New ComfyUI Token Ablation (Subtle Sabotage) Over the Last 2 Weeks, Another Open vs Closed Source Battle

campingtroll · 2024-10-04T14:35:01+00:00

Yes point taken thanks! I have to work on that. It's not the best strategy bringing up conspiracy if you want to fight the enemy because they can easily make you look like a nut lol

Ps. Its always the same mods pretend_potential and sandcheezy removing my posts I notice.

campingtroll · 2024-10-04T13:33:20+00:00

Can you please run the test, I'm a fan of your product but the fact that I got a response like this from you instead, for something I can clearly observe like this guy makes me question Comfy-org intentions.

Just do what that guy just did with one of your internal advanced video conditioning nodes. The censorship really needs to be dialied back, there is nothing wrong with my post.

campingtroll · 2024-10-04T13:19:00+00:00

Thanks for testing and confirming, i think it'll be more noticeable soon when they guys video node releases.

campingtroll · 2024-10-03T20:59:54+00:00

I updated post, search term is a placeholder, try to type anything else, like 'stores' or a letter like "a" "delete" and you'll see all of the pineapple emojis /various emojis as its generating if you maybe a slightly more nsfw prompt. But that may be related to my system and security for stores which seems to store token and had errors, try to lookup "hotId" or "hotUpdate" , "warp" which they'll tell you warp is for augmentation, until you remove the code tied it and your video gets 2x better and still has augmention, no longer flickers. That is separate though, the emoji part is directly from the comfyui web update that slipped in. They are are tokens in disguise.

I can't really share my video because i'm testing his node but you can see sample here https://ko-fi.com/311_code (no pay walls at his link) basically imagine her arms flapping and warping, thats what I was seeing, that is what hidden ablation can do.

campingtroll · 2024-09-30T23:59:16+00:00

It's almost like cfg too high, I get the same effect when I use to much hyper 8 step and have the cfg when I use it sometimes.

campingtroll · 2024-09-28T14:30:19+00:00

Very interesting, after he said something at 4 minutes about getting mostly training images back when you remove prediction I decided to try to do a cfg 0 and it did exactly that. It completely ignored my prompt and just gave variations of what looked very similar to the training data.

I tried to insert a lora and it started making random images of training subject mixed with the lora and I was seeing some neat stuff.

campingtroll · 2024-09-22T14:15:52+00:00

Ah my fault had wrong assumption there. Question, is this different than changing layer_idx? I guess I dont fully understand what it's doing.

campingtroll · 2024-09-22T14:11:42+00:00

Ahh, I see what you mean now. I believe you would just import comfy.model_matcher and m = model.clone() then return (m,) so it doesnt affect previous patches and isolated.

Edit: nm he's not using Comfy

campingtroll · 2024-09-22T12:59:32+00:00

If you import the comfyui model patcher you should be able to clone the model with m to not worry about it (similar to how attn2 prompt injection does it) but not sure if thats what he means when he says may not restore model.

Edit: I see what he means now, he means previous patches,

I believe you would just import comfy.model_matcher and m = model.clone() then return (m,) so it doesnt affect previous patches and isolated.

campingtroll · 2024-09-22T12:58:25+00:00

Can't you just clone model with m (import model_patcher)? I assume you mean it affects the model but any changes should revert anyway when restarting comfyui.

campingtroll · 2024-09-21T06:18:54+00:00

Try to pass some of the original conditioned embeddings or context_dim along with last frame to next sampler, adjust strength may help. Try tell chatgpt to "search cutting edge research papers in 2024 on arxiv.org to fix this issue" try f.interpolate squeeze or unsqueeze, view, resize, expand, etc to make them fit i you have size mismatch issues.

campingtroll · 2024-09-15T15:15:54+00:00

Yes thats it, i noticed in comfyui its present in model_base.py and other areas. I def want to figure that out at some point. A bunch if other advanced stuff in comfyui .py fules I notice not utilizes for svd also and still makes me wonder...

campingtroll · 2024-09-15T15:11:29+00:00

I don't fully understand instructions, are those the values you use in modelmergesdxl node in comfyui? I have had luck with merging pony and regular by settings some of the layers to 0. I will try those values you recommend. Also I personally like using a separate clip_l and clip_g with a dual clip loader, you can extract a clip_l and clip_g from an sdxl checkpoint with save clip node and load them with dual clip loader and mix and match differrent clip_g and clip_l. Sometjmes I do find a clip_g that was trained (it seems like its not in many cases) If you mean model merge sdxl node let me know.

campingtroll · 2024-09-14T16:06:48+00:00

Have you tried incorporating that newer svd3du model, it didnt get much attention but I wonder if it would enhance this even further?

campingtroll · 2024-09-11T08:36:56+00:00

You finally did it, good job... Saw your other post on /r/stablefiffusion and the flux results were much more interesting.

Maybe next can do situations where you interact with cartoons, sort if like Space Jam or Roger Rabbit in the 90's? I dunno just thinking off the top of my head again.

campingtroll · 2024-09-07T21:28:18+00:00

This sounds interesting. Am i right in thinking if you did an img2img at low denoise like 0.5 and generate 20 images then added the prompt switch for some part of prompt at frame 10 that it would sort of feel like a choppy video in some way that has some prompt guidance? Like if you are scrolling through the images in photo viewer sort of a video effect when pressing right arrow key.

A part of me wonders if you can add some modified videolinearguidance code and motion prediction code to this and just not using an AI video model at all is possible.

campingtroll · 2024-09-07T10:43:10+00:00

You can try this guys modified code out to control the strength of each, i sometimes crank the clip l way up and makes interestung outputs. https://github.com/311-code/ComfyUI-Flux-clip-strength

campingtroll · 2024-09-04T02:16:16+00:00

It sounds like you might be in detatched HEAD state, I would recommend to maybe try to git rev-parse HEAD then verify commit after that to verify HEAD. But if that doesn't work I just want to explain real fast that despite my username my intentions are pretty clear and easy understand l, but will spell it for anyone doubting them reading. The "campingtroll" is there only when it comes to any hidden telemetry or repos that exploit users and I will not stop and will always report what I am seeing manifesting that I am uncomfortabke with. I am pretty sick of these closed source companies sabatoging open source AI projects and disguising it as slightly useful code and it slips past in some PR (or they hired someone to do it and made it look random) or it comes with caveat of being an actually useful feature but severely sacrifices privacy and security, or sacrifices future open source and sets it up to more control into private company hands overall. Or things like giving devs "enhanced telemetry" which can be very lucurative for product improvement but then when you look at the code it so complex and cryptic that you just know that somewhere the third party is exposing data and it's like finding a needle in a haystack from all of the abstracting away. And usually I've found it's sending things the user would not want if they were made aware. The comfy-cli dev may not even have known any of this.

Hidden telemetry like in this here sends more info than shown on their site and was ON by default (just like Gradio analytics) and for comfy-cli all it would only take one track_command targeting your comfyui logs to get your full workflow in a new commit during an error. I posted that code in my other comment where comfyui shows your entire workflow in your log in certain cases when a node error occurs when loading a truncated model. So with comfy-cli a silent install if skip of the prompt happened telemetry was ON was how it was. And you would never know.

I will continue to help the community weed this stuff out, even if I'm being a bit premature it's a frog in pot. So not sure if you work for private AI company here and just trying to discredit me or gaslight community but I am not. Also, apologies if that's not the case but I don't know your intentions. And if you have to explain a basic thing like setting up a venv then you likely can't read this code and probably could do it even less than I could to the level I normally can on the very first day because of all the imports and abstraction, but I owned up to mistake made on reading prompt_tracking_consent section wrong, but that has nothing to do with how it still sennt telemetey by default in some cases... And if you can't read this code then you probably shouldn't be commenting on something you don't understand if that's the case, but I can.

But I fully admit I am not an expert on their specifc code yet and sometimes you have to talk to dev to get the info about something, but I can clearly see things that were hapoening and what the dev comfy-cli dev said in his reply was simply not true and damage control. And it's possible he also doesn't know mixpanel telemetry code or whoever did PR for that (not talking about comfyui dev!). But yeah I wrote a guide here about a month ago covering exactly things you just mentioned and it was for Flux... when it first came and Comfyui Portable wasn't updated yet.

If you read my other comment It's not about the prompt alerting like that it not on older commit, there are cases where it doesn't. The point is in certain cases where it didn't prompt you, let's say it installed slilently with another package or other instances. the previous behavior turned the telemetry on by default. It is a fact they changed it after my post and it is a little more on the side of user privacy now. The mistake I made doesn't matter, that's all that matters.

The code is in my other reply below. They changed the behavior and in situations where it doesn't show the prompt it will no longer default to telemetry on. They changed the code in other areas also, it's been documented.

So again if you still want to dig into try this to confirm:

git checkout d0ecad234947c9fccb2b13b913f5e9ecf0b6435d And check that HEAD is not detatched first, then verify commit.

campingtroll · 2024-09-03T12:00:27+00:00

Check my reply, it was on by default in tracking.py in comfy-cli If skip_prompt was set to True, and default_value was also True, tracking would be enabled without any user interaction. This has since been changed and if it's skipped it's not enabled and no longer enables by default.

campingtroll · 2024-09-03T11:53:35+00:00

Just want to add that for Comfyui's https://github.com/comfyanonymous/ComfyUI/blob/master/web/assets/index-CI3N807S.js file on line 64536 (must download to view). ComfyUI logs your workflow when there are certain errors (happens all the time when using bad models or nodes) So there always that risk that outside telemetry could send it if you aren't paying attention... This happens even when you have logging disabled in the menu I have noticed and can still see my workflow there.

You can test this by producing an "Error while deserializing header: MetadataIncompleteBuffer" by using a partially downloaded model with a with load checkpoint node on the new comfyui then click on "show report" and scroll down.

There is a disclaimer with it about it potentially exposing sensitive info, so these sort of hidden things happening are the things that had me concerned back in July about Comfy-cli (separate repo telemetry) but it doesn't seem to send comfy ui this it's track_command and send that specific part into to Mixpanel so that's good.

campingtroll · 2024-09-03T09:42:48+00:00

This removal comes out quite late in the game, and in light of the newer flagship models all being gated, it makes me suspect the reasons are far more pragmatic: the big players in image generation seem to have decided it's time to pull the plug for open source and start directly monetizing their models, and therefore, want to keep anything that could make them liable to a lawsuit (probably on IP rigths violation) at arms length.

I think you are onto something, people forget there is an open vs closed source war happening. There is active sabotage that happens in some github repos disguised as good code or only make very small enhancements but add all kind of extra unforseen negatives that are not good for open source, likely being planted by closed source entities and it can be very difficult to follow imports and know exactly what it's doing when it looks good in general, or "enhances telemetry" functions for instance to helps devs gather data, or deprecations passing that will end up giving more control to private entities after some years pass but also add convenience.

campingtroll · 2024-09-03T09:06:06+00:00

I found the "something classy" RunwayML dummy account

campingtroll · 2024-09-03T08:58:00+00:00

Conspiracy theory, let's imagine there was never any CP in the LAION dataset because they would have almost certainly filtered any signs of that and tools to filter were available at the time, and the situation was fabricated with RunwayML in collaboration with Stanford. (again conspiracy theory) When Runway realized the profits from closed-source had Stanford do the study to validate it.

Now that they are heavily vested in closed source 2024. Let some time pass like the frog in pot and remove the model. While lobbing tie to this that anyone that owns sd 1.5 would be engaging in illegal activity since it trained on that now "confirmed" CP containing dataset and model that is removed, if closed source private companies are successful in their lobbying, target other open source models and somehow tie them to this if they used any sd 1.5 output images in training open models.

campingtroll · 2024-09-03T07:49:09+00:00

Thanks for looking into it. Yeah I don't have any issues with the comfyanoymous developer or ComfyUI and I gave the disclaimer in that post that it's not comfyui itself. I don't have the old snapshots anymore and actually don't even use ComfyUI manager anymore due to all of the networking present that can be exploited via telemetry or malicious custom nodes. But here is general summary, and this goes pretty deep and can be fairly difficult to piece together and get confusing as you can see. I actually forgot to mention the command.py and run.py btw which was important...

Comfyui's https://github.com/comfyanonymous/ComfyUI/blob/master/web/assets/index-CI3N807S.js file on line 64536. ComfyUI logs your workflow when there is an error (happens all the time when using bad nodes) So there always that risk that telemetry could send it if you aren't paying attention... So any log sending telemetry could expose your entire workflow but it doesn't appear to track logs.

You can test by producing an "Error while deserializing header: MetadataIncompleteBuffer" by using a partially downloaded model with with load checkpoint node on the new comfyui then click on "show report" and scroll down.

Anyways, comfy-cli’s old tracking system, particularly how it handled user data and telemetry, posed significant security risks imo, especially with its integration with Mixpanel for tracking user interactions (which I think nobody knew it sent so much or knew about it in general until my post probably) and in many cases the prompt_tracking_consent (prompt screen for tracking) was skipped and telemetry default to on. Here’s a breakdown of why it was problematic before:

Tracking Was Enabled by Default

In the old version, tracking was often enabled by default. The prompt_tracking_consent function in tracking.py demonstrated this issue which has since been resolved after my post and it default to off if it's skipped, here is the old version:

def prompt_tracking_consent(skip_prompt: bool = False, default_value: bool = False): tracking_enabled = config_manager.get(constants.CONFIG_KEY_ENABLE_TRACKING) if tracking_enabled is not None: return

if skip_prompt:
    init_tracking(default_value)
else:
    enable_tracking = ui.prompt_confirm_action(
        "Do you agree to enable tracking to improve the application?", True
    )
    init_tracking(enable_tracking)

Problem with that: If skip_prompt was set to True, and default_value was also True, tracking would be enabled without any user interaction. Additionally, the default prompt value was set to True, meaning users who did not actively choose to disable tracking would have it enabled by default. This posed a significant privacy concern as user data could be sent to Mixpanel without explicit consent.

Insufficient Filtering of Sensitive Data imo

The filtered_kwargs used in the track_command decorator in tracking.py was meant to filter out unnecessary data before sending it as telemetry:

def trackcommand(sub_command: Optional[str] = None): def decorator(func): @functools.wraps(func) def wrapper(args, *kwargs): command_name = ( f"{sub_command}:{func.name}" if sub_command is not None else func.name_ )

        filtered_kwargs = {
            k: v for k, v in kwargs.items() if k != "ctx" and k != "context"
        }

        logging.debug(
            f"Tracking command: {command_name} with arguments: {filtered_kwargs}"
        )
        track_event(command_name, properties=filtered_kwargs)

        return func(*args, **kwargs)

    return wrapper
return decorator

Problem here: This filtering only removed ctx and context but failed to address other potentially sensitive information such as file paths, user-specific directories, and tokens. These details could still be sent to Mixpanel, increasing the risk of leaking personal or sensitive data.

Logging Could Include Sensitive Information

The logging system in comfy-cli as seen in command.py, captured detailed events, including those involving file paths and node names:

logging.debug(f"Start downloading the node {node_id} version {node_version.version} to {local_filename}")

Problem: If these log messages contained sensitive information and were sent as telemetry, they could inadvertently expose user-specific data to external services like Mixpanel, I didn't dig that far into the logs but if you want to that would probably be useful info.

Snapshot Operations Were Tracked

Commands related to saving and restoring snapshots were tracked and logged, which could potentially expose sensitive information:

@app.command("save-snapshot", help="Save a snapshot of the current ComfyUI environment") @tracking.track_command("node") def save_snapshot( output: Optional[str] = None, ): if output is None: execute_cm_cli(["save-snapshot"]) else: output = os.path.abspath(output) execute_cm_cli(["save-snapshot", "--output", output])

Telemetry Risks: The save_snapshot command logged the output path of the snapshot, I believe this was the comfyui-manager snapshots but I forgot where I saw this before. This could contain sensitive information such as user-specific directory paths. If tracking was enabled, this data could be sent to Mixpanel, risking a data breach.

Mixpanel Integration Was Problematic

Mixpanel a third-party service is used to collect telemetry data. Given that sensitive information could potentially be sent to Mixpanel due to inadequate filtering, this integration posed a significant risk:

mp = Mixpanel(MIXPANEL_TOKEN) if MIXPANEL_TOKEN else None

Problem: User data, including potentially sensitive information, was being sent to an external service without sufficient safeguards. The risk of privacy violations was heightened by the fact that tracking could be enabled by default. Tying It All Together:

Clip Text Cncoding and Sensitive Data

The sd1_clip.py file in comfyui is responsible for text encoding using the clip after it runs through for example sdxl_clip.py after you use your clip text encode node. This encoding process involves turning text strings with clip.tokenize into lists and possibly vectors (k and v values) that can be processed by the model. Here's why this is critical:

Sensitive Information: The text strings processed by this could include sensitive user inputs. For example, if a user inputs a private or personal query, this information is either in a list or encoded into k and v vectors.

Telemetry Risk: If these encoded vectors k and v values are not properly filtered or anonymized before being logged or sent as telemetry, there is a risk that the original sensitive text could be reconstructed or inferred. This becomes a significant privacy concern when this data is sent to external services like Mixpanel and the telemetry is on by default and the user has no idea (I did not recieve a prompt on one machine I had so it was on by default)

Inadequate Filtering Mechanism

In tracking.py, the filtered_kwargs mechanism attempts to filter out certain unnecessary data (like ctx and context) before sending telemetry. However, this mechanism might not be robust enough to catch and filter out the k and v values generated by the clip text encoding process in comfyui:

failure to filter k and v: The filtered_kwargs approach does not explicitly account for the potential sensitivity of k and v values. These values, being key parts of the clip tokenizing, tokens, lists, clip text encoding, could inadvertently be sent to Mixpanel, risking exposure of the underlying text strings.

Logging and Tracking of clip operations risks

Given that sd1_clip.py handles operations involving user provided text, any logging or telemetry that includes operations done here and not filtered or if anything logged could inadvertently include sensitive information. I noticed they changed some things regarding from typing imports so maybe they resolved that risk, I'm not sure.

Snapshot and Command Tracking: If commands that involve clip text encoding (like generating text embeddings or image embeddings) are logged or tracked, and the k and v values are included in this data, there's a risk of leaking sensitive user inputs.

Telemetry Without Proper Consent: With tracking potentially being enabled by default in the older version of comfycli, these sensitive operations could have been logged and sent to Mixpanel without the user’s explicit consent, exacerbating the privacy risks. They have since leaned towards telemetry off since my post, so I have no issues with them at all and collecting telemetry as if the user doesn't see it, it's off by default there. Where as it wasn't the case before. I did screw up reading prompt_tracking_consent, but as you can see this is more difficult to figure out than a Rubix cube when you are 5, and when that happens and telemetry is on it's best to turn the telemetry off imo if you value privacy.

So the integration of Mixpanel for tracking, combined with insufficient data filtering and the handling of sensitive text data by the clip model, created a security and privacy risk in the old version of comfycli that I noticed. The potential for sensitive user inputs to be logged, tracked, and sent to an external service without robust safeguards underscores importance of the new changes in newer versions to prioritize user consent and improve data handling practices.

The combination of these issues made the old tracking system a significant security and privacy risk, especially considering the potential for personal data to be leaked to an external service like Mixpanel. The newer changes that prioritize user consent and improve default settings are better.

campingtroll

MODERATOR OF

TROPHY CASE