It's getting to the point where a user needs at minimum two browsers. One to allow all this horrendous client checking so that crucial services work, and another browser to attempt to prevent tracking users across the web.
Nick, I understand the practical realities regarding why you'd need to try to tamp down on some bot traffic, but do you see a world where users are not forced to choose between privacy and functionality?
You want to go to the world's best hotel? You are gonna be on their CCTV. Staying at home is crappier but private.
Unfortunately for the first time moores law isn't helping (e.g. give a poor person an old laptop and install linux they will be fine). They can do that and all good except no LLM.
Probably not even hidden because rich people are also catching a lot of legal winds, in which case the hotel has no choice but to provide the material. Better not to have it in the first place. You don't want your hotel cams listed as evidence in a 500M$ divorce case I guess.
Also are hidden cameras even legal? I know here in EU they aren't.
Brilliant! Just the thing we want: more hardware attestation, more deanonymization, less user control, all diligently orchestrated in a repository where the only contributor is Anthropic Claude [0]. Comes complete with a misaligned ASCII diagram in the README to show how much effort the humans behind it put in!
Yes, even their "humanifesto" is LLM output, and is written almost exclusively in the "it's not X <emdash> it's Y" style.
Those are all situationally-valid criticisms, but I've long thought the ability to have smartphones' cameras cryptographically sign photos is good when available. The use case is demonstrating a photo wasn't doctored, and that it came from a device associated with e.g. a journalist, who maintains a public key. Of course, it should be optional.
Yes! That's what I'm getting at. This protocol optionally allows you to sign with your private key, but you don't have to for the protocol to provide utility. It could just be enough to say "if you trust magicseth's binary and apple, then this was typed one letter at a time"
There's nothing stopping folks from typing a message an LLM wrote one at a time, but the idea of increasing the human cost of sending messages is an interesting one, or at least I thought :-(
The other problem is that the device or company might decide not to attest for you.
For instance, the employee at Apple that decided to pull ICE Block from the store could decide that the "admissible in court" bit should be false if it looks like a police officer is in frame.
Similarly, the keyboard could decide your social credit score is too low, and just stop attesting. A court could order this behavior.
Or, you could fail mandatory age / id verification because your credit card expired, and then all the above + more could happen! Good luck getting through to credit card tech support at that point...
Hi! I want anonymity! I also want to be able to prove what level of effort has been put in to something. I think there's room for both. This is an encrypted proof that I wrote something on a keyboard that tracks fingers. The protocol allows you to optionally sign it with your identity, but that isn't strictly required.
It is an attempt at putting something into the conversation more than just "OSS is broken because there are too many slop PRs." What if OSS required a human to attest that they actually looked at the code they're submitting? This tool could help with that.
Yes LLMs were used greatly in the production of this prototype!
It doesn't change the goal of the experiment! or it's potential utility! Do you see any potential area in your world where some piece of this is valuable?
There are six emdashes on that page. NONE of them are "it's not X it's why".
> Emails, messages, essays, code reviews, love letters — all suspect.
> We believe this can be solved — not by detecting AI, but by proving humanity.
> KeyWitness captures cryptographic proof at the point of input — the keyboard.
> When you seal a message, the keyboard builds a W3C Verifiable Credential — a self-contained proof that can be verified by anyone, anywhere, without trusting us or any central authority.
> That's an alphabet of 774 symbols — each carrying log2(774) ≈ 9.6 bits. 27 emoji for 256 bits.
> They're a declaration: this message was written by a person — one of the diverse, imperfect, irreplaceable humans who still choose to type their own words.
Clarifications: 4
Continuation from a list: 1
Could just be a comma: 1
"It's not X -- it's Y": 0.
If you're going to make lazy commentary about good writing being AI, please at least be sure that you're reading the content and saying accurate things.
It is largely written by iteration with an LLM! No need to speculate or analyze em dashes :-)
The emoji idea was mine. I like it :-) unfortunately it doesn't work in places like HN that strip out emoji. So I had to make a base64 encoding option.
The goal was to create an effective encryption key for the url hash (so it doesn't get sent to the server). And encoding skin tone with human emojis allows a super dense bit/visual character encoding that ALSO is a cute reference to the humans I'm trying to center with this project!
Oh you think it's stupid? It was an attempt to encode an encryption key that isn't sent to the server in a way that is minimally invasive. The skintone emomis allow pretty high byte density, and also are cute!
Sorry it doesn't meet your needs.
There is irony in having an ai generated humanifesto. Could it be intentional? hmm?
Is there no irony in deriding a project for being potentially LLM generated, when it's goal is to aide people in differentiating?
:shrug:
The first widely distributed and open source version of this typist timing validation idea I saw (and incorporated into my own software at the time) was released by Michael Crichton as part of a password 2nd-factor checker (1st factor a known phrase or even your name, the 2nd factor being your idiosyncratic typing pattern) in Creative Computing magazine that printed the code.
You’re getting a negative reaction from others but I share this feedback in good faith: I don’t understand what problem your product is supposed to solve.
Yeah I guess the cryptographic stuff sounds vaguely impressive although it’s been a long time since I had to think about cryptography in detail. But what is this _for_? I’m going to buy an expensive keyboard so that I can send messages to someone and they’ll know it’s really me – but it has to be someone who a) doesn’t trust me or any of our existing communication channels and b) cares enough to verify using this weird software? Oh and it’s important they know I sent it from a particular device out of the many I could be using?
Who is that person? What would I be sending them? What is the scenario where we would both need this?
Also the server can’t read the message but the decryption key is in the URL? So anyone with the URL can still read it? Then why even bother encrypting it?
Maybe this is one of those cases where I’m so far outside your target market that it was never supposed to make sense to me but I feel like I’m missing something here. Or maybe you need to work on your elevator pitch.
I'm actually building a physical keyboard for those people who don't have iphones! Though given the reaction I'm seeing here, I probably won't share it with this audience :-P it has capacitive keys, a secure enclave, and a fingerprint sensor.
Hi! You don't need an x.com account to download, that's just the easiest way to dm me. If you're actually interested, I can let you try it! The source is also available.
It proves 1) that an apple device with a secure enclave signed it. 2) that my app signed it.
If you trust the binary I've distributed is the same as the one on the app store, then it also proves:
3) that it was typed on my keyboard not using automation (though as others have mentioned, you could build a capacitive robot to type on it)
4) that the typer has the same private key as previous messages they've signed (if you have an out of band way to corroborate that's great too)
5) optionally, that the person whose biometrics are associated with the device approved it.
There is also an optional voice to text mode that uses 3d face mesh to attempt to verify the words were spoken live.
Not every level of verification is required by the ptrotocol, so you could attest that it was written on a keyboard, but not who wrote it (not yet implemented in the client app).
The protocol doesn't require you to run my app, if you compile it yourself, you can create your own web of trust around you!
>that an apple device with a secure enclave signed it.
What Apple devices are supported? All I have is a iPhone 4 running a old iOS version(pre iOS 7) (which I will not update and I don't think has a secure enclave) and a M1 mac mini and some lightning earpods and a apple thunderbolt display and some USB-A chargers and some old MacBooks.
I think that the concept is stupid becuase it would require to somehow prove that the app is not modified(which is impractical) and there is no stylus on a motor or fake screen(which is also impractical).
I think that a better aproach would be to form a Web Of Trust where only people's (not just humans, this would include all animals and potentially aliens but no clankers) certificates are signed, but with a interface that is friendly to people who are not very into technology but with some sort of way to not have who your friends are revealed, but this would still allow someone to get a attestation for their robot.
This idea of capturing the timing of people's keystrokes to identify them, ensure it is them typing their passwords, or even using the timing itself as a password has been recurring every few years for at least three decades.
It is always just as bad. Because there are so many cases where it completely fails.
The first case is a minor injury to either hand — just put a fat bandage on one finger from a minor kitchen accident, and you'll be typing completely differently for a few days.
Or, because I just walked into my office eating a juicy apple with one hand and I'm in a hurry typing my PW with my other hand because someone just called with an urgent issue I've got to fix, aaaaannnd, your software balks because I'm typing with a completely different cadence.
The list of valid reasons for failure is endless wherein a person's usual solid patterns are good 90%+ of the time, but will hard fail the other 10% of the time. And the acceptable error rate would be 2-4 orders of magnitude less.
It's a mystery how people go all the way to building software based on an idea that seems good but is actually bad, without thinking it through, or even checking how often it has been done before and failed?
I’m sceptical about this idea but, to give it full credit, it’s a custom piece of hardware that would presumably be more accurate than previous software-only attempts. Maybe it will actually work this time, idk, although I still don’t really see the point.
>>While you type, the keyboard quietly records how you type — the rhythm, the pauses between keys, where your finger lands, how hard you press.
>>Nobody types the same way. Your pattern is as unique as your handwriting. That's the signal.
This very precisely makes my point:
Yes, the typing pattern of any human is highly and possibly even completely unique to that human — UNTIL any of a myriad of everyday issues makes it falsely deny access because the human's typing pattern has changed in a way the human can't do anything to fix at the moment.
If you are only attempting to distinguish a human from an automated system, it'll be better, until someone just starts recording the same patterns and re-playing them to this upstream process; then its a mere race to who can get their hooks in at a lower level. And someone is always going to say: "Oh, this system can identify the specific human", and we're off to the races again.
So, no. Unless you can account for ALL of the reasonable everyday failure modes, typing with either hand, any finger or combination of fingers out of commission for a minute or a lifetime, this idea will fail.
I wonder what the PGP signing concept does to thwart people who want to profit and don't care about the public good. It seems like anyone who attends a signing party can sell their key to the highest bidder, leading to bots and spammers all over again.
In the flat trust model we currently use most places, it's on each person to block each spammer, bot, etc. The cost of creating a new bot account is low so it's cheap to make them come back.
On a web of trust, if you have a negative interaction with a bot, you revoke trust in one of the humans in the chain of trust that caused you to come in contact with that bot. You've now effectively blocked all bots they've ever made or ever will make... At least until they recycle their identity and come to another key signing party.
Once you have the web in place though, a series of "this key belongs to a human" attestations, then you can layer metadata on top of it like "this human is a skilled biologist" or "this human is a security expert". So if you use those attestations to determine what content your exposed to then a malicious human doesn't merely need to show up at a key signing party to bootstrap a new identity, they also have to rebuild their reputation to a point where you or somebody you trust becomes interested in their content again.
Nothing can be done to prevent bad people from burning their identities for profit, but we can collectively make it not economical to do so by practicing some trust hygiene.
Key signing establishes a graph upon which more effective trust management becomes possible. It on its own is likely insufficient.
Doesn’t really make sense, because any service can just say “you must paste your human-attestation JWT here to use this service” and plenty of people will.
You can just decay your trust level based on the `iat` value. That way people will need to keep buying me coffee. I can optionally chide them for giving out their token.
If you're engaging with the idea seriously, I suppose we'd need to build a reputation or trust network or something.
Although if you're talking about replay attacks specifically, there are other crypto based solutions for that.
My point is that there probably is no way in principle to distinguish between a human user utilizing automation on their own behalf in good faith (e.g. RSS readers) and bad faith automations.
A human is personally responsible for a bot acting on their behalf. If your bot behaves, nothing is going to happen. If you keep handing out your personal keys to shitty misbehaving bots, then you will personally get banned - which gives you a pretty good incentive to be a bit more discerning about the bots you use.
Yes, everything should just be agnostic, as long as the incentives work out it's all fine. Like if we had worked out micropayments for the web (not saying that's a good idea per se), then who cares if you're a bot or a human when you're paying a toll either way? Flipping it to be a cost rather than payment is functionally equivalent.
I am not Nick, but there's a few ways that world happens: the free tier goes away and what people pay for more correctly reflects what they use, this all becomes cheap enough that it doesn't matter, or we come up with an end to end method of determining usage is triggered by a person.
Another way is to just do better isolation as a user. That's probably your best shot without hoping these companies change policies.
i am increasingly moving towards a model of 'no browser'.
search for me is now a proprietary index (like exa) that filters rubbish, with a zero data retention sla. so we don't need google profiling.
the content is distilled into markdown pulled from cloudflare's browser rendering api.
i let cloudflare absorb the torrent of trackers and robot checks, i just get md from the api with nothing else. cloudflare is poacher and gamekeeper.
an alternative is groq compound which can call browsers in parallel.
for interactive sites, or local ai browsing, i sometimes run a browser in a photon os docker with vnc, which gives you the same browser window but it runs code not on your pc.
that said little of my use is now interacting with websites, its all agentic search and websets so i don't have to spend mental energy on it myself
>It's getting to the point where a user needs at minimum two browsers. One to allow all this horrendous client checking so that crucial services work, and another browser to attempt to prevent tracking users across the web.
What are you talking about? It works fine with firefox with RFP and VPN enabled, which is already more paranoid than the average configuration. There are definitely sites where this configuration would get blocked, but chatgpt isn't one of them, so you're barking up the wrong tree here.
Is your interlocutor barking up the wrong tree, or are you missing the forest for the trees?
According to the OP:
> The program checks 55 properties spanning three layers: your browser (GPU, screen, fonts), the Cloudflare network (your city, your IP, your region from edge headers), and the ChatGPT React application itself (__reactRouterContext, loaderData, clientBootstrap).
I guess Firefox VPN will hide the IP at least. But what about the other data, is it faked by RFP? Because if not, the so-called privacy offered by this configuration is outdated.
You might be fingerprinted by OpenAI right now, as “that guy with all the Firefox anti-fingerprinting stuff enabled, even though it breaks other sites”.
>But what about the other data, is it faked by RFP?
Yes, RFP spoofs or at least somewhat obfuscates/normalizes GPU/screen/font info. The rest are integrity validations of the server/app, and not really identifying in any way.
>You might be fingerprinted by OpenAI right now, as “that guy with all the Firefox anti-fingerprinting stuff enabled, even though it breaks other sites”.
I'm not sure what the broader point you're trying to make here is. Is fingerprinting bad? Yes. All things being equal, I'd rather not have it than have it, but at the same time it's not realistic to expect openai to serve anonymous requests from anyone. Back when chatgpt was first launched you had to sign up and verify your phone number. Compared to mandatory logins, fingerprinting is definitely the lesser evil here.
> It's getting to the point where a user needs at minimum two browsers. One to allow all this horrendous client checking so that crucial services work, and another browser to attempt to prevent tracking users across the web.
Every time I try this, I end up crossing wires (ie using the browser that 'works' for most things, more than the one that is 'broken')
I love the containers too. My current use case is to keep my YouTube account separate from my Google one. Google doesn't need all that behavioural data in one place.
It's a pity Firefox doesn't get the praise it deserves half as much as it cops criticism.
It is absolutely not an advanced process. It's clicking a gui. It's not advanced thinking to understand profiles. It's a basic ability to hold multiple things in your mind at once. Telling people that's difficult only increases the societal problem that being ignorant is ok.
“Difficult” is a relative term. They were saying it was a difficult concept for them, not you. In order to save their ego, people often phrase those events to be inclusive of the reader; it doesn’t feel as bad if you imagine everyone else would struggle too. Pay attention and you’ll notice yourself doing it too.
“Ignorant” is also infinite - you’re ignorant of MANY things as well, and I’m sure you would struggle with things I can do with ease. For example, understanding the meaning behind what’s being said so I know not to brow-beat someone over it.
The possibilities with Firefox multi containers and automation scripts as well are truly endless.
It's also possible to make Firefox route each container through a different proxy which could be running locally even which then can connect to multiple different VPN's. I haven't tried doing that but its certainly possible.
It's sort of possible to run different browsers with completely new identities and sometimes IP within the convenience of one. It's really underrated. I don't use the IP part of this that I have mentioned but I use multi containers quite a lot on zen and they are kind of core part of how I browse the web and there are many cool things which can be done/have been done with them.
Thanks for sharing the perspective here. I think a lot of folks on HN have rightly said that a lot of the problems with the modern internet are due to the ad-supported business model. I don't think you were ever going to move away from it voluntarily -- too many people support it, even if they grumble about it.
But maybe (and likely for worse) LLMs will finally kill this model.
I would love for the ad-supported model to die. I hate ads, and I hate having to serve ads. We get some subscription users but nowhere near enough to cover costs.
Unfortunately, what I think will happen - and indeed already is - is that the AI companies themselves will replace much of the WWW. Sites like the one I am talking about will cease to exist. AI companies, once they can no longer scrape (steal) the data will end up licensing the data themselves and replace us as the distributor to end users. Perhaps as a subscription add-on or also with an ad based model.
Which to some may be fine. Personally, I don't want a few centralized AI companies replacing the hundreds of thousands of independent websites online. Way too much centralized power there.
I much prefer having my thoughts distilled down into easily digestable and agreeable idioms that I can push around with absolute faith that they weren't just lies written by some PERSON on the internet.
Road Rash 64 is a really underrated game. As you say, the environment is alive, and nearly every race has a lot of potential for wacky slapstick fun. The driving feels really nice and is rewarding to learn.
According to a sticky note somehow still stuck to RR64 box, the unlcok everything code is (from the main screen): Control Up, Control Up, Left Trigger, Control Down, Z Trigger, Left Trigger, Z Trigger, Control Up
The whole “wheelie to jump cars” but “wheelie require touch on analog stick” is a mechanic I’m shocked other action race games never copied. So much fun to press your luck.
The PSX one was open world too (Road Rash 3D?). There were tracks but you could go anywhere, it was and it's still amazing. If you play then under an emulator with just bigger rendering and a bilinear filter the game looks chilling enough modulo for the background with doesn't 'fade/blend' visually as well as it did under old 14" CRT TV sets.
Yeah, so that was what we were in theory "porting." Except that RR3D was streaming off of CD, so they had near infinite disk storage, where we needed to fit in a cartridge. Also -- surprise -- after the contract with EA was signed, it turned out the RR3D team had mostly disbanded inside EA and moved on to other projects, so nobody knew how the streaming worked, where the full map dataset was, how the tracks were represented, etc. Lots of commando visits to EA and long chats later, we had a data dump of the entire map, which was a great start. The compute/storage/graphics performance of the N64 vs PSX were also wildly different, so we ended up having to really rethink virtually all aspects of it.
We also were lucky enough to have an incredible physics engine programmer, so we were running a way better motorcylce simulator than made any kind of sense -- led to huge arguments with our CEO because higher level motorcycles were much harder to ride initially because they were modeled after real performance figures. We fixed that eventually -- Don was right!
Completely agree that none of the games from the CRT era look right on modern TVs. There was a group at GaTech that did some really nice visual simulations of scanline artifacts, but they haven't seemed to generally make it into emulators.
I hope they succeed, and this is from someone who loves Linux and hate Windows. I want as many positive general purpose computing platforms as possible. No, this won't make Windows perfect, but every step in the right direction is crucial.
Much like politics, you want sane, healthy competitors. Microsoft enshittifying as much as possible might bump up the Linux numbers in the short term, but I think it would be unhealthy for Linux in the long term. You want a major power like Microsoft pushing back on some of these trends, which completely opens the door for small players to benefit from that pushback.
I hope the folks at Microsoft can roll back as much of the slop as possible.
> I think it would be unhealthy for Linux in the long term
Mostly agree until this line. MS enshittifying their ecosystem is the resting state and if you believe in the free market (I don't btw), customers voting with their money or data (since they're the product) should be applauded.
TBF Apple does this too on macOS and arguably iOS. I think a lot of their longstanding pushes to merge the two OSes is hostile to their user base who want stronger separations of concerns; a desktop OS has different requirements and capabilities than a phone or a tablet.
Would love to have a Neo with Sequoia which in itself is a step back from Sonoma, but I haven't truly loved any of their OSes since Mountain Lion.
The wording is weird enough that I have to agree. This is the first time I've ever heard spyware segmented using "mercenary" as a qualifier, which is just insanely suspicious.
No one likes when I say this but it's really past time to stop doing anything interesting on your phone. Delete all your apps, set it as minimally as possible. Leave it home when you go for walks, and power it off when you go driving or to the store, or whatever.
how? whatsapp, wechat, telegram, even signal, all require a phone to be used.
if i didn't need any of those apps then sure, but unfortunately there is no way around these apps if i want to keep in touch with certain people that are important to me.
If you need to use these, set the history retention to like no time. That would help a lot. They could still get the contents from the person you are communicating with, but it would require more work on their part. Humans are generally fairly lazy. If you can get the people you communicate iwth to also turn off message retention, that would help. Then they could tell you talked with Tootie, but not what you talked about, at least from the device(s) themselves.
If you “must” use those then keep a phone off in a drawer and turn it on once a day to keep in touch.
If those people won’t allow you to be offline from time to time and aren’t willing to switch communication methods as an alternative, maybe it’s not a symmetrical relationship.
I'm starting to believe this is [a] way forward. Or maybe an approach which is on a spectrum between <everything I have is on a phone behind a fingerprint and a four digit pin> and <I don't own a smartphone>.
Unfortunately, it's pretty common to only have a smartphone as your sole compute device, and increasingly onerous not to own one at all.
>Or maybe an approach which is on a spectrum between
>increasingly onerous not to own one at all.
Yes, and I think this unfortunately demands a grey area. I'm starting to treat my smartphone more like a work device, and there are a few things I do on it:
- My work's authenticator app is there.
- Unfortunately Signal is tied to smartphone usage.
- Practically speaking, people will expect to be able to send you text messages.
- It's still useful for taking pictures.
- My banking app is on there.
Outside of rare occasions, that's really all I use my phone for. I don't carry it around the house. If I go somewhere with my wife, I don't even bring my phone most of the time. I'm "required" to have it, but in principle it's not even mine. It shouldn't be trusted or enjoyed.
Interesting, and not all that implausible. The real test: his personal email should be pretty uninteresting except for stuff like HIPAA, amazon purchases, communications with friends / family. (good for HUMINT) But other than that, there shouldn't be anything in there which should make the news. It'll be interesting to see whether or not that bears out.
If they wanted to maintain access, they certainly wouldn't celebrate it publicly, which is why I assume they want to release information. But, there shouldn't be anything damning to release. ie, there ought not to be if the director is acting professionally. We'll see how the facts bear out. I also suppose it's possible they're just going for any win they can and there's nothing interesting here whatsoever, or it's a really boring secondary address or something.
I think this is actually the opposite of the correct conclusion—just look how influential Patreus cheating on his wife was (https://en.wikipedia.org/wiki/Petraeus_scandal). I seriously doubt that Kash Patel doesn't have a bunch of skeletons to dust off and show the world; the man is a weirdo (much like the rest of the administration).
EDIT: I actually misread the comment; I think we're likely in agreement. My bad.
I'd like to chime in and say that that Kash Patel, while completely unprofessional and incompetent, is way less of a weirdo than the rest of the administration.
His scandals are all about shirking job responsibilities to party and sightsee. That's not great from the FBI director but its way more normal than the rest of them.
I dunno, a sitting FBI director testifying under oath about details that are clearly false, goes above and way beyond "to party and sightsee". At least in my world it puts him up there together with the rest of the weirdos.
Dig in? Was already aware of his book, and he's made many more weird books. Trump's cabinet are all weird little goblins, some more Nazi than others, like Miller.
Why do you assume I did any digging at all? I just said we might find out some fun stuff in his emails about his weird book, which I already was aware of. Presumably the SAT includes properly written words and sentences, not whatever you spew out.
That's not remotely true of his history.. he's a full on Jan-6er, deep into Q-Anon, he was involved in numerous serious scandals during the first Trump admin (Nunes Memo / Russiagate 'parallel' investigation: https://www.theatlantic.com/politics/archive/2018/01/the-men...), he has a number of sketchy moneymaking side-businesses, he was formerly living with a GOP megadonor 'Timeshare Tycoon' as roommates in Vegas (https://thenevadaindependent.com/article/trump-fbi-pick-kash...), he collected enemies' lists for Trump which resulted in firing of most of the Iran counterintel team right before we started launching attacks because they had the termerity to investigate why Trump was showing donors top-secret maps of Iran after he left office..
In the current environment, those are more expecteds than scandalous.
Insider trades around government activities, same-sex behavior, overt racism for example might nudge the needle.
> 90% of US media is not aligned with the Democrats
The media works for the same people both parties do. If capital wanted to manufacture Democrat-aligned outrage they could easily do so overnight.
But it's a complete mistake to think about politics in a partisan manner at all. Of course the democrats won't ever fight for you. Doing anything decreases chances of getting elected again.
Whatever force will depose capital won't come from the two-party system.
The media works for the billionaire elite and it is mostly aligned with the Republican party. And if you think that "both parties are as bad" or that the last president was as batshit insane as the current one, that same billionaire elite has duped you.
It's actually almost exactly the opposite, at least when considering the number of media outlets. Fox news is a massive outlier with a huge audience and strong republican leaning, but most of the major networks engage in democrat-aligned signaling (not necessarily the progressive branch of democrats).
The press was stupid. They were doing stupid gotchas like swiftboats, fake reports on GWB (Dan Rather), but couldn’t care less about things like the CIA and the crack cocaine connection[1], or lots of other things the government gets away with (including Clappers total information awareness unconstitutional surveillance efforts) The press is always carrying water for someone but that someone is rarely the public unless is just pure coincidence.
[1] there was one reporter who dared but the toll from the story resulted in his suicide, some years later. His colleagues poo-pooed his reporting on the connection.
* The Swiftboat thing was completely an ad campaign if I remember correctly.
I remember most media covering it as BS.
* The contents of Dan Rather report on GWB was true. There was one document
which was sketchy, but the whole report didn't hinge on the one document
from an officer's office. (E.g. Ex-senator Ben Barnes's interview is reasonably
indicting: https://www.cbsnews.com/news/transcript-barnes-on-bush/)
The media did fall down though. Only one outlet went to the the Officer's
secretary (who was still alive) to ask if she had typed the document.
She looked at it and said (summarizing here) that it wasn't the document
she typed, but it was the same contents.
What's interesting is how easily the media is distracted. What's even more
concerning though, is that when the more centrist major media has tried to
be less gullible, they've been vilified. (E.g. trying not to be suckered
by miraculous appearance Hunter Biden's laptop.)
It's a mess, and the only way out of it is probably limits own media ownership.
If I was Iran I'd leak the innocuous stuff first to let them know I had access to potentially more damning things, to try and force the US to the table.
That would only work if there was something damning to Trump or someone in charge of Iran negotiations. Trump has no problem cutting people loose otherwise
From the news I’ve read the most “embarrassing” things in his personal email are photos of him smoking cigars, holding a bottle of rum, and posing in front of a supercar. What a scandal…
There is so much corruption and impropriety in this administration that skeletons don't matter anymore. Looking at what sunk officials in previous administrations provides a sense for just how far gone we are, but it's not an indicator of what future consequences will be.
I was just reading a X thread that published some of the more notable things and overall it's pretty innocuous. The most "controversial" thing thus far is he took a trip to Cuba
Maybe the hackers will release information connecting Patel to the Noem and Lewandowski grift operations with govt contracts. Out of the four companies allowed to bid for the $220 million advertising contract, 3 were linked to Noem and Lewandowski and one to Patel.
Like what? We have two presidents, including the current one, that took multiple trips to a pedophile island. What skeletons could be greater than accusations of punching a child in the face after they bit the dude’s penis during forced sodomy?
There is no credible evidence that either of the Presidents you alluded to visited "the island". It's amazing to see conspiracy theories promulgated on HN.
There is lots of evidence that these two presidents were on the pedophile island many times, and one of their wives. That is well established.
There is no evidence released to the public directly linking those two men to specific sex acts by name. There is unnamed evidence released by the US DOJ specifically describing the assault I described in the prior comment. Again, none of this is theoretical, conspiracy, or conjecture. It’s in the documents released by the government that the government has confirmed as authentic.
No doubt you are aware that the claims about Clinton originated with the founder of the Epstein Mythos, Virginia Giuffre, who we know for a fact was a serial confabulator. While she was inarguably one of Epstein's victims, she also made several claims that were demonstrably untrue, she could not keep her own stories straight, the FBI concluded internally that she was totally unreliable and that she was even lying about what the FBI told her, other victims contradicted her, and she was herself forced to recant on several subjects, including admitting that her "autobiography" book was a work of fiction. If you doubt me, feel free to read the FBI memo about her.
In the case of both Clinton and Trump, there is no evidence that either of them visited Little St. James, and plenty of evidence otherwise - for example, Epstein even says so about Clinton in an email.
> It’s in the documents released by the government that the government has confirmed as authentic.
The documents are "authentic" in that yes, a real schizo did really tell the government he heard it secondhand 30 years ago that this happened and also that he discovered Hilary Clinton was behind the WTC bombing. (For some reason, people like you always leave that part of the bombshell revelations out.) I am for total transparency generally, but this whole saga has been a major disappointment for me in that the level of public discourse is so lazy and low that its clear that in a purely utilitarian way, it would have been better to not release it. Hopefully long-term the sacrifice of many people whose reputations are being destroyed over little or nothing is worth it. Every crank call about celebrities is being treated as gospel.
Remarkable that Epstein confined his pedophile activities to a single location.
No, wait:
In 2008, Epstein reached a plea deal with prosecutors after the parents of a 14-year-old girl told Florida police that Epstein had molested their daughter at his Palm Beach home.
Hmm ... would that be the same Palm Beach home that Trump visited a good many times back when he was best of chums with Jeffrey and sending him the nude outline sketches?
> Remarkable that Epstein confined his pedophile activities to a single location
Correct, the vast majority of his criminal activity appeared to be in his Palm Beach home and in New York, where he recruited high dozens to hundreds of high school girls for his personal sexualized massages. It actually appears only a very small amount of his illicit activity ever took place on the island, which makes it all the more ironic that's what the conspiracy theorists focus on.
I was willing to be more than openmminded about the conspiracists' mass trafficking ring (ie, beyond the two people charged) angle, but the ironic thing is about the Epstein files is they revealed it was almost all smoke. Of course, in the conspirational mindset, all contradicting evidence is actually, secretly, when you apply the correct hermeutics, even more damning, or else evidence of a coverup.
> the ironic thing is about the Epstein files is they revealed it was almost all smoke.
and a few massive conspiracy shaped holes - eg: the references to missing content regarding Trump and a few other. Oh, and the shortfall between what has been released Vs what has been indexed, the black paging, and the hints from those that have seen but are sworn to not tell about that which they have seen but cannot recount.
Still, at least we seem to agree that PedoIsland is a misdirect when it comes to determining who did what to whom and where.
I can't see Pam Bondi coming clean here anytime soon.
> the hints from those that have seen but are sworn to not tell about that which they have seen but cannot recoun
The people who were victimized by anyone other than Epstein and Maxwell could come forward at any time, just as dozens of Epstein's victims have. They have some of the highest-powered civil lawyers in America, hundreds of millions of dollars in settlement funds available, and vast swaths of the country behind them.
It tells me that they are afraid of their safety and the safety of their families. They would risking backlash from a billionaire who loves intimidation tactics, who currently has the highest amount of power of any individual in the US, and who has nutty followers who would act on his behalf and let him pretend he was not at all happy about what they are doing.
The people who have come forward about Epstein's abuses have little to worry about because that man is dead and he's a perfect scapegoat for all the the other ultra-rich who took part in the abuses.
If you’re talking about Trump, you may remember that E Jean Carroll won a lawsuit against him. She’s walking the earth and continuing to live a public life.
And again, millions of dollars are available from settlement funds if Epstein was involved, there’s already some of the best lawyers in the country begging to represent you, and there’s people volunteering to pay for your security needs.
You’re also ignoring the many victims that came out before Epstein died.
This is just an excuse to perpetuate the conspiracy theories. It doesn’t hold water. And of course if anything was released from super secret “the files” they’re definitely still covering up, they’d become publicly known.
Surely you see how this line of reasoning is identical to that of any other conspiracy or moral panic.
You misunderstand my point. I’m saying that if there are any credible accusations in “the files” beyond those well-documented ones against Epstein and Maxwell, then the accusers would be known publicly anyway when they’re disclosed.
The whole thing falls apart the moment you examine the actual evidence and think about it. It’s really disappointing that smart people on even this forum get wrapped up into this junk.
> You misunderstand my point. I’m saying that if there are any credible accusations in “the files” beyond those well-documented ones against Epstein and Maxwell, then the accusers would be known publicly anyway when they’re disclosed.
The whole thing falls apart the moment you examine the actual evidence and think about it. It’s really disappointing that smart people on even this forum get wrapped up into this junk.
Did you know that Epstein's hard drives were removed by a private investigator, and that the FBI and DOJ never had them to begin with? They were removed before they were searched by law enforcement.
And? What does that have to do with the absence of witnesses of a sex trafficking ring involving anyone else?
This isn’t even news, it was a big deal back in the day and is covered extensively in the report about the DoJ’s conduct. Read the reports and consider the context; this is a nothingburger. But because the conspiracy theory has been started, everything that happens will be read as supporting it. Epstein had very good reasons for destroying evidence of his own deeds without any need for anyone else being involved. (The evidence the DoJ collected was very weak and they weren’t sure it would sustain a prosecution, which is partly why they were glad to go with a plea deal.) You’re coming in primed to believe there’s already a conspiracy about something else altogether.
> And? What does that have to do with the absence of witnesses of a sex trafficking ring involving anyone else?
Did you just ask, in a post about evidence being taken and keep from investigators, why there isn't evidence?
> This isn’t even news, it was a big deal back in the day and is covered extensively in the report about the DoJ’s conduct.
Then why is it news FROM TODAY/YESTERDAY?
---
In a March 19 deposition with the House Oversight Committee, Darren Indyke, Epstein's longtime personal attorney, said he learned after Epstein's 2008 conviction that the hard drives were in the possession of Riley Kiraly, a private investigations firm.
"The Committee requests that you make yourself available for a transcribed interview to provide insight into the contents, removal, storage, and location of materials removed from Mr. Epstein's Palm Beach home," the letter to Riley says.
That computer and surveillance equipment was removed from Epstein's home and withheld from law enforcement throughout his Florida case has been public since 2020. That Riley Kiraly possessed the equipment was known to the lead prosecutor as well. [46;176]
You can CTRL-F "computer" and get 92 matches indicating their importance:
It seems that the only "news" is the bit that you mentioned about Indyke/Riley. Indyke apparently was not involved in the Florida case. At least he isn't mentioned in the linked DOJ report among Epstein's
counsel.
I don't know what it would take for it to be deemed necessary to seize the equipment that the prosecution failed to get almost 20 years ago.
> Did you just ask, in a post about evidence being taken and keep from investigators, why there isn't evidence?
The sibling commenter addressed the timeline, but you still seem to be missing the point: harddrive or no harddrive, there would have been witnesses - at least the victims- of the grand conspiracy theory involving other men. Instead, you're limited to Maria Farmer (26 when she was victimized by Epstein, rarely seen in public because she makes wild accusations about random people including the journalists interviewing her - she is currently convinced that Whitney Webb murdered a chef) and Virginia Giuffre (underage victim and confirmed fabulist, who also, for the record, said Trump did nothing wrong and endorsed his Presidency). There never was any evidence of the organized conspiracy of elites part of the Epstein story. Read the testimony! Again and again the women say there were no other men.
You're concluding that computer equipment Epstein had every reason to hide from law enforcement to cover up more concrete evidence of his solicitation of minors actually contains evidence of a totally different thing that nobody was claiming at the time - a grand sex trafficking conspiracy involving powerful billionaires and politicians. But there's no reason to think that's the case.
At the end of the day, if any of this happened, these women could come forward. They're entitled to millions in settlement money already (and you don't even have to go to court to get it - its an administrative process, not a judicial one; and it's big money, Annie Farmer alone got at least 1.5 million), and naming additional names would open the door to even more! They already have some of the best civil attorneys in the country! An unrelated case has already shown that you can win a civil suit against the most powerful man in the country, even with no evidence besides your testimony! That they have not, combined with the total lack of evidence, suggests they don't exist.
But because the mindset behind this is conspiratorial, it will always be "there IS evidence - it's just being covered up!". And no amount of releases will ever be enough - because they can't show it to be true, which just proves there's a coverup! It's never-ending.
Are we talking about the same FBI director here? Professional and competent are not how I would describe Kash Patel. Given his overt buffoonishness and the whole administration's disdain for procedure and expertise I would be shocked if he didn't have extremely inappropriate content in his inbox.
Surely we are currently clean on OPSEC. There couldn't be any precedent for government officials using private email servers for confidential information!
obligatory - that first famous private server was done because someone wanted a blackberry like Obama had, and was told no by NSA. Man that BB keyboard was good.
I’ve been using a Clicks case since the early days and have personally loved every second of it but it’s definitely an acquired taste. Let us know how you find it.
Yeah, the fact they announced it proves it’s nothing. I saw a picture of him smoking a cigar. We’ve already seen him drinking beer and acting foolish; probably enough to get you executed in Isfahan, but a giant nothining in the USA.
> his personal email should be pretty uninteresting except for stuff like HIPAA, amazon purchases, communications with friends / family. (good for HUMINT) But other than that, there shouldn't be anything in there which should make the news. It'll be interesting to see whether or not that bears out.
Aren't these the same people who apparently used Signal with a journalist in the chat, and had military conversations in that very chat?
Color me surprised if these people haven't heard of opsec before, and mix their work/personal life all over the place.
Yes, and I wouldn't be shocked if there was classified information in there. I struggled with wording, but what I meant was "you're not supposed to be able to find classified or sensitive information in personal email, but I who knows what will be the case here."
Also wildly illegal to use to conduct government business, especially confidential government business. (and yes the messages were auto-deleting and largely lost before anyone chimes in with technically they could be archived!)
> Signal is one of the most secure communication platforms out there
That might be true amongst the communication platforms available for the average Joe. It is definietly not the most secure communication platform available for someone high ranking in the USA government.
> it is obviously not immune to human error or social engineering
Nothing is immune. But there are systems more and systems less prone to these issues.
> The investigation has led to turmoil within the Defense Department, raising tensions and the firings and resignations of several top DoD officials, including former Chief of Staff Joe Kasper. [...] On May 1, 2025, it was revealed that both national security adviser Mike Waltz and his deputy Alex Wong would be leaving their posts in the National Security Council
Let me guess, the "leak" was intentional just to break a bunch of laws and to cause a bunch of people to get fired and leave their posts?
Signal started being used during the Biden administration, the issue was how they were managing contacts which could be added to groups. They weren't carefully vetting access and a journalist with the same name as another military guy was added to the group by accident.
The public record of a contract to the Israeli company which handled archiving Signal chats for the DoD was done during Biden admin. And it's been well reported if you just Google it:
> Alexa Henning, spokesperson for the Office of the Director of National Intelligence, tweeted last week that “widespread use” of Signal began under the Biden administration, adding that “at ODNI, when I got my phone, it was pre-installed.”
You're missing some key distinctions. The issues are: 1) putting classified information into a non-classified system; 2) putting information that needs to be preserved under laws like the presidential records act into systems where it's set to be auto-deleted. Both are illegal. Simply saying that the Biden administration pre-installed Signal is irrelevant. There are legitimate uses.
Your own article makes this exact point:
> Matthew Shoemaker, a former Defense Intelligence Agency analyst who left the agency in 2021, said that while Signal was used during his time in government, “it was almost exclusively restricted to scheduling purposes,” such as letting their boss know that they’ll be late to work because of personal circumstances.
“That’s why Signalgate is all the more staggering — because these senior leaders were doing the exact opposite of what even my most junior intelligence officers knew not to do,” he said.
You're doing bullshit partisan whataboutism. "well the democrats did it first".
This has nothing to do with adding the wrong contacts. It has to do with putting highly-sensitive material into Signal to circumvent the law around records preservation and as a result creating a situation where it's possible to accidentally add the wrong contact and therefore exposing that information to a journalist.
> This has nothing to do with adding the wrong contacts. It has to do with putting highly-sensitive material into Signal to circumvent the law around records preservation
My comment above already mentions public records of the DoD contracting out archiving of the Signal chat, so it doesn't in fact circumvent laws around preservation.
> You're doing bullshit partisan whataboutism. "well the democrats did it first".
I don't think it's a huge sin for government workers to be using Signal, remote work and messaging is the new norm and they will use something whether we like it or not, and Signal is the least bad option. I don't blame the Biden DoD for experimenting down that road at all, as I'm skeptical they'd build something better internally - and to your hyperpolitical points I don't see large distinctions between these type of tech choices between administrations (the DoD staff largely remains the same even when presidents change).
The issue with encryption and security will always be human security practices come first-and-foremost, technology second. They failed an OPSEC checklist when using group chats and need to implement better identification management. That's the sort of lesson that large organizations frequently need to re-learn the hard way when adopting new (and often better) things.
1. Classified information. Was it legal to put that into the DoD approved Signal build? The media coverage at the time gave me the impression that it was not.
2. Records keeping. Were the Trump admin chats in question properly archived then? I had been led to believe that they weren't. Do you believe that to be incorrect?
> I don't blame the Biden DoD for experimenting down that road at all
The person you're replying to never criticized them for such.
> The real test: his personal email should be pretty uninteresting except for stuff like HIPAA, amazon purchases, communications with friends / family. (good for HUMINT) But other than that, there shouldn't be anything in there which should make the news.
I have no idea why this would be the default assumption for somebody as sloppy and erratic as Patel. Look at how many people were emailing damning stuff to/from Epstein's personal email accounts from their own personal email accounts!
We're just in a bleak time. It seems that many people are scrambling to do the most harm possible. Everyone's building the torment nexus. I'm not sure what else to do but attempt to insulate my family from it.
Whenever I think to myself "how did things get this bad?", I also force myself to think, "how did they get good, in the first place?"
Today, we are building the Torment Nexus. But yesterday, we were building the Vietnam War, the Holocaust, etc. etc. Things can get worse, but they can also get better - we just have to do our small part in making them better.
The left is focused not on the correct thing (albeit a thing worthy of support), and the right refuse to acknowledge the benefit of regulation / legislation and are totally disenchanted with the possibility of politics while they just just blame the left for all their problems.
I'm hoping that someday more people will appreciate the humor in my sig: "The biggest challenge of the 21st century is the irony of technologies of abundance in the hands of those still thinking in terms of scarcity."
"In this awful world where the efforts of caring people often pale in comparison to what is done by those who have power, how do I manage to stay involved and seemingly happy?
I am totally confident not that the world will get better, but that we should not give up the game before all the cards have been played. The metaphor is deliberate; life is a gamble. Not to play is to foreclose any chance of winning. To play, to act, is to create at least a possibility of changing the world.
There is a tendency to think that what we see in the present moment will continue. We forget how often we have been astonished by the sudden crumbling of institutions, by extraordinary changes in people’s thoughts, by unexpected eruptions of rebellion against tyrannies, by the quick collapse of systems of power that seemed invincible.
What leaps out from the history of the past hundred years is its utter unpredictability. ..."
reply