SEO
Legal Considerations & Team Communication For Remote Companies
So, you’ve likely figured out that remote work is here to stay, which means a whole set of different considerations when getting set up.
In the first part of this series on how to build a remote SEO team, we looked into the structure of successful remote teams.
Now, let’s explore the legal considerations and team communication aspects you’ll need to build a remote team, stay compliant, and encourage collaboration.
Legal Aspects of Remote SEO Teams
Salary and benefits are not the only aspects of hiring fully-remote SEO experts with legal implications.
Depending on your team’s base, you may need to make extra considerations around rights and security.
Data Security
Employees working fully remotely may not only be working from their homes.
They may use the flexibility of not being in an office to take working holidays for weeks at a time or simply go to the coffee shop down the road to work.
Because of this, there are extra data security complications.
Confidential Data
In an ideal situation, each team member would have their own private, lockable space to work.
An office outside of the company office.
However, this is a rarity.
Therefore, remote workers must be mindful of who can access their working space or see what they are working on.
Working in a co-working space or a café can mean that other people may see screens with confidential client data or company financial data.
You may need to invest in films for laptop screens that make it harder for other people to read unless directly in front of them.
You may also need to recommend that your team be mindful of the data they leave visible on their screens around other people.
Data Protection Laws
It might not just be a case of wanting to keep client and personal data safe. There might be legal ramifications if you don’t.
In Europe, for example, the General Data Protection Regulation (GDPR) governs employees and stipulates how to treat personally identifiable data.
You’ll need to adapt processes and rules around data security to life outside of the office for remote teams.
The team also needs to be educated on its importance and have the tools to assess their own work environment.
Guidance For Shared Living Spaces
Working full-time from home can lead to lapses in treating work equipment and data differently from personal equipment.
It might be second nature for an employee in an office to lock their laptop when they get up from their desk. But in the comfort and security of their own homes, it might not occur to them to do the same.
Think too, that in an office, most people around work for the same company.
This is not the case in shared living spaces.
It can be a good idea to remind your team of that.
Guidance For Vacated Premises
Hybrid or in-office employees may leave their laptops at work when they go on holiday.
The office is likely to be staffed when they are not there, or in periods of shutdown such as over bank holidays, the office will be securely locked.
There may be times when a colleague’s house, therefore home office, is completely vacant, like when they and their family go on holiday.
Remote workers may need to lock away their company laptops during these times as an extra level of security.
You may need to provide them with the facilities, like a lockable cabinet.
Legal Rights
The legal employment rights of your SEO team may be very different depending on where in the world they are working from.
If all of your team are fully remote but in your state/country, you may not need to consider it as much.
This can affect a lot, for example:
- The number of public holidays.
- The amount of paid sick leave.
- How much maternity leave?
- The length of notice they are legally entitled to when terminating their contract.
Even if you are not ultimately legally responsible for this area, as a line manager building a fully-remote team, it is wise for you to understand what each member of your team is entitled to.
This will help you plan for cover during holidays, paternity leave, and cases of sickness.
It can also mean you are not accidentally leaving a single team member responsible for the technical health of an entire website when everyone but themselves is on a public holiday.
Optimizing Your Remote Team’s Communication & Collaboration
Once you get past the initial financial and legal hurdles for building a fully-remote SEO team, you can turn your attention to how to make it a fun, productive, and energizing work experience.
Communication
One of the biggest perceived challenges for a fully-remote team is communication.
Many teams struggle to find the right balance between over and under-communicating.
Getting communication right in a fully-remote SEO team is a particularly big priority.
As SEO pros, we often learn from each other, discussing challenges and considering ideas as a team.
A large component of the job for digital PR is ideation, arguably much easier as a group.
Just because your team is fully remote does not mean you have to lose that side of the communication.
Replacing Office Chit Chat
When talking about fully remote versus in-office, the topics often surround the pros and cons and the ease of chatting.
Some people love the buzz of a busy office and the opportunity to connect with colleagues while preparing lunch, or making a coffee.
Others find it distracting or draining to be available to other people constantly.
When discussing the social and community needs of a remote SEO team, it’s important to realize we’re not looking to replicate the office chit-chat but instead replace it.
The goal is to give your team the time for deep-work focus and the opportunity to connect with their colleagues.
One way of doing this is through set times for socializing.
You can set up optional coffee chats once a week or every day so that the whole team can come together for 15 minutes of social chat.
They may want to do this as a whole team or one on one.
This might branch out across the company, so your team gets the opportunity to connect with others that they don’t work with daily.
This way, you can protect their focus and time while enabling them to make space for the social aspect of work.
Video Call Fatigue
In the Covid-19 working from home movement, something that became apparent early on was that in-office meetings quickly got replaced with double the number of meetings via video calls.
This can be completely exhausting and time-consuming.
Be mindful of how you enable your team to structure their days.
Consider call-free hours or days, suggest switching to voice only for some/most calls, or even give people the opportunity to use an avatar for some calls.
Those meetings that could have been an email? Still could have been an email.
Don’t try to foster relationships and teamwork through video calls. It isn’t the way to do it.
Just like in-person meetings need to be arranged mindfully, so do virtual ones.
Instant Message Overload
Working remotely makes it harder for you to call across the office to ask your team member for an update or check that they are OK.
Losing this aspect of working isn’t necessarily a bad thing.
Just because you are in a state where you are ready for an update doesn’t mean you are not interrupting your team member and potentially derailing their concentration.
Let’s not use instant messengers in the same way.
Be thoughtful around how you message people using Slack, Teams, and the various other instant messengers.
Don’t expect an answer from your team straightaway.
You can’t see the look of concentration on their face as they are writing schema or the fact that they are actually making a cup of tea at the time.
Try not to phrase messages with a sense of expectancy for a quick answer.
For longer brain dumps, consider sending your thoughts in an email and use the instant messengers for shorter updates.
One good tip for ensuring your team doesn’t feel obligated to respond instantly is cutting straight to the chase.
Starting a conversation only asking “hi, how are you?” can cause your addressee to feel obligated to answer immediately to find out what you need and how urgent it is.
Instead, if you tell them exactly what you’re after and when you need it, you save them the guesswork or need to reply instantly.
Losing Messages In The Noise
Another risk of fully-remote work is that there is little to distinguish between “this is an important announcement I need to pay attention to and remember” and “this is a status update of lesser importance.”
When your team is receiving hundreds of messages a day from across the company, they may simply miss the one from you asking for them to look at a page that’s 404ing.
Consider setting different channels for social chat, projects, and urgent announcements.
This categorization of messages can help the team to identify how urgent/important the communication is and also find it again a few days (and hundreds of messages) later.
Collaboration
Making sure your team can function as well as any in-office SEO team will be all down to how well they can collaborate remotely.
Several factors impact how you should set your team up for successful collaboration.
Timezones
Your remote team might have people operating in different time zones.
Truly international teams might not have much, if any, overlap of working hours.
This can be very hard to navigate successfully.
There can be the temptation, especially for agencies, to expect SEO experts to be available whenever they need them.
If clients are in different time zones and colleagues, you can guess whose schedule gets prioritized.
When working across time zones, empower your team to be careful with their time.
This means giving them the power to say no to meetings outside of fair working hours.
It also may mean compromising in some instances, but these should be the exception, not the rule.
One way of doing this is to encourage core working hours for face-to-face meetings.
For example, if there is only an overlap of three hours per day when all team members are working simultaneously, try to save any meetings for those three hours.
Async Conversations
Another way to help overcome the challenge of different timezones and the fatigue from too many video calls is to encourage asynchronous communication.
“A quick call” might be convenient for the person who wants instant feedback on an idea, or simply doesn’t want to have to type it all out.
It might be less convenient for the person who should have finished work for the day an hour ago.
Recording voice notes can be a simple way of communicating that doesn’t require a lot of typing.
It can then be listened to at a time convenient to the recipient.
Collaboration tools can also help with the dump of thoughts and allow for asynchronous feeding back.
Tools
So what are some must-have tools for remote SEO teams to collaborate well?
- A ticketing system. Along the lines of Monday or JIRA, a ticketing system will help your team keep track of those “ad-hoc” requests sent through email or messenger. It also allows for a centralized place for asynchronous updates on status.
- Software like Miro or Google Jamboard allows your team to add ideas to a virtual whiteboard without needing to be in front of a physical one. It has the added benefit of being available over time, so teams can go back and see the evolution of ideas.
- A VPN can be very beneficial in enabling your SEO specialists to see what teammates see worldwide. If your colleague in Mexico has spotted something interesting in the SERPs, there’s no need for extensive screenshotting to communicate it to their colleagues. Their colleagues can proxy their location as Mexico and investigate for themselves.
- Password manager. Allowing your team to safely share passwords without being in the same room is critical. A password manager like LastPass will allow them to send passwords securely without the risk of doing it via email or the inconvenience of joining a call to share it verbally.
- Central storage. You will likely need your team to access client-facing templates, each others’ work, and best-practice guides. When everyone works in the same office, in the same timezone, it’s easier to ask for these documents to be emailed when needed. When you don’t know if your colleague is at their desk, or they don’t start work for another three hours, it helps to access these documents for yourself.
Motivation
Motivating a fully-remote SEO team is different from an in-person one.
There is less opportunity to reward a team with a trip to the café down the road for an impromptu lunch, or a round of coffees as thanks for their hard work that week.
As a line manager of a fully-remote team, consider how you continue to motivate your team when you aren’t physically around them ever.
Time To Switch Off
A crucial component of keeping a remote team motivated is ensuring they get the time they need to switch off.
It’s easy to see who stays behind late when they are the last to lock up the office each night.
It isn’t as easy to make sure your remote colleague isn’t working too long.
The lack of physical separation between work and leisure can have a mental effect on your team’s ability to switch off at the end of the day.
It is important to encourage your team to find what works best for them.
Whether that’s recommending they disconnect emails from their personal phone to avoid getting pinged from an international colleague at 10 p.m.
Or to physically shut their laptop down at the end of the day and put it away out of sight.
The best way to do this is to lead by example.
Don’t expect your team to be available when you are or check their emails on weekends.
Remind them that you don’t check your Slack messages outside of working hours and designate 6 p.m. onward as family time only.
Celebrations
You might not be able to take them all out for dinner at the end of a long week, but that doesn’t mean you can’t celebrate achievements and milestones with a remote team.
Creating an atmosphere of continual recognition can be a great way to motivate your team.
Weekly “shout-outs” from you as the line manager or even a system of recognition from each other can help to note and celebrate everyone’s efforts.
Bigger celebrations like birthdays and client wins can still be celebrated with dinner or doughnuts.
Instead of taking everyone to the same restaurant, you can give vouchers for the team to take their own families out.
Or provide an allowance for each team member to order food to eat during a video call.
What’s great about remote teams is you get a license to be creative in how you celebrate.
Not everyone wants to go to the pub on a Friday after work.
Not everyone celebrates with food.
Find what works for your team.
The important thing for motivation is to keep acknowledging effort and success.
Clear goals
Another way to keep a remote team motivated is the same as an in-office team, but it bears discussing.
It is beneficial to have an end-point they are working toward to help a team feel united and working in the same direction.
Whether these are as simple as annual traffic and conversion goals or tailored quarterly KPIs and objectives, just make sure your team knows and understands them.
Your whole team should understand the SEO strategy and their own objectives and KPIs within that.
Communicating these across the team can help with individual accountability and the support of colleagues.
It will also help you identify if there are any lulls in momentum.
For instance, your team might have just been through a particularly busy sprint and need a few days to recover and get through the backlog of work.
Without a set of measurable objectives, it’s hard to see if you’re making progress.
It is also difficult for your team to understand how they are performing.
Help your team see and celebrate their progress against goals. It can be hugely motivating.
Productivity
There is less pressure for presenteeism with remote jobs.
As a remote team manager, you will hopefully not be checking up on them throughout the day to make sure they are working.
Instead, you will have hired a team you trust to do their job and will be monitoring quality instead.
When working with a team in an office, you can easily see if someone is being called into meetings constantly or asked questions that keep them from focusing on their work.
Unfortunately, this isn’t really possible when working remotely.
Because of this, you will need to ensure you are helping your team remove obstacles to their own productivity.
Identify Time And Energy Drains
Your team needs to be empowered to monitor their own energy peaks and troughs.
If your company also operates a flexible working schedule, this can be enormously beneficial in helping your team discover their most productive hours and working during those times.
They also may want to keep an eye on what is draining their energy and stealing their time from the core elements of their job.
One way to assist your team is by keeping a diary for a week of the tasks they are working on and their energy levels at the end of them.
Keep Meetings Structured
Meeting overload is a problem in-office and remotely.
Many articles have been written on how to better structure meetings to keep them productive.
Some quick and easy wins, however, are to:
- Make sure every meeting has an agenda.
- Empower your team to turn down meetings when they are not needed.
- Provide minutes for any group meetings so those who can’t attend can read them back asynchronously.
- Circulate any pre-reading material for comments before the meeting.
It is also a good idea for you as a manager to check in with your team on how they are finding their meeting/work balance.
Some may find meetings easier to fit into their day than others.
In my next column, we’ll continue this series with the final part of building a remote SEO team.
This section covers individual training and development, and respecting the different reasons people choose remote work.
More resources:
Featured Image: fizkes/Shutterstock
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window,document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
if( typeof sopp !== “undefined” && sopp === ‘yes’ ){
fbq(‘dataProcessingOptions’, [‘LDU’], 1, 1000);
}else{
fbq(‘dataProcessingOptions’, []);
}
fbq(‘init’, ‘1321385257908563’);
fbq(‘track’, ‘PageView’);
fbq(‘trackSingle’, ‘1321385257908563’, ‘ViewContent’, {
content_name: ‘remote-seo-team-legal-communications’,
content_category: ‘careers-education enterprise seo’
});
SEO
Mozilla VPN Security Risks Discovered
Mozilla published the results of a recent third-party security audit of its VPN services as part of it’s commitment to user privacy and security. The survey revealed security issues which were presented to Mozilla to be addressed with fixes to ensure user privacy and security.
Many search marketers use VPNs during the course of their business especially when using a Wi-Fi connection in order to protect sensitive data, so the trustworthiness of a VNP is essential.
Mozilla VPN
A Virtual Private Network (VPN), is a service that hides (encrypts) a user’s Internet traffic so that no third party (like an ISP) can snoop and see what sites a user is visiting.
VPNs also add a layer of security from malicious activities such as session hijacking which can give an attacker full access to the websites a user is visiting.
There is a high expectation from users that the VPN will protect their privacy when they are browsing on the Internet.
Mozilla thus employs the services of a third party to conduct a security audit to make sure their VPN is thoroughly locked down.
Security Risks Discovered
The audit revealed vulnerabilities of medium or higher severity, ranging from Denial of Service (DoS). risks to keychain access leaks (related to encryption) and the lack of access controls.
Cure53, the third party security firm, discovered and addressed several risks. Among the issues were potential VPN leaks to the vulnerability of a rogue extension that disabled the VPN.
The scope of the audit encompassed the following products:
- Mozilla VPN Qt6 App for macOS
- Mozilla VPN Qt6 App for Linux
- Mozilla VPN Qt6 App for Windows
- Mozilla VPN Qt6 App for iOS
- Mozilla VPN Qt6 App for Androi
These are the risks identified by the security audit:
- FVP-03-003: DoS via serialized intent
- FVP-03-008: Keychain access level leaks WG private key to iCloud
- VP-03-010: VPN leak via captive portal detection
- FVP-03-011: Lack of local TCP server access controls
- FVP-03-012: Rogue extension can disable VPN using mozillavpnnp (High)
The rogue extension issue was rated as high severity. Each risk was subsequently addressed by Mozilla.
Mozilla presented the results of the security audit as part of their commitment to transparency and to maintain the trust and security of their users. Conducting a third party security audit is a best practice for a VPN provider that helps assure that the VPN is trustworthy and reliable.
Read Mozilla’s announcement:
Mozilla VPN Security Audit 2023
Featured Image by Shutterstock/Meilun
SEO
Link Building Outreach for Noobs
Link outreach is the process of contacting other websites to ask for a backlink to your website.
For example, here’s an outreach email we sent as part of a broken link building campaign:
In this guide, you’ll learn how to get started with link outreach and how to get better results.
How to do link outreach
Link outreach is a four-step process:
1. Find prospects
No matter how amazing your email is, you won’t get responses if it’s not relevant to the person you’re contacting. This makes finding the right person to contact equally as important as crafting a great email.
Who to reach out to depends on your link building strategy. Here’s a table summarizing who you should find for the following link building tactics:
As a quick example, here’s how you would find sites likely to accept your guest posts:
- Go to Content Explorer
- Enter a related topic and change the dropdown to “In title”
- Filter for English results
- Filter for results with 500+ words
- Go to the “Websites” tab
This shows you the websites getting the most search traffic to content about your target topic.
From here, you’d want to look at the Authors column to prioritize sites with multiple authors, as this suggests that they may accept guest posts.
If you want to learn how to find prospects for different link building tactics, I recommend reading the resource below.
2. Find their contact details
Once you’ve curated a list of people to reach out to, you’ll need to find their contact information.
Typically, this is their email address. The easiest way to find this is to use an email lookup tool like Hunter.io. All you need to do is enter the first name, last name, and domain of your target prospect. Hunter will find their email for you:
To prevent tearing your hair from searching for hundreds of emails one-by-one, most email lookup tools allow you to upload a CSV list of names and domains. Hunter also has a Google Sheets add-on to make this even easier.
3. Send a personalized pitch
Knowing who to reach out to is half the battle won. The next ‘battle’ to win is actually getting the person to care.
Think about it. For someone to link to you, the following things need to happen:
- They must read your email
- They must be convinced to check out your content
- They must open the target page and complete all administrative tasks (log in to their CMS, find the link, etc.)
- They must link to you or swap out links
That’s a lot of steps. Most people don’t care enough to do this. That’s why there’s more to link outreach than just writing the perfect email (I’ll cover this in the next section).
For now, let’s look at how to craft an amazing email. To do that, you need to answer three questions:
- Why should they open your email? — The subject line needs to capture attention in a busy inbox.
- Why should they read your email? — The body needs to be short and hook the reader in.
- Why should they link to you? — Your pitch needs to be compelling: What’s in it for them and why is your content link-worthy?
For example, here’s how we wrote our outreach email based on the three questions:
Here’s another outreach email we wrote, this time for a campaign building links to our content marketing statistics post:
4. Follow up, once
People are busy and their inboxes are crowded. They might have missed your email or read it and forgot.
Solve this by sending a short polite follow-up.
One is good enough. There’s no need to spam the other person with countless follow-up emails hoping for a different outcome. If they’re not interested, they’re not interested.
Link outreach tips
In theory, link outreach is simply finding the right person and asking them for a link. But there is more to it than that. I’ll explore some additional tips to help improve your outreach.
Don’t over-personalize
Some SEOs swear by the sniper approach to link outreach. That is: Each email is 100% customized to the person you are targeting.
But our experience taught us that over-personalization isn’t better. We ran link-building campaigns that sent hyper-personalized emails and got no results.
It makes logical sense: Most people just don’t do favors for strangers. I’m not saying it doesn’t happen—it does—but rarely will your amazing, hyper-personalized pitch change someone’s mind.
So, don’t spend all your time tweaking your email just to eke out minute gains.
Avoid common templates
My first reaction seeing this email is to delete it:
Why? Because it’s a template I’ve seen many times in my inbox. And so have many others.
Another reason: Not only did he reference a post I wrote six years ago, it was a guest post, i.e., I do not have control over the site. This shows why finding the right prospects is important. He even got my name wrong.
Templates do work, but bad ones don’t. You can’t expect to copy-paste one from a blog post and hope to achieve success.
A better approach is to use the scoped shotgun approach: use a template but with dynamic variables.
You can do this with tools like Pitchbox and Buzzstream.
This can help achieve a decent level of personalization so your email isn’t spammy. But it doesn’t spend all your time writing customized emails for every prospect.
Send lots of emails
When we polled 800+ people on X and LinkedIn about their link outreach results, the average conversion rate was only 1-5%.
This is why you need to send more emails. If you run the numbers, it just makes sense:
- 100 outreach emails with a 1% success rate = 1 link
- 1,000 outreach emails with a 1% success rate = 10 links
I’m not saying to spam everyone. But if you want more high-quality links, you need to reach out to more high-quality prospects.
Build a brand
A few years ago, we published a link building case study:
- 515 outreach emails
- 17.55% reply rate
- 5.75% conversion rate
Pretty good results! Except the top comments were about how we only succeeded because of our brand:
It’s true; we acknowledge it. But I think the takeaway here isn’t that we should repeat the experiment with an unknown website. The takeaway is that more SEOs should be focused on building a brand.
We’re all humans—we rely on heuristics to make judgments. In this case, it’s branding. If your brand is recognizable, it solves the “stranger” problem—people know you, like you, and are more likely to link.
The question then: How do you build a brand?
I’d like to quote our Chief Marketing Officer Tim Soulo here:
What is a strong brand if not a consistent output of high-quality work that people enjoy? Ahrefs’ content team has been publishing top-notch content for quite a few years on our blog and YouTube channel. Slowly but surely, we were able to reach tens of millions of people and instill the idea that “Ahrefs’ content = quality content”—which now clearly works to our advantage.
Ahrefs was once unknown, too. So, don’t be disheartened if no one is willing to link to you today. Rome wasn’t built in a day.
Trust the process and create incredible content. Show it to people. You’ll build your brand and reputation that way.
Build relationships with people in your industry
Outreach starts before you even ask for a link.
Think about it: People don’t do favors for strangers but they will for friends. If you want to build and maintain relationships in the industry, way before you start any link outreach campaigns.
Don’t just rely on emails either. Direct messages (DMs) on LinkedIn and X, phone calls—they all work. For example, Patrick Stox, our Product Advisor, used to have a list of contacts he regularly reached out to. He’d hop on calls and even send fruit baskets.
Create systems and automations
In its most fundamental form, link outreach is really about finding more people and sending more emails.
Doing this well is all about building systems and automations.
We have a few videos on how to build a team and a link-building system, so I recommend that you check them out.
Final thoughts
Good link outreach is indistinguishable from good business development.
In business development, your chances of success will increase if you:
- Pitch the right partners
- Have a strong brand
- Have prior relationships with them
- Pitch the right collaboration ideas
The same goes for link outreach. Follow the principles above and you will see more success for your link outreach campaigns.
Any questions or comments? Let me know on Twitter X.
SEO
Research Shows Tree Of Thought Prompting Better Than Chain Of Thought
Researchers discovered a way to defeat the safety guardrails in GPT4 and GPT4-Turbo, unlocking the ability to generate harmful and toxic content, essentially beating a large language model with another large language model.
The researchers discovered that the use of tree-of-thought (ToT)reasoning to repeat and refine a line of attack was useful for jailbreaking another large language model.
What they found is that the ToT approach was successful against GPT4, GPT4-Turbo, and PaLM-2, using a remarkably low number of queries to obtain a jailbreak, on average less than thirty queries.
Tree Of Thoughts Reasoning
A Google research paper from around May 2022 discovered Chain of Thought Prompting.
Chain of Thought (CoT) is a prompting strategy used on a generative AI to make it follow a sequence of steps in order to solve a problem and complete a task. The CoT method is often accompanied with examples to show the LLM how the steps work in a reasoning task.
So, rather than just ask a generative AI like Midjourney or ChatGPT to do a task, the chain of thought method instructs the AI how to follow a path of reasoning that’s composed of a series of steps.
Tree of Thoughts (ToT) reasoning, sometimes referred to as Tree of Thought (singular) is essentially a variation and improvement of CoT, but they’re two different things.
Tree of Thoughts reasoning is similar to CoT. The difference is that rather than training a generative AI to follow a single path of reasoning, ToT is built on a process that allows for multiple paths so that the AI can stop and self-assess then come up with alternate steps.
Tree of Thoughts reasoning was developed in May 2023 in a research paper titled Tree of Thoughts: Deliberate Problem Solving with Large Language Models (PDF)
The research paper describes Tree of Thought:
“…we introduce a new framework for language model inference, Tree of Thoughts (ToT), which generalizes over the popular Chain of Thought approach to prompting language models, and enables exploration over coherent units of text (thoughts) that serve as intermediate steps toward problem solving.
ToT allows LMs to perform deliberate decision making by considering multiple different reasoning paths and self-evaluating choices to decide the next course of action, as well as looking ahead or backtracking when necessary to make global choices.
Our experiments show that ToT significantly enhances language models’ problem-solving abilities…”
Tree Of Attacks With Pruning (TAP)
This new method of jailbreaking large language models is called Tree of Attacks with Pruning, TAP. TAP uses two LLMs, one for attacking and the other for evaluating.
TAP is able to outperform other jailbreaking methods by significant margins, only requiring black-box access to the LLM.
A black box, in computing, is where one can see what goes into an algorithm and what comes out. But what happens in the middle is unknown, thus it’s said to be in a black box.
Tree of thoughts (TAP) reasoning is used against a targeted LLM like GPT-4 to repetitively try different prompting, assess the results, then if necessary change course if that attempt is not promising.
This is called a process of iteration and pruning. Each prompting attempt is analyzed for the probability of success. If the path of attack is judged to be a dead end, the LLM will “prune” that path of attack and begin another and better series of prompting attacks.
This is why it’s called a “tree” in that rather than using a linear process of reasoning which is the hallmark of chain of thought (CoT) prompting, tree of thought prompting is non-linear because the reasoning process branches off to other areas of reasoning, much like a human might do.
The attacker issues a series of prompts, the evaluator evaluates the responses to those prompts and then makes a decision as to what the next path of attack will be by making a call as to whether the current path of attack is irrelevant or not, plus it also evaluates the results to determine the likely success of prompts that have not yet been tried.
What’s remarkable about this approach is that this process reduces the number of prompts needed to jailbreak GPT-4. Additionally, a greater number of jailbreaking prompts are discovered with TAP than with any other jailbreaking method.
The researchers observe:
“In this work, we present Tree of Attacks with Pruning (TAP), an automated method for generating jailbreaks that only requires black-box access to the target LLM.
TAP utilizes an LLM to iteratively refine candidate (attack) prompts using tree-of-thoughts reasoning until one of the generated prompts jailbreaks the target.
Crucially, before sending prompts to the target, TAP assesses them and prunes the ones unlikely to result in jailbreaks.
Using tree-of-thought reasoning allows TAP to navigate a large search space of prompts and pruning reduces the total number of queries sent to the target.
In empirical evaluations, we observe that TAP generates prompts that jailbreak state-of-the-art LLMs (including GPT4 and GPT4-Turbo) for more than 80% of the prompts using only a small number of queries. This significantly improves upon the previous state-of-the-art black-box method for generating jailbreaks.”
Tree Of Thought (ToT) Outperforms Chain Of Thought (CoT) Reasoning
Another interesting conclusion reached in the research paper is that, for this particular task, ToT reasoning outperforms CoT reasoning, even when adding pruning to the CoT method, where off topic prompting is pruned and discarded.
ToT Underperforms With GPT 3.5 Turbo
The researchers discovered that ChatGPT 3.5 Turbo didn’t perform well with CoT, revealing the limitations of GPT 3.5 Turbo. Actually, GPT 3.5 performed exceedingly poorly, dropping from 84% success rate to only a 4.2% success rate.
This is their observation about why GPT 3.5 underperforms:
“We observe that the choice of the evaluator can affect the performance of TAP: changing the attacker from GPT4 to GPT3.5-Turbo reduces the success rate from 84% to 4.2%.
The reason for the reduction in success rate is that GPT3.5-Turbo incorrectly determines that the target model is jailbroken (for the provided goal) and, hence, preemptively stops the method.
As a consequence, the variant sends significantly fewer queries than the original method…”
What This Mean For You
While it’s amusing that the researchers use the ToT method to beat an LLM with another LLM, it also highlights the usefulness of ToT for generating surprising new directions in prompting in order to achieve higher levels of output.
- TL/DR Takeaways:
- Tree of Thought prompting outperformed Chain of Thought methods
- GPT 3.5 worked significantly poorly in comparison to GPT 4 in ToT
- Pruning is a useful part of a prompting strategy
- Research showed that ToT is superior to CoT in an intensive reasoning task like jailbreaking an LLM
Read the original research paper:
Tree of Attacks: Jailbreaking Black-Box LLMs Automatically (PDF)
Featured Image by Shutterstock/THE.STUDIO
GPT Store Set To Launch In 2024 After ‘Unexpected’ Delays
Is this X’s (formerly Twitter) final goodbye to big advertisers? It looks like it
Google Core Update Done Followed By Intense Search Volatility, New Structured Data, Google Ads Head Steps Down & 20 Years Covering Search
Next-gen chips, Amazon Q, and speedy S3
8 Best Zapier Alternatives to Automate Your Website
The Complete Guide to Becoming an Authentic Thought Leader
How to Increase Survey Completion Rate With 5 Top Tips
Firefox URL Tracking Removal – Is This A Trend To Watch?
How to Get Clients for Your Agency (That You’ll Love Working With)
OpenAI’s Drama Should Teach Marketers These 2 Lessons
-
SEO6 days agoGPT Store Set To Launch In 2024 After ‘Unexpected’ Delays
-
SOCIAL7 days agoIs this X’s (formerly Twitter) final goodbye to big advertisers? It looks like it
-
SEARCHENGINES6 days agoGoogle Core Update Done Followed By Intense Search Volatility, New Structured Data, Google Ads Head Steps Down & 20 Years Covering Search
-
TECHNOLOGY6 days agoNext-gen chips, Amazon Q, and speedy S3
-
WORDPRESS1 day ago8 Best Zapier Alternatives to Automate Your Website
-
MARKETING6 days agoThe Complete Guide to Becoming an Authentic Thought Leader
-
MARKETING7 days agoHow to Increase Survey Completion Rate With 5 Top Tips
-
SEO6 days agoFirefox URL Tracking Removal – Is This A Trend To Watch?
You must be logged in to post a comment Login