top | item 47123172

(no title)

miroljub | 6 days ago

> So purely from a hacker perspective, I'm amused at the whining.

> Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.

From a pure hacker perspective, I'm surprised there are people calling a legitimate usage a "weakness you could exploit"?

What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.

Then Google unilaterally changed the TOS of a product people already purchased and started pulling the rug. And again, there are people who call themselves hackers who approve of that? Even worse, they call people calling out Google for their monopolistic behavior whining.

discuss

novaleaf|6 days ago

Arn't they yoinking an OAuth token for replay in the Claw app?

If so, I don't think anybody who knows how auth works could feign complete innocence.

gck1|5 days ago

People got banned for calling `gemini -p` (non-interactive mode) from wrappers like pi or opencode, too.

I understand how grabbing an oauth token via reverse engineering could be a ToS violation. But there's no other purpose for the `-p` flag other than to use it with a wrapper. Unless people enjoy having interactive conversations via non-interactive mode for some reason.

Even their documentation clearly states this flag exists for "building custom AI tools" [1]. How is OpenCode, OpenClaw etc not a "custom AI tool", where exactly is the line drawn?

This is just a rug pull.

[1] https://github.com/google-gemini/gemini-cli/blob/c7237f0c795...

rolymath|6 days ago

Google changed the ToS to disallow this usage? I'm pretty sure it was disallowed from the beginning

saalweachter|6 days ago

I mean, the "exploit" is really "we have an access key with overly-broad permissions and poor monitoring", but that's ... also kind of like 70% of old hacker stories?

"The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".

You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.

But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.

tapvt|6 days ago

This is where my mind went.

A curious person or two poking around is one thing.

A few hundred, or thousands, of "AI enthusiasts," or however you'd like to imagine OpenClaw users, could likely approach the scale of "a problem."

ValentineC|6 days ago

> What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.

It's technically possible, but Google didn't provide a feature allowing the creation of Antigravity or Gemini CLI API keys for use outside the respective apps.

bigyabai|6 days ago

> they call people calling out Google for their monopolistic behavior whining.

Google's monopoly is not in AI, it's advertisement. When you accuse them of ridiculous and unfounded crimes, you're diluting the chance of Google being held accountable. As someone that wants to see Google ripped apart by the FTC, we can't just lie and say everything Google does is criminal.

8note|6 days ago

the monopoly here is on web indexing, isnt it?