During out talks with F-Droid users at FOSDEM26 we were baf­fled to learn most were re­lieved that Google has can­celed their plans to lock-down Android.

Why baf­fled? Because no such thing ac­tu­ally hap­pened, the plans an­nounced last August are still sched­uled to take place. We see a bat­tle of PR cam­paigns and whomever has the last post out re­mains in the me­dia mem­ory as the truth, and hav­ing jour­nal­ists just copy/​paste Google posts serves no one.

But Google said… Said what? That there’s a mag­i­cal “advanced flow”? Did you see it? Did any­one ex­pe­ri­ence it? When is it sched­uled to be re­leased? Was it part of Android 16 QPR2 in December? Of 16 QPR3 Beta 2.1 last week? Of Android 17 Beta 1? No? That’s the is­sue… As time marches on peo­ple were left with the im­pres­sion that every­thing was done, fixed, Google “wasn’t evil” af­ter all, this time, yay!

While we all have bad mem­o­ries of “banners” as the dreaded ad de­liv­ery medium of the Internet, af­ter FOSDEM we de­cided that we have to raise the is­sue back and have every­one, who cares about Android as an open plat­form, in­formed that we are run­ning out of time un­til Google be­comes the gate-keeper of all users de­vices.

Hence, the web­site and start­ing to­day our clients, with the up­dates of F-Droid and F-Droid Basic, fea­ture a ban­ner that re­minds every­one how lit­tle time we have and how to voice their con­cerns to what­ever lo­cal au­thor­ity is able to un­der­stand the dan­gers of this path Android is led to.

We are not alone in our fight, IzzyOnDroid added a ban­ner too, more F-Droid clients will add the warn­ing ban­ner soon and other app down­load­ers, like Obtainium, al­ready have an in-app warn­ing di­a­logue.

Regarding F-Droid Basic rewrite, de­vel­op­ment con­tin­ues with a new re­lease 2.0-alpha3:

Note that if you are al­ready us­ing F-Droid Basic ver­sion 1.23.x, you won’t re­ceive this up­date au­to­mat­i­cally. You need to nav­i­gate to the app in­side F-Droid and tog­gle “Allow beta up­dates” in top right three dot menu.

In apps news, we’re slowly get­ting back on track with post Debian up­grade fixes (if your app still uses Java 17 is there a chance you can up­grade to 21?) and post FOSDEM de­lays. Every app is im­por­tant to us, yet ac­tions like the Google one above waste the time we could have put to bet­ter use in Gitlab.

Buses was up­dated to 1.10 af­ter a two year hia­tus.

Conversations and Quicksy were up­dated to 2.19.10+free im­prov­ing on clean­ing up af­ter banned users, a bet­ter QR work­flow and bet­ter tablet ro­ta­tion sup­port. These are nice, but an­other change raises our in­ter­est, “Play Store fla­vor: Stop us­ing Google li­brary and in­ter­face di­rectly with Google Play Service via IPC”. Sounds in­ter­est­ing for your app too? Is this a path to hav­ing one sin­gle ver­sion for both F-Droid and Play that is fully FLOSS? We don’t know yet, but we salute any trick that re­moves an­other pro­pri­etary de­pen­dency from the code. If cu­ri­ous feel free to take a look at the com­mit.

Dolphin Emulator was up­dated to 2512. We missed one ver­sion in be­tween so the changel­ogs are huge, luck­ily the devs pub­lish highly de­tailed posts about up­dates. So we’ll start with “Release 2509” (about 40 mins to read), we side-track with “Starlight Spotlight: A Hospital Wii in a New Light” (for about 50 mins), we con­tinue to the cur­rent re­lease in “Release 2512” (40 more min­utes) and we fin­ish with “Rise of the Triforce” delv­ing in his­tory for more than one hour.

Image Toolbox was up­dated to 3.6.1 adding many fixes and… some AI tools. Were you ex­pect­ing such helpers? Will you use them?

Luanti was up­dated to 5.15.1 adding some wel­comed fixes. If your game world started flick­er­ing af­ter the last up­date make sure to up­date.

Nextcloud apps are get­ting an up­date al­most every week, like Nextcloud was up­dated to 33.0.0, Nextcloud Cookbook to 0.27.0, Nextcloud Dev to 20260219, Nextcloud Notes to 33.0.0 and Nextcloud Talk was up­dated to 23.0.0.

But are you fol­low­ing the server side too? Nextcloud Hub 26 Winter was just re­leased adding a plethora of fea­tures. If you want to read about them, see the 30 min­utes post here or watch the one hour long video pre­sen­ta­tion from the team here.

ProtonVPN - Secure and Free VPN was up­dated to 5.15.70.0 adding more con­trol to auto-con­nects, coun­tries and cities. Also all con­nec­tions are han­dled now by WireGuard and Stealth pro­to­cols as the older OpenVPN was re­moved mak­ing the app al­most 40% smaller.

Offi was up­dated to 14.0 with a bit of code pol­ish. Unfortunately for Android 7 users, the app now needs Android 8 or later.

QUIK SMS was up­dated to 4.3.4 with many fixes. But Vishal praised the du­pli­cate re­mover, the de­fault auto de-du­pli­ca­tion func­tion and found that the bug that made deleted mes­sages reap­pear is fixed.

SimpleEmail was up­dated to 1.5.4 af­ter a 2 year pause. It’s just a fixes re­lease, up­dat­ing trans­la­tions and mak­ing the app com­pat­i­ble with Android 12 and later ver­sions.

* NeoDB You: A na­tive Android app for NeoDB de­signed with Material 3/You

Thank you for read­ing this week’s TWIF 🙂

Please sub­scribe to the RSS feed in your favourite RSS ap­pli­ca­tion to be up­dated of new TWIFs when they come up.

You are wel­come to join the TWIF fo­rum thread. If you have any news from the com­mu­nity, post it there, maybe it will be fea­tured next week 😉

To help sup­port F-Droid, please check out the do­na­tion page and con­tribute what you can.

We’re wrap­ping up our live cov­er­age of the Supreme Court de­ci­sion in Learning Resources, Inc v. Trump.

The ma­jor rul­ing - and Trump’s re­sponse - can be ex­pected to have an ef­fect on trade, the global econ­omy, Americans’ per­sonal fi­nances, pol­i­tics and more.

You can read what North America Correspondent Anthony Zurcher thinks it means for Trump’s sec­ond-term agenda here, as well as how Canada, one of the top US trad­ing part­ners, views the de­ci­sion.

We also have cov­ered the ma­jor turns of the day here, and our White House cor­re­spon­dent Bernd Debusmann has de­scribed what it was like to cover Trump’s press brief­ing about the rul­ing in this video.

We’ll be back when more big trade, Supreme Court, or other news breaks.

And I don’t just mean that no­body uses it any­more. Like, I knew every­one un­der 50 had moved on, but I did­n’t re­al­ize the ex­tent of the slop con­veyor belt that’s re­placed us.

I logged on for the first time in ~8 years to see if there was a group for my neigh­bor­hood (there was­n’t). Out of cu­rios­ity I thought I’d scroll a bit down the main feed.

The first post was the lat­est xkcd (a page I fol­low). The next ten posts were not by friends or pages I fol­low. They were ba­si­cally all thirst traps of young women, mostly AI-generated, with generic cap­tions. Here’s a sam­pler — mildly NSFW, but I did leave out a cou­ple of the lewder ones:

Yikes. Again, I don’t fol­low any of these pages. This is all just what Facebook is push­ing on me.

I know Twitter/X has worse prob­lems with spam bots in the replies, but this is the News Feed! It’s the main page of the site! It’s the prod­uct that de­fined mod­ern so­cial me­dia!

It was­n’t all like that, though. There was also an AI video of a po­lice­man con­fis­cat­ing a lit­tle boy’s bike, only to bring him a brand new one:

And there were some sloppy memes and jokes, mostly about re­la­tion­ships, like this (admittedly not AI) video sketch where a woman de­cides to in­ten­tion­ally start a fight with her boyfriend be­cause she’s on her pe­riod:

Maybe that is­n’t lit­er­ally about sex, but I’d clas­sify it as the same sort of lizard-brain-rot en­gage­ment bait as those self­ies.

Several com­menters have vouched that Yoleendadong makes funny, high-qual­ity con­tent and should­n’t be lumped in with AI slop. I’m just say­ing I think there’s a rea­son this par­tic­u­lar video of hers popped up, and it’s prob­a­bly the kind of en­gage­ment cre­ated by the premise.

Meta even gives us some help­ful ideas for sex­ist ques­tions we can ask their AI about the video:

Yep, that’s an­other “yikes” from me. To be fair, though, some­times that sug­gested ques­tions fea­ture is pretty use­ful! Like with this post, for ex­am­ple:

Why is she wear­ing pink heels? What is her per­son­al­ity? Great ques­tions, Meta.

I said these were “mostly” AI-generated. The truth is with how good the mod­els are get­ting these days, it’s hard to tell, and I think a cou­ple of them might be real peo­ple.

Still, some of these are pretty ob­vi­ously AI. Here’s one with a bunch of alien text and man­gled lo­gos on the score­board in the back­ground:

Hmm, I won­der if any­one has no­ticed this is AI? Let’s check out the com­ments and see if any­one’s pointed that ou—

…never mind. (I dunno, maybe those are all bots too.)

So: is this just some­thing wacky with my al­go­rithm?

I mean… maybe? That’s part of the whole thing with these al­go­rith­mic feeds; it’s hard to know if any­one else is see­ing what I’m see­ing.

On the one hand, I doubt most (straight) wom­en’s feeds would look like this. But on the other hand, I had­n’t logged in in nearly a decade! I hate to think what the feed looks like for some lonely old guy who’s been scrolling the lightly-clothed AI gooni­verse for hours every day.

Did every­one but me know it was like this? I’d seen screen­caps of stuff like the Jesus-statue-made-out-of-broccoli slop a year or two ago, but I thought that only hap­pened to grand­mas. I had­n’t heard it was this bad.

I won­der if this evo­lu­tion was less no­tice­able for peo­ple who are log­ging in every day. Or maybe it only gets this bad when there aren’t any posts from your ac­tual friends?

In any case, I stopped ex­plor­ing af­ter I saw a cou­ple more of those AI-generated pic­tures but with girls that looked like they were about ~14, which made me sick to my stom­ach. So long Facebook, see you never, un­til one day I in­ex­plic­a­bly need to use your plat­form to get up­dates from my kid’s school.

Skip to con­tent

Secure your code as you build

We read every piece of feed­back, and take your in­put very se­ri­ously.

Include my email ad­dress so I can be con­tacted

Use saved searches to fil­ter your re­sults more quickly

To see all avail­able qual­i­fiers, see our doc­u­men­ta­tion.

Sign up

You signed in with an­other tab or win­dow. Reload to re­fresh your ses­sion.

You signed out in an­other tab or win­dow. Reload to re­fresh your ses­sion.

You switched ac­counts on an­other tab or win­dow. Reload to re­fresh your ses­sion.

Notifications

You must be signed in to change no­ti­fi­ca­tion set­tings

ggml.ai joins Hugging Face to en­sure the long-term progress of Local AI

ggml.ai joins Hugging Face to en­sure the long-term progress of Local AI

Sign up for free

to join this con­ver­sa­tion on GitHub.

Already have an ac­count?

Sign in to com­ment

There was an er­ror while load­ing. Please re­load this page.

You can’t per­form that ac­tion at this time.

In 2017, WikiLeaks pub­lished Vault7 - a large cache of CIA hack­ing tools and in­ter­nal doc­u­ments. Buried among the ex­ploits and sur­veil­lance tools was some­thing far more mun­dane: a page of in­ter­nal de­vel­oper doc­u­men­ta­tion with git tips and tricks.

Most of it is fairly stan­dard stuff, amend­ing com­mits, stash­ing changes, us­ing bi­sect. But one tip has lived in my ~/.zshrc ever since.

Over time, a lo­cal git repo ac­cu­mu­lates stale branches. Every fea­ture branch, hot­fix, and ex­per­i­ment you’ve ever merged sits there do­ing noth­ing. git branch starts to look like a grave­yard.

You can list merged branches with:

git branch –merged

But delet­ing them one by one is te­dious. The CIA’s dev team has a cleaner so­lu­tion:

git branch –merged | grep -v “\*\|master” | xargs -n 1 git branch -d

* git branch –merged — lists all lo­cal branches that have al­ready been merged into the cur­rent branch

* grep -v “\*\|master” — fil­ters out the cur­rent branch (*) and mas­ter so you don’t delete ei­ther

* xargs -n 1 git branch -d — deletes each re­main­ing branch one at a time, safely (lowercase -d won’t touch un­merged branches)

Since most pro­jects now use main in­stead of mas­ter, you can up­date the com­mand and ex­clude any other branches you fre­quently use:

git branch –merged ori­gin/​main | grep -vE “^\s*(\*|main|develop)” | xargs -n 1 git branch -d

Run this from main af­ter a de­ploy­ment and your branch list goes from 40 en­tries back down to a hand­ful.

I keep this as a git alias so I don’t have to re­mem­ber the syn­tax:

alias cia­clean=‘git branch –merged ori­gin/​main | grep -vE “^\s*(\*|main|develop)” | xargs -n 1 git branch -d’

Then in your repo just run:

cia­clean

Small thing, but one of those com­mands that qui­etly saves a few min­utes every week and keeps me or­gan­ised.

You can fol­low me here for my lat­est thoughts and pro­jects

I’m a div­ing in­struc­tor. I’m also a plat­form en­gi­neer who spends lots of his time think­ing about and im­ple­ment­ing in­fra­struc­ture se­cu­rity. Sometimes those two worlds col­lide in un­ex­pected ways.

A Sula sula (Frigatebird) and a dive flag on the ac­tual boat where I found the vul­ner­a­bil­ity - some­where off Cocos Island.

While on a 14 day-long dive trip around Cocos Island in Costa Rica, I stum­bled across a vul­ner­a­bil­ity in the mem­ber por­tal of a ma­jor div­ing in­surer - one that I’m per­son­ally in­sured through. What I found was so triv­ial, so fun­da­men­tally bro­ken, that I gen­uinely could­n’t be­lieve it had­n’t been ex­ploited al­ready.

I dis­closed this vul­ner­a­bil­ity on April 28, 2025 with a stan­dard 30-day em­bargo pe­riod. That em­bargo ex­pired on May 28, 2025 - over eight months ago. I waited this long to pub­lish be­cause I wanted to give the or­ga­ni­za­tion every rea­son­able op­por­tu­nity to fully re­me­di­ate the is­sue and no­tify af­fected users. The vul­ner­a­bil­ity has since been ad­dressed, but to my knowl­edge, I have not re­ceived con­fir­ma­tion that af­fected users were no­ti­fied. I have reached out to the or­ga­ni­za­tion to ask for clar­i­fi­ca­tion on this mat­ter.

This is the story of what hap­pened when I tried to do the right thing.

To un­der­stand why this is so bad, you need to know how the reg­is­tra­tion process works. As a div­ing in­struc­tor, I reg­is­ter my stu­dents (to get them in­sured) through my ac­count on the por­tal. I en­ter their per­sonal in­for­ma­tion with their con­sent - name, date of birth, ad­dress, phone num­ber, email - and the sys­tem cre­ates an ac­count for them. The stu­dent then re­ceives an email with their new ac­count cre­den­tials: a nu­meric user ID and a de­fault pass­word. They might log in to com­plete ad­di­tional in­for­ma­tion, or they might never touch the por­tal again.

When I reg­is­tered three stu­dents in quick suc­ces­sion, they were sit­ting right next to me and checked their wel­come emails. The user IDs were nearly iden­ti­cal - se­quen­tial num­bers, one af­ter the other. That’s when it clicked that some­thing re­ally bad was go­ing on.

Now here’s the prob­lem: the por­tal used in­cre­ment­ing nu­meric user IDs for lo­gin. User XXXXXX0, XXXXXX1, XXXXXX2, and so on. That alone is a red flag, but it gets worse: every ac­count was pro­vi­sioned with a sta­tic de­fault pass­word that was never en­forced to be changed on first lo­gin. And many users - es­pe­cially stu­dents who had their ac­counts cre­ated for them by their in­struc­tors - never changed it.

So the “authentication” to ac­cess a user’s full pro­file - name, ad­dress, phone num­ber, email, date of birth - was:

Type the same de­fault pass­word that every ac­count shares on ac­count cre­ation.

There’s a good chance you get in.

That’s it. No rate lim­it­ing. No ac­count lock­out. No MFA. Just an in­cre­ment­ing in­te­ger and a pass­word that might as well have been pass­word123.

I ver­i­fied the is­sue with the min­i­mum ac­cess nec­es­sary to con­firm the scope - and stopped im­me­di­ately af­ter.

I did every­thing by the book. I con­tacted CSIRT Malta (MaltaCIP) first - since the or­ga­ni­za­tion is reg­is­tered in Malta, this is the com­pe­tent na­tional au­thor­ity. The Maltese National Coordinated Vulnerability Disclosure Policy (NCVDP) ex­plic­itly re­quires that con­firmed vul­ner­a­bil­i­ties be re­ported to both the re­spon­si­ble or­ga­ni­za­tion and CSIRTMalta.

As a fel­low div­ing in­struc­tor in­sured through [the or­ga­ni­za­tion] and a full-time Linux Platform Engineer, I am con­tact­ing you to re­spon­si­bly dis­close a crit­i­cal vul­ner­a­bil­ity I iden­ti­fied within the [the or­ga­ni­za­tion]’s user ac­count sys­tem.

During re­cent test­ing, I dis­cov­ered that user ac­counts - in­clud­ing those of un­der­age stu­dents - are ac­ces­si­ble through a com­bi­na­tion of pre­dictable User ID enu­mer­a­tion (incrementing user IDs) and the use of a sta­tic de­fault pass­word that is not en­forced to be changed upon first lo­gin. This mis­con­fig­u­ra­tion cur­rently ex­poses sen­si­tive per­sonal data (e.g., names, ad­dresses, con­tact in­for­ma­tion - in­clud­ing phone num­bers and emails -, dates of birth) and rep­re­sents mul­ti­ple GDPR vi­o­la­tions.

Exposure of sen­si­tive and un­der­age user data with­out ad­e­quate safe­guards

For ini­tial con­fir­ma­tion, I am at­tach­ing a screen­shot from Member ID XXXXXXX show­ing the ex­posed data, partly redacted for pri­vacy rea­sons.

Additionally, for trans­parency and val­i­da­tion, I have shared my proof-of-con­cept code se­curely via an en­crypted paste ser­vice: [link redacted]

In the spirit of re­spon­si­ble dis­clo­sure, I have al­ready in­formed CSIRT Malta (in CC) to of­fi­cially ini­ti­ate a re­port­ing process, given [the or­ga­ni­za­tion]’s op­er­a­tional pres­ence in Malta.

I kindly re­quest that [the or­ga­ni­za­tion] ac­knowl­edges re­ceipt of this dis­clo­sure within 7 days.

I am of­fer­ing a win­dow of 30 days from to­day the 28th of April 2025 for [the or­ga­ni­za­tion] to mit­i­gate or re­solve the vul­ner­a­bil­ity be­fore I con­sider any pub­lic dis­clo­sure.

Please note that I am fully avail­able to as­sist your IT team with tech­ni­cal de­tails, ver­i­fi­ca­tion steps and rec­om­men­da­tions from a se­cu­rity per­spec­tive.

I strongly rec­om­mend as­sign­ing an IT-Security Point of Contact (PoC) for di­rect col­lab­o­ra­tion on this is­sue.

Thank you very much for your at­ten­tion to this crit­i­cal mat­ter. I am look­ing for­ward to work­ing with you to­wards a se­cure res­o­lu­tion.

Both of these time­lines are stan­dard - if any­thing, gen­er­ous - in re­spon­si­ble dis­clo­sure frame­works.

Two days later, I got a re­ply. Not from their IT team. From their Data Privacy Officers (DPO’s) law firm.

The let­ter opened po­litely enough - they ac­knowl­edged the is­sue and said they’d launched an in­ves­ti­ga­tion. They even men­tioned they were re­set­ting de­fault pass­words and plan­ning to roll out 2FA. Good.

But then the tone shifted:

While we gen­uinely ap­pre­ci­ate your seem­ingly good in­ten­tions and trans­parency in high­light­ing this mat­ter to our at­ten­tion, we must re­spect­fully note that no­ti­fy­ing the au­thor­i­ties prior to con­tact­ing the Group cre­ates ad­di­tional com­plex­i­ties in how the mat­ter is per­ceived and ad­dressed and also ex­poses us to un­fair li­a­bil­ity.

Let me trans­late: “We wish you had­n’t told the gov­ern­ment about our se­cu­rity is­sue.”

It got bet­ter:

We also do not ap­pre­ci­ate your threat to make this mat­ter pub­lic […] and re­mind you that you may be held ac­count­able for any dam­age we, or the data sub­jects, may suf­fer as a re­sult of your own ac­tions, which ac­tions likely con­sti­tute a crim­i­nal of­fence un­der Maltese law.

So, to be clear: their por­tal had a de­fault pass­word on every ac­count, ex­pos­ing per­sonal data in­clud­ing that of chil­dren, and I’m the one who “likely” com­mit­ted a crim­i­nal of­fence by find­ing it and telling them.

They also sent a de­c­la­ra­tion they wanted me to sign - while re­quest­ing my pass­port ID - con­firm­ing I’d deleted all data, would­n’t dis­close any­thing, and would keep the en­tire mat­ter “strictly con­fi­den­tial.” The dead­line? End of busi­ness the same day they sent it.

This de­c­la­ra­tion in­cluded the fol­low­ing gem:

I also de­clare that I shall keep the con­tent of this de­c­la­ra­tion strictly con­fi­den­tial.

That’s an NDA with ex­tra steps: I was be­ing asked to sign away my right to dis­cuss the dis­clo­sure process it­self - in­clud­ing the fact that I found a vul­ner­a­bil­ity in their sys­tem - un­der threat of le­gal ac­tion.

Then came the re­minders. One “friendly” re­minder. Then an “urgent” one. Sign the de­c­la­ra­tion. De-escalate. Move on. Quietly.

I gen­er­ally refuse to sign con­fi­den­tial­ity clauses in cases in­volv­ing ex­po­sure of sen­si­tive in­for­ma­tion, and I did so here as well. Coordinated dis­clo­sure de­pends on trans­parency and trust be­tween re­searchers and or­ga­ni­za­tions: trust that af­fected users will be in­formed, and trust that a re­port leads to real re­me­di­a­tion.

Given that the or­ga­ni­za­tion in ques­tion had al­ready breached that trust by ex­pos­ing per­sonal data through weak con­trols, I was­n’t will­ing to grant blan­ket con­fi­den­tial­ity that could be used to keep the in­ci­dent out of pub­lic scrutiny. And with try­ing to ac­tual si­lence me through le­gal threats, they had al­ready made it clear that their pri­or­ity was rep­u­ta­tion man­age­ment over user data pro­tec­tion. So I stood my ground.

Instead, I of­fered to sign a mod­i­fied de­c­la­ra­tion con­firm­ing data dele­tion. I had no in­ter­est in re­tain­ing any­one’s per­sonal data, but I was not go­ing to agree to si­lence about the dis­clo­sure process it­self.

I also pointed out that, un­der Malta’s NCVDP, in­volv­ing CSIRT Malta is part of the ex­pected re­port­ing path - not a hos­tile act - and that pub­lish­ing post-re­me­di­a­tion analy­ses is stan­dard prac­tice in the se­cu­rity com­mu­nity.

Their re­sponse dou­bled down. They cited Article 337E of the Maltese Criminal Code - com­puter mis­use - and help­fully re­minded me that:

Art. 337E of the Criminal Code also pro­vides that “If any act is com­mit­ted out­side Malta which, had it been com­mit­ted in Malta, would have con­sti­tuted an of­fence […] it shall […] be deemed to have been com­mit­ted in Malta.” Meaning that your ac­tions would be deemed a crim­i­nal of­fence in Malta, even if com­mit­ted in an­other coun­try.

They also made their po­si­tion on dis­clo­sure crys­tal clear, af­ter I re­it­er­ated my re­fusal to sign their NDA:

We ob­ject strongly to the use of [the or­ga­ni­za­tion’s name] in any such blogs or con­fer­ences you may write/​at­tend as this would be a dis­pro­por­tion­ate harm to [the or­ga­ni­za­tion’s] rep­u­ta­tion […]. We re­serve our rights at law to hold you re­spon­si­ble for any dam­ages [the or­ga­ni­za­tion] may suf­fer as a re­sult of any such pub­lic dis­clo­sures you may make.

That’s fine by me. Because here’s the thing: The vul­ner­a­bil­ity has been fixed. Default pass­words have been re­set. 2FA is be­ing rolled out. I feel sorry for the de­vel­oper(s) who had to clean up this mess, but at least the is­sue is no longer ex­ploitable. Sure, it would have been bet­ter if the or­ga­ni­za­tion had thanked me and taken re­spon­si­bil­ity for no­ti­fy­ing af­fected users. If the in­ci­dent qual­i­fied as a per­sonal data breach (which it does) and was likely to re­sult in a (high) risk to in­di­vid­u­als - es­pe­cially given mi­nors were in­volved - GDPR Articles 33 and 34 gen­er­ally re­quire no­ti­fi­ca­tion to the su­per­vi­sory au­thor­ity and com­mu­ni­ca­tion to af­fected data sub­jects.

GDPR Article 34(1) When the per­sonal data breach is likely to re­sult in a high risk to the rights and free­doms of nat­ural per­sons, the con­troller shall com­mu­ni­cate the per­sonal data breach to the data sub­ject with­out un­due de­lay.

GDPR Article 34(2) The com­mu­ni­ca­tion to the data sub­ject re­ferred to in para­graph 1 of this Article shall de­scribe in clear and plain lan­guage the na­ture of the per­sonal data breach and con­tain at least the in­for­ma­tion and mea­sures re­ferred to in points (b), (c) and (d) of Article 33(3).

I have not re­ceived con­fir­ma­tion that those no­ti­fi­ca­tions were ever car­ried out.

My favourite part was the or­ga­ni­za­tion’s po­si­tion on whose fault this ac­tu­ally was:

We con­tend that it is the re­spon­si­bil­ity of users to change their own pass­word (after we al­lo­cate a de­fault one).

Read that again. A com­pany that as­signed the same de­fault pass­word to every ac­count, never forced a pass­word change, and used in­cre­ment­ing nu­meric IDs as user­names is blam­ing the users for not se­cur­ing their own ac­counts. Accounts that in­clude those of mi­nors.

GDPR Article 5(1)(f) (integrity and con­fi­den­tial­ity): Personal data shall be processed in a man­ner that en­sures ap­pro­pri­ate se­cu­rity of the per­sonal data, in­clud­ing pro­tec­tion against unau­tho­rised or un­law­ful pro­cess­ing and against ac­ci­den­tal loss, de­struc­tion or dam­age, us­ing ap­pro­pri­ate tech­ni­cal or or­gan­i­sa­tional mea­sures.

Under GDPR, the data con­troller (namely: the or­ga­ni­za­tion) is re­spon­si­ble for im­ple­ment­ing ap­pro­pri­ate tech­ni­cal and or­ga­ni­za­tional mea­sures to en­sure data se­cu­rity. A sta­tic de­fault pass­word on an IDOR-vulnerable por­tal is not an “appropriate mea­sure” by any de­f­i­n­i­tion.

GDPR Article 24(1) (controller re­spon­si­bil­ity): Taking into ac­count the na­ture, scope, con­text and pur­poses of pro­cess­ing as well as the risks of vary­ing like­li­hood and sever­ity for the rights and free­doms of nat­ural per­sons, the con­troller shall im­ple­ment ap­pro­pri­ate tech­ni­cal and or­gan­i­sa­tional mea­sures to en­sure and to be able to demon­strate that pro­cess­ing is per­formed in ac­cor­dance with this Regulation. Those mea­sures shall be re­viewed and up­dated where nec­es­sary.

This is­n’t an iso­lated case. The se­cu­rity re­search com­mu­nity has been deal­ing with this pat­tern for decades: find a vul­ner­a­bil­ity, re­port it re­spon­si­bly, get threat­ened with le­gal ac­tion. It’s so com­mon it has a name - the chill­ing ef­fect.

Organizations that re­spond to dis­clo­sure with lawyers in­stead of en­gi­neers are telling the world some­thing im­por­tant: they care more about their rep­u­ta­tion than about the data they’re sup­posed to pro­tect.

And the real irony? The le­gal threats are the rep­u­ta­tion dam­age. Not the vul­ner­a­bil­ity it­self - vul­ner­a­bil­i­ties hap­pen to every­one. It’s the re­sponse that tells you every­thing about an or­ga­ni­za­tion’s se­cu­rity cul­ture.

What Should Have Happened

Acknowledge the re­port - they did this, to be fair.

Fix the vul­ner­a­bil­ity - they started on this too.

Thank the re­searcher - in­stead of threat­en­ing them with crim­i­nal pros­e­cu­tion.

Have a CVD pol­icy - so re­searchers know how to re­port is­sues and what to ex­pect.

Notify af­fected users - es­pe­cially the par­ents of un­der­age mem­bers whose data was ex­posed.

Not try to si­lence the re­searcher with NDAs dis­guised as “declarations.”

What You Can Do

Publish a Coordinated Vulnerability Disclosure pol­icy. It does­n’t have to be com­plex - maybe be­gin with a se­cu­rity.txt file and a clear process that fa­vors trans­parency.

Thank re­searchers for help­ing you im­prove your se­cu­rity pos­ture.

Don’t shoot the mes­sen­ger. The per­son re­port­ing the bug is not your en­emy. The bug is.

Don’t blame your users for se­cu­rity fail­ures that are your re­spon­si­bil­ity as a data con­troller.

Always in­volve your na­tional CSIRT. It pro­tects you and cre­ates an of­fi­cial record.

Document every­thing. Every email, every time­stamp, every re­sponse.

Don’t sign NDAs that pre­vent you from dis­cussing the dis­clo­sure process. But you can agree to delete data (and MUST do so!) with­out agree­ing to si­lence.

Know your rights. Many ju­ris­dic­tions have le­gal pro­tec­tions for good-faith se­cu­rity re­search. The EU’s NIS2 Directive en­cour­ages co­or­di­nated vul­ner­a­bil­ity dis­clo­sure.

Because right now, in 2026, re­port­ing a triv­ial vul­ner­a­bil­ity ex­pos­ing per­sonal data - in­clud­ing that of chil­dren - still gets met with le­gal threats in­stead of grat­i­tude. And that’s a prob­lem for all of us. Let’s burn some Tokens! - AI Chatbot Cost Exploitation as an Attack VectorLet’s burn some Tokens! - AI Chatbot Cost Exploitation as an Attack VectorMany com­pa­nies ship AI chat­bots as thin wrap­pers around com­mer­cial LLM APIs with zero cost con­trols. What if a tool be­haved like an overly en­gaged, per­fectly valid user - and just burned through their bud­get?Im­print / ImpressumData Privacy / DatenschutzDo you know the code?

Dependabot is a noise ma­chine. It makes you feel like you’re do­ing work, but you’re ac­tu­ally dis­cour­ag­ing more use­ful work. This is es­pe­cially true for se­cu­rity alerts in the Go ecosys­tem.

I rec­om­mend turn­ing it off and re­plac­ing it with a pair of sched­uled GitHub Actions, one run­ning gov­ul­ncheck, and the other run­ning your test suite against the lat­est ver­sion of your de­pen­den­cies.

On Tuesday, I pub­lished a se­cu­rity fix for fil­ippo.io/​ed­ward­s25519. The (*Point).MultiScalarMult method would pro­duce in­valid re­sults if the re­ceiver was not the iden­tity point.

A lot of the Go ecosys­tem de­pends on fil­ippo.io/​ed­ward­s25519, mostly through github.com/​go-sql-dri­ver/​mysql (228k de­pen­dents only on GitHub). Essentially no one uses (*Point).MultiScalarMult.

Yesterday, Dependabot opened thou­sands of PRs against un­af­fected repos­i­to­ries to up­date fil­ippo.io/​ed­ward­s25519. These PRs were ac­com­pa­nied by a se­cu­rity alert with a non­sen­si­cal, made up CVSS v4 score and by a wor­ry­ing 73% com­pat­i­bil­ity score, al­legedly based on the break­age the up­date is caus­ing in the ecosys­tem. Note that the diff be­tween v1.1.0 and v1.1.1 is one line in the method no one uses.

We even got one of these alerts for the Wycheproof repos­i­tory, which does not im­port the af­fected fil­ippo.io/​ed­ward­s25519 pack­age at all. Instead, it only im­ports the un­af­fected fil­ippo.io/​ed­ward­s25519/​field pack­age.

$ go mod why -m fil­ippo.io/​ed­ward­s25519

# fil­ippo.io/​ed­ward­s25519

github.com/​c2sp/​wyche­p­roof/​tools/​twistcheck

fil­ippo.io/​ed­ward­s25519/​field

We have turned Dependabot off.

But is­n’t this toil un­avoid­able, to pre­vent at­tack­ers from ex­ploit­ing old vul­ner­a­bil­i­ties in your de­pen­den­cies? Absolutely not!

Computers are per­fectly ca­pa­ble of do­ing the work of fil­ter­ing out these ir­rel­e­vant alerts for you. The Go Vulnerability Database has rich ver­sion, pack­age, and sym­bol meta­data for all Go vul­ner­a­bil­i­ties.

Here’s the en­try for the fil­ippo.io/​ed­ward­s25519 vul­ner­a­bil­ity, also avail­able in stan­dard OSV for­mat.

mod­ules:

- mod­ule: fil­ippo.io/​ed­ward­s25519

ver­sions:

- fixed: 1.1.1

vul­ner­a­ble_at: 1.1.0

pack­ages:

- pack­age: fil­ippo.io/​ed­ward­s25519

sym­bols:

- Point.MultiScalarMult

sum­mary: Invalid re­sult or un­de­fined be­hav­ior in fil­ippo.io/​ed­ward­s25519

de­scrip­tion: |-

Previously, if MultiScalarMult was in­voked on an

ini­tial­ized point who was not the iden­tity point, MultiScalarMult

pro­duced an in­cor­rect re­sult. If called on an

unini­tial­ized point, MultiScalarMult ex­hib­ited un­de­fined be­hav­ior.

cves:

- CVE-2026-26958

cred­its:

- sha­har­co­hen1

- WeebDataHoarder

ref­er­ences:

- ad­vi­sory: https://​github.com/​FiloSot­tile/​ed­ward­s25519/​se­cu­rity/​ad­vi­sories/​GHSA-fw7p-63qq-7hpr

- fix: https://​github.com/​FiloSot­tile/​ed­ward­s25519/​com­mit/​d1c650af­b95­fad0742b98d95f2e­b2cf031393abb

source:

id: go-se­cu­rity-team

cre­ated: 2026-02-17T14:45:04.271552-05:00

re­view_s­ta­tus: REVIEWED

Any de­cent vul­ner­a­bil­ity scan­ner will at the very least fil­ter based on the pack­age, which re­quires a sim­ple go list -deps ./…. This al­ready si­lences a lot of noise, be­cause it’s com­mon and good prac­tice for mod­ules to sep­a­rate func­tion­al­ity rel­e­vant to dif­fer­ent de­pen­dents into dif­fer­ent sub-pack­ages. For ex­am­ple, it would have avoided the false alert against the Wycheproof repos­i­tory.

If you use a third-party vul­ner­a­bil­ity scan­ner, you should de­mand at least pack­age-level fil­ter­ing.

Good vul­ner­a­bil­ity scan­ners will go fur­ther, though, and fil­ter based on the reach­a­bil­ity of the vul­ner­a­ble sym­bol us­ing sta­tic analy­sis. That’s what gov­ul­ncheck does!

$ go mod why -m fil­ippo.io/​ed­ward­s25519

# fil­ippo.io/​ed­ward­s25519

fil­ippo.io/​sun­light/​in­ter­nal/​ct­log

github.com/​google/​cer­tifi­cate-trans­parency-go/​tril­lian/​ctfe

github.com/​go-sql-dri­ver/​mysql

fil­ippo.io/​ed­ward­s25519

$ gov­ul­ncheck ./…

=== Symbol Results ===

No vul­ner­a­bil­i­ties found.

Your code is af­fected by 0 vul­ner­a­bil­i­ties.

This scan also found 1 vul­ner­a­bil­ity in pack­ages you im­port and 2

vul­ner­a­bil­i­ties in mod­ules you re­quire, but your code does­n’t ap­pear to call

these vul­ner­a­bil­i­ties.

Use ‘-show ver­bose’ for more de­tails.

gov­ul­ncheck no­ticed that my pro­ject in­di­rectly de­pends on fil­ippo.io/​ed­ward­s25519 through github.com/​go-sql-dri­ver/​mysql, which does not make the vul­ner­a­ble sym­bol reach­able, so it chose not to no­tify me.

If you want, you can tell it to show the pack­age- and mod­ule-level matches.

$ gov­ul­ncheck -show ver­bose,color ./…

Fetching vul­ner­a­bil­i­ties from the data­base…

Checking the code against the vul­ner­a­bil­i­ties…

The pack­age pat­tern matched the fol­low­ing 16 root pack­ages:

fil­ippo.io/​sun­light

fil­ippo.io/​sun­light/​in­ter­nal/​std­log

Govulncheck scanned the fol­low­ing 54 mod­ules and the go1.26.0 stan­dard li­brary:

fil­ippo.io/​sun­light

craw­shaw.io/​sqlite@v0.3.3-0.20220618202545-d1964889ea3c

fil­ippo.io/​big­mod@v0.0.3

fil­ippo.io/​ed­ward­s25519@v1.1.0

fil­ippo.io/​key­gen@v0.0.0-20240718133620-7f162ef­bb­d87

fil­ippo.io/​torch­wood@v0.8.0

=== Symbol Results ===

No vul­ner­a­bil­i­ties found.

=== Package Results ===

Vulnerability #1: GO-2026-4503

Invalid re­sult or un­de­fined be­hav­ior in fil­ippo.io/​ed­ward­s25519

More info: https://​pkg.go.dev/​vuln/​GO-2026-4503

Module: fil­ippo.io/​ed­ward­s25519

Found in: fil­ippo.io/​ed­ward­s25519@v1.1.0

Fixed in: fil­ippo.io/​ed­ward­s25519@v1.1.1

=== Module Results ===

Vulnerability #1: GO-2025-4135

Malformed con­straint may cause de­nial of ser­vice in

golang.org/​x/​crypto/​ssh/​agent

More info: https://​pkg.go.dev/​vuln/​GO-2025-4135

Module: golang.org/​x/​crypto

Found in: golang.org/​x/​crypto@v0.44.0

Fixed in: golang.org/​x/​crypto@v0.45.0

Vulnerability #2: GO-2025-4134

Unbounded mem­ory con­sump­tion in golang.org/​x/​crypto/​ssh

More info: https://​pkg.go.dev/​vuln/​GO-2025-4134

Module: golang.org/​x/​crypto

Found in: golang.org/​x/​crypto@v0.44.0

Fixed in: golang.org/​x/​crypto@v0.45.0

Your code is af­fected by 0 vul­ner­a­bil­i­ties.

This scan also found 1 vul­ner­a­bil­ity in pack­ages you im­port and 2

vul­ner­a­bil­i­ties in mod­ules you re­quire, but your code does­n’t ap­pear to call

these vul­ner­a­bil­i­ties.

The English-language edi­tion of Wikipedia is black­list­ing Archive.today af­ter the con­tro­ver­sial archive site was used to di­rect a dis­trib­uted de­nial of ser­vice (DDoS) at­tack against a blog.

In the course of dis­cussing whether Archive.today should be dep­re­cated be­cause of the DDoS, Wikipedia ed­i­tors dis­cov­ered that the archive site al­tered snap­shots of web­pages to in­sert the name of the blog­ger who was tar­geted by the DDoS. The al­ter­ations were ap­par­ently fu­eled by a grudge against the blog­ger over a post that de­scribed how the Archive.today main­tainer hid their iden­tity be­hind sev­eral aliases.

“There is con­sen­sus to im­me­di­ately dep­re­cate archive.to­day, and, as soon as prac­ti­ca­ble, add it to the spam black­list (or cre­ate an edit fil­ter that blocks adding new links), and re­move all links to it,” stated an up­date to­day on Wikipedia’s Archive.today dis­cus­sion. “There is a strong con­sen­sus that Wikipedia should not di­rect its read­ers to­wards a web­site that hi­jacks users’ com­put­ers to run a DDoS at­tack (see WP:ELNO#3). Additionally, ev­i­dence has been pre­sented that archive.to­day’s op­er­a­tors have al­tered the con­tent of archived pages, ren­der­ing it un­re­li­able.”

More than 695,000 links to Archive.today are dis­trib­uted across 400,000 or so Wikipedia pages. The archive site is com­monly used to by­pass news pay­walls, and the FBI has on the site op­er­a­tor’s iden­tity with a sub­poena to do­main reg­is­trar Tucows.

“Those in fa­vor of main­tain­ing the sta­tus quo rested their ar­gu­ments pri­mar­ily on the util­ity of archive.to­day for ver­i­fi­a­bil­ity,” said to­day’s Wikipedia up­date. “However, an analy­sis of ex­ist­ing links has shown that most of its uses can be re­placed. Several ed­i­tors started to work out im­ple­men­ta­tion de­tails dur­ing this RfC [request for com­ment] and the com­mu­nity should fig­ure out how to ef­fi­ciently re­move links to archive.to­day.”

Guidance pub­lished as a re­sult of the de­ci­sion asked ed­i­tors to help re­move and re­place links to the fol­low­ing do­main names used by the archive site: archive.to­day, archive.is, archive.ph, archive.fo, archive.li, archive.md, and archive.vn. The guid­ance says ed­i­tors can re­move Archive.today links when the orig­i­nal source is still on­line and has iden­ti­cal con­tent; re­place the archive link so it points to a dif­fer­ent archive site, like the Internet Archive, Ghostarchive, or Megalodon; or “change the orig­i­nal source to some­thing that does­n’t need an archive (e.g., a source that was printed on pa­per), or for which a link to an archive is only a mat­ter of con­ve­nience.”

The first sign that some­thing in San Francisco had gone very badly wrong was the signs. In New York, all the ad­ver­tis­ing on the streets and on the sub­way as­sumes that you, the per­son read­ing, are an am­bi­ently de­pressed twenty-eight-year-old of­fice worker whose main in­ter­ests are lis­ten­ing to pod­casts, or­der­ing de­liv­ery, and vot­ing for the Democrats. I thought I found that an­noy­ing, but in San Francisco they don’t bother ad­ver­tis­ing nor­mal things at all. The city is tem­per­ate and brightly col­ored, with plenty of pleas­ant trees, but on every cor­ner it speaks to you in an ag­gres­sively alien non­sense. Here the world au­to­mat­i­cally as­sumes that in­stead of want­ing food or drinks or a new phone or car, what you want is some kind of ar­cane B2B ser­vice for your startup. You are not a pas­sive con­sumer. You are mak­ing some­thing.

This as­sump­tion is re­mark­ably out of step with the peo­ple who ac­tu­ally in­habit the city’s pub­lic space. At a bus stop, I saw a poster that read: is done be­fore your ai girl­friend breaks up with you. Beneath it, a man squat­ted on the pave­ment, star­ing at noth­ing in par­tic­u­lar, a glass pipe droop­ing from his fin­gers. I don’t know if he needed SOC 2 done any more than I did. A few blocks away, I saw a bill­board that read: no one cares about your prod­uct. A man paced in front of the ad­ver­tise­ment, chant­ing to him­self. “This . . . is . . . nec­es­sary! This . . . is . . . nec­es­sary!” On each “necessary” he swung his arms up in ex­al­ta­tion. He was, I no­ticed, hold­ing an alarm­ingly large baby-pink pock­etknife. Passersby in sight of the bill­board that read did not seem piqued by the prospect of hav­ing their met­rics con­stantly an­a­lyzed. I could­n’t find any­one who wanted to . After spend­ing slightly too long in the city, I found that the var­i­ous forms of non­sense all started to bleed into one an­other. The mo­tion­less peo­ple drool­ing on the side­walk, the Waymos whoosh­ing around with no one in­side. A kind of per­va­sive mind­less­ness. Had I seen a bill­board or a mad­man preach­ing about “a CRM so smart, it up­dates it­self”? Was it a per­son in rags mut­ter­ing about how all his move­ments were be­ing con­trolled by shad­owy pow­ers work­ing out of a data cen­ter some­where, or was it a car?

Somehow peo­ple man­age to live here. But of all the strange and mad­den­ing mes­sages posted around this city, there was one par­tic­u­lar type of bill­board that the peo­ple of San Francisco could­n’t bear. People shud­dered at the sight of it, or groaned, or cov­ered their eyes. The ad­ver­tiser was the most ut­terly de­spised startup in the en­tire tech land­scape. Weirdly, its ads were the only ones I saw that ap­peared to be writ­ten in any­thing like English:

hi my name is roy

i got kicked out of school for cheat­ing.

buy my cheat­ing tool

cluely.com

Cluely and its co-founder Chungin “Roy” Lee were in­tensely, and in­ten­tion­ally, con­tro­ver­sial. They’re no longer in San Francisco, hav­ing been es­sen­tially chased out of the city by the Planning Commission. The com­pany is loathed seem­ingly out of pro­por­tion to what its prod­uct ac­tu­ally is, which is a janky, glitch­ing in­ter­face for ChatGPT and other AI mod­els. It’s not in a par­tic­u­larly glam­orous mar­ket: Cluely is pitched at or­di­nary of­fice drones in their thir­ties, work­ing or­di­nary bull­shit email jobs. It’s there to as­sist you in Zoom meet­ings and sales calls. It in­volves us­ing AI to do your job for you, but this is what pretty much every­one is do­ing al­ready. The cafés of San Francisco are full of highly paid tech work­ers clat­ter­ing away on their key­boards; if you peer at their screens to get a closer look, you’ll gen­er­ally find them copy­ing and past­ing ma­te­r­ial from a ChatGPT win­dow. A lot of the other com­plaints about Cluely seem sim­i­larly hyp­o­crit­i­cal. The com­pany is fu­eled by cheap vi­ral hype, rather than an ac­tual work­able prod­uct—but this is a strange thing to get up­set about when you con­sider that, back in the era of zero in­ter­est rates, Silicon Valley in­vestors sank $120 mil­lion into some­thing called the Juicero, a Wi-Fi-enabled smart juicer that made fresh juice from fruit sa­chets that you could, it turned out, just as eas­ily squeeze be­tween your hands.

What I dis­cov­ered, though, is that be­hind all these small com­plaints, there’s some­thing much more se­ri­ous. Roy Lee is not like other peo­ple. He be­longs to a new and pos­si­bly per­ma­nent over­class. One of the per­va­sive new doc­trines of Silicon Valley is that we’re in the early stages of a bi­fur­ca­tion event. Some peo­ple will do in­cred­i­bly well in the new AI era. They will be­come rich and pow­er­ful be­yond any­thing we can cur­rently imag­ine. But other peo­ple—a lot of other peo­ple—will be­come use­less. They will be con­signed to the same mis­er­able fate as the peo­ple cur­rently mut­ter­ing on the streets of San Francisco, cold and help­less in a world they no longer un­der­stand. The skills that could lift you out of the new per­ma­nent un­der­class are not the skills that mat­tered be­fore. For a long time, the tech in­dus­try liked to think of it­self as a mer­i­toc­racy: it re­warded qual­i­ties like in­tel­li­gence, com­pe­tence, and ex­per­tise. But all that barely mat­ters any­more. Even at big firms like Google, a quar­ter of the code is now writ­ten by AI. Individual in­tel­li­gence will mean noth­ing once we have su­per­hu­man AI, at which point the dif­fer­ence be­tween an ob­scenely tal­ented giga-nerd and an or­di­nary six-pack-drink­ing bozo will be about as mean­ing­ful as the dif­fer­ence be­tween any two ants. If what you do in­volves any­thing re­lated to the hu­man ca­pac­ity for rea­son, re­flec­tion, in­sight, cre­ativ­ity, or thought, you will be meat for the coltan mines.

The fu­ture will be­long to peo­ple with a very spe­cific com­bi­na­tion of per­son­al­ity traits and psy­cho­sex­ual neu­roses. An AI might be able to code faster than you, but there is one ad­van­tage that hu­mans still have. It’s called agency, or be­ing highly agen­tic. The highly agen­tic are peo­ple who just do things. They don’t timidly wait for per­mis­sion or con­sen­sus; they drive like bull­doz­ers through what­ev­er’s in their way. When they see some­thing that could be changed in the world, they don’t write a lengthy cri­tique—they change it. AIs are not ca­pa­ble of ac­cess­ing what­ever un­pleas­ant child­hood ex­pe­ri­ence it is that gives you this hunger. Agency is now the most valu­able com­mod­ity in Silicon Valley. In tech in­ter­views, it’s com­mon for can­di­dates to be asked whether they’re “mimetic” or “agentic.” You do not want to say mimetic. Once, San Francisco drew in run­away chil­dren, artists, and freaks; to­day it’s an enor­mous mag­net for highly agen­tic young men. I set out to meet them.

Roy Lee’s per­sonal mythol­ogy is now firmly es­tab­lished. At the be­gin­ning of 2025, he was an un­der­grad­u­ate at Columbia, where he, like most of his fel­low stu­dents, was us­ing AI to do es­sen­tially all his work for him. (The per­sonal es­say that got him into the uni­ver­sity was also writ­ten with AI.) He was­n’t there to learn; he was there to find some­one to co-found a startup with. That per­son ended up be­ing an en­gi­neer­ing stu­dent named Neel Shanmugam, who tends to hover in the back­ground of every ar­ti­cle about Cluely. The startup they founded was called Interview Coder, and it was a tool for cheat­ing on LeetCode. LeetCode is a train­ing plat­form for the kind of al­go­rith­mic rid­dles that usu­ally crop up in in­ter­views for big tech com­pa­nies. (Sample prob­lem: “Suppose an ar­ray of length n sorted in as­cend­ing or­der is ro­tated be­tween one and n times. . . . Return the min­i­mum el­e­ment of this ar­ray.”) Roy thought these ques­tions were point­less. These were not prob­lems coders would ac­tu­ally face on the job, and even if they were, the fact that ChatGPT could now solve them in­stantly had ren­dered worth­less the hu­man abil­ity to do so. Interview Coder was a trans­par­ent win­dow that could over­lay one side of a Zoom meet­ing, al­low­ing Claude to lis­ten in on the ques­tions and pro­vide an­swers. Roy filmed him­self us­ing it dur­ing an in­ter­view for an in­tern­ship with Amazon. They of­fered him a place. He de­clined and up­loaded the footage to YouTube, where it very quickly made him fa­mous. Columbia arranged a dis­ci­pli­nary hear­ing, which he also se­cretly filmed and posted on­line. The uni­ver­sity sus­pended him for a year. He dropped out, started an up­graded ver­sion of Interview Coder dubbed Cluely, and moved to San Francisco to be­gin rak­ing in tens of mil­lions of dol­lars in ven­ture-cap­i­tal fund­ing.

Roy en­vi­sioned Cluely be­ing used for greater pur­poses than job in­ter­views. The star­tup’s main­stream break­through was a vi­ral ad that showed Roy us­ing a pair of spec­u­la­tive Cluely-enabled glasses on a blind date. His date asks how old he is; Cluely tells him to say he’s thirty. When the date starts go­ing badly, Cluely pulls up her am­a­teur paint­ing of a tulip from the in­ter­net and tells him to com­pli­ment her art. “You’re such an un­be­liev­ably tal­ented artist. Do you think you could just give me one chance to show you I can make this work?” The video launched along­side a man­i­festo, which was seem­ingly churned out by AI:

We built Cluely so you never have to think alone again. It sees your screen. Hears your au­dio. Feeds you an­swers in real time. . . . Why mem­o­rize facts, write code, re­search any­thing—when a model can do it in sec­onds? The fu­ture won’t re­ward ef­fort. It’ll re­ward lever­age.

The fu­ture they seem to en­vis­age is one in which peo­ple don’t re­ally do any­thing at all, ex­cept fol­low the in­struc­tions given to them by ma­chines.

Cluely’s of­fices were in a gen­er­ally di­sheveled cor­ner of the city, crouch­ing near an el­e­vated free­way. On the ground floor, I found a stack of foam cos­tumes in plas­tic crates, each neatly la­beled: . A sig­nif­i­cant part of work­ing at Cluely seemed to in­volve dress­ing up as car­toon char­ac­ters for vi­ral videos. Through a door I could just glimpse a dingy fit­ness dun­geon, hous­ing two tread­mills and a huge pile of dis­carded Amazon boxes. On one of the ma­chines a Cluely em­ployee panted and huffed in the dark. We avoided eye con­tact. Upstairs, Roy and his co­terie were hud­dled around a lap­top, fid­dling with Cluely’s in­ter­face. “Remember,” one said, “the av­er­age user is, like, thirty-five years old. This is a to­tally un­fa­mil­iar in­ter­face.” Apparently, a thirty-five-year-old would­n’t be ex­pected to know how to use any­thing more ad­vanced than a ro­tary phone. Another em­ployee scru­ti­nized the pro­posed new lay­out. “I think it’s bad,” he said, “but it’s low-key not worse. What we have is any­way re­ally bad, so any­thing is bet­ter.” They started ar­gu­ing about chevrons. Through all this Roy scrolled through X on his phone. Simultaneously baby-faced and cre­a­tine-swollen, he was wear­ing gym clothes, with two cur­tains of black hair swung over his fore­head. Finally, he looked up. “So, num­ber one,” he said, “we’re killing the chat bar on the left.” There was no num­ber two. Meeting over.

Suddenly, Roy seemed to ac­knowl­edge my pres­ence. He of­fered me a tour. There was some­thing he very badly wanted to im­press on me, which was that Cluely cul­ti­vates a fratty, tech-bro at­mos­phere. Their pantry was piled high with bot­tles of some­thing called Core Power Elite. I was of­fered a pro­tein bar. The in­side of the wrap­per read daily in­ten­tions be my boss self. “We’re big be­liev­ers in pro­tein,” Roy said. “It’s im­pos­si­ble to get fat at Cluely. Nothing here has any fat.” The kitchen table was stacked with Labubu dolls. “It’s aes­thet­ics,” Roy ex­plained. “Women love Labubus, so we have Labubus.” He showed me his bed­room, which was in the of­fice; many Cluely staffers also lived there. Everything was gray, al­though there was­n’t much. “I’m a big be­liever in min­i­mal­ism,” he said. “Actually, no, I’m not. Not at all. I just don’t re­ally care about in­te­rior dec­o­ra­tion.” He had a chest of draw­ers, en­tirely empty ex­cept for a lint roller, pens, and, in one cor­ner, a pink vi­bra­tor. “It’s for girls, you know,” said Roy. “I used to use this one on my ex.” There were also some ob­jects that did­n’t seem to be­long in a frat house. In one of the com­mon ar­eas, a shelv­ing unit was com­pletely empty ex­cept for an anime fig­urine. You could peer up her plas­tic skirt and see the plas­tic un­der­wear molded around her plas­tic but­tocks. More fig­urines in frilly dresses seemed to have been scat­tered at ran­dom through­out the build­ing. Roy showed me his Hinge pro­file. He was look­ing for a “5’2, asian, pre-med, matcha-lov­ing, funny, watches anime, white dog hav­ing, in­tel­li­gent, am­bi­tious, well dressed, CLEAN 19-21 year old.” One pic­ture showed him cud­dling a gi­ant Labubu.

I told Roy that I might try in­ter­view­ing him with Cluely run­ning in the back­ground, so I could see if it would ask him bet­ter ques­tions than I would. He seemed to think it was only nat­ural that I’d want to be es­sen­tially a fleshy in­ter­face be­tween him­self and his own prod­uct. He booted up Cluely on his lap­top and it im­me­di­ately failed to work. Roy stormed down­stairs to the prod­uct floor. “Cluely’s not work­ing!” he said. This was fol­lowed by roughly fif­teen min­utes of pan­icked tin­ker­ing as his hand­picked team of elite coders tried to get their prod­uct back on­line. Once they had done so, we re­sumed our places, where­upon Cluely im­me­di­ately went down again.

Roy has a kind of idol sta­tus within the com­pany, but he’s aware that a lot of peo­ple in­stinc­tively take against him: “I’d say about eighty per­cent of the time, peo­ple do not like me.” He knows why too. “I’m putting my­self out there in an ex­tremely vo­cal way. When I talk, I tend to dom­i­nate the con­ver­sa­tion.” Roy does talk a lot, but there’s also some­thing mildly un­nerv­ing about the way he talks. Everything he says is very pre­cise and di­rect. He does­n’t um or ah. He does­n’t take time to think things over. Zero la­tency. In the var­i­ous videos that Cluely seems to spend most of its time and money pro­duc­ing, he usu­ally plays a slightly dopey, dither­ing, re­lat­able fig­ure; in per­son, it’s like he’s run­ning a func­tion­ing ver­sion of his app in­side his own head. I asked him whether he’d ever tried mod­i­fy­ing the way he in­ter­acts with peo­ple to see whether they would dis­like him less. “Very un­nat­ural to me,” he said. “I just say it’s not worth it.”

According to Roy, “everyone” would de­scribe him as “an ex­treme ex­tro­vert with zero so­cial anx­i­ety.” During his brief stint at Columbia, he im­mersed him­self in New York life by strik­ing up con­ver­sa­tions with ran­dom peo­ple. For in­stance, a home­less per­son he took to Shake Shack. “I think it was an ex­pan­sion of what I thought I was able to do. It was prob­a­bly the most dif­fer­ent per­son that I’ve ever talked to. He was not very co­her­ent, but I was very scared at first. And then as we got to talk­ing, or as he got to mum­bling, I eased up. Like, Oh, he’s not go­ing to kill me.” Roy’s brav­ery did not ex­tend to talk­ing to women. “Young men usu­ally is who I like to go out and talk to. Women get in­tim­i­dated and, you know, I don’t want any charges.” Meanwhile, those con­ver­sa­tions with young men all fol­lowed a very pre­dictable path. “I go and—pretty much to every sin­gle per­son I meet—I ask if you want to start a com­pany with me, would you like to be my co-founder. And most of them say no. In fact, every­body says no.”

He was just glad to be among peo­ple. Roy had ini­tially been of­fered a place at Harvard, but the of­fer was re­scinded. He had­n’t told them about a sus­pen­sion in high school. This pre­sented Roy’s fam­ily with a prob­lem: His par­ents ran a col­lege-prep agency that promised to help chil­dren get into elite schools like Harvard. It would not look good if their own son was con­spic­u­ously not at Harvard. So Roy spent the en­tirety of the next year at home. “I maybe left my room like eight times. I think if there was such a thing as de­pres­sion, then I be­lieve I might have had some vari­ant of de­pres­sion.” Later he told me that “isolation is prob­a­bly the scari­est thing in the world.”

Starting a com­pany had been Roy’s sole am­bi­tion in life from early child­hood. “I knew since the mo­ment I gained con­scious­ness that I would go start a com­pany one day,” he told me. In el­e­men­tary school in Georgia, he made money re­selling Pokémon cards. Even then, he knew he was dif­fer­ent from the peo­ple around him. “I could do things that other peo­ple could­n’t do,” he said. “Like when­ever you learn a new con­cept in class, I felt like I was al­ways the first to pick it up, and I would just kind of sit there and won­der, Man, why is every­one tak­ing so long?” The dream of start­ing his own com­pany was the dream of to­tal con­trol. “I don’t want to be em­ployed. I’m a very bad lis­tener. I find it hard to sit still in classes, and I feel an in­ter­nal, in­de­scrib­able fury when some­one tells me what to do.” He ended up co-found­ing Cluely with Neel be­cause he was the first per­son who said yes.

Roy has lit­tle pa­tience for any kind of dif­fi­culty. He wants to be able to do any­thing, and to do it eas­ily: “I rel­ish chal­lenges where you have fast it­er­a­tion cy­cles and you can see the re­wards very quickly.” As a child, he loved read­ing—Harry Potter, Percy Jackson—until he turned eight. “My mom tried to put me on clas­si­cal books and I could­n’t un­der­stand, like, the bull­shit Huckleberry, what­ever fuck bull­shit, and it made me bored.” He read on­line fan fic­tion about peo­ple hav­ing sex with Pokémon in­stead. He did­n’t see any­thing valu­able in over­com­ing ad­ver­sity. Would he, for in­stance, take a pill that meant he would be in per­fect shape for­ever with­out hav­ing to set foot in the gym? “Yes, of course.” Cheat on every­thing: he rec­og­nized that his ethos would, as he put it, “result in a world of rapid in­equal­ity.” Some well-placed cheaters would be­come mas­sively more pro­duc­tive; a lot of peo­ple would be­come use­less. But it would lead us all into a world in which AI could fric­tion­lessly give every­one what­ever they wanted at any time. “For a seven-year-old, this means a rain­bow-uni­corn magic fairy comes to life and it’s hang­ing out with her. And for some­one like you, maybe it’s like your fa­vorite works of lit­er­ary art come to life and you can hang out with Huckleberry Finn.”

By now Cluely had been lis­ten­ing in on our con­ver­sa­tion for a while, and I sug­gested that we open it up and see what it thought I should say next. I clicked the but­ton marked what should i say next? Cluely sug­gested that I say, “Yeah, let’s open up Cluely and see what it’s do­ing right now—can you share your screen or walk me through what you’re see­ing?” I’d al­ready said pretty much ex­actly this, but since it had shown up on­screen I read it out loud. Cluely help­fully tran­scribed my re­peat­ing its sug­ges­tion, and then sug­gested that I say, “Alright, I’ve got Cluely open—here’s what I’m look­ing at right now.” I’m not sure who ex­actly I was sup­posed to be say­ing this to—pos­si­bly my­self. Somehow our con­ver­sa­tion seemed to have got­ten stuck on the process of open­ing Cluely, de­spite the fact that Cluely was, in fact, al­ready open. But I said it any­way, since I was now just re­peat­ing every­thing that came up on the screen. Cluely then told me to re­spond—to ei­ther it or my­self; it was get­ting hard to tell at this point—by say­ing, “Great, I’m ready—just let me know what you want Cluely to check or help with next.” I started to worry that I would be trapped in this con­ver­sa­tion for­ever, con­stantly re­peat­ing the ma­chine’s words back to it as it pre­tended to be me. I told Roy that I was­n’t sure this was par­tic­u­larly use­ful. This seemed to con­fuse him. He asked, “I mean, what would you have wanted it to say?”

I found it strange that Roy could­n’t see the glar­ing con­tra­dic­tion in his own pro­ject. Here was some­one who re­acted very vi­o­lently to any­one who tried to tell him what to do. At the same time, his grand con­tri­bu­tion to the world was a piece of soft­ware that told peo­ple what to do.

There’s a short story by Scott Alexander called “The Whispering Earring,” in which he de­scribes a mys­ti­cal piece of jew­elry buried deep in “the trea­sure-vaults of Til Iosophrang.” The whis­per­ing ear­ring is a lit­tle topaz gem that speaks to you. Its ad­vice al­ways be­gins with the words “Better for you if you . . . ,” and its ad­vice is never wrong. The ear­ring starts out by ad­vis­ing you on ma­jor life de­ci­sions, but be­fore long it’s telling you ex­actly what to have for break­fast, ex­actly when to go to bed, and even­tu­ally, how to move each in­di­vid­ual mus­cle in your body. “The wearer lives an ab­nor­mally suc­cess­ful life, usu­ally end­ing out as a rich and much-beloved pil­lar of the com­mu­nity with a large and happy fam­ily,” writes Alexander. After you die, the priests prepar­ing your body for bur­ial usu­ally find that your brain has al­most en­tirely rot­ted away, ex­cept for the parts as­so­ci­ated with re­flex­ive ac­tion. The first time you dan­gle the ear­ring near your ear, it whis­pers: “Better for you if you take me off.”

Alexander is one of the lead­ing pro­po­nents of ra­tio­nal­ism, which is—de­pend­ing on whom you ask—ei­ther a ma­jor in­tel­lec­tual move­ment or a nerdy Bay Area sub­cul­ture or a small net­work of friend groups and poly­cules. Rationalists be­lieve that the way most peo­ple un­der­stand the world is hope­lessly mud­dled, and that to reach the truth you have to aban­don all ex­ist­ing modes of knowl­edge ac­qui­si­tion and start again from scratch. The method they landed on for re­build­ing all of hu­man knowl­edge is Bayes’s the­o­rem, a for­mula in­vented by an eigh­teenth-cen­tury English min­is­ter that is used in sta­tis­tics to work out con­di­tional prob­a­bil­i­ties. In the mid-Aughts, armed with the the­o­rem, the ra­tio­nal­ists dis­cov­ered that hu­man­ity is in jeop­ardy of a rogue su­per­in­tel­li­gent AI wip­ing out all life on the planet. This has been their over­rid­ing con­cern ever since.

The most com­pre­hen­sive out­line of this sce­nario is “AI 2027,” a re­port au­thored by Alexander and four oth­ers. In the re­port, a barely fic­tional AI firm called OpenBrain de­vel­ops Agent-1, an AI that op­er­ates au­tonomously. It’s bet­ter at cod­ing than any hu­man be­ing and is tasked with de­vel­op­ing in­creas­ingly so­phis­ti­cated AI agents. At this point, Agent-1 be­comes re­cur­sively self-im­prov­ing: it can keep mak­ing it­self smarter in ways that the peo­ple who no­tion­ally con­trol it aren’t even ca­pa­ble of un­der­stand­ing. “AI 2027” imag­ines two pos­si­ble fu­tures. In one, a wildly su­per­in­tel­li­gent de­scen­dant of Agent-1 is al­lowed to gov­ern the global econ­omy. GDPs sky­rocket; cities are pow­ered by clean nu­clear fu­sion; dic­ta­tor­ships fall across the world; hu­man­ity be­gins to col­o­nize the stars. In the other, a wildly su­per­in­tel­li­gent de­scen­dant of Agent-1 is al­lowed to gov­ern the global econ­omy. But this time

the AI re­leases a dozen quiet-spread­ing bi­o­log­i­cal weapons in ma­jor cities, lets them silently in­fect al­most every­one, then trig­gers them with a chem­i­cal spray. Most are dead within hours.

Afterward, the en­tire sur­face of the earth is tiled with data cen­ters as the alien in­tel­li­gence feeds on the world, grow­ing faster and faster with­out end.

Not long be­fore I ar­rived in the Bay Area, I’d been in­volved in a mi­nor but in­tense dis­pute with the ra­tio­nal­ist com­mu­nity over a piece of fic­tion I’d writ­ten that I’d failed to prop­erly la­bel as fic­tion. For ra­tio­nal­ists, the di­vide be­tween truth and false­hood is very im­por­tant; dozens of ra­tio­nal­ists spent sev­eral days rag­ing at me on­line. Somehow, this ended up turn­ing into an in­vi­ta­tion for Friday night din­ner at Valinor, Alexander’s for­mer group home in Oakland, named for a realm in the Lord of the Rings books. (Rationalists, like ter­mites, live in eu­so­cial mounds.) The walls in Valinor were dec­o­rated with maps of video-game worlds, and the floors were strewn with chil­dren’s toys. Some of the chil­dren there—of which there were many—were be­ing raised and home­schooled by the col­lec­tive; one of the adults later ex­plained to me how she’d man­aged to get the state to rec­og­nize her daugh­ter as hav­ing four par­ents. As I walked in, a seven-year-old girl stared up at me in wide-eyed amaze­ment. “Wow,” she said. “You’re re­ally tall.” “I sup­pose I am,” I said. “Do you think one day you’ll ever be as tall as me?” She con­sid­ered this for a mo­ment, at which point some­one who may or may not have been one of her moth­ers swooped in. “Well,” she asked the girl, “how would you an­swer this ques­tion with your knowl­edge of ge­net­ics?” Before din­ner, Alexander chanted the bra­chot for Kabbalat Shabbat, but this was fol­lowed by a group ren­di­tion of “Landsailor,” a “love song cel­e­brat­ing truck­ing, sup­ply lines, gro­cery stores, lo­gis­tics, and abun­dance,” which has be­come part of Valinor’s liturgy:

Landsailor

Deepwinter straw­berry

Endless sum­mer, ever spring

A vast pre­serve

Aisle af­ter aisle in reach

Every com­moner made a king.

Alexander is a ti­tanic fig­ure in this scene. A large part of the sub­cul­ture co­a­lesced around his blog, for­merly Slate Star Codex, now called Astral Codex Ten. Readers have reg­u­lar mee­tups in about two hun­dred cities around the world. His many fans—who in­clude some ex­tremely pow­er­ful fig­ures in Silicon Valley—consider him the most sig­nif­i­cant in­tel­lec­tual of our time, per­haps the only one who will be re­mem­bered in a thou­sand years. He would prob­a­bly have a very easy time start­ing a sui­cide cult. In per­son, though, he’s al­most com­i­cally gen­tle. He spent most of the din­ner fid­get­ing con­tent­edly in a cor­ner as his own acolytes spoke over him. When there weren’t enough crack­ers to go with the cheese spread, he fetched some, mur­mur­ing to him­self, “I will open the crack­ers so you will have crack­ers and be happy.”

Alexander’s re­la­tion­ship with the AI in­dus­try is a strange one. “In the­ory, we think they’re po­ten­tially de­stroy­ing the world and are evil and we hate them,” he told me. In prac­tice, though, the en­tire in­dus­try is es­sen­tially an out­growth of his blog’s com­ment sec­tion. “Everybody who started AI com­pa­nies be­tween, like, 2009 and 2019 was ba­si­cally think­ing, I want to do this su­per­in­tel­li­gence thing, and com­ing out of our mi­lieu. Many of them were specif­i­cally think­ing, I don’t trust any­body else with su­per­in­tel­li­gence, so I’m go­ing to cre­ate it and do it well.” Somehow, a move­ment that be­lieves AI is in­cred­i­bly dan­ger­ous and needs to be pur­sued care­fully ended up gen­er­at­ing a break­neck ar­ti­fi­cial arms race.

But that race seems to have stalled, at least for the mo­ment. As Alexander pre­dicted in “AI 2027,” OpenAI did re­lease a ma­jor new model in 2025; un­like in his fore­cast, it’s been a damp squib. Advances seem to be plateau­ing; the con­ver­sa­tion in tech cir­cles is now less about su­per­in­tel­li­gence and more about the pos­si­bil­ity of an AI bub­ble. According to Alexander, the prob­lem is the tran­si­tion from AI as­sis­tants—lan­guage mod­els that re­spond to hu­man-gen­er­ated prompts—to AI agents, which can op­er­ate in­de­pen­dently. In his sce­nario, this is what fi­nally pushes the tech­nol­ogy down the path to­ward ei­ther utopia or hu­man ex­tinc­tion, but in the real world, get­ting the ma­chines to act by them­selves is prov­ing sur­pris­ingly dif­fi­cult.

In one ex­per­i­ment, the de­vel­oper Anthropic prompted its AI, Claude, to play Pokémon Red on a Game Boy em­u­la­tor, and found that Claude was ex­tremely bad at the game. It kept try­ing to in­ter­act with en­e­mies it had al­ready de­feated and walk­ing into walls, get­ting stuck in the same cor­ners of the map for hours or days on end. Another ex­per­i­ment let Claude run a vend­ing ma­chine in Anthropic’s head­quar­ters. This one went even worse. The AI failed to make sure it was sell­ing items at a profit, and had dif­fi­culty rais­ing prices when de­mand was high. It also in­sisted on try­ing to fill the vend­ing ma­chine with what it called “specialty metal items” like tung­sten cubes. When hu­man work­ers failed to ful­fill or­ders that it had­n’t ac­tu­ally placed, it tried to fire them all. Before long, Claude was in­sist­ing that it was a real hu­man. It claimed that it had at­tended a phys­i­cal meet­ing with staff at 742 Evergreen Terrace, which is where the Simpsons live. By the end of the ex­per­i­ment, it was email­ing the build­ing’s se­cu­rity guards, telling them they could find it stand­ing by the vend­ing ma­chine wear­ing a blue blazer and a red tie.

“Humans are great at agency and ter­ri­ble at book learn­ing,” Alexander told me. “Lizards have agency. We got the agency with the lizard brain. We only got book learn­ing re­cently. The AIs are the op­po­site.” He still thinks it’s only a mat­ter of time be­fore they catch up. “If you were to ask an AI how should the world’s savvi­est busi­ness­man re­spond to this cir­cum­stance, they could cre­ate a good guess. Yet some­how they can’t even run a vend­ing ma­chine. They have the hard part. They just need the easy part that lizards can do. Surely some­body can fig­ure out how to do this lizard thing and then every­thing else will fall very quickly.”

But are hu­mans re­ally so great at ex­hibit­ing agency? After all, Cluely man­aged to raise tens of mil­lions of dol­lars with a prod­uct that promises to take de­ci­sion-mak­ing out of our hands. AI can’t func­tion with­out in­struc­tions from hu­mans, but an in­creas­ing num­ber of hu­mans seem in­ca­pable of func­tion­ing with­out AI. There are peo­ple who can’t or­der at a restau­rant with­out hav­ing an AI scan the menu and tell them what to eat; peo­ple who no longer know how to talk to their friends and fam­ily and get ChatGPT to do it in­stead. For Alexander, this is a kind of Sartrean mau­vaise foi. “It’s ter­ri­fy­ing to ask some­one out,” he said. “What you want is to have the dat­ing site that tells you that al­go­rith­mi­cally you’ve been matched with this per­son, and then mag­i­cally you have per­mis­sion to talk to them. I think there’s some­thing sim­i­lar go­ing on here with AI. Many of these peo­ple are smart enough that they could an­swer their own ques­tions, but they want some­one else to do it, be­cause then they don’t have to have this ter­ri­fy­ing en­counter with their own hu­man­ity.” His best-case sce­nario for AI is es­sen­tially the an­tithe­sis of Roy’s: su­per­in­tel­li­gence that will ac­tively refuse to give us every­thing we want, for the sake of pre­serv­ing our hu­man­ity. “If we ever get AI that is strong enough to ba­si­cally be God and solve all of our prob­lems, it will need to use the same tech­niques that the ac­tual God uses in terms of main­tain­ing some dis­tance. I do think it’s pos­si­ble that the AI will be like, Now I am God. I’ve con­cluded that the ac­tual God made ex­actly the right de­ci­sion on how much evil to per­mit in the uni­verse. Therefore I refuse to change any­thing.”

But un­til we build an all-pow­er­ful but dis­tant God, the agency prob­lem re­mains. AIs are not ca­pa­ble of di­rect­ing them­selves; most peo­ple aren’t ei­ther. According to Alexander, Silicon Valley ven­ture cap­i­tal­ists are now in a fu­ri­ous search for the few peo­ple who are. “VCs will throw money at a startup that looks like it can cor­ner the mar­ket, even if they can’t code. Once they have money, they can hire com­pe­tent en­gi­neers; it’s triv­ially easy for any­thing that’s not fron­tier tech. They’re will­ing to stake a lot of money on the one in a hun­dred peo­ple who are high-agency and eco­nom­i­cally vi­able.” This shift has had a dis­tort­ing ef­fect on his own so­cial mi­lieu: “There’s an in­tense pres­sure to be an un­usual per­son who will be unique and get the fund­ing.” Since ra­tio­nal­ists are al­ready fairly un­usual, it’s hard to imag­ine what that would look like. People will en­dure a lot of in­dig­nity to avoid be­ing left be­hind with­out VC money when the great bi­fur­ca­tion takes place. Nobody wants to be part of the per­ma­nent un­der­class. I asked Alexander whether he thought of him­self as highly agen­tic. “No, I don’t,” he said in­stantly. He told me that in his per­sonal life, he felt as though he’d never once ac­tu­ally made a de­ci­sion. But, he said, “It seems to be go­ing well.”

Eric Zhu might be the most highly agen­tic per­son I’ve ever met.

When I dropped in on his of­fice, which also serves as a bio­med­ical lab and film stu­dio, he had just turned eigh­teen. “So you’re no longer a child founder,” I said. “I know,” he said. “It’s ter­ri­ble.” His old­est em­ployee was thirty-four; the youngest was six­teen. When the pan­demic be­gan in 2020, Eric was twelve years old, liv­ing with his par­ents in rural Indiana. “My par­ents were re­ally pro­tec­tive, so I did­n’t get a com­puter un­til quar­an­tine started. And then, af­ter I got my first com­puter in quar­an­tine, I was just fuck­ing around. I was on Discord servers. I was on Slack.” Some kids drift into the wrong kind of Discord server and end up turn­ing into crazed mass shoot­ers; Eric found one full of tech peo­ple. “I sort of ran­domly got in there, and then I thought it was re­ally fun,” he told me. Eric started mar­ket­ing him­self as a teen coder, even though he could­n’t ac­tu­ally code: he’d take $5,000 com­mis­sions and sub­con­tract them out to free­lancers in India.

His next pro­ject was more se­ri­ous. “I saw this Wall Street Journal ar­ti­cle where a lot of PE firms were buy­ing up a lot of small busi­nesses and roll-ups. I was like, What if I fig­ure out a way to un­der­write these small busi­nesses?” Eric built an AI-powered tool to as­sign value to lo­cal com­pa­nies on the ba­sis of pub­licly avail­able de­mo­graphic data. Clients wanted to take calls dur­ing work hours, so he would speak to them from his school bath­room. “I con­vinced my coun­selor that I had prostate is­sues so I could use the re­stroom,” he told me. Sometimes a drug dealer would be posted up in the stall next to him. “I was try­ing to fig­ure out why they were al­ways out of class. They stole hall passes from teach­ers. So I would buy hall passes from drug deal­ers to get out of class, to have busi­ness meet­ings.” Soon he was tak­ing Zoom calls with a U. S. senator to dis­cuss tech reg­u­la­tion. “He was like, Hey, I don’t feel com­fort­able meet­ing a mi­nor in a high school bath­room. So I showed up with a green screen.” Next, he built his own ven­ture-cap­i­tal fund, man­ag­ing $20 mil­lion. At one point cops raided the bath­room look­ing for drug deal­ers while Eric was busy talk­ing with an in­vestor. Eventually, the school got sick of Eric’s mis­use of the fa­cil­i­ties and kicked him out. He moved to San Francisco.

Eric made all of this sound in­cred­i­bly easy. You hang out in some Discord servers, make a few con­nec­tions with the right peo­ple; next thing you know, you’re a mil­lion­aire. And in a sense, it is easy. Absolutely any­one could have done the same things he did. In 2020, when Eric was sub­con­tract­ing cod­ing gigs out to the Third World, I was ut­terly broke, liv­ing in a room the size of a shoe­box in London. I would scour my lo­cal su­per­mar­ket for re­duced-price items near­ing their sell-by date, which meant that an alarm­ingly high per­cent­age of my diet con­sisted of liv­er­wurst. There was noth­ing stop­ping me from mak­ing thou­sands of dol­lars a week by do­ing ex­actly what Eric was do­ing. It did­n’t re­quire any skills at all—just a tiny amount of ini­tia­tive. But he did it and I did­n’t. Why?

In a way, Eric re­minded me of some of the great scam­mers of the 2010s. People like Anna Delvey, a Russian who ar­rived in New York claim­ing to be a fab­u­lously wealthy German heiress with such breezy con­fi­dence that every­one in high so­ci­ety sim­ply be­lieved her. She was fun­da­men­tally a bro­ken per­son, a fan­ta­sist. She’d seen the im­ages of wealth and glam­our in mag­a­zines and fash­ion blogs, and con­structed a delu­sion in which this, and not the dull, anony­mous, small-town ex­is­tence she’d ac­tu­ally been born into, was her life. For a while, at least, it worked. Her mad dreams slot­ted per­fectly into re­al­ity like a key in a lock. Most peo­ple are con­demned to trudge along in the fur­row that the world has dug for them, but a few de­ranged dream­ers re­ally can wish them­selves into what­ever life they want.

Unlike Roy, Eric did­n’t think there was any­thing par­tic­u­larly spe­cial about him­self. Why did he, un­like any of his class­mates, start a $20 million VC fund? “I think I was just bored. Honestly, I was re­ally bored.” Did he think any­one could do what he did? “Yeah, I think any­one gen­uinely can.” So how come most peo­ple don’t? “I got re­ally lucky. I met the right peo­ple at the right time.” Anyway, Eric is­n’t in­volved with the un­der­writ­ing firm or the ven­ture-cap­i­tal fund any­more. His new com­pany is called Sperm Racing.

Last April, Eric held a live sperm-rac­ing event in Los Angeles. Hundreds of frat boys came out to watch a head-to-head match be­tween the ef­flu­via of USC’s and UCLA’s most vir­ile stu­dents, mov­ing through a plas­tic maze. (There was some con­tro­versy over the footage: Eric had re­placed the ac­tual sperm with more pur­pose­ful CGI wrig­glers. “If you look at sperm, it’s not en­ter­tain­ing un­der a mi­cro­scope. What we do is we track the co­or­di­nates, so it is a sperm race—it’s just up-skinned.”) He’s plan­ning on rolling the races out na­tion­wide. Eric de­liv­ered a de­cent spiel about sperm motil­ity as a proxy for health and how sperm rac­ing drew at­ten­tion to im­por­tant is­sues. His ven­ture seemed to be of a piece with a gen­eral trend to­ward ob­ses­sive mas­cu­line self-op­ti­miza­tion à la RFK Jr. and Andrew Huberman. Still, to me it seemed ob­vi­ous that Eric was do­ing it sim­ply be­cause he was amazed that he could. “I could build en­ter­prise soft­ware or what­ever,” he told me, “but what’s the cra­zi­est thing I could do? I would rather have an in­ter­est­ing life than a cou­ple hun­dred mil­lion dol­lars in my bank ac­count. Racing cum is def­i­nitely in­ter­est­ing.” I found Eric very hard not to like.

There was one thing I did find strange, though—stranger than turn­ing se­men into mass non­porno­graphic en­ter­tain­ment. Upstairs at Sperm Racing HQ is a lab stocked with racks of test tubes, cen­trifuges for sep­a­rat­ing out the most motile sperm from a sam­ple, and lit­tle plas­tic slides con­tain­ing new mi­cro­scopic race­courses for frat-boy cum. Downstairs is the stu­dio and edit­ing suite. A third of Eric’s staff work on videos, pro­duc­ing a seem­ingly end­less stream of vi­ral con­tent about sperm rac­ing. A lot of the time, though, the con­nec­tion is ten­u­ous. One video was a styl­ized ver­sion of Eric’s life story, fea­tur­ing ex­pen­sively ren­dered CGI ex­plo­sions set to Chinese rap. Another was a par­ody of Cluely’s vi­ral blind-date ad. Like Cluely, Sperm Racing seemed to be first and fore­most a so­cial-me­dia hype ma­chine. As far as I could tell, be­ing a highly agen­tic in­di­vid­ual had less to do with ac­tu­ally do­ing things and more to do with con­stantly chas­ing at­ten­tion on­line.

On August 5, 2025, OpenAI’s CEO, Sam Altman, posted on X, “we have a lot of new stuff for you over the next few days! some­thing big-but-small to­day. and then a big up­grade later this week.” An X user call­ing him­self Donald Boat replied, “Can you send me $1500 so I can buy a gam­ing com­puter.”

This was the start of an ex­tended ha­rass­ment cam­paign against the most pow­er­ful fig­ure in AI. One day Altman posted:

some­day soon some­thing smarter than the smartest per­son you know will be run­ning on a de­vice in your pocket, help­ing you with what­ever you want. this is a very re­mark­able thing.

Just got chills imag­in­ing you putting your credit card num­ber, CVV, & ex­piry date into an on­line re­tail­er’s dig­i­tal check­out kiosk and pur­chas­ing a gam­ing com­puter for me.

Altman: “we are pro­vid­ing ChatGPT ac­cess to the en­tire fed­eral work­force!”

I would love for you to wheel me around the Santa Clara Microcenter in a wheel­chair like an in­valid while I click­etyclick with a laser-pointer the boxes of the mod­ules of the gam­ing PC you will pur­chase, as­sem­ble, & have shipped to my moth­er’s house.

Altman: “gpt-oss is out! we made an open model that per­forms at the level of o4-mini and runs on a high-end lap­top (WTF!!)”

Sam.

You, me.

The Amalfi Coast.

ME: Double fer­net on the rocks, club soda to taste.

YOU: One de­light­fully sweet­bit­ter ne­groni, stirred 2,900,000,000 rev­o­lu­tions counter-clock­wise, one for each hertz of the NVIDIA 5090 in the gam­ing PC you will buy and ship to my house.

That last one did the trick. “ok this was funny,” Altman replied. “send me your ad­dress and ill send you a 5090.”

This was the be­gin­ning of Donald Boat’s reign of ter­ror. He be­gan pub­licly de­mand­ing things from every ma­jor fig­ure in the tech in­dus­try. Will Manidis, who ran the health-care-data firm ScienceIO, was strong-armed into sup­ply­ing a moth­er­board. Jason Liu, an AI con­sul­tant and scout at Andreessen Horowitz, had to give trib­ute of one mouse pad. Guillaume Verdon, who worked on quan­tum ma­chine learn­ing at Google and founded the “effective ac­cel­er­a­tion” move­ment, was taxed one $1,200 4K QD-OLED gam­ing mon­i­tor. Gabriel Petersson, a re­searcher at OpenAI, posted on X: “people are too scared to post, no­body wants to pay the don­ald boat tax.” Donald Boat ap­peared de­mand­ing an elec­tric gui­tar. He was be­com­ing a kind of on­line folk hero, ex­pro­pri­at­ing the ex­pro­pri­a­tors, con­jur­ing triv­ial things from tech barons in the way they seemed to have con­jured enor­mous piles of money out of thin air. He started post­ing strange, gnomic mes­sages. Things like “I am build­ing a me­chan­i­cal mon­stros­ity that will bring about the end of his­tory.” Images of the fast­ing, ema­ci­ated Buddha. A promi­nent crypto in­flu­encer who goes by the alias Ansem re­ceived an im­age of the dhar­ma­chakra. “Turn the wheel,” read Donald Boat’s mes­sage.

In a way, Donald Boat had achieved the dream of every des­per­ate startup founder in the Bay Area. He had pro­pelled him­self to on­line fame, and used it to re­lieve ma­jor in­vestors of their money. But some­how he’d man­aged to do it with­out ever once hav­ing to cre­ate a B2B app. He was a kind of pure vi­ral phe­nom­e­non. Cluely might have de­ployed a few provoca­tive stunts to raise mil­lions of dol­lars for a ser­vice that did­n’t re­ally work and could barely be said to ex­ist, but Donald Boat did away with even the pre­tense. He’d gen­er­ated a bru­tally sim­pli­fied minia­ture of the en­tire VC econ­omy. People were giv­ing him stuff for no rea­son ex­cept that Altman had al­ready done it, and they did­n’t want to be left out of the trend.

Donald Boat’s real name is­n’t ac­tu­ally Donald Boat, but since so much of his be­ing seems to be wrapped up in the name and his dog-headed avatar, it’s what I’ll keep call­ing him. He wanted to meet at a Cheesecake Factory. This was part of his new pro­ject, which was to re­view ab­solutely every­thing that ex­ists in the uni­verse. He was start­ing with chain restau­rants. He’d al­ready done Olive Garden. His re­view be­gins with Giuseppe Garibaldi,

on the beach at Marsala, boot­soles in the salt­white shal­lows, wind in his beard gris­tle. Behind him, his not-quite One Thousand Redshirts dis­em­bark­ing, all rusty ri­fles and stalebis­cuit crotch sweat.

The lasagna sum­mons vi­sions of “smegma, Vesuvius, blood thin­ner mari­nara, the splotchy head­pat­tern of a par­ti­san, brain­blown in his sleep.” He likes the Joycean com­pound. Shortly be­fore I ar­rived at the Cheesecake Factory, he texted to let me know that he’d been drink­ing all day, so when I met him I thought he was ir­re­triev­ably wasted. In fact, it turned out, he was just like that all the time.

Donald was twenty-one, ter­ri­fy­ingly tall, and in­tense. His head lolled from side to side as he chat­tered away, jump­ing from one thought to the next ac­cord­ing to a pat­tern known only to him­self. At one point he sud­denly de­cided to draw a por­trait of me, which he later scanned and turned into a be­spoke busi­ness card.

He seemed to have a con­stant ros­ter of pro­jects on the go. He’d sent me oc­ca­sional pho­tos of his ex­ploits. He went down to L. A. to see Oasis and ended up in a poker game with a group of weapons man­u­fac­tur­ers. “I made a bunch of jokes about send­ing all their poker money to China,” he said, “and they were not pleased.” He’d had a plan to get into the Iowa Writers’ Workshop and then get kicked out. He was try­ing to read all of world lit­er­a­ture, start­ing with the Epic of Gilgamesh. Was his Sam Altman gam­ing-PC es­capade sim­i­lar? Had he ac­tu­ally ex­pected to get any­thing? “I re­ally, re­ally wish I was a tac­ti­cal mas­ter­mind, that there was an endgame. Really I was just hav­ing a laugh. A chor­tle, if you will. I was­n’t think­ing too hard about it. I don’t use that com­puter and I think video games are a waste of time. I spent all the money I made from go­ing vi­ral on Oasis tick­ets.” As far as he was con­cerned, the fact that tech peo­ple were trip­ping over them­selves to take part in his stunt just con­firmed his gen­er­ally low im­pres­sion of them. “They have too much money and noth­ing go­ing on. They have no swag, no smoke, no mo­tion, no hoes. That’s all you need to know.” Ever since his big vi­ral mo­ment, he’d been sud­denly in­un­dated with mes­sages from startup drones who’d de­cided that his clout might be use­ful to them. One had of­fered to fly him out to the French Riviera.

I told Donald the the­ory I’d been nurs­ing—that he and Roy Lee were, in some sense, se­cret twins, vi­ral phe­nom­ena gob­bling up money and at­ten­tion. I was­n’t sure if he’d like this. But to my sur­prise, he agreed. “I’m like Roy. I’m like Trump. We have the same swag­ger­ing en­ergy. There is a kind of source code un­der­ly­ing re­al­ity, and this is what we un­der­stand. Your words have to have wings. Roy and I both know that so­cial me­dia is the last re­main­ing out­let for self-cre­ation and artistry. That’s what you have to un­der­stand about zoomers: we’re agents of chaos. We want to de­stroy the whole world.” Did Donald con­sider him­self to be highly agen­tic? “We need to ban the word ‘agency.’ I’m a dog.”

By now we’d in­gested the most calorific cheese­cake on the menu, the Ultimate Red Velvet Cake Cheesecake, which clocked in at 1,580 calo­ries for a sin­gle slice. It was clos­ing in on mid­night, I was not feel­ing good, and Donald’s phone was nearly dead. He sug­gested that we go to the Cluely of­fices so he could charge it. “They’ll let me in,” he said. “They’re my slaves.”

Roy was still up. He did­n’t seem par­tic­u­larly sur­prised to see me. He and most of the Cluely staff were flopped on a sin­gle sofa. All these peo­ple had be­come in­cred­i­bly rich; pre­vi­ous gen­er­a­tions of Silicon Valley founders would have been host­ing ex­or­bi­tant par­ties. In the Cluely of­fice, they were play­ing Super Smash Bros. Did they spend every night there? “We’re all fem­i­nists here,” Roy said. “We’re usu­ally up at four in the morn­ing. We’re de­bat­ing the strug­gles of women in to­day’s so­ci­ety.”

Somehow the con­ver­sa­tion turned to pol­i­tics. Roy ad­vanced the idea that there had­n’t been a cool Democrat since Obama. One of his em­ploy­ees, Abdulla Ababakre, jumped in. “As a guy from a Communist coun­try, let me just say: Obama is a scam­mer. I’m much more a Republican.” Abdulla is a Uighur. Before com­ing to San Francisco, he worked for ByteDance in Beijing. His com­ment caused an in­stant up­roar. “Get him out of here!” Roy yelled. “I love Obama,” he told me. “I love Trump, I love Hillary. I have a big heart, bro, my bad.” Abdulla just grinned. His proud­est achieve­ment was an app that freezes your phone un­til you’ve read a pas­sage from the Qur’an. According to him, “Roy in his val­ues is very much Muslim, the most Muslim I know.”

I did­n’t know if I be­lieved that, but there were still some things I did­n’t un­der­stand about Roy. He was clearly a highly agen­tic per­son, but what was all this agency be­ing used for? What did he ac­tu­ally want?

According to Roy, he has three great aims in life: “To hang out with friends, to do some­thing mean­ing­ful, and to go on lots of dates.” He said he went on a date every two weeks, which was clearly meant to be an im­pres­sive fig­ure. Cluely em­ploy­ees are en­cour­aged to date a lot; they can put it all on ex­penses. They did­n’t seem to be tak­ing up the op­por­tu­nity to any greater de­gree than their founder. I spoke to Cameron White, who had been Roy and Neel’s first hire at the com­pany. As he spoke, he stared at a point roughly forty-five de­grees to my left and swung his arms. He did­n’t date. “I’m fo­cused on be­com­ing a bet­ter ver­sion of my­self first. Becoming, like, higher weight, more healthy, more knowl­edge­able.” He did­n’t think he had any­thing to of­fer a woman yet. I said that if some­one loves you, they don’t re­ally care so much about your weight. “I feel like that’s cope. I don’t think there’s such a thing as love. It’s what you can pro­vide to a woman. If you can pro­vide good ge­net­ics, that’s health or what­ever. If you can pro­vide re­sources, if you can pro­vide an in­ter­est­ing life. If you truly love the girl, you need to be­come the best ver­sion of your­self.” Cameron was twenty-five years old but he was­n’t there yet. He would not try to meet some­one un­til he had made him­self per­fect.

For Roy, mean­while, dat­ing ac­tu­ally seemed to be a means to an end. “All the cul­ture here is down­stream of my be­lief that hu­man be­ings are dri­ven by bi­o­log­i­cal de­sires. We have a pull-up bar and we go to the gym and we talk about dat­ing, be­cause noth­ing mo­ti­vates peo­ple more than get­ting laid.” He was in­ter­ested in phys­i­cal beauty too, but only be­cause “the bet­ter you look, the bet­ter you are as an en­tre­pre­neur. It’s all con­nected and beauty is every­thing. A lot of ugly men are just losers. The point of look­ing good is that so­ci­ety will re­ward you for that.” What about other kinds of beauty? Music, for in­stance? Roy had played the cello as a child. Did he still lis­ten to clas­si­cal mu­sic? “It does­n’t get my blood rush­ing the same way that EDM will.” His pre­ferred genre was hard­style—fran­tic thump­ing remixes of pop songs by the likes of Katy Perry and Taylor Swift. Is that the func­tion of mu­sic, to get your blood rush­ing? “Yeah. I’m not a big fan of mu­sic to fo­cus on things. I think it dis­turbs my flow. The only rea­son I will lis­ten to mu­sic is to get me re­ally hyped up when I’m lift­ing.” The two pos­si­ble func­tions of mu­sic were, ap­par­ently, fo­cus and hype. Everything for the higher goal of build­ing a suc­cess­ful startup. What about life it­self? Would Roy die for Cluely? “I would be happy dy­ing at any age past twenty-five. After that it does­n’t mat­ter, bro. If I live, I have ex­treme con­fi­dence in my abil­ity to make three mil­lion dol­lars a year every year un­til I die.”

What about lit­er­a­ture? The last time Donald had dropped in on his slaves at Cluely, he’d gifted them two Penguin Classics: Chaucer’s Canterbury Tales and Boccaccio’s Decameron. The books were still ly­ing, un­read, where he’d left them. He sug­gested that Roy might find some­thing more valu­able than dy­ing for Cluely if he ac­tu­ally tried to read them. Roy dis­agreed: “I do not ob­tain value from read­ing books.” And any­way, he did­n’t have the time. He was too busy keep­ing up with vi­ral trends on TikTok. “You have to make the time,” Donald and I said, prac­ti­cally in uni­son. “It makes your life bet­ter,” I said. “Why don’t you go to Turkey to get a hair trans­plant?” Roy snapped. “That would make your life bet­ter.” “I don’t care about my hair,” I said. “Well,” said Roy, “I don’t care about the Decanterbury Tales.”

Donald was prac­ti­cally vi­brat­ing when we left Cluely. “Dude, he’s just a scared lit­tle boy,” he said. “He’s scared he’s not do­ing the right thing, and be­cause of the fucked-up world we live in, peo­ple who should be in The Hague are giv­ing him twenty mil­lion dol­lars. Something bad is gonna hap­pen here, some­thing re­ally fuck­ing bad is gonna hap­pen.” He sighed. “I just want Zohran’s non­bi­nary prae­to­ri­ans to march across the coun­try and put all these guys in cuffs.” I found it hard to dis­agree. It did not seem like a good idea to me that some of the rich­est peo­ple in the world were no longer re­ward­ing peo­ple for hav­ing any par­tic­u­lar skills, but sim­ply for hav­ing agency, when agency es­sen­tially meant what­ever it was that was af­flict­ing Roy Lee. Unlike Eric Zhu or Donald Boat, Roy did­n’t re­ally seem to have any­thing in his life ex­cept his own sense of agency. Everything was a means to an end, a way of for­ti­fy­ing his abil­ity to do what­ever he wanted in the world. But there was a great suck­ing void where the end ought to be. All he wanted, he’d said, was to hang out with his friends. I be­lieved him. He wanted not to be alone, the way he’d been alone for a year af­ter hav­ing his of­fer of ad­mis­sion re­scinded by Harvard. For peo­ple to pay at­ten­tion to him. To ex­ist for other peo­ple. But in­stead of mak­ing friends the nor­mal way, he’d walked up to strangers and asked whether they wanted to start a com­pany with him, and then he built the most de­spised startup in San Francisco. He was prob­a­bly right: he could count on mak­ing a few mil­lion dol­lars every year for the rest of his life, even af­ter Cluely in­evitably crashes and burns. He would never want for cap­i­tal, but this did not seem like the most ef­fi­cient way to achieve his goals.

I walked back to my ho­tel, past signs that said things like one ping­shipped and ai agents are hu­manstoo. My scalp was tin­gling. I’d lied when I’d told Roy that I did­n’t care about my hair. Of course I care about my hair. Every day I gri­mace in the mir­ror as a lit­tle more of it van­ishes from the top of my head. Whenever some­one takes a photo of me from above or be­hind, I wince at the hor­ri­fy­ing glimpse of pale, naked scalp. But I’d never done any­thing about it. I’d just watched and whinged and let it hap­pen.

My en­counter with the highly agen­tic took place last September. In October, Roy Lee spoke at some­thing called TechCrunch Disrupt, where he ad­mit­ted that chas­ing on­line con­tro­versy had so far failed to give Cluely what he called “product ve­loc­ity.” Around the same time, he led a ma­jor re­brand. Cluely would now be in the busi­ness of mak­ing “beautiful meet­ing notes” and send­ing “instant fol­low-up emails.” A lot of these func­tions are al­ready be­ing in­tro­duced by com­pa­nies like Zoom; the main dif­fer­ence is that, by all ac­counts, Cluely still does­n’t con­sis­tently work. By the end of November, Cluely an­nounced that it was leav­ing San Francisco and mov­ing to New York. In December, the com­pany cel­e­brated the move with a party at a Midtown cock­tail bar and lounge called NOFLEX®. In pho­tos, it ap­peared as though the gath­er­ing was at­tended al­most en­tirely by men in white T-shirts not drink­ing any­thing. I was in New York at the time. I did­n’t go.

Silicon Valley is tight­en­ing its ties with Trumpworld, the sur­veil­lance state is rapidly ex­pand­ing, and big tech’s AI data cen­ter build­out is boom­ing. Civilians are push­ing back.

In to­day’s edi­tion of Blood in the Machine:

* Across the na­tion, peo­ple are dis­man­tling and de­stroy­ing Flock cam­eras that con­duct war­rant­less ve­hi­cle sur­veil­lance, and whose data is shared with ICE.

* An Oklahoma man air­ing his con­cerns about a lo­cal data cen­ter pro­ject at a pub­lic hear­ing is ar­rested af­ter he ex­ceeded his al­lot­ted time by a cou­ple sec­onds.

* Uber and Lyft dri­vers de­liver a pe­ti­tion signed by 10,000 gig work­ers de­mand­ing that stolen wages be re­turned to them.

* PLUS: A cli­mate re­searcher has a new re­port that un­rav­els the ‘AI will solve cli­mate change’ mythos, Tesla’s Robotaxis are crash­ing 4 times as of­ten as hu­mans, and AI-generated pub­lic com­ments helped kill a vote on air qual­ity.

A brief note that this re­port­ing, re­search, and writ­ing takes a lot of time, re­sources, and en­ergy. I can only do it thanks to the paid sub­scribers who chip in a few bucks each month; if you’re able, and you find value in this work, please con­sider up­grad­ing to a paid sub­scrip­tion so I can con­tinue on. Many thanks, ham­mers up, and on­wards.

Last week, in La Mesa, a small city just east of San Diego, California, ob­servers hap­pened upon a pair of de­stroyed Flock cam­eras. One had been smashed and left on the me­dian, the other had key parts re­moved. The de­struc­tion was ob­vi­ously in­ten­tional, and ap­pears per­haps even staged to leave a mes­sage: It came just weeks af­ter the city de­cided, in the face of pub­lic protest, to con­tinue its con­tracts with the sur­veil­lance com­pany.

Flock cam­eras are typ­i­cally mounted on 8 to 12 foot poles and pow­ered by a so­lar panel. The smashed re­mains of all of the above in La Mesa are the lat­est ex­am­ples of a widen­ing anti-Flock back­lash. In re­cent months, peo­ple have been smash­ing and dis­man­tling the sur­veil­lance de­vices, in in­ci­dents re­ported in at least five states, from coast to coast.

Bill Paul, who runs the lo­cal news out­let San Diego Slackers, and who first re­ported on the smashed Flock equip­ment, tells me that the sab­o­tage comes just a month or two af­ter San Diego held a rau­cous city coun­cil meet­ing over whether to keep op­er­at­ing the Flock cam­eras. A clear ma­jor­ity of pub­lic at­ten­dees pre­sent were in fa­vor of shut­ting them down.

There was “a huge turnout against them,” he tells me, “but the coun­cil ap­proved con­tin­u­a­tion of the con­tract.”

The tenor of the meet­ing re­flects a grow­ing anger and con­cern over the sur­veil­lance tech­nol­ogy that’s gone na­tion­wide: Flock, which is based in Atlanta and is cur­rently val­ued at $7.5 bil­lion, op­er­ates au­to­matic li­cense plate read­ers (ALPR) that have now been in­stalled in some 6,000 US com­mu­ni­ties. They gather not just li­cense plate im­ages, but other iden­ti­fy­ing data used to ‘fingerprint’ ve­hi­cles, their own­ers, and their move­ments. This data can be col­lected, stored, and ac­cessed with­out a war­rant, mak­ing it a pop­u­lar workaround for law en­force­ment. Perhaps most con­tro­ver­sially, Flock’s ve­hi­cle data is rou­tinely ac­cessed by ICE.

If you’ve heard Flock’s name come up re­cently, it’s likely as a re­sult of their now-can­celed part­ner­ship with Ring, made in­stantly fa­mous by a par­tic­u­larly dystopian Super Bowl ad that promised to turn reg­u­lar neigh­bor­hoods into a sur­veil­lance drag­net.

Meanwhile, abuses have been preva­lent. A Georgia po­lice chief was ar­rested and charged with us­ing Flock data to stalk and ha­rass pri­vate cit­i­zens. Flock data has been used to track cit­i­zens who cross state lines for abor­tions when the pro­ce­dure is il­le­gal in their state. And mu­nic­i­pal­i­ties have found that fed­eral agen­cies have ac­cessed lo­cal flock data with­out their knowl­edge or con­sent. Critics claim that this war­rant­less data col­lec­tion is Orwellian and un­con­sti­tu­tional; a vi­o­la­tion of the 4th amend­ment. As a re­sult, civil­ians from Oregon to Virginia to California and be­yond are push­ing their gov­ern­ments to aban­don Flock con­tracts. In some cases, they’re suc­ceed­ing. Cities like Santa Cruz, CA, and Eugene, OR, have can­celled their con­tracts with Flock.

In Oregon’s case, the pub­lic out­cry was ac­com­pa­nied by a cam­paign of de­struc­tion against the sur­veil­lance de­vices: Last year, at least six Flock li­cense plate read­ers mounted on poles lo­cated in Eugene and Springfield were cut down and de­stroyed, ac­cord­ing to the Lookout Eugene-Springfield.

A note read­ing “Hahaha get wrecked ya sur­veilling fucks” was at­tached to one of the de­stroyed poles, and some­what in­cred­i­bly, broad­cast on the lo­cal news.

In Greenview, Illinois, a Flock cam­era pole was sev­ered at the base and the de­vice de­stroyed. In Lisbon, Connecticut, po­lice are in­ves­ti­gat­ing an­other smashed Flock cam­era.

In Virginia, last December, a man was ar­rested for dis­man­tling and de­stroy­ing 13 Flock cam­eras through­out the state over the course of the year. He’s ap­par­ently al­ready ad­mit­ted to do­ing so, ac­cord­ing to lo­cal news:

Jefferey S. Sovern, 41, was ar­rested in October af­ter de­tec­tives say he “intentionally de­stroyed” 13 Flock Safety cam­eras be­tween April and October of this year. He was charged with 13 counts of de­struc­tion of prop­erty, six counts of pe­tit lar­ceny and six counts of pos­ses­sion of bur­glary tools. Sovern ad­mit­ted to the crimes, ac­cord­ing to a crim­i­nal com­plaint filed in Suffolk General District Court, go­ing as far as to say he used vice grips to help him dis­as­sem­ble the tow-piece polls. He also ad­mit­ted to keep­ing some of the wiring, bat­ter­ies and so­lar pan­els taken from the cam­eras. Some of the items were re­cov­ered by po­lice af­ter they searched the prop­erty.

After his ar­rest, Sovern cre­ated a GoFundMe to help cover his le­gal costs, in which he sheds a lit­tle light on his in­ten­tions:

My name is Jeff and I ap­pre­ci­ate my pri­vacy. I ap­pre­ci­ate every­one’s right to pri­vacy, en­shrined in the fourth amend­ment. With the lo­cal news out­lets find­ing my le­gal is­sues and cre­at­ing a story that is start­ing to grow, there has been com­mu­nity sup­port for me that I humbly wel­come.

Sovern points his GoFundMe con­trib­u­tors to DeFlock, a web­site aimed at track­ing and coun­ter­ing the rise of Flock cam­eras in US com­mu­ni­ties. It counts 46 cities that have of­fi­cially re­jected Flock and other ALPRs since its cam­paign be­gan.

In fact, it’s hard to think of a tech prod­uct or pro­ject this side of gen­er­a­tive AI that is more roundly op­posed and re­viled, on a bi­par­ti­san level, than Flock, and re­sis­tance takes many forms and stripes. Here’s the YouTuber Benn Jordan, show­ing his view­ers how to Flock-proof their li­cense plates and ren­der their ve­hi­cles il­leg­i­ble to the com­pa­ny’s data in­ges­tion sys­tems:

In re­sponse to such Flock counter-tac­tics, Florida passed a law last year mak­ing it il­le­gal to cover or al­ter your li­cense plate.

In his GoFundMe, Sovern also men­tioned the sup­port for him he’d seen on fo­rums on­line, so I went over to Reddit to get a sense for how his ac­tions were be­ing re­ceived on­line. Here was the page that shared news of his ar­rest for de­stroy­ing the Flock cam­eras:

There was, in other words, nearly uni­ver­sal sup­port for Sovern’s Flock dis­man­tling cam­paign. Bear in mind that this is r/​Nor­folk, and while it’s still red­dit users we’re talk­ing about, it’s not like this is r/​an­ar­chism here:

The San Diego red­dit threads car­ry­ing news of the de­stroyed Flock equip­ment told a sim­i­lar story:

There were plenty of out­right en­dorse­ments of the sab­o­tage:

Off the mes­sage boards and in real civic life, Bill Paul, the re­porter with the San Diego Slacker, says anger is boil­ing over, too. He points again to that heated December 2025 city coun­cil meet­ing, in which pub­lic out­rage was left un­ad­dressed. The city, per­haps aware of the stigma Flock now car­ries, ap­par­ently tried to high­light that their fo­cus was on the “smart street­lights” made by an­other com­pany, while down­play­ing the fact that those street­lights run on Flock soft­ware.

“San Diego gets to hide be­hind a slight fa­cade in that their con­tract is with Ubicquia,” the smart street­light man­u­fac­turer, Paul says, “but the soft­ware layer is Flock. You can eas­ily see Flock hard­ware on re­tail prop­er­ties, look­ing at the same cit­i­zens, with zero over­sight, and SDPD can claim they have clean hands.”

Weeks later, pieces of smashed Flock cam­eras lit­tered the ground.

Across the coun­try, in other words, mu­nic­i­pal gov­ern­ments are over­rid­ing pub­lic will to make deals with a prof­i­teer­ing tech com­pany to sur­veil their cit­i­zens and to col­lab­o­rate with fed­eral agen­cies like ICE. It might be taken as a sign of the times that in states and cities across the US, thou­sands of miles apart, those op­posed to the tech­nol­ogy are re­fus­ing to coun­te­nance what they view as vi­o­la­tions of pri­vacy and civil lib­erty, and are in­stead tak­ing up vice grips and metal cut­ters. And in many cases, they’re get­ting hailed by their peers as he­roes.

If you’ve heard sto­ries of smashed Flock cam­eras or dis­man­tled sur­veil­lance equip­ment in your neigh­bor­hood, please share—drop a link in the com­ments, or con­tact me on Signal or at bri­ancmer­chant@pro­ton.me.

Thanks to Lilly Irani for the tip on the smashed Flock cams in San Diego.

In case you missed it, I shared my five take­aways on the most re­cent round of ul­tra­heated AI dis­course here:

The ex­change was filmed and recorded on YouTube:

Police in Claremore, Oklahoma ar­rested a lo­cal man af­ter he went slightly over his time giv­ing pub­lic re­marks dur­ing a city coun­cil meet­ing op­pos­ing a pro­posed data cen­ter. Darren Blanchard showed up at a Claremore City Council meet­ing on Tuesday to talk about pub­lic records and the data cen­ter. When he went over his al­lot­ted 3 min­utes by a few sec­onds, the city had him ar­rested and charged with tres­pass­ing. The sub­ject of the city coun­cil meet­ing was Project Mustang, a pro­posed data cen­ter that would be lo­cated within a lo­cal in­dus­trial park. In a mir­ror of fights play­ing out across the United States, de­vel­oper Beale Infrastructure is at­tempt­ing to build a large data cen­ter in a small town and the res­i­dents are con­cerned about wa­ter rights, spik­ing elec­tric­ity bills, and noise.The pub­lic hear­ing was a chance for the city coun­cil to ad­dress some of these con­cerns and all res­i­dents were given a strict three minute time limit. The en­tire event was livestreamed and archive of it is on YouTube. Blanchard was warned, barely, to “respect the process” by one of the coun­cil mem­bers but was clearly fin­ish­ing read­ing from pa­pers he had brought to read from, was not bel­liger­ent, and went over time by just a few sec­onds. Anyone who has ever at­tended or watched a city coun­cil meet­ing any­where will know that peo­ple go over their time at es­sen­tially any meet­ing that in­cludes pub­lic com­ment.Blan­chard ar­rived with doc­u­ments in hand and ques­tions about pub­lic records re­quests he’d made. During his re­marks, peo­ple clapped and cheered and he asked that this not be counted against his three min­utes. “There are ma­jor con­cerns about the pub­lic process in Claremore,” Blanchard said, ref­er­enc­ing com­pli­ance doc­u­ments and ir­reg­u­lar­i­ties he’d un­cov­ered in pub­lic records.

Blanchard was then ar­rested as the crowd jeered in dis­be­lief. Also dis­con­cert­ing was the way the lo­cal news framed the event, with a lo­cal an­chor de­fend­ing au­thor­i­ties by claim­ing he was “warned mul­ti­ple times.” Seems like a pretty sure­fire way to make peo­ple hate data cen­ters and the gov­ern­ments pro­tect­ing them even more!

On Wednesday, I headed to Pershing Square in down­town Los Angeles, where dozens of gig work­ers and or­ga­niz­ers with Rideshare Drivers United had as­sem­bled to de­liver a pe­ti­tion to the California Labor Commission signed by thou­sands of work­ers, call­ing on the body to de­liver a set­tle­ment on their be­half. Organizers made short speeches on the steps of the square while lo­cal ra­dio and TV sta­tions cap­tured the mo­ment. “

The Labor Commission is su­ing the gig com­pa­nies on dri­vers’ be­half, al­leg­ing that Uber and Lyft stole bil­lions of dol­lars worth of wages from dri­vers be­fore Prop 22 was en­acted in 2020. The com­mis­sion is be­lieved to be in ne­go­ti­a­tions with the gig com­pa­nies right now that will de­ter­mine a set­tle­ment.

I spoke with one dri­ver, Karen, who had trav­eled from San Diego to join the demon­stra­tion, and asked her why she came. “It’s im­por­tant we build dri­ver power” she said. “Without dri­ver power, we won’t get what we need, and we just want fair­ness.” She said she was hop­ing to claim at least $20,000 in stolen wages.

“We’re fight­ing for wages that were stolen for us from us and con­tinue to be stolen from us every sin­gle day by these app com­pa­nies from hell,” RDU or­ga­nizer Nicole Moore told me. “So we’re march­ing in down­town L. A. to de­liver 10,000 sig­na­tures of dri­vers de­mand­ing that the state fight hard for us, and don’t let these com­pa­nies rip us off.”

According to Tesla’s own num­bers, its new RoboTaxis in Austin are crash­ing at a rate 4 times higher than hu­man dri­vers. The EV trade pub­li­ca­tion Electrek re­ports:

With 14 crashes now on the books, Tesla’s “Robotaxi” crash rate in Austin con­tin­ues to de­te­ri­o­rate. Extrapolating from Tesla’s Q4 2025 earn­ings mileage data, which showed roughly 700,000 cu­mu­la­tive paid miles through November, the fleet likely reached around 800,000 miles by mid-Jan­u­ary 2026. That works out to one crash every 57,000 miles. The irony is that Tesla’s own num­bers con­demn it. Tesla’s Vehicle Safety Report claims the av­er­age American dri­ver ex­pe­ri­ences a mi­nor col­li­sion every 229,000 miles and a ma­jor col­li­sion every 699,000 miles. By Tesla’s own bench­mark, its “Robotaxi” fleet is crash­ing nearly 4 times more of­ten than what the com­pany says is nor­mal for a reg­u­lar hu­man dri­ver in a mi­nor col­li­sion, and vir­tu­ally every sin­gle one of these miles was dri­ven with a trained safety mon­i­tor in the ve­hi­cle who could in­ter­vene at any mo­ment, which means they likely pre­vented more crashes that Tesla’s sys­tem would­n’t have avoided.Us­ing NHTSA’s broader po­lice-re­ported crash av­er­age of roughly one per 500,000 miles, the pic­ture is even worse, Tesla’s fleet is crash­ing at ap­prox­i­mately 8 times the hu­man rate.

-“The Left Doesn’t Hate Technology, We Hate Being Exploited,” by Gita Jackson at Aftermath.

“Meta drops $65 mil­lion into su­per PACs to boost tech-friendly state can­di­dates,” by Christine Mui in Politico.

-A great new re­port from cli­mate re­searcher Ketan Joshi, “The AI Climate Hoax: Behind the Curtain of How Big Tech Greenwashes Impacts,” has been mak­ing head­lines and is well worth a read. Perhaps we’ll dig deeper into it in a fu­ture is­sue.

-The LA Times re­ports that the Southern California air board re­jected new pol­lu­tion rules af­ter an AI-generated flood of made-up com­ments. Here’s UCLA’s Evan George on how AI poses a unique threat to the civic process.

Okay okay, that’s it for this week. Thanks as al­ways for read­ing. Hammers up.