> We will require 30-day retention for all traffic on Mythos-class models, on both first- and third-party surfaces. We won’t use this data to train new Claude models, or for any non-safety-related purpose, and we’ve instituted new privacy protections including logging all human access to the data and ensuring its deletion after 30 days in almost all cases (see this post for further details). The data will help us defend against complex and novel attacks (including new jailbreaks and attacks that operate across many requests) as well as help us identify and reduce false positives.
These terms seem to be updated at-will, so I'll take that with a grain of salt however.
It's one thing to commit to a "everything is deleted when you press delete" automatic policy. It's quite another to say "we'll keep some stuff for up to 30 days, look inside it for any malfeasance, then pinky promise we'll delete it".
Same with CSAM policies for any cloud provider. Doesn’t matter what the retention policy says, if the law says otherwise, the law wins. And there is no obligation to spell out every law in every country that might change how data is handled.
... and now I wonder if "we require retention" leaves the door open to retention that is not required, but let's say convenient.
> Prompts and model completions are retained for at least 30 days and then automatically deleted, unless they are subject to a safety investigation or we are legally required to maintain them.
They keep it as long as they want.
> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.
Present user-llm activity is a goldmine of intel the agencies literally spent lives and billions on getting hardly close to, yet they elect to just let this one slip by..
Maybe. Really, I don't dispute it.
But why? It's what, or precisely what, they always dreamed of.
This reads to me as they can use any model that is not a "Claude model", and as for human access to that other model there can be different less restrictive privacy protections. In other words, that anything goes.
How would you know that? You can only know what they say they will do with the data.
As others have said, if you're this skeptical I don't see why you would have been using them before this retention increase.
Which, judging by how much people are using Fable, appears to be true.
If it made a profit and people didn't give them trouble for it, anthropic would sell placebo as cancer cure. What they think "is okay" is what they can get away with.
I agreed with you up til this point, but this isn’t true and isn’t called for, and doesn’t strengthen your otherwise good point, in fact it weakens your point to make statements like that. Most people who work at LLM companies, like most people who work at most companies, are making a living and have the same ethics and principles as anyone else. I don’t know where you work or live, but don’t forget the exact same logic and exact same hyperbole is being used to make the same claim about people in tech, and the same claim about Americans and Europeans.
These people just care about chasing the bag rather than doing right by their fellow humans. In their mind clearly some humans are more equal than others.
edit: to reiterate, the people choosing to work at these companies care more about becoming millionaires and chasing generational wealth rather than maybe questioning if the machine they are building may be producing terrible outcomes. They can work at any company on this planet easily, stop running coverage for FAANG workers that have always shown disdain for their fellow humans, they choose to work at the misery death machines because they simply do not care about the destruction they have wrought about the world.
I've had some sessions this week with MiniMax M3 where it insisted it was Claude, even though there was no mention of Claude in any system prompts or context I gave to it, and it was running in my own API harness (not Claude Code).
Though I also wouldn't be surprised if "I am claude" is just the new "I am Mozilla/5.0 AppleWebKit KHTML Like-Gecko Chrome Safari".
When they literally just showed you they are being deceptive by sneaking in the weasel word “almost”?
Secondly, like all contracts I'm sure there will be exceptions for holding data longer than 30 days with reasonable cause, eg a legal hold.
I did not claim it was the literal contract people would sign?
A better analogy here is probably “every time you use VS Code, the files you edit get sent to Microsoft”.
Some legitimate concerns:
• You have trade secrets. Previously; you can use services like Bedrock, etc, with signed contracts and significant reputations. Your contract is between AWS and you, and stays within your AWS security boundary.
• Security breaches. Remember when Anthropic accidentally published the source tree of Claude code? Or Meta’s recent AI recovery bot that didn’t check if the supplied recovery email was actually the email of the Instagram account? The best way to reduce your exposure is to minimise storage.
• Weaponised T&S. For example what if Anthropic decided to build a classifier for “usage in unsupported regions” that’s super overbearing (as we see with Fable) and vacuums up all context/input/output if there’s Mandarin? Contractually they could now retain it forever, not just 30 days, for ‘trust and safety purposes’ and perhaps have AI scan for any new or interesting ML techniques at scale, for Anthropic’s own use? They say just can’t train Claude models on the data.
I have NO single project on Github.
One of my clients has their project on GitHub.
Every other client I have ever worked with or for ran and runs their own gitforge.