps not best if you’re forced to live in the same room as them. But no matter how hard you try, it may be impossible to get them to live their life the way you want them to. I know it’s difficult, but sometimes the only option is to let others live in their own world, while you live in yours, still helping to make it the best you can. Spending your days being angry and miserable on social media will not accomplish what you want, no matter how right you are.
Although this post might not be particularly insightful and is almost too political for my taste, I hope at the least this may help some realize that fact-checking is more difficult than it appears at first glance, even if they still support it.
This document is an updated list of the supplements/drugs that I
take daily, as well as notes on some other interesting substances. It
contains information on exactly what I take, how much of it, how much
it costs, and some information on the substance which should roughly
explain my reasons for taking it.
The first list contains supplements I take daily, with the second list containing supplements that I do not take daily but that nonetheless seem interesting, while the third list contains supplements that are interesting, but that seem less suitable for safe human consumption or speculation.
The focus of my supplementation is to find substances that are both very safe and also have a notable probability of improving health, lifespan, well-being, or productivity, with the ultimate goal being to significantly slow aging, even if it’s difficult to do at this time. I don’t take many nootropics as I don’t think there’s much room for intelligence improvements just from ingesting simple compounds (evolution has already put quite a bit of time into making us smart), with the exception of treating some deficiency or other issue, or improving productivity/concentration, which definitely possible (see: caffeine, modafinil, adderall, many others), but distinct from intelligence. It is worth noting this list is very specific to myself: if I had a perfectly optimal diet and lifestyle, I would likely take next to zero supplements. Like most mortals, my diet and lifestyle are definitely not perfect (and indeed, even knowing what a perfect diet would be for yourself can be intractable on its own), thus there’s always room for improvement.
This post is not an attempt to convince anyone of something
specific or to suggest anything specific, but I have decided to
publish it publicly in order to better keep myself accountable for my
reasoning, receive potential feedback, and to otherwise share some
potentially useful short summaries of information. Concordantly, I’m
not a doctor and this post contains no medical advice or suggestions.
Which supplements, if any, one should take, is a very personal
matter, as it is dependent upon many unique traits such as one’s
age, diet, lifestyle, genes, risk preference, finances, and more.
Notes on supplements
Although there are a lot of supplements that would be beneficial to many people, caution must be exercised both with research and purchasing. Supplements in the United States have very little regulation, with some sellers having poor quality control, fraudulent research, marketing, claims, and poor ingredient composition and sourcing. The supplement industry is worth billions of dollars and has many bad actors incentivized by profit over truth, so time and care must be exercised in order to find out what works best for you personally. Certainly, research can be found promising positive effects from thousands of various substances – but taking all of them would be impractical, expensive, and likely downright harmful.
It’s also important to pay attention to brands as well as to think logically about which supplements have quality differentials that are worth paying more for. For example, Vitamin D and Glycine are easy to synthesize, and it’s likely that cheaper versions of these supplements are just as good as more expensive versions. This may not be the case for a supplement like fish oil however, which is derived from complex living organisms that vary significantly on factors such as their environment, diet, quality controls, the types of fish used, and so on.
Concordantly, one of the strongest criteria I look for in most supplements is safety, which many times (not always!) comes alongside popularity and/or significant research affirming the safety of compounds. As many supplements offer marginal benefits at best, it would be irrational to purchase and consume them if they had a good chance of causing harm, as this would easily cause them to fail a basic cost/benefit or risk/reward analysis (there’s definitely some cool compounds that have very high coefficients in both the numerator and denominator of their risk/reward ratio too, so careful decision making is required).
Ideally one should attempt to find quantitative measures to
objectively evaluate if a substance is really helping them in the
desired manner. In some cases this is both easy and cheap to do, for
example with Vitamin D supplementation, which costs only a few cents
a day, does not need to be compared to a placebo, and can be tested
for in your blood for as little as $30. In other cases, proper
testing is difficult or impossible and may require significant effort
and time for very little benefit. Keeping one’s lifestyle, diet,
and other factors a perfect experimental constant is certainly
difficult, as is performing blind experiments on yourself, collecting
and analyzing data, and finding the proper quantitative desideratum
to test yourself on to begin with; testing if something specific has
definitively made you slightly smarter, happier, healthier, more
productive, or extended your lifespan, is certainly difficult if not
occasionally impossible to do in a scientifically rigorous manner
with a sample size of one.
Lastly, which supplements benefit an individual is a very personal matter. Vegans may want to take some supplements that are found in meat. Carnivores may want to take some supplements that are found in plants. Supplements that may benefit the elderly or those with common conditions such as hypercholesterolemia or diabetes often seem to be much less useful for otherwise healthy individuals. Indeed, for individuals that have many health conditions including the elderly, there’s significantly more that can be gained from supplementation, as there are many more problems that can be improved upon (although there are also be more risks as well). Supplements will effect someone differently depending on their weight, age, genetics, health, diet, and many other factors.
This means that it’s a bad idea to copy any individual’s routines completely, even if it’s a lot of work to do your own planning, research, and testing. It is also worth mentioning that the word ‘supplement’ is used here as a relatively generic word, simply meaning that the substance is only regulated as a food within the United States and thus requires no prescription (unless otherwise mentioned), but also offers few guarantees in terms of efficacy or consistency.
Supplements I take daily
The following list contains supplements that I’m currently
Name: Vitamin D3
Dosage: 4,000+ IU (100+ µg)
Information: Vitamin D3 [Examine, webmd, Wikipedia] (colecalciferol) is a vitamin made by the skin when exposed to sunlight. It’s a common deficiency and is very cheap to fix. The benefits of supplementation are generally found to be minor (it’s still a bit controversial if supplementation is beneficial at all, although I lean towards yes personally), but as I was notably deficient and it’s one of the cheapest supplements, it’s an easy choice for me. There is a lot of literature on Vitamin D, and many highly-powered studies including meta-analysis will often find only minor beneficial effects, but there are also quite a few studies that show notable benefits, including many related to covid as of late 2020. As noted above, this is also an easy supplement to receive a blood test for and ensure you’re taking the optimal dosage. I take half of my vitamin D earlier in the day without a meal, and the other half with my food, contrary to most other supplements.
Information: Vitamin B12 [Examine, webmd, Wikipedia] (vitamin B3). Often useful to supplement if one is taken metformin.
Name: Vitamin C
(ascorbic acid) has a variety of effects, and being a vitamin, is an
essential part of a human diet. I supplement vitamin C in order to
fix a tested deficiency.
Name: Fish Oil
Cost/day: $0.10 (1g)
Information: Fish oil [Examine, webmd, Wikipedia] (omega-3 EPA+DHA) is another common and cheap supplement. Although many studies find minor or sometimes no benefits, many others find a large amount of diverse improvements, even if they are minor. It’s likelythat the ratio of omega-6/omega-3 you consume is important, with most people consuming far too much omega-6 (which won’t hurt to reduce regardless) and not enough omega-3, so dosing of fish oil should be based on your diet, which is easily more than an order of magnitude more important to begin with.
Similarly, it’s probably good advice to 1) reduce fried food intake, 2) replace oils high in linoleic acid such as safflower and sunflower oils with oils that have much less such as coconut oil and olive oil, and 3) increase my supplementation of high-quality omega 3s (fish oil) when I think I’ve had more omega 6s. Also see this review on pubmed and this summary on Wikipedia
Cost/day: $0.02 (1g)
Information: Garlic [Examine, webmd, Wikipedia] is another popular and cheap supplement. There’s good evidence that it improveslipidprofiles, may help with some cancerrisks, and may have other very minor benefits (may activate AMPK too?). The most desirable compound in garlic is allicin, which is diluted in garlic that is microwaved, boiled, or aged. Dosage should be based on which type of garlic is being consumed. As many people enjoy the taste of garlic, it’s a good candidate to include in meals as well.
Name: Olive Leaf
Information: Olive Leaf Extract [Examine, Wikipedia] is a cheap and easy way to hopefully mimic the benefits of olive oil, as the leaves of the olive tree contain good amounts of relevant olive phenols such asoleuropein. It may still be better to consume olive oil instead, which is still a great thing to add to meals, but with such a low cost, this seems worth inclusion to me.
Information: Magnesium [Examine, webmd, Wikipedia, Gwern] deficiencies are moderately common (up to 45-60%) and easily fixed. Fixing a magnesium deficiency is cheap and seems to offer quite a few minor general benefits, and also sleep and anxiety improvements for some. Depending on your diet, supplementation may be unnecessary. Magnesium comes in a lot of different forms so close attention is needed when purchasing. I stick to citrate as it makes dosing easier, has good bio-availability, and is unlikely to cause digestion issues. The above Gwern link is a great resource on Magnesium as well.
Name: Vitamin K2
Information: Vitamin K [Examine, webmd, Wikipedia], like most vitamins, is primarily beneficial for those deficient in it, so it is best to examine your diet thoroughly and/or be tested. There are several forms of vitamin K, and also several forms of vitamin K2. Vitamin K2 MK-7 seemstobe one of the best forms to take in general, although K1 has decent evidence in favor of it as well, depending on one’s circumstances.
Information: Glucosamine [Examine, webmd, Wikipedia] is an amino sugar derived from shellfish that is commonly taken by the elderly to improve joint functionality and reduce pain. Glucosamine extends the lifespan of some mammals in studies, potentially in ways that are evolutionarily conserved, activating AMPK and therefore having slight similarity with metformin. Glucosamine may also induce autophagy via an mTOR-independent pathway, which may be the mechanism of action for its effects on lifespan. Due to its popularity as a supplement we can be relatively sure of its safety as well. Chondroiton is commonly included with glucosamine supplements, which appears very uninteresting for my own purposes, so I look for pure d-glucosamine/glucosamine sulfate, which is generally cheap.
Name: Lithium Orotate
Information: Lithium [webmd, Wikipedia] is a metallic element that is often found in foods such as legumes, grains, vegetables, and in some places, drinking water. Lithium is generally present in most diets in notable quantities, and in slightly larger quantities in diets such as the Mediterranean diet. For purposes such as mine, it is supplemented at low doses, which is much different (~1/100th the dose) from the doses sometimes prescribed for some psychiatric disorders. Lithium reduces mortality, stabilizes mood, and promotes longevity, likely via multiple pathways, although the specific mechanisms of action are difficult to discern and more research is needed. As I was tested for lithium and had a very low concentration in my blood, I decided it was worth it to supplement it n low doses.
Dosage: 0-15g (varies)
Information: Glycine [Examine, webmd, Wikipedia] is an amino acid that is often supplemented to improve sleep. Better sleep is formidable by itself, but some studies find that it increases lifespanin organismsvia methods that may be evolutionarily conserved. Although glycine is present in some foods and is also synthesized by your body, it may bethe case that glycine deficiencies are technically common in humans, as the amount that is able to readily be synthesized in-vivo is sub-optimal. This may be relatively asymptomatic from an individual perspective and only manifest itself via a slight probabilistic decrease in healthspan/lifespan, although users often notice quite a few improvements besides just better sleep. Glycine may improve insulin sensitivity and other similar metrics. There may be somelongevitybenefits of a diet low in methionine (meat, fish, eggs, etc) as well, which may be related to one’s effective glycine/methionine ratio. I still consume a lot of methionine from common sources such as chicken breast, so this is another potential way in which glycine could be beneficial. Glycine appears to be very safe, even in larger doses, and is relatively cheap, more so as a powder, as is the case of most substances.
I take glycine in powder form, which makes it easy to consume arbitrary doses (including the ability to add it to drinks or meals if desired), and notably cheaper than buying large amounts of pills, which are generally 1g each. On days where I consume a lot of meat such as beef, I take significantly more glycine. This is partially an attempt to optimize my diet’s methionine/glycine ratio, but also intended to do a better job at mimicking what a more traditional consumption of animal meat might have been like, from an evolutionary perspective, which would have included much more glycine than most of us receive in the common cuts of meat that consumers generally use. As a side note, glycine does taste sweet and dissolves in water, so it’s a great addition to tea or coffee.
Regardless, given glycine’s near-flawlessly safe and simple profile, there should be zero harm in having a bit too much. My larger dosage was arrived at from a combination of the papers linked above (and linked to by those links), as well as some reasoning about my diet (high in methionine) and lifestyle. Unfortunately even with a blood plasma test of amino acid concentrations, it’s difficult to know if this is the optimal dose for human longevity, or if it is even helpful at all to begin with, but the cost/benefit analysis here still seems to lean heavily into the green. As a simple and common amino acid, it seems pretty difficult to hurt yourself with glycine, so even taking 10-50g a day shouldn’t be harmful.
Information: Bacopa [Examine, webmd, Wikipedia] is an herb that seems to offer reliable but likely very minor improvements to some areas of memory and generalcognition. Effects are likely difficult to notice without rigorous placebo-controlled self-testing, but it is relatively safe and cheap regardless. Digestive side-effects aren’t uncommon, as is the case with many herbal supplements. In the future I’d like to replace my bacopa with a placebo and attempt to look for differences in quantitative cognitive performance metrics such as my anki recollection, but performing this experiment well is difficult, both because the effect is very minor and because a proper experiment with n=1 is very difficult. I don’t think bacopa is likely to be a big deal, but I’ve added it for now.
Dosage: 470mg (occasionally discontinued due to potential digestive side-effects)
Information: Ashwagandha [Examine, webmd, Wikipedia] is an herb that offers potential anxiety and lipid profile improvements. Some users report that it reduces anxiety and stress significantly, with some studies showing up to a 28% reductions in cortisol (in subjects with elevated levels). Lipid improvements can also be notable, with some studies showing a 10% reduction of total cholesterol, even in healthy subjects. As an uncommon herbal supplement, digestive side effects are a notable probability. Ashwagandha is likely worth trying if you feel that you have untreated anxiety, you never know when you’ll get lucky with how much of a benefit you receive from some things.
Dosage: 0-1500mg (varies, rarely taken)
Cost/day: $0-3.80 (varies)
Information: Fisetin [Wikipedia] is a plant flavonol that is found in several vegetables and fruits, with the highest concentration being found in strawberries. Fisetin is a sirtuin-activating compound and has extended the lifespan of yeast, worms, flies, and mice. It has been shown to be a strong senolytic agent and may induce apoptosis and other effects via the PI3K/AKT/mTOR pathway. I do not take it every day and am quite uncertain about what the right regime for supplementation should be for it, but currently take ~1,500mg of it for 4 days continually once every few months. This likely has room for improvement and may change in the future. I’d like to write more about fisetin in order to justify this, but haven’t yet found the time. Here’s a single picture of a pretty mouse instead.
Astaxanthin has increased
the life span of C. elegans by 16-30%, with the authors stating
“These results suggest that AX protects the cell organelle
mitochondria and nucleus of the nematode, resulting in a lifespan
extension via an Ins/IGF-1 signaling pathway during normal aging, at
least in part”. While this is certainly interesting, expecting such
a lifespan increase in humans is far too optimistic from this case
Astaxanthin appears to be very safe in humans and is a relatively popular dietary supplement, with a market estimated at over $500M USD annually, although the majority of this supply is used as a component in animal feed and cosmetics.
Dosage: 0-500mg (varies, often discontinued as of lately)
Cost/day: 0-$0.17 (varies)
Wikipedia] is a
pigment found in tumeric.
Curcumin’s strongest benefit seems to be the reduction
in inflammation that it offers, although there appear to be some
other areas that may be improved as well such as lipid profiles,
mental health, potentially improved digestion, and reduced pain with
some conditions such as osteoarthritis.
It may exhibit a notable anti-tumor
effect via apoptosis. It seems relatively safe, although has low
bio-availability, so is often taken with substances to increases its
availability such as piperine, or taken in an otherwise proprietary
formulation that generally has some type of oil that improves
bio-availability instead. As inflammation is important in aging and
many other diseases, it’s something that is nice to be aware of.
I only sometimes take curcumin depending on my inflammation levels, generally measured via c-reactive protein.. When it is negligibly low, I stop taking it, and if I ever see it creep up in blood test results, I resume supplementation. Curcumin can be potentially tough on the liver, and in large doses has a greater potential to cause adverse affects. Some papersshowquiteafew potential drug interactions that can occur by taking curcumin, especially in larger doses, and via a variety of mechanisms, including its affect on platelets and potential interactions with enzymes such as CYP3A4, potentially affecting the metabolism of a large amount of drugs.
Dosage: 1.2g (currently discontinued, replaced with metformin or nothing)
Information: Berberine (Examine, webmd, Wikipedia] is an extract from various plants. It appears to be a pretty strong natural mimetic of metformin, a popular drug for diabetes with many alluring potential anti-aging properties. It often improves lipid profiles and blood glucose, and thus may have many of the long-term benefits that metformin may have. Concordantly, the possibility for digestive side-effects is relatively high, and it’s sometimes taken several times a day in smaller doses as a result. Examine suggestions that it also inhibits enzymes such as CYP2D6 to some extent, which could lead to undesirable interactions with some drugs. It’s likely better to be on metformin than berberine, as drugs are kept to a significantly higher regulatory standard than supplements are and we have much more data on users of metformin.
(much higher If drinks are considered)
Information: Caffeine [Examine, webmd, Wikipedia] is something you likely don’t need an introduction to. I try to keep my dosage relatively low to avoid issues with tolerance, using a combination of coffee, tea, or caffeine pills, depending on the amount desired and my mood. When taking 100mg or more of caffeine, I generally have 100mg of L-theanine as well.
Dosage: 0-200mg, (not taken often, 100mg if taken generally)
Information: L-theanine [Examine, webmd, Wikipedia] is an amino acid that is present in tea leaves which is often combined with caffeine for supposedly synergistic effectsoncognitionandmood, improving the upsides of caffeine while helping to ameliorate some of the potential downsides. I generally only take it if I’m having more caffeine than average on a given day, since I keep my caffeine intake pretty low.
Dosage: 1mg (not taken consistently)
Gwern] is a hormone
secreted by the pineal gland with an important role in regulating
your sleep cycle. Melatonin production can be suppressed in many
individuals that are otherwise healthy, for example by exposure
to blue light from computer screens before bed (which solutions
like the program f.lux and blue-light blocking glasses attempt to
solve). The generally accepted benefits of melatonin are a reduction
in the time to fall asleep, although some individuals claim that it
reduces their need for sleep as well (often by 15-60 minutes). For
those with sleep conditions such
as insomnia or jet
lag (or just being older in many cases), melatonin can be a much
greater aid in improving sleep and quality of life.
lifespan of some mice by 18%, primarily given as a supplement
later in life in an attempt to give older mice more effective pineal
gland functionality (directly giving older mice the pineal glands of
younger mice was also performed, which also was very beneficial).
Melatonin levels similarly decline
with age in humans (as most important things do), and
supplementation may be increasingly
beneficial as one ages.
The proper dose of
melatonin to take varies between individuals and many melatonin pills
for sale are dosed too high (5-10mg), so approximate
self-experimentation can be used such as starting with 0.5mg and
increasing your dosage until benefits are noticed. The above link to
Gwern’s website on Melatonin points to a good in-depth analysis
that is worth reading as well.
I don’t always take melatonin, but it’s great to be aware of and have.
Dosing for spermidine is difficult. It’s obviously very safe, but 1mg is likely not enough for the level of effect that we want. The average daily nutritional intake of spermidine varies from 7 to 25mg, and we can see how much one might want to consume for blood levels of spermine to increase by 39%: perhaps 10mg per day (calculated by multiplying the 66g of natto consumed per day by its approximate spermidine content of 150mg/kg to yield 10mg per day). Although we don’t have plasma concentrations of spermine and spermidine in humans in relation to mortality, this is available in several mice studies. Although I need to spend more time on this, I think one might want to supplement as much as 5-20mg of spermadine per day, assuming that it’s not present in their diet in notable quantities, which it definitely could be, as some Mediterranean, Japanese, and other diets have a decent amount of it already. It may also be worth mentioning for some readers that spermidine is also present in human sperm, but not in enough quantities to warrant consumption unless you consume copious amounts of it (~0.1mg per ejaculation, assuming 3.5mL and 31ug/Ml).
Dosage: 0.5-1g (Currently partially discontinued for various reasons)
Information: Metformin [webmd, Wikipedia] is a prescription drug for diabetes and is one of the most popular drugs taken by those interested in longevity, often taken for this purpose by individuals without diabetes. Metformin is said to mimic some of the potential benefits of caloric restriction. It increases the lifespan of mice, increasing AMPK activity and antioxidant protection, resulting in reductions in both oxidative damage accumulation and chronic inflammation. Lifespans of other organisms such as silkworms and nematodes are also increased. There exists a vast literature on Metformin with respect to its mechanisms of improving longevity apart from just this; it’s currently the most popular drug taken to combat aging.
Due to the prevalence of diabetes, Metformin has over 80 million users (the vast majority taking it for diabetes), which gives us wonderful data on its safety, with its side effects rarely including anything besides minor gastrointestinal issues. Metformin is also cheap, costing only $5-$25 a month in the United States. For the above reasons and many others, Metformin appears to be one of the best candidates for an anti-aging drug, leading it to become one of the only drugs making clinical progress in this area with trials such as TAME (Targeting Aging with Metformin). Metformin deserves a larger write-up than I’ve given it here, so you’re encouraged to perform your own research on it (just as you should for anything written about on this page).
For long-term Metformin usage, be sure that you are not hypoglycemic, as well as that your levels of vitamin B6 and B12 are in acceptable ranges, as deficiencies in these are slightly associated with Metformin usage. Metformin may also diminish some health improvements from exercise, and although more research is needed, this factor should be considered for non-diabetics considering Metformin usage.
Dosage: varies greatly, taken at the start of meals with high carbohydrates
Information: Acarbose is a simple diabetic drug which inhibits alpha glucosidase, causing your glucose to spike less than it normally would when ingesting carbohydrates. It is very safe and common, especially in countries such as the United States. Various studies onacarbose in mice have consistently shown it to expend lifespan, sometimes as high as 22% in males, generally much less in females. The probability this applies to humans is, in my opinion, moderately likely, although it is unlikely to be nearly as strong of an effect. Although mice have a lot of similarity with humans (more than many would expect!), their digestive system and diet are more dissimilar than most other categories. With that said, this drug is very safe and provably reduces the glucose spikes in your blood that occur when ingesting large amounts of carbohydrates, which in general seems to be a good thing. It therefore has a lot more potential when taken at the start of eating a large pizza rather than a normal meal (unless pizza is your normal meal, in which case it’s hard to blame you, but you should probably eat other things as well).
Dosage: 0mg (unable to find a suitable source for human consumption)
Description: 17-α-estradiol significantly extends male mice, and it might apply to humans as well. This section turned long so I turned it into its own post.
Dosage: 3-6g (schedule and doses vary, taken at most once a week, many other factors)
Information: Rapamycin is currently perhaps the most interesting substance on this blog post if you ask me. This section is currently unfinished, but there is a plethora of posts and literature on the substance. Rapamycin notably extends the lifespan of most organisms we have given it to thus far, but lacks proper research in humans aside from its use as an immunosuppressant. It’s a very popular drug to research in the area of longevity, and deserves a longer write-up than I’ve given it here. It’s also potentially quite dangerous and we have little data in humans (aside from those we give it to for organ transplants), so please don’t take it yourself (Jan 2021 update: mTOR Inhibitors Associated with Higher Cardiovascular Adverse Events ‐ A Large Population Database Analysis). What follows are some great papers on it, presented without additional context:
I’m currently messing around with some other substances such as acarbose and rapamycin (which now have some notes on them above and below), but don’t currently have the testing available to be able to make confident claims with them. For acarbose I’d like to us a Dexcom G6 CGM in order to properly assess its affects on blood glucose levels with specific meals. Rapamycin is a bit trickier, but has some of the greatest potential out of everything in this post.
This list changes as
I encounter new evidence, test new supplements, or change other
aspects of myself such as my diet or lifestyle, but I hope to keep it
updated, even if only for myself. I’m constantly looking for
substances that have a good probability of doing a much better job at
enhancing longevity, but it’s very hard to find and test them in a
safe way – it’s unlikely many supplements such as simple vitamins
or herbs are truly going to increase out lifespan notably. The next
section has more information about some substances which are more
interesting, but that I’m currently not taking.
Currently I spend
around $1-2 a day on supplements. As my average food expenses can
easily exceed $10 per day, a 10-20% increase in this is not too bad
of a price for me to pay, even if the benefits are mostly minor.
Healthcare costs are very high, so anything that may lower them, even
if decades down the line, can turn out to be very cost-effective.
Regardless, spending money on improving my own health seems to be the
best possible use of money – it is the least fungible thing I can
spend on. This reasoning applies to improving diet and exercise as
well, which generally offer much greater returns than most
I try to keep my supplement stack very minimal and would rather dedicate research time and effort towards substances that might have significant effects on aging such as metformin and rapamycin, rather than substances that are often very difficult to determine any effects of, such as the large amount of amino acids or uncommon vitamin forms that can be taken. Keeping the amounts of supplements I take to a minimum offers much more than a financial benefit – it reduces the probability I will cause damage to my liver over time (which users of many supplements, or anything risky, should get tested for), and reduces the probability there will be any type of drug interactions caused by anything I take, for example by some substances inhibiting or inducing enzymes that then cause other substances to increase or decrease in efficacy (see CYP3A4 and CYP2D6 for some good examples).
Additional supplements I do not currently take
This section contains a list of supplements that I think might be
worth taking, but that I currently don’t use. Substances in this
section seem to be relatively safe, and I’m generally only taking
them because I have more doubts about their usefulness to me
Among aspirin’s more common adverse effects is an increased risk
of gastrointestinal bleeding, which is one of the reasons it’s not
suggested by most organizations for otherwise healthy individuals
with low CVD risk. Aspirin has increased
the average lifespan (although not the maximum lifespan) of mice
in some studies, but this is unlikely
to be the case in humans unless significantly more needs to be
taken, which would increase the probability of adverse effects
To summarize, it’s very likely that continual aspirin usage
reduces the risk of some types of cancer and moderately likely that
it can reduce the risk of CVD in some higher-risk groups. Although
side-effects are negligible for most individuals, it is difficult to
tell if aspirin is worth taking for healthy and young individuals.
It’s likely much more beneficial for the elderly or middle-aged, as
they’re at a much higher risk of cancers as well as CVD. As a
result of this, I don’t take aspirin regularly.
is well-known as a major component of chocolate. Although the sugar
added to most modern chocolate definitely does not benefit one’s
health, cocoa itself has many bioactive substances with potential
benefits. Among the most notable is (-)-epicatechin, which can offer
in blood flow and a corresponding reduction
in blood pressure for many individuals. As usual, the most
notable improvements in blood pressure and cholesterol occurred in
individuals with pre-existing elevated levels. Some age-related
markers improve in mice when supplemented with (-)-epicatechin,
although no direct increase in lifespan has yet been noted.
Supplementation with some form of cocoa (supplemented or consumed as ultra-dark chocolate) may be beneficial for some individuals, although consuming too much sugar with cocoa would likely offset any positive effects. Quality cocoa extract is more expensive than many of the other supplements listed on this page, coming in at $1-2 day for a proper dosage.
Also, I’d love to purchase this and test it on myself for awhile to see if the effects can easily be measured.
(Coenzyme Q10 / ubiquinone) is a substance found in meat and fish
that is primarily present in mitochondria and aids ATP production.
Although supplementation is likely safe, it’s difficult to find
convincing evidence that CoQ10 supplementation would be effective for
longevity. It may improve
lipid peroxidation, blood
flow and offer minor improvements in other areas, but in my
opinion doesn’t appear to stand out from most supplements, both
experimentally and theoretically.
Wikipedia] is an
organic compound used in the recycling of ATP
in humans. It can be found in notable amounts of muscle meat and can
also be synthesized
in humans via glycine, arginine, and methionine. Creatine is a very
popular supplement for athletes with strong evidence that it notably
power output and lean
mass, with some evidence that it can offer minor improvements in
related areas such as recovery, fatigue, and some biomarkers that are
positively associated with quality anaerobic exercise. It’s very
safe, has little potential for any side effects, and is relatively
cheap. The only reason I don’t take creatine right now is that I’m
not doing many activities to build muscle, although I’ll likely
start taking it soon, even if only alongside basic resistance
training, calisthenics, or even cardio.
Wikipedia] is a
flavanoid found in fruits and vegetables. As usual, eating the right
fruits and vegetables is good for you on its own, and may make
supplementation less beneficial, or completely irrelevant. I likely
get enough of this from my diet, although there may be benefits to
infrequent high-dose supplementation.
an ammonium compound found in notable quantities in meat such as
beef. Supplementation sometimes appears to offer some decent results,
but I’ve determined that I like already get a sufficient amount
from my diet.
Resveratrol [Examine, webmd, Wikipedia] cannot go without being mentioned, as the extract from grapes that inspired the ‘red wine is great for you’ craze many years ago, it has been a constant source of speculative benefits and is still a very popular supplement in longevity communities. Although it hasn’t quite lived up to its initial hype, there’s still a lot of research on how it may be beneficial for longevity in one way or another. I’m personally not very into resveratrol and don’t see it as that interesting by itself. A summary is currently excluded here and you’re encouraged to read the above links if interested, but to be rather blunt, I think resveratrol is very likely approximately worthless, and is just yet another case study in now media hype in no way correlates with actual efficacy.
is a compound found in vegetables such as broccoli and cabbages, with
the best sources of it being broccoli sprouts and cauliflower
sprouts. I’ve taken sulforaphane previously, but it will be
difficult to know if it had a notable effect on me or not. I’m
currently focusing more on my diet and have decided against taking
sulforaphane. I’ve excluded a research summary in favor of the
Trimethylglycine [Exmine, Wikipedia] is a betaine amino-acid derivative found in some plants. It is notable for reliably reducing homocysteine levels in healthy subjects, sometimes by as much as 10%, and as much as 10-40% in unhealthy individuals. It appears that it might have a slightly negative effect in increasing, or preventing to some extent a decrease in, LDL, which is why I’m currently not taking it. It’s a nice molecule to be aware of and might deserve a spot in my stack at a later point, but as usual it would be nice to have more research available.
A lot of supplements have been excluded from this list, including many which are very interesting. Individuals who follow nootropic or longevity communities will definitely be curious why their favorite substance may have been excluded from this page, to which my answer is mostly that there’s too many substances for me to include all of them, so I did quite a bit of picking personal favorites. Even so, there’s likely many substances I’d like to include, but which I haven’t yet heard about or done enough research on. Feel free to message me on Twitter if you have any great suggestions here.
More interesting and potentially unsafe
This section contains some brief notes and links on substances that appear to be a lot more ‘experimental’ than the above sections, but have some interesting potential. In some cases it’s impossible to find proper tests of safety, or even basic toxicity, in humans. Regardless, they’re all interesting chemicals, sometimes increasing the lifespan of organisms such as mice by large amounts. A lot of compounds have been excluded from this list as there are too many for me to list currently. The most interesting item of this list is currently rapamycin, by a large margin. Also see list of potential CRMs.
is a compound present in some cosmetics, toothpaste, shampoo,
lotions, and more, which has improved lifespan in C. elegans in
membranaceus contains a compound called TA-65 that may
activate telomerase, extending the lengths of the shortest
telomeres in humans. This compound is lacking in notable research,
and much of what exists is clearly for-profit.
(This section is currently copy-pasted from section #1)
notably extends the lifespan of most organisms we have given it to
thus far, but lacks proper research in humans aside from its use as
an immunosuppressant. It’s a very popular drug to research in the
area of longevity, and deserves a longer write-up than I’ve given
it here; I may even start taking it in the near future.
There’s apparently quite a few people that have been taking this themselves, buying it from less-than-reputable Internet sources and hopefully not letting it be contaminated with light, as when exposed to light it degrades and becomes very dangerous to consume. This is certainly not something I plan to touch myself in with the current state of our knowledge on it, but it does seem like a very interesting chemical nonetheless.
is an unusual and understudied drug, in some ways similar to
selegiline noted above. It has prolonged lifespan to a minor extent,
such as 4% in mice.
is an estrogen that is significantly less feminizing (99% less so)
than normal estradiol. It appears to have some neuro-protective
benefits as many estrogens do, and has extended lifespan in mice.
Google’s ReCAPTCHA is often the first tool that many webmasters reach for when confronted with the need to stop spam and automated malicious traffic from harming their services. In this post I explain several reasons why ReCAPTCHA is usually not the best solution to use for this purpose, as it is often unnecessary, inconveniences users, and subjects users to intensive tracking and fingerprinting that they are not able to opt-out of. Several alternative solutions to ReCAPTCHA for various threat models are presented as well as best practices for implementing captchas in general.
ReCAPTCHA is harmful
ReCAPTCHA is yet another free-of-charge product offered benevolently by Google for any webmaster to implement within their own services. How does ReCAPTCHA differentiate legitimate human users from bots? ReCAPTCHA relies extensively on user fingerprinting, putting emphasis on the question of “Which human is this user?” rather than the ordinary “Is this user human?”. It’s worth noting how much easier it is to successfully solve ReCAPTCHAs when the user is logged into their Google account, thus allowing Google to associate their actions with their real identity. A similar effect is often reported for users of non-Google browsers, who notice ReCAPTCHAs take more time to complete in Firefox over Chrome. This is in-line with many other anti-competitive techniques that Google has used over the years to help grow their market share.
exactly how ReCAPTCHA works is very difficult, with Google not only
been many attempts to reverse-engineer some of the client-side code,
as well as to theorize about how the server-side logic operates.
at reverse-engineering ReCAPTCHA show copious amounts of information
belong collected, including but not limited to: plugins, user agent,
IP address, screen resolution, execution times, timezone, language,
click/keyboard/touch information within the frame of the captcha,
test results of many browser-specific functions and CSS evaluation,
information about canvas element rendering, and cookies, including
those affiliated with your Google account that were placed within the
last 6 months.
Correspondingly, webmasters that use Google’s ReCAPTCHA on their websites must link to both Google’s Privacy and Terms pages (included in the form by default in a small 8px style that makes them appear unclickable). Although Google used to have its own privacy and terms pages for ReCAPTCHA, these links are no longer specific to ReCAPTCHA, but rather are the privacy and terms pages for all users of Google services in general, regardless of which service is being used, or if the user has (or even wants) a Google account to begin with. Therefore accepting these terms (implicitly, by attempting to prove you are Not A Robot) grants Google permission to do everything that they do to their regular users of their services to you, and little information is available as to what specifically is done (GDPR is likely to be unhelpful here, given ReCAPTCHA’s spam-stopping purpose). Not only are the unhelpful links in the ReCAPTCHA box never opened by users, but there is also no Google logo or visual reference to indicate that ReCAPTCHA is a Google service, so many users have zero indication that they have just consented to all of Google’s tracking just because they tried to leave feedback or create a ticket on your website. If you thought you could use the Internet without using Google’s services, try using the Internet without filling out a single ReCAPTCHA, which for some users is required to pay their bills, file their taxes, and sometimes even use Government websites (if you somehow manage this, next try never sending email to Gmail/Gsuite addresses or using Google APIs for a more exciting challenge). Good luck.
It is worth mentioning that caring about user privacy to this extent is likely to be outside of the scope of concern for most websites. Many websites are already so tightly coupled to Google’s services (commonly including Google analytics, Google ads, Google APIs, Google tag manager, Google static resources, Google OAuth, Google Compute Engine, and many others) that the addition of a Google captcha appears negligible. With that said, different websites have different values and different users, and many do not want to require users to agree to Google’s tracking and labor for basic usage. The level of centralization that ReCAPTCHA forces is not good for anyone except Google.
Apart from the privacy implications of ReCAPTCHA usage, the actual captcha is very tedious for many classes of users, sometimes becoming so difficult that users find themselves unable to to complete the captcha at all. Users hate ReCAPTCHA. TheyreallyhateReCAPTCHA. ReCAPTCHAissohated that some websites have a profit model of charging users $20 annually to disable ReCAPTCHA, which thousands of users pay for. If this sounds like a great new business model to you and now you want to add ReCAPTCHAs to every page of your website to attempt to maximize profit, I will find you. And I will force you to complete a ReCAPTCHA every time you want food or water until you die from malnutrition after the first week. I have read countless posts from users that became so frustrated with a service that used excessive ReCAPTCHAs that they swore to never use the offending website again. These are often intelligent users with no disabilities who are simply tired of being treated like dirt and wasting their time. Be kind to your users and help minimize the amount of ReCAPTCHAS that they have to solve just to be allowed to use the Internet.
ReCAPTCHAs become significantly more difficult if the user attempts to ‘opt-out’ of Google’s services and tracking by using software that hinders it, such as VPNs, TBB, and many anti-tracking browser addons and modifications. To demonstrate what is meant by ‘very tedious’, below is a real-time recording of myself solving a single ReCAPTCHA using TBB:
In addition to this tediousness, the actual labor that the user is performing is directly used to benefit Google. Worry not however, as Google is eager to brag about the selfless humanitarianism that you’re engaging in by choosing ReCAPTCHA, stating the following on their main ReCAPTCHA page:
“Hundreds of millions of captchas are solved by people every day. ReCAPTCHA makes positive use of this human effort by channeling the time spent solving captchas into digitizing text, annotating images, building machine learning datasets.”
is certainly a very rosy way of convincing
you to feel good about forcing
your users to engage in unpaid labor that directly benefits the
world’s most powerful surveillance corporation. ReCAPTCHA
is free for a reason.
Lastly, ReCAPTCHA is popular. Very popular. While this brings some advantages, it also means that there’s significant efforts to break ReCAPTCHA, and those efforts all potentially affect your website, with your captcha implementation being perfectly identical to a million others. As a result of this, there have been manypaperspublishedthatbreakReCAPTCHA over the years, generally with Google making modifications to improve their captcha afterwards. There have also been paid-forservices that use human labor to solve captchas on behalf of a paying client for less than a cent each. For a modern and user-friendly example of bypassing ReCAPTCHA, see Buster. Buster is a modern browser extension (Firefox+Chrome+Opera) which helps you to solve difficult captchas by completing reCAPTCHA audio challenges for you by using speech recognition.
Captchas are not always necessary
Before implementing a captcha, it’s worth considering if one is
necessary to begin with. To help with evaluating this proposition,
consider if your threat model is concerned over customized or
uncustomized spam. Uncustomized spam is pervasive across many
Internet protocols, and you will encounter it quickly after enabling
HTTP, SSH, or many other protocols on a server. It is generally
unintelligent, cheap to execute, and easy to block, even without
captchas. Customized spam, however, is spam that has been written to
specifically affect a given company, service, website, or user. As
customized spam is created by an actor that is able to tailor it to
your service, it is more dangerous than uncustomized spam, and more
effort is required to effectively limit it.
Many developers vastly over-estimate the likelihood
of customized spam. As a
competent programmer, it is easy to imagine how effortlessly
someone could decimate your service with spam if they were
sufficiently dedicated. One
could imagine a malicious actor writing a simple script that could
spam or DoS your website by just using Curl and bash. Even if you
have a captcha, you can imagine them using OCR or machine learning to
automatically bypass it, then
using proxies and VPNs to automatically bypass
your IP rate-limiting. While
in this imaginative trance, you’ve forgotten that 99% of users have
no clue how to do any of this, and
do not even know what Curl or HTTP are.
Furthermore, your service
very little prospective rewards to would-be competent attackers.
Just because someone could
spend hours (or
a program to spam your website does not mean
personal blog about the latest vegan bacon is not a high-priority
target for anyone. Adding a
ReCAPTCHA to your Contact Me page is just
a great way to get
no one to talk to you. I’ve
ran several websites with millions of pageviews that have received
zero customized abuse and have spoken to other webmasters with
similar experiences. Jeff
Atwood of codinghorror.com
The comment form of my blog is protected by what I refer to as “naive captcha”, where the captcha term is the same every single time. This has to be the most ineffective captcha of all time, and yet it stops 99.9% of comment spam.
This is not a suggestion to do nothing, ignore basic security, and be unprepared for attacks, but rather to realistically consider your threat model and apply only what is necessary.
alternatives for uncustomized spam
For uncustomized spam, a full
captcha implementation is
rarely necessary. This section lists some simple and
effective tricks that stop most uncustomized spam from impacting
Hidden form elements
Uncustomized spam is not intelligent enough to know when it should
or should not fill out a form element. For example, adding a form
element with a name of ‘url’ and hiding it with CSS allows you to
reject any request that is made with it filled, which spambots are
eager to do. To maintain accessibility be sure to add a label to this
element so that users who use screen readers do not fill it out.
Other good hidden form element names include ‘website’,
‘firstname’, ‘lastname’, ‘email’, and ‘name’, unless
they are already being used legitimately.
Uncustomized spambots are also so unintelligent that they do not correctly answer simple questions such as “What is 2+3?”, or “what is the name of this website?”. These questions effectively stop almost all uncustomized spam. Common software stacks such as WordPress and Drupal have freeplugins that will allow you to quickly create questions like these.
If your website is community-centric such as a forum or blog, you
can ask a community-specific question that prospective members of
your community should know the answer to. This is a simple and great
way to prevent users from joining your community that you believe
shouldn’t be participating, either because they lack basic relevant
knowledge, or because they are unable or unwilling to learn it. As an
example, a community of mathematicians might ask the user to name a
simple formula or solve an equation, given an image of it.
another example, a community of niche media connoisseurs might ask
the user to identify a certain character that they deem to be
important to their shared culture.
Third Party Services
From WordPress plugins like Akismet, spam-detection APIs like StopForumSpam, and APIs that evaluate users or IPs such as abuseIPDB, there are a lot of free (and paid) third party services to aid you in stopping spam in ways that are not visible to most of your users.
alternatives for customized spam
If you operate at sufficient scale and/or if automated usage of your website is inherently lucrative enough, customized abuse will eventually happen for one reason or another. Remember that a captcha is just a tool to help verify that a given user is a human. It is not the only tool to help with this, and it is not the right tool for every use case. No solution is perfect and can stop a sufficiently-resourced attacker from abusing your service. This section lists some alternatives to ReCAPTCHA in roughly increasing order of complexity.
solutions generally have at least one simple captcha plugin that is
suitable for basic purposes. Here are some examples for WordPress,
and generic PHP.
Just as basic
most uncustomized spam, more
can stop a lot of customized spam as well. For example, some websites
require you to slide a jQuery
slider element in order to successfully submit
a form. There are examples of
this for wordpress,
UI slider, Bootstrap
and more, although
these examples may not be suitable for production use
and I have not tested them.
a requirement will raise the
bar for attackers, and can be done without the user having to perform
any actions. If you choose to
write a lot of custom front-end code to evaluate users, be sure to do
extensive user testing on every type of device and log failures so
that they can be analyzed to further remove false positives.
Capy Puzzle CAPTCHA
Capy offers a simple puzzle captcha that requires the user to drag a puzzle piece into an empty slot.
offers a captcha and corresponding plugins for a variety of popular
software stacks, including vBulletin, WordPress, MediaWiki, Dupal,
Joomla, and more. The captcha can scale its difficulty based on the
threat score of a user.
If for some reason you feel the need to profit off of your captcha implementation, fear not, as there’s also a version fit for the capitalistdystopia of the near future:
Geetest appears to use some fingerprinting, but otherwise works similarly to most puzzle captchas. Notable for being used on Binance, one of the world’s largest cryptocurrency exchanges.
Lastly, as of 2020, even Cloudflare has switched away from ReCAPTCHA, instead using hCaptcha, an alternative that seems just as difficult to bypass as ReCAPTCHA, but that respects user privacy, and potentially even pays some clients for their users’ labor in data labeling.
Captcha best practices
If you have decided that you do
need a captcha, consider if
it’s truly necessary to implement it in all of the locations where
you want to throttle automation. Showing
users fewer captchas not only
a better UX, but also improves KPIs
like conversions and user
rate-limiting where possible
As the purpose of a captcha is to confirm that the end-user is a
human, a user should generally only have to correctly solve a captcha
once. If there is an action that you would like to throttle to ensure
it is not performed too often by a user, consider using rate-limiting
as an alternative (or in combination with) a captcha.
Use reasonable thresholds for captcha
Set reasonable thresholds for actions that you want to limit with captchas. Rather than presenting a user with a captcha after a single failed login attempt, allow several attempts. Brute-forcing secure passwords in this manner is not feasible to begin with, and if credentials from a database leak are being automatically cross-validated with your service, a post-login-failure captcha won’t even help.
Stop showing captchas to users that are just trying to read content. If your blog asks me to complete a captcha just to read a single post because I’m using a super-scary VPN as a result of your CDN’s “premium military-grade bot protection” feature, I’m going to close the tab. There are sometimes cases where captchas are more reasonable for read-only actions such as stopping active application-level DDoS attacks. Your blog is not one of these cases.
Do not require repeated captcha solves
If a captcha is part of a form that may fail validation and is reloaded upon failure, do not force the user to solve another captcha if they correctly solved the first one. This prevents users having to frustratingly solve captchas several times in a row as they fix their input (for example, adhering to your revolutionary password policy that requires at least 1 non-printable character, 1 Egyptian hieroglyph, and 1 iOS-only emoji).
Intelligently use other sources of validation
Consider if you have reasonably validated that a user is likely to be a human during previous interactions with them. If a user has a confirmed email address and phone number or proper two-factor factor authentication, it may be unnecessary to show them a captcha. Similarly, if a user has been a paying customer for several months without issues and is attempting to make a new purchase with their existing billing information, it is also a bad time to make them fill out a captcha. I mention this only because I’ve had to do it before.
The future of verification
It’s important to note that a sufficiently-resourced attacker
can bypass any mechanisms you have in place to
some extent. When a service has a billion users (Facebook and
Twitter) or otherwise provides significant incentives for abuse
(anything related to cryptocurrency), difficult trade-offs must be
made when attempting to verify users.
Faced with this, some services that operate at very large scales not only use ReCAPTCHA, but also perform phone and/or email verification and employ a significant amount of custom automation-detecting heuristics. Twitter is a good example of this, as new users are required to both complete a ReCAPTCHA and (usually) verify a phone number. On top of this, Twitter has entire teams dedicating to stopping abuse, and yet the platform still has issues with millions of spambots, just as Facebook does. Although requiring phone verification has unfortunate consequences for anonymity, most platforms were not intended to be used anonymously to begin with. An even greater challenge is attempting to stop spam in environments where user anonymity is desired, which I provide some examples of at the end of this section.
With the current state of machine learning, it is becoming
increasingly difficult to construct a captcha that is user-friendly.
Some of the most effective
attacks on advanced captchas such as ReCAPTCHA have simply involved
taking a given challenge and querying a machine learning API to solve
it automatically. Now that we have manyAPIservices
to accurately label audio, images, videos, and more, this is only
becoming more powerful, just as machine learning is in general.
Despite the impossibility of a perfect captcha, articles have been written decrying that captchas are dead for more than a decade due to the increasing possibility of true negatives (software that passes as a human). Despite this, most of the Internet is not covered in spam. Intelligent software engineers make much more money working at FAANG instead of covering the Internet in unsolicited fake Viagra ads, at least for now. For a potentially poor analogy to physical security, remember that we have physical items that can break doors, windows, cameras, sensors, locks, and much more. Yet, these protections are all still essential features of a physical security system. They are often not made to be impossible to break, but rather to make an attacker’s job significantly more difficult, skewing the effort/reward ratio enough to stop most attackers.
Regardless of the forthcoming AI supremacy, the current paths that larger systems tend to favor involve validating who a specific user is rather than only attempting to validate if they are human or not. Phone verification and sometimes even picture, ID, or address verification are found among large services that have a high potential for abuse, as well as our good friend ReCAPTCHA. Verifying users while attempting to better preserve anonymity is more difficult, but those that are determined generally find clever ways to do so. Some good examples include privacy pass (protocol paper), allowing users to anonymously skip captchas if they have already solved one, Apple’s new Find My Device feature, allowing Apple devices to broadcast their location with BLE such that it can only be read by the original device’s owner, and well-known security systems such as asymmetric cryptography, cryptographic hashes, differential privacy, etc, which can often be cleverly implemented in systems to improve security and often anonymity. Some other techniques that can be used to help verify users and reduce spam include proof-of-work and micropayments, both of which have been used successfully in most popular cryptocurrencies such as Bitcoin and Ethereum for more than a decade, although can still be difficult to implement in everyday scenarios.
If you are Twitter or Facebook, no captcha will solve all of your issues. For everyone else, there are still a lot of simple tools and heuristics that go a long way in helping to stop abuse. Be kind to your users and try your best to not force them to spend their free time completing ReCAPTCHAs for Google. They will appreciate it.
If you enjoyed this post or have corrections feel free to say hi on Twitter