so I hadn't heard about the rabbit R1, probably because it's another one of those devices that's marketed at AI rubes, like the Humane Pin. so my first exposure to it turned out to be an expose posted to GitHub along with source code
For those with a technical background, it's painfully clear that there's no artificial intelligence or large action model in sight. In reality, they're simply relying on several Playwright automation scripts to do the job for you, which is why they only support four apps: Spotify, Midjourney, Doordash, and UberEats.
What's even more alarming is that they ask you to login through their web portal, which is just a virtual machine connected via NoVNC. They also expect you to fill in your private passwords on their VMs. To make matters worse, they store the user sessions on their machines without any additional layers of security. This is both a blatant disregard for user privacy and a hilariously bad engineering practice.
Sadly, this shouldn't come as a shock to anyone who's done minimal due diligence on the team. After all, they were still hawking NFTs just two years ago.
I'll say this, at least this time it isn't a mechanical turk using underpaid workers in the global south. it's just a bunch of scripts written using a website testing framework instead
[edit 04/24/2024] the github repo has been taken down (not surprisingly) but it's still on archive.org with links to the source
wait oh my god this is that thing i saw a video of which was so fascinatingly inexplicable and terrible that i had to type out my reaction as i watched the whole video to keep sane. yeah it was immediately clear from them trying to look like leet haxors by posting screenshots gummed up with an Android UI debugging feature that these guys are just script kiddies with too much money and no moral compass, and this exposé just verifies that that applies to every single part of this operation. i really can’t believe any credible journalist would watch that video and come to any other conclusion
