these keys allow anyone to […] brick all r1s
the rabbit team is aware of this leaking of api keys and have chosen to ignore it.
Assuming that’s true, then just bricking them all sounds like it might even be the ethically correct move.
Submitted 4 months ago by mke@lemmy.world to technology@lemmy.world
https://rabbitu.de/articles/security-disclosure-1
these keys allow anyone to […] brick all r1s
the rabbit team is aware of this leaking of api keys and have chosen to ignore it.
Assuming that’s true, then just bricking them all sounds like it might even be the ethically correct move.
It will be hard to tell. What’s the difference between a bricked r1 and a non bricked r1? Answer: not much at all.
It’s like the ending of Silicon Valley. Maybe they’re trying to shit their pants so badly that nobody will ever try to make another device like this.
I don’t know if it is worth the effort to brick 3 devices out in the wild.
I’m shocked. Shocked I say!
the most interesting key is for elevenlabs, which gives full privileges. this allows us to:
(…) delete voices (and crash the rabbitOS backend, thus rendering all r1 devices useless)
we have internal confirmation that the rabbit team is aware of this leaking of api keys and have chosen to ignore it. the api keys continue to be valid as of writing.
So there is a chance?
aint that shit a scam?
bu they still harvest the data?
So is this now 2x scam?
Some context on what the fuck is rabbit and r1 would have been helpful.
Since no one is explaining and I have only ever heard of Rabbit on Lemmy (again with no context, probably a US thing), here is a Kagi quick answer:
what is rabbit and r1?
Based on the available information, the Rabbit R1 is a new AI-powered device developed by a tech startup called Rabbit Inc. and designed by Teenage Engineering. The key details about the Rabbit R1 are:
- It is a standalone handheld gadget about half the size of an iPhone, with a 2.88-inch touchscreen and a rotating camera for taking photos and videos. 【1】【2】
- The Rabbit R1 is powered by an AI assistant and is intended to help users interact with various apps and services on their smartphone, essentially acting as a remote control. 【3】【4】
- It connects to the internet via 4G LTE and Wi-Fi, allowing it to provide real-time information and assistance. 【5】
- The Rabbit R1 currently supports integration with apps like Uber, Spotify, Midjourney, and DoorDash, allowing users to control these services through the device. 【6】
- Reviews of the Rabbit R1 have been mixed, with some criticizing its unreliable performance, inaccurate answers, and short battery life. 【7】【2】
In summary, the Rabbit R1 is an AI-powered handheld device that aims to provide a more convenient way for users to interact with various apps and services on their smartphones. However, it seems the device still has some issues that need to be addressed.
- The Rabbit R1 is an AI-powered gadget that can use your apps for you
- Rabbit R1 review: an unfinished, unhelpful AI gadget - The Verge
- What are the main functions of the Rabbit R1? Its everyday use?
- What exactly is the Rabbit R1 AI device that confused many people?
- Rabbit R1 hands-on review: Something is iffy about this | Mashable
- Rabbit R1 Explained: What This Tiny AI Gadget Actually Does - CNET
- Rabbit R1 review: Avoid this AI gadget - Tom’s Guide
what the fuck is rabbit and r
It’s basically just a scam
Hahaha, that’s a pretty wild read.
The fucking Gamaverse,
I mean, today’s 10,000 and all that, but you’re on a technology forum and haven’t heard of the Rabbit R1?
No them, but even knowing what it is this is hardly a device with iPhone level popularity.
What you don’t know the RG35XX? You’re not down with the Orange Pi? You don’t fuck with marushier stick boxes?
It’s not internet vapoerware obscure, but this shit would be a distantly forgotten afterthought in another 12 months.
It all depends on what areas of technology interest you. Some context (e.g. in the body of the lemmy post) for more niche areas is always helpful.
You are aware that “technology” is not limited to shitty apps with a small user base?
Search engines haven’t gotten that bad, have they?
No fuck you. Just because search engines exist doesn’t mean we should normalize headlines and post titles with so little information that you have to Google shit for 3 minutes to figure out what they are talking about.
we have internal confirmation that the rabbit team is aware of this leaking of api keys and have chosen to ignore it.
Lmao, I guess nobody’s surprised. A scam is a scam.
we will not be publishing any more details out of respect for the users
Kind of lame, I was hoping they’d brick every r1 device just out of spite. Let it be a cautionary tale for whoever was dumb enough to buy one.
I they literally only have a handful of users, so probably don’t see a need to do anything about it 🤣
That could be hundred of kilobytes of data!
Typical security negligence of startups.
Your data is essentially never secure if it’s sitting with a startup. It’s an atrocious world for security out there.
Calling this a startup is being excessively generous. Startups are meant to eventually be viable.
This is a scam. The product just feeds your queries into ChatGPT and spits out the response. They’ve backend tech they’ve described flat out does not exist. It’s all smoke and mirrors.
Sounds about right.
This kills the rabbit.
Was it ever truly alive
That didn’t take long.
Wow so edgy, they don’t use uppercase letters
See, it must have made their passwords easier to guess…
Why the fuck are they using a cloud tts on an Android device??? Can’t they use on device tts?? Seems extremely stupid for no reason
It’s expensive. They are paying a fee to the third party tts provider each single time someone needs a response. They boast “no subscriptions” - that means those fees are paid only by new customer purchases. Ponzi 2.0
It’s slower. Each time the device needs to reply, it needs to stream an audio file instead of a few bytes of compressed text
For the more realistic voices it’s only cheaper in the short term. I get it - they don’t like the robotic free voices and licensing a good closed source one costs money. But then you don’t need to pay the “cloud” forever. Did they plan to shut down shortly after the launch? Where the money for running each user in a VM is coming out? (I saw from a YouTube video that it looked like they were using a browser automation tool in a VM)
At this point since everything is run on the cloud (=somebody else’s computer) this could not only be a smartphone app, but a smartwatch app.
I wonder if they will just fold and do a rug pull now blaming the hackers or fix the problem.
Fixing the problem seems difficult for them - need to fully rewrite the app and having everything proxied through their authenticated server, increasing their expenses (and a rushed fix isn’t secure/tested). But their money comes only from new investors and new customers, and at this point I doubt that they can sell more units or scam more investors.
Where do I download these?
Lots of tech people who don’t know or care about the r1 device are going to get a jumpscare from this post 😁
Yup, had to read it twice! Just about had a heart attack
Rabbit? Like… the personal massager?
No, the personal wallet lightener (it’s just a shitty android phone with no LLM running a poorly written app)
Using Android as a base was honestly the most reasonable thing they did. No reason to reinvent the wheel. What they made with it is admittedly really shit, though.
No please don’t confuse these. One is a technological marvel that changed the world for the better and the other is just an orange box that doesn’t do anything at all except maybe steal your personal data.
Still think those people should have gotten a playdate instead, it’s more fun and certainly not less useful (which is, not at all).
(When I first heard about the r1 I immediately thought it was weird how the 2 devices looked alike, I’ve since learned they shared the same designers).
dannoffs@lemmy.sdf.org 4 months ago
Both Rabbit R1 users should be concerned.
Vent@lemm.ee 4 months ago
So… nobody?