Ha! The Discord GDPR/Data Export thing reveals that it's running models to figure out what gender you are. If you go to /activity/analytics/events-*.json and grep for predicted_gender you get something like:
@MishaalRahman oh hey I remember seeing these ones while they were in the works :) any news if Play Integrity Crystal made it too? or if they scrapped that in the end?
The Rabbit R1 really is just a cute little orange paperweight. Commands are laggy, advertised features aren't ready yet. In terms of "things it can do" there really aren't many, short of frustrating you when you ask it to do things.
The camera (the rotating post on mine is crooked, wat) doesn't even work yet. What purpose does this object achieve? I can't even get it to perform any task short of answering questions any LLM can.
@ryne from decompiling the leaked launcher APK I know there is a dedicated, separate APK that handles OTAs, but how that works is a mystery as I think no one has it, yet. Maybe restarting the device is enough to trigger them
@9to5google You all understand this does not fix the underlying issue? The real problem is not sideloading Chrome and accessing mail.google.com from there, the real problem is sideloading the Gmail APK and being able to access the mails like so. And that is working as intended and cannot be broadly patched unless the Android framework itself is updated, because that's what Accounts sync and GMS are built exactly for.
@9to5google And when I say Gmail APK, it could very well be Google Contacts as well, and access the Google Account's contacts, or Chrome's shared history from within Google Chrome itself.
Oh wow, now this is sketchy. The login onto Spotify is performed on a remote machine via... VNC? What the...?
If I place the cursor outside of the Spotify login page, I can see Xorg's default X logo. And the page stutters upon scrolling. Why do they do that instead of normal API tokens? Is this remote machine going to store my browser session for the LAM's scrapping purposes?
By the way I was super late to the party and this was known since a few days ago. Check rabbit's bird site account for the details per their CTO. Someone before me saw this very thing and started a defamation campaign against rabbit, stating LAM was all just a Microsoft Playwright automation script. But it has been proven wrong already as the VNC'd machines had some source code which demonstrated they were only capable of account management and logging credentials for future use, not automation
@arstechnica It's Android, thus, works as designed. The only thing they did was install apps which were supported by the underlying platform and correctly made use of the APIs to retrieve user data, just like in a phone this would have been possible. I fail to understand how this is a security concern. Do not login to your Google account if the TV is not yours, period.