I wish people would stop sharing this website, their research is massively written by LLMs and looks good at a glance, but it goes in every direction at the same time and lacks logical connections. And the claims don't really match their sources.
Their initial publication was backed by a Git repository with hundreds of pages of documents written in just three days (https://web.archive.org/web/20260314224623/https://tboteproj...). It also contained nonsense like an "anomaly report" with recommendations from the LLM agent to itself, which covers an analysis of contributors to Linux's BPF, Android's Gerrit, and parser errors in using legislative databases. https://web.archive.org/web/20260314103202/https://tboteproj... . The repository was rewritten since, though.
This post follows their usual pattern. The second source they link to has been a dead link for 11 months (https://web.archive.org/web/20250501000000*/https://www.pala...). There's a lot about Persona's design, MCPs, vulnerabilities, data leaks, but nothing proving they use it for mass surveillance. The entire case for it being mass surveillance rests on two points: that they interact with AI companies and they offer MCP endpoints (section titled "Persona's Surveillance Architecture")
Thank you. Investigative journalism is so important and I would happily believe some of the claims made here, but when I encounter even just a few sentences that sound LLM-written, suddenly I don't trust any of the statements in the source anymore. This site goes way beyond that, with a vibe-coded UI and generated articles. There might be value in what's reported here, but currently it requires a lot of work from the reader.
The earlier you realize how little IQ and "knows a lot" means the person actually know what they're talking about, the easier life becomes. "Smart" people are wrong all the time, some say how they became smart in the first place.
> There's a lot about Persona's design, MCPs, vulnerabilities, data leaks, but nothing proving they use it for mass surveillance.
And this is where I'd say I disagree. There's nothing about Peter Thiel, and his current business focus, that shows anyone he's not in the business of surveillance. Look at the company he keeps and then align that with many of the things Peter and who he surrounds himself with have said publicly. Thiel is tied to Palantir and Alex Karp. That relationship alone should tell you very clearly that, even if Thiel wasn't actually in the game of surveillance (opinion: he is) he would be very much associated with supporting it.
Karp said: “I love the idea of getting a drone and having light fentanyl-laced urine spraying on analysts that tried to screw us.”
Yeah, sure... I mean I can't imagine the fact that Thiel is tied at the hip to Palantir that he doesn't have an agenda with it other than data analytics and, what, ad rev? Right.
Thiel said, publicly, that everyone should be concerned about surveillance AI [0]. Let's call spade a spade. Thiel is in the business of surveillance whether or not there's some poor LLM generated sites stating that is the case, but then using that as the basis to give Thiel a pass on this because: not enough evidence here.
Thiel is a big part of what's wrong with his class. He's worried about something that he wants to control. He's not actually worried about you or I though. He's worried about someone else having the full surveillance view and so he's aimed to build and be part of that. So, maybe, we shouldn't give Thiel a pass just because he hasn't fully proven himself to be the person that the world paints him into a picture of.
That's cute, but they've taken his money. To say they've never interacted with him is disingenuous. And... Are we really going to default to a perspective of trust from Persona? Nobody should trust them by default as they've proven nothing to the public with regard to trustworthiness.
I wonder if not private age verification could not be solved with the right cryptographic protocol.
You would have to register using a digital ID with a government agency, to get a age certificate. Most European countries already have digital IDs, used for all sorts of things: such as taxes, online banking etc.
Then that certificate could be used in some sort of challenge-response protocol with web sites to verify your age, creating a new user ID in each session but without divulging anything that identifies that particular certificate.
I'm afraid that the alternative would be that social media would instead require login with the digital ID directly.
It's easy-ish to verify someone is human and of-age without needing any intrusive agent. One big problem is that the folk pushing for surveillance via verification hate that model and have capital to crush the idea. Another is adoption of some system that works; where the perfect blocks what's good which results in no progress.
This makes a lot more sense than merely assuming
that Meta pushes for it. There are several actors
here and none of them have the good of the people
in mind. This is why Age Sniffing, labeled "Age
Verification", must be abolished. It's an entry
door of evil actors here. It has nothing to do
with age "verification" yet alone "protecting the
chilren" - that's just a lie. I am noticing this
more and more, e. g. if you claim to want to protect
children, but then you have underage people on youtube
create content? So how does that make sense if you want
to restrict them on the one hand (or, everyone else,
in addition to that) but then let the de-facto censorship
here be "loose"? In fact - why are any children viewable
on youtube to begin with? That contradicts those age
sniffing entities.
what do governments get out of this? Like I get it from ad/commercial perspective, but I don't see how this is highly unpopular from governments and still being implemented
Really seems to be a government issue. I have an app on my phone where I can generate a QR code which proves my age. Nothing else is transmitted - no birthdate or name. And it's based on an open standard. You can read any verify everything yourself. You just can't fake it as you can't sign it without the private key.
LLM feedback loops are scary because they self-reinforce by training over their own data drift and vulnerable people interface with the noise and follow the downward spiral.
There have been pushes to implement similar instances of this for a while now. If this turns out to not be successful, expect futher efforts in a similar guise
It’s good that for non SFW stuff you do the need the internet anymore, just 72GB VRAM for all modalities. Public internet only for news/payments. Everything else can be offline, no more npm or React garbage needed either for frontend.
the internet is not the same as it was 20 years ago. the average person is now online, but they werent before. they dont understand where they are and need protection. there is still space on the internet, or whatever the next place will be, for the enthusiasts and other minorities. if we lose internet, something new will pop up. also, 20 years ago i didnt care so much about privacy on the internet, i just needed a cultural filter for the community im engaging with. privacy has always been a game of cat and mouse. 0 chance things stay the same for long
110 comments
Their initial publication was backed by a Git repository with hundreds of pages of documents written in just three days (https://web.archive.org/web/20260314224623/https://tboteproj...). It also contained nonsense like an "anomaly report" with recommendations from the LLM agent to itself, which covers an analysis of contributors to Linux's BPF, Android's Gerrit, and parser errors in using legislative databases. https://web.archive.org/web/20260314103202/https://tboteproj... . The repository was rewritten since, though.
This post follows their usual pattern. The second source they link to has been a dead link for 11 months (https://web.archive.org/web/20250501000000*/https://www.pala...). There's a lot about Persona's design, MCPs, vulnerabilities, data leaks, but nothing proving they use it for mass surveillance. The entire case for it being mass surveillance rests on two points: that they interact with AI companies and they offer MCP endpoints (section titled "Persona's Surveillance Architecture")
Quite disappointing tbh.
> There's a lot about Persona's design, MCPs, vulnerabilities, data leaks, but nothing proving they use it for mass surveillance.
And this is where I'd say I disagree. There's nothing about Peter Thiel, and his current business focus, that shows anyone he's not in the business of surveillance. Look at the company he keeps and then align that with many of the things Peter and who he surrounds himself with have said publicly. Thiel is tied to Palantir and Alex Karp. That relationship alone should tell you very clearly that, even if Thiel wasn't actually in the game of surveillance (opinion: he is) he would be very much associated with supporting it.
Karp said: “I love the idea of getting a drone and having light fentanyl-laced urine spraying on analysts that tried to screw us.”
Yeah, sure... I mean I can't imagine the fact that Thiel is tied at the hip to Palantir that he doesn't have an agenda with it other than data analytics and, what, ad rev? Right.
Thiel said, publicly, that everyone should be concerned about surveillance AI [0]. Let's call spade a spade. Thiel is in the business of surveillance whether or not there's some poor LLM generated sites stating that is the case, but then using that as the basis to give Thiel a pass on this because: not enough evidence here.
Thiel is a big part of what's wrong with his class. He's worried about something that he wants to control. He's not actually worried about you or I though. He's worried about someone else having the full surveillance view and so he's aimed to build and be part of that. So, maybe, we shouldn't give Thiel a pass just because he hasn't fully proven himself to be the person that the world paints him into a picture of.
[0] https://www.cnbc.com/2021/10/22/palantirs-peter-thiel-survei...
https://vmfunc.re/blog/persona-2
https://tboteproject.com/git/hekate/surveillancefindings-new...
In the meantime a FOSS maintainer who is just trying to put the pieces in place to comply with the law (as written) got doxxed and harassed.
I hate it here
You would have to register using a digital ID with a government agency, to get a age certificate. Most European countries already have digital IDs, used for all sorts of things: such as taxes, online banking etc.
Then that certificate could be used in some sort of challenge-response protocol with web sites to verify your age, creating a new user ID in each session but without divulging anything that identifies that particular certificate.
I'm afraid that the alternative would be that social media would instead require login with the digital ID directly.
WHO IS PROVIDING INTERNET TO A CHILD
they are liable
there's no such thing as free open access internet without someone paying the bill
unless it can be demonstrated the child stole internet somehow, hacking, etc.
then the person providing the internet is liable for the child's activity
Same if you aren't going to supervise your child and they come home for hours after school and watch porn on the TV
They don't age verify to get cable TV
If you have a credit card, you are an adult
Someone is paying the bill, they are the adult, they are responsible
The social media also cant just do it themselves with a box, "are you over 16, yes no" they will require to identify against the government.
Essentially this makes it so that every user's actual ID is being tracked. Fully intended to control speech online.
> Every copy of the Persona SDK contains a hardcoded AES-256-GCM encryption key in TrackingEventUtilsKt.java line 22
Seems like a pretty big fuck up, if so. I wonder why did they not use asymmetric encryption.