While the loss of secrecy between you and the LLM provider is a legitimate risk, the point of the article was that you should only use vetted RNGs to generate passwords, because LLMs will frequently generate identical secure-looking passwords when asked to do so repeatedly, meaning that all a bad actor has to do is collect the most frequent ones and go hunting.

The loss of secrecy between you and the LLM only poses a risk if the LLM logs are compromised, exposing your generated passwords. The harvesting of commonly-generated passwords from LLMs poses a much broader attack surface for anyone who uses this method, because any attacker with access to publicly available LLMs can start mining commonly generated passwords and using them today without having to compromise anything first.

I can sign up for a cohort today, but there's not even a hint of how long it will take the cohort to fill up. The most subscribed cohort is only at 42% (and dropping), so maybe days to weeks? That's a long time to wait if you have a use case to satisfy.

And then the cohort expires, and I have to sign up for another one and play the waiting game again? Nobody wants that level of unreliability.

Also, don't say "15-25 tok/s". That is a min-max figure, but your FAQ says that this is actually a maximum. It makes no sense to measure a maximum as a range, and you state no minimum so I can only assume that it is 0 tok/s. If all users in the cohort use it simultaneously, the best they're getting is something like 1.5 tok/s (probably less), which is abyssmal.

You mention "optimization", but I have no idea what that means. It certainly doesn't mean imposing token limits, because your FAQ says that won't happen. If more than 25 users are using the cohort simultaneously, it is a physical impossibility to improve performance to the levels you advertise without sacrificing something else, like switching to a smaller model, which would essentially be fraud, or adding more GPUs which will bankrupt you at these margins. With 465 users per cohort, a large chunk of whom will be using tools like OpenClaw, nobody will ever see the performance you are offering.

The issue here is you are trying to offer affordable AI GPU nodes without operating at a loss. The entire AI industry is operating at a loss right now because of how expensive this all is. This strategy literally won't work right now unless you start courting VCs to invest tens to hundreds of millions of dollars so you can get this off the ground by operating at a loss until hopefully you turn a profit at some point in the future, but at that point developers will probably be able to run these models at home without your help.

Power users always cost these services more than they pay, and OpenClaw turns every user into a power user. A recalculation was rational.

It's pretty simple. Compliance is legally important, and faking compliance exposes companies to extraordinary legal liability. Being lied to about your compliance warrants outrage.

>SOC2 is basically fake

This isn't true, but if it were, it would justify outrage in its own right.

FUCK META

And there need to be serious regulations about how these agreements can be used, and those regulations should protect whistleblowers at all costs. Like a public figure suing for libel/slander/defamation, the burden of proving statements false should rest entirely with the company.

If you max out your token limits, you are costing Anthropic more than you are paying them. They only expect a small percentage of their users to do this, but OpenClaw changed the dynamic.

Anthropic knows that they will lose more users by lowering limits than they will by blocking OpenClaw, because OpenClaw users will overwhelmingly switch to API pricing, while chatbot users will leave for competitors with higher limits.

They are a business. They hope to become profitable. This was the correct move.

Anthropic's current business model is to sell access to their tools to subscribers at a loss. Users maxing out their $200/month plan can realistically cost Anthropic $500-600 in actual compute costs.

Anthropic is okay with this right now because they want to amass as many users as they can, and eventually hope that GPUs will increase in power and efficiency, and their LLMs will become more efficient as well. They can eventually profit off of their current pricing, or with modest price increases, if that comes to fruition.

But letting OpenClaw wake up every 30 minutes and start sending requests is a surefire way to max out your weekly limits, and that certainly isn't something Anthropic planned for.

Sometimes it toils away for 2+ hours, spawning Claude Code instances, checking its work, testing the code, even using browser automation to make sure everything works the way it is supposed to if it's writing a webapp.

In the end, it consumes like $10-20 worth of tokens and spits out a functional application with everything I asked for.

Claude Code can do this on its own, to an extent, but there's something about getting OpenClaw to iterate through multiple sessions and testing everything to make sure it works the way I described that I really like. It completely offloads the process to the AI, and keeps me mostly out of the loop.

Is the code any good? Probably not. Am I at risk of being exploited by malware? Probably. But I have automated quite a lot of things with the software that OpenClaw builds for me, and I am careful to review the libraries it imports before running the code on any machine with actual access to anything I actually care about.

Personally, anyone using OpenClaw for the "it reads your emails" use case is crazy, because prompt injection is real, and you're basically inviting anyone who knows your email address to take a stab at pwning you, with full access to your personal life. I keep my instances on a VPS, behind a restrictive security group, and only accessible via Tailscale where it has zero access to anything on my tailnet. I only recently gave it its own email account (not mine!), but even then I am skeptical of doing so, and take efforts to prevent it from taking action on any email it receives (e.g., disabling the Heartbeat) because who knows what it'll end up doing. I mostly like that it can email me if I ask it to.

That user said that they use OpenClaw to scrape city meetings for context so that they can more efficiently participate in local politics. You then attacked them, accusing them of "leaving AI slop comments on public city meetings", which isn't what they said they were doing at all.

I see absolutely no problem in using AI to summarize large quantities of information (such as a collection of city meeting notes). Summarization is one of the places that AI really shines right now, and if it helps people wrap their head around what is happening in their communities, good!

I understand a healthy skepticm of AI. Everyone should have some degree of that. But maybe avoid the urge to publicly shame people for their use of AI, especially on a site like this where that won't be received well. Or, if you're going to offer criticism, show some tact.

Or did you just see "China" and decide it must be malicous?

(This is a rhetorical question, I already know it's the latter)

So what is it? Misleading, or exactly what you expected to find? It cannot be both.

It sounds more like you object to the negative framing of Microsoft hoovering up as much data as possible for profit, even though this is objectively a crime in the jurisdictions they are being sued in.

When the DoD forgets to renew the cert for their cybersecurity download website AND can't figure what a A TLS cert even is (calling it a "TSSL Certification"), this is an indicator that our military has absolutely zero understanding of the most basic cybersecurity concepts.

If you can't tell the difference between a hobbyist forgetting to renew their Let's Encrypt cert, vs. a trillion-dollar military not even knowing what a certificate is, maybe you should work for our military, because they can't tell the difference either.