I noticed recently that there is a new, required field when creating a new project, called ‘Business Website.’ This didn’t used to be here and I can’t find any information about it.
What is the purpose of this field and why is it mandatory? For what purpose is the value used by OpenAI?
Today, I noticed a change on the help page for prepaid billing. OpenAI is apparently rolling out a new trust-based system for requests and tokens per minute.
Trust Tiers & Rate Limits: The number of API requests you can make per minute (RPM) and the number of tokens you can use per minute (TPM) depend on your Trust Tier. Stay tuned for more information on Trust Tiers.
From what I understand, this is a measure to reduce fraud and ensure the API is used in accordance with the usage policies and the Terms of Service.
Interesting – thanks for the link. I thought this might be the case, but then what’s to keep someone from just putting some nonsense in there? Like can I just put google.com in there? I thought about experimenting with various domains, but didn’t have time.
The trust tier system is the one currently in place - how trusted you are to have made non-fraudulent payments in the past.
That doesn’t answer the question - why is new, more invasive, information requested, in “create project” of all places, about your business and site, and what you are doing with the API?
Agreed. It’s weird that this is suddenly required.
And, of course, no news is released about it. Just silently added as a new policy.
It should be very obvious that if things “appear” out of nowhere without any explanation there will be speculation and mistrust.
I wasn’t suggesting that you SHOULD put false information in there, I was wondering if it was arbitrary, since we don’t know what the purpose is. Is this why someone flagged this thread?
I’d like to respectfully ask that someone un-flag the thread, because I’d really like a response. I only use OpenAI for work, and I believe I have a right to know the following:
What is this domain used for?
Is the field arbitrary?
Why is it required?
How important is this field? What happens if I or a colleague fat-finger a domain?
Need to update my own internal docs for how to OpenAI properly, and I can’t really do that when I don’t have any answers.
When you create a new API Platform account or a new project, we require you to verify your business information, which includes a business website and a description of your business.
This is a standard procedure to verify your business identity and ensure compliance with legal and financial regulations. It helps protect both your business and our platform from fraud, ensuring a safe and secure environment for all users. We don’t use your verification data for any other purposes, and take your privacy very seriously.
Why is this information also needed for Projects?
Projects are shared environments where organization members can collaborate and provide customers the ability to organize their work. This second verification step enables us to protect both your business and our platform from fraud.
…
Here’s the possibility of more being required of you, on existing projects, from the platform site
Future compliance requests for information about your business will appear here. Learn more why we need to collect this information.
“Verifications” - in a list format accommodating various types.
I agree, adding a social media or business website does NOT authenticate a user but instead could and would likely be used to defraud individuals on a greater level -the public, companies, authorities etc. Crypto companies are now using your actual ID to verify users, although this can make it more difficult to defraud everyone, ID isn’t entirely safe from theft. If you’re looking for basic verification, payment online should be decent enough and that could be done establishing an e-transfer, because at least, fraudulent activity from bank accounts are usually resolved quickly because users do much of their banking online and see their transactions but fraudulent websites can proceed undetected, change payment types & names and even transfer domain ownership easily to continue the masking of identity and ownership.
This article states “ensure compliance with legal and financial regulations”, but what is this regulation that requires anyone using the API to have a business and/or LinkedIn?
I do not have any social media besides Insta and… Uhmm… I could just use ANYONE’s instagram.
I’m trying to see the value here. If for example someone said they are Joe from Madagascar and then were churning posts saying that they were Google Tech Support. But… Not really… He could be a subcontractor?
Isn’t our email, phone number, and credit card information enough? What does this extra step accomplish if someone is already being malicious?
This second verification step enables us to protect both your business and our platform from fraud
What does this mean? If my company has 5 members and we all use our business website and then a new guy joins with a different website will something happen?
How exactly is this protecting my business?
I’m not against this as a concept. I’m against how vague this article is. It throws all of these “We do this for that”, but “that” is nothing but smoke if there’s no explanation. They might as well throw a “for the greater good” in there
Consider: OpenAI is scanning everything ran on the system, having banned accounts that used a character site’s prompt, systematically detecting and announcing removal of accounts connected to “covert influence operations”, banning accounts (and credits) of those connecting from prohibited countries, collecting policy violations against you.
Why not a use-case compliance scanner too? Needs but one piece of missing information…
i wonder if they could give us a rundown of the exact legal and financial rules that we need to follow for this verification? it would help us better understand the requirements and ensure that we comply with all necessary regulations.
I mean one point to consider is that some organizations may be using the API to perform activities that are regulated without however having a license such as in financial services. I have zero clue whether this is part of OpenAI’s considerations but I guess it would not be ideal if they were seen to be facilitating unlicensed activity. So this could possibly help to detect these cases. Idk.