Thank you for your new substack, very illuminating (and scary) reading.
It's as if someone was watching the show "Person of Interest" as a guidebook for how to build (and weaponize) the all-seeing eye of sauron that we have today.
The idea that it's harder to query and delete everything relating to a person from a well-organized graph than from the typical corporate patchwork of data systems seems very improbable. The post also reads like a barely tweaked Gemini output. I'm not a Palantir fan, but this feels flimsy.
Fair point. I realize that I oversimplified.. My main argument is that the Ontology isn't a clean internal graph. It ingests from sources Palantir doesn't own or control, so deleting your node doesn't touch the upstream data. And inferred edges (risk scores, behavioral patterns) were never stored as discrete objects. You can't delete an inference.
And, I will hold my hand up to say I did use an LLM (Claude, actually). But only to make the text read and flow better (something I definitely won't do again). The underlying research is my own and something I am very passionate about. Thank you for your feedback! I appreciate it. :)
>Here’s why this changes everything: most AI accountability frameworks assume a discrete, auditable dataset. EU’s GDPR gives you the right to erasure — the right to delete your data. But GDPR was written for databases. The Ontology is a graph. You can delete a node. You can’t easily delete the edges i.e, the inferred relationships between you and everything else the system has connected you to.
Edges are personal data according to GDPR so this is completely wrong. Almost all things to which the GDPR applies are edges.
'impossiblefork likes stories' is an edge.
Ontologies are also old. It's been a big research area since like the 90s.
Fair correction - I should have been more precise.
The point I was reaching for is a practical enforcement one: verifying that edges have actually been deleted from an opaque, continuously updated knowledge graph has no standardized technical mechanism. Regulators have audit powers, but graph deletion verification i.e, confirming that relational inferences are gone, not just that a node was removed has no established standard. Controllers can assert compliance in ways that are genuinely difficult to challenge in practice.
The underlying research is mine (one that I am actually very passionate about) but I did run it through an LLM to smoothen the flow. Not something I will do again. Thanks for the feedback!
it's funny because you'd think these trillion parameter models trained on the entirety of humanity's written works would be amazing at writing, but instead all the models just converge to the same tired overly-enthusiastic phrases
the legal question is settled. edges are personal data under gdpr. the practical question is who audits a knowledge graph to verify deletion actually happened. palantir knows the answer is nobody.
muskanshafat|6 days ago
unsui|6 days ago
It's as if someone was watching the show "Person of Interest" as a guidebook for how to build (and weaponize) the all-seeing eye of sauron that we have today.
heymijo|6 days ago
Centigonal|6 days ago
muskanshafat|6 days ago
And, I will hold my hand up to say I did use an LLM (Claude, actually). But only to make the text read and flow better (something I definitely won't do again). The underlying research is my own and something I am very passionate about. Thank you for your feedback! I appreciate it. :)
unknown|6 days ago
[deleted]
impossiblefork|6 days ago
Edges are personal data according to GDPR so this is completely wrong. Almost all things to which the GDPR applies are edges.
'impossiblefork likes stories' is an edge.
Ontologies are also old. It's been a big research area since like the 90s.
muskanshafat|6 days ago
The point I was reaching for is a practical enforcement one: verifying that edges have actually been deleted from an opaque, continuously updated knowledge graph has no standardized technical mechanism. Regulators have audit powers, but graph deletion verification i.e, confirming that relational inferences are gone, not just that a node was removed has no established standard. Controllers can assert compliance in ways that are genuinely difficult to challenge in practice.
cyanydeez|6 days ago
You could certainly include phone numbers, residential addresses as edges that should be deleted for compliance.
stuaxo|6 days ago
"Here's why this changes everything" - I am begging people to not just paste the output of LLM, the writing is so bloody turgid I can't stand it.
By all means chuck a few things through and read it, but please please please don't make me read your slop - put some effort in.
muskanshafat|6 days ago
The underlying research is mine (one that I am actually very passionate about) but I did run it through an LLM to smoothen the flow. Not something I will do again. Thanks for the feedback!
thousand_nights|6 days ago
kevincloudsec|6 days ago
muskanshafat|6 days ago