Google and Reddit have contracts: Google has official scraping access to Reddit (probably more than that at this point since the contracts were signed 1-2 years ago). But the fact that Reddit does a good job at moderating human content makes it a boon for plausibly "up-to-date" info (which a model doesn't have). Google's LLM summaries even include Reddit as its foremost "citations".

Anyway, Google does a RAG or something similar for its LLM responses, and takes Reddit info at face value. I'm very interested to see what the "thresholds" are, like how much context poisoning do you need to be effective. If the above link is reliable then the answer is "mere sentences".

Certainly bad-actor merchants would try this sort of thing on merchandise subreddits; welcome to the new AIO/GEO everyone.

"Information wants to be free" is a small part of the hacker ethos venn diagram. There are many hacker ethos traits that aren't about cracking, specifically.

Also, the server "information" isn't free (as in beer) to begin with, it costs server availability. Coming up ways to penalize greedy actors is not only well within the server operator's perogative, it's an interesting tit-for-tat problem that could pique any hacker's interests.

A bonus hacker trait is that these poisoning responses are individualistic, i.e. the government doesn't get involved, where certainly more aggressive anti-AI sentiments could (wrongly) call for that.

So I'd say this type of LLM-resistance falls squarely in the original hacker ethos, even though it incidentally counteracts one minor aspect of "information availability". Though I'd certainly agree that the picture today is a lot different than it was. Ironic even.

Moreover, the submitter of this article (probably not the author) spams ~4 submissions per day.

(Thanks for visidata btw, awesome tool that helped me with a side project not long ago.)

It's decaying for a lot of the reasons displayed in the post, like you described, but the post also:

  - is overlong (probably LLM assisted)
  - is self-congratulatory
  - boosts AI
  - rewrites an existing project (vs contributing to the original)
  - conjures long-term maintenance doubt/suspicions
  - is functionally an advertisement (for CloudFlare)

https://android-developers.googleblog.com/2025/08/elevating-...

> The scale of this threat is significant: our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play

Bald face lies are getting baldier.

I can figure out how to shasum/sig the extension for heightened trust.

I suppose that my point is more that creating a GitHub repo has some strings attached to it nowadays, is all.

Thanks for commenting so I could see this.

For what it's worth, penalizing submission rates is not the default in the plugin itself, that's just for the demo. And also, in my testing, HN at large has "high trust" practically everywhere. My own account is consistently one of the lowest scoring that I come across, ironically. So perhaps this plugin isn't as useful as I had hoped.

It's centralized for a few reasons though, first being that client-side API requests would be discourteous to the APIs (flood/ddos), and a whole new level of error handling would be required. Shared IPs, like those in a tech company building, would easily and quickly reach the API limits. So that's the reasoning, if you're curious.

(I'm not being facetious or accusatory, I'm genuinely interested learning how some of these high submission rates operate, since a lot look automated).

First is that I didn't want to make a plugin in the first place, I wanted to make a bookmarklet, but HN's CSP policy was too strict. So that was a bummer.

Second is that I have very mixed feelings about open source these days, and so open-sourcing feels less and less like the sensible default state. One of the sibling comments here discovered the alltrust.json and vibecoded around it, which is really a case in point about why open sourcing feels like I'd be leaving myself "open" to be domineered (not just by users, but by bots and companies as well).

Third is that the system/plugin is partly LLM-assisted itself (even though the code is minuscule), and I'm self conscious of being a slop-slinger. Or at least, pushing up repos with LLM code just feels, idk... lazy and asymmetrical (despite this plugin having clear utility, which I think it does).

But it's completely fair to say "oh look, a plugin about trust that's closed source, how hypocritical." I get that. If there's enough interest I'll open source it, sure.