Typical security negligence of startups.
Your data is essentially never secure if it’s sitting with a startup. It’s an atrocious world for security out there.
Calling this a startup is being excessively generous. Startups are meant to eventually be viable.
This is a scam. The product just feeds your queries into ChatGPT and spits out the response. The backend tech they’ve described flat out does not exist. It’s all smoke and mirrors.
Still think those people should have gotten a playdate instead, it’s more fun and certainly not less useful (which is, not at all).
(When I first heard about the r1 I immediately thought it was weird how the 2 devices looked alike, I’ve since learned they shared the same designers).
Wow so edgy, they don’t use uppercase letters
See, it must have made their passwords easier to guess…
This kills the rabbit.
Was it ever truly alive
Why the fuck are they using a cloud tts on an Android device??? Can’t they use on device tts?? Seems extremely stupid for no reason
-
It’s expensive. They are paying a fee to the third party tts provider each single time someone needs a response. They boast “no subscriptions” - that means those fees are paid only by new customer purchases. Ponzi 2.0
-
It’s fucking expensive. Elevenlabs tts voices costs thousands of dollars per month plus $0.18 per 1000 characters. Ask the history of a monument and the verbose result that the LLM regurgitated costs them $0.15. Are they banking on the fact that most customers would just shelf the device after a day?
-
It’s slower. Each time the device needs to reply, it needs to stream an audio file instead of a few bytes of compressed text
-
For the more realistic voices it’s only cheaper in the short term. I get it - they don’t like the robotic free voices and licensing a good closed source one costs money. But then you don’t need to pay the “cloud” forever. Did they plan to shut down shortly after the launch? Where the money for running each user in a VM is coming out? (I saw from a YouTube video that it looked like they were using a browser automation tool in a VM)
At this point since everything is run on the cloud (=somebody else’s computer) this could not only be a smartphone app, but a smartwatch app.
I wonder if they will just fold and do a rug pull now blaming the hackers or fix the problem.
Fixing the problem seems difficult for them - need to fully rewrite the app and having everything proxied through their authenticated server, increasing their expenses (and a rushed fix isn’t secure/tested). But their money comes only from new investors and new customers, and at this point I doubt that they can sell more units or scam more investors.
-
Both Rabbit R1 users should be concerned.
these keys allow anyone to […] brick all r1s
the rabbit team is aware of this leaking of api keys and have chosen to ignore it.
Assuming that’s true, then just bricking them all sounds like it might even be the ethically correct move.
It will be hard to tell. What’s the difference between a bricked r1 and a non bricked r1? Answer: not much at all.
It’s like the ending of Silicon Valley. Maybe they’re trying to shit their pants so badly that nobody will ever try to make another device like this.
I don’t know if it is worth the effort to brick 3 devices out in the wild.
aint that shit a scam?
bu they still harvest the data?
So is this now 2x scam?
I’m shocked. Shocked I say!
the most interesting key is for elevenlabs, which gives full privileges. this allows us to:
(…) delete voices (and crash the rabbitOS backend, thus rendering all r1 devices useless)
we have internal confirmation that the rabbit team is aware of this leaking of api keys and have chosen to ignore it. the api keys continue to be valid as of writing.
So there is a chance?
Lots of tech people who don’t know or care about the r1 device are going to get a jumpscare from this post 😁
Yup, had to read it twice! Just about had a heart attack
Why?
Edit: nvm saw someone say it’s also the name of a messenger.
RabbitMQ is used internally by a lot of applications and is often referred to colloquially as just “Rabbit”.
Rabbit? Like… the personal massager?
No, the personal wallet lightener (it’s just a shitty android phone with no LLM running a poorly written app)
Using Android as a base was honestly the most reasonable thing they did. No reason to reinvent the wheel. What they made with it is admittedly really shit, though.
Oh for sure, an Android OS base is fine, but it just reinforces the fact that the actual device is manufactured shovelware E-waste that could have just been an expensive app, as the hardware itself doesn’t do anything special…
No please don’t confuse these. One is a technological marvel that changed the world for the better and the other is just an orange box that doesn’t do anything at all except maybe steal your personal data.
Sounds about right.
we have internal confirmation that the rabbit team is aware of this leaking of api keys and have chosen to ignore it.
Lmao, I guess nobody’s surprised. A scam is a scam.
we will not be publishing any more details out of respect for the users
Kind of lame, I was hoping they’d brick every r1 device just out of spite. Let it be a cautionary tale for whoever was dumb enough to buy one.
I they literally only have a handful of users, so probably don’t see a need to do anything about it 🤣
That didn’t take long.
