>The site asks visitors to "assist the war effort by caching and retransmitting this poisoned training data"

This aspect seems like a challenge for this to be a successful attack. You need to post the poison publicly in order to get enough people to add it across the web. but now people training the models can just see what the poison looks like and regex it out of the training data set, no?