ArVID220u's comments

cursor dev here. reasonable assumptions, but not quite the case. the snyk packages are just the names of our bundled extensions, which we never package nor upload to any registry. (we do it just like how VS Code does it: https://github.com/microsoft/vscode/tree/main/extensions)

we did not hire snyk, but we reached out to them after seeing this and they apologized. we did not get any confirmation of what exactly they were trying to do here (but i think your explanation that someone there suspected a dependency confusion vulnerability is plausible. though it's pretty irresponsible imo to do that on public npm and actually sending up the env variables)

This looks really cool! I'm excited to see a production deployment of DiskANN.

According to the single-threaded QPS experiments, your DiskANN solution should clock in at about 4.5ms latency (1000ms/224QPS) whereas pgvector is about 5.8ms latency (1000ms/173QPS). How is that possible? My (very shallow) knowledge of DiskANN vs HNSW tells me that DiskANN should generally have higher latency than HNSW — DiskANN needs to touch the SSD while HNSW only touches RAM.

Also, compared to pgvector and HNSWPQ in faiss, how much less RAM does your DiskANN-based solution use?

that's exactly what we're building with Control! https://twitter.com/sualehasif996/status/1635757961984221185

Paid monthly subscriptions.

Scaling is definitely why this hasn't been done before — it is hard! Recent research in private information retrieval shows that we can do it for 1 million people (see e.g. https://www.usenix.org/conference/osdi21/presentation/ahmad and https://www.cs.utexas.edu/~dwu4/spiral.html). All of the recent advances still scale as n^2 with the number of users, which becomes prohibitive after 1 million people, but we are working on a paper that shows how we can scale subquadratically (n^{1+1/k}*c^k for a fixed c and any k). With an n^1.33 scheme, 1 billion people suddenly becomes feasible.

With all respect, it is not obviously false. You should take a look at our whitepaper: https://anysphere.co/anysphere-whitepaper.pdf (the figure on page 2 might be helpful). To my knowledge, no other communication platform provides complete metadata privacy like we do. I would love to be disproved here though! It would be awesome if other completely private communication tools exist.

I do agree that there is a general problem where companies make hyperbolic claims, especially when it comes to security/privacy. For example, “zero trust” has been abused by so many people that even in the cases where it might apply, you cannot say that it applies to you because the term has lost its meaning. In our case, users do not need to place any trust in our servers, but we decided not to call it “zero trust” because people have taken it to mean “trust your employees less” or something else similarly outrageous.

If you have any suggestions for how we can improve our messaging here I’d love to take them. In other words, how could we convey that we are indeed the only completely private communication platform, without provoking a reaction similar to yours?

Good idea! I added a few to the linked Gist.