so I hadn't heard about the rabbit R1, probably because it's another one of those devices that's marketed at AI rubes, like the Humane Pin. so my first exposure to it turned out to be an expose posted to GitHub along with source code
For those with a technical background, it's painfully clear that there's no artificial intelligence or large action model in sight. In reality, they're simply relying on several Playwright automation scripts to do the job for you, which is why they only support four apps: Spotify, Midjourney, Doordash, and UberEats.
What's even more alarming is that they ask you to login through their web portal, which is just a virtual machine connected via NoVNC. They also expect you to fill in your private passwords on their VMs. To make matters worse, they store the user sessions on their machines without any additional layers of security. This is both a blatant disregard for user privacy and a hilariously bad engineering practice.
Sadly, this shouldn't come as a shock to anyone who's done minimal due diligence on the team. After all, they were still hawking NFTs just two years ago.
I'll say this, at least this time it isn't a mechanical turk using underpaid workers in the global south. it's just a bunch of scripts written using a website testing framework instead
[edit 04/24/2024] the github repo has been taken down (not surprisingly) but it's still on archive.org with links to the source

