I have not run OpenClaw and similar frameworks because of security concerns, but I enjoy the author's success, good for him.
There are very few companies who I trust with my digital data and thus trust to host something like OpenClaw and run it on my behalf: American Express, Capital One, maybe Proton, and *maybe* Apple. I managed an AI lab team at Capital One and personally I trust them.
I am for local compute, private data, etc., but for my personal AI assistant I want something so bullet proof that I lose not a minute of sleep worrying about by data. I don't want to run the infrastructure myself, but a hybrid solution would also be good.
For hardware, I'd only trust a company if they didn't also have an interest in data. In fact, I'd trust a hardware company more if they didn't also have a big software division.
A company like AMD I would trust more than a company like Apple.
Decent management. A lack of change of business model, no rug pulls and such. Fair value for money. Consistency over the longer term. No lock in or other forced relationships. Large enough to be useful and to have decent team size, small enough to not have the illusion they'll conquer the world. Healthy competition.
Admirable, but short of a local credit union I used to use (which I am no longer with as they f'd up a rather critical transaction), I can scarcely imagine a business that fits such a model these days. The amount of transparency needed to vet this would be interesting to find though, and its mere presence probably a green flag.
No past history of shady planned-obsolescence sprinkled in a bunch of their products, for one.
So that rules out Apple.
A leadership team that is very open and involved with the community, and one that takes extra steps, compared to competitors, to show they take privacy seriously.
Co-operative will have significantly worse privacy guarantee compared to shareholder based model. In the no one company wants to sacrifice on privacy standard just for the sake of it. They do it for money. And in shareholder based model, the employees are more likely to go against the shareholder when user privacy is involved, because they are not directly benefiting from it.
That's nonsense. Shareholders have an incentive to violate privacy much stronger than any one employee: they can sell their shares to the highest bidder and walk away with 'clean hands' (or so they'll argue) whereas co-op partners violating your privacy would have to do so on their own title with immediate liability for their person.
The only shareholders in a co-op are the owners/operators ("employees"), or the owners/operators + customers (for example REI I believe). There's nobody seeking to extract value at the expense of the employees or the customers.
If, as a shareholder operator, a co-op member pressured themselves to exploit user data to turn a quick buck, I guess that's possible, but likely they'd be vetoed by other members who would get sucked into the shitstorm.
In my experience, co-op members and customers are more value-oriented than profit-motivated, within reason.
> but likely they'd be vetoed by other members who would get sucked into the shitstorm.
Why are shareholders less likely to veto a evil person in a company vs in a co-operative? I think in most cases, the evil person is likely to get vetoed but sometimes greed takes over, specially over period of years and decades.
Evil in a co-op means something different than evil in a corporation.
The corporation at the end of the day will lean back on profit motive as the core underlying value. This value , to a co-op, isn't inherently evil, but is often evil.
The co-op will happily sacrifice the co-op for the good of the members if push comes to shove. Whereas corporate shareholders constantly vote for things that result in e.g. layoffs, downsizing, restriction of benefits, salary freezes.
We're no mondragon but I founded a co-op in IT space a few years back and it surprised me how open to the vision the members and customers have been.
I had assumed I'd have to lean more on the capitalistic values of being a co-op, like better rates for our clients, higher quality work, larger likelihood of our long term existence to support our work, more project ownership, so as to make the pitch palatable to clients. Turns out clients like the soft pitch too, of just workers owning the company they work within - I've had several clients make contact initially because they bought the vision over the sales pitch.
I'm trying to think about if I'd trust us more to set up or host openclaw than a VC funded startup or an establishment like Capital One. I think both alternatives would have way more resources at hand, but I'm not sure how that would help outside of hiring pentesters or security researchers. Our model would probably be something FOSS that is keyed per-user, so if we were popular, imo that would be more secure in the end.
The incentives leading to trust is definitely in a co-op's favor, since profit motive isn't our primary incentive - the growth of our members is, which isn't accomplished only through increasing the valuation of the co-op. Members also have total say in how we operate, including veto power, at every level of seniority, so if we started doing something naughty with customer data, someone else in the org could make us stop.
This is our co-op: 508.dev, but I've met a lot of others in the software space since founding it. I think co-ops in general have legs, the only problem is that it's basically impossible to fund them in a way a VC is happy with, so our only capitalization option is loans. So far that hasn't mattered, and that aligns with the goal of sustainable growth anyway.
Amazing, please write a book. My current venture is still called after that idea ("The Modular Company"), but I found that it is very hard to get something like that off the ground in present day Western Europe.
> but I found that it is very hard to get something like that off the ground in present day Western Europe.
Yes, agreed for the USA/Taiwan/Japan where we mostly operate. For us it's been understanding and leveraging the alternative resources we have. Like, we have a lot of members, but really only a couple are bringing in customers, despite plenty of members having very good networks.
Is your current a co-op? 200+ sales at 30k a pop seems to be pretty well off the ground!
It's going to be pretty short. Proton would be there for comms, for hosting related stuff I would trust Hetzner before any big US based cloud company. For the AI domain I wouldn't trust any of the big players, they're all just jockeying for position and want to achieve lock-in on a scale never seen before and they have all already shown they don't give a rats ass about where they get their training data and I expect that once they are in financial trouble they'll be happy to sell your private data down the river.
Effectively you can trust all of the companies out there right up until they are acquired and then you will regret all of the data you ever gave them. In that sense Facebook is unique: it was rotten from day #1.
Vehicles: anything made before 2005, SIM or e-SIM on board = no go.
I'm halfway towards setting up my own private mail server and IRC server for me and my friends and kissing the internet goodbye. It was a fun 30 years but we're well into nightmare territory now. Unfortunately you are now more or less forced to participate because your bank, your government and your social circle will push you back in. And I'm still pissed off that I'm not allowed to host any servers on a residential connection. That's not 'internet connectivity' that's 'consumer connectivity'.
> I'm halfway towards setting up my own private mail server and IRC server for me and my friends and kissing the internet goodbye. It was a fun 30 years but we're well into nightmare territory now.
Every day my doomer sentiment deepens, and I am ashamed when I come onto here and see all this optimism. It is refreshing to see people whose opinions I have come to respect on this forum to be as negative as I am.
If you're not to some degree pessimistic right now that simply means you haven't been paying attention for two decades or so. I would expect that for a number of people we are now well into 'don't look up' territory, they realize in their gut that this all isn't right but they prefer to pretend everything is alright as long as they can because the alternative is just too uncomfortable. I see this around me all the time and I don't blame them at all, people as a rule have problems enough without having to think about the larger implications. Unfortunately that is exactly the kind of loophole the power hungry contingent needs to drive their trucks through: by structurally worsening quality of life they ensure that the bulk of the people is distracted while they make out like bandits over the backs of the rest.
Proton complied with a court order once (that we know of), no? I have seen a lot of negative sentiment from HN commenters toward them but not a lot of evidence to back it up, particularly when you consider the email marketplace.
It was a legally mandated court order they couldn't just refuse. No encrypted data, the contents of their emails, was handed over. The person would've also been safe had they used vpn/tor as I recall the story.
It's all so tiring isn't it? It's become a meme, but everyday more and more, I yearn for living in the middle of nowhere, unplugged, with just my friends and family around. Very unrealistic, but still.
why the (e)SIM cars concern? i ask since the data transmission (bidirectional) can be used to justify lower insurance rates, for an example, than without that data.
"Justifying lower insurance rates" is just algorithmic bias described from the perspective of someone it doesn't (currently) harm. See also: credit scoring, insurance claim acceptance, job applications, etc., etc.
You only get offered a discount if most other customers are being compelled to pay full (or even increased) prices for the same offering. Otherwise revenue goes down and company leadership finds itself finding other ways to cut costs and increase profits.
This, but stronger. It’s not a story of why Johnny can’t trust anyone. The vast majority of companies have proven time and time again that they are not capable of handling this data securely against inadvertent disclosure. Not even mentioning the intentional disclosure revenue stream.
Barely. Your points are well made and I'm sure that it is just a matter of time before they're just as untouchable as the rest. Hence the remark about mail. The Siloization of the internet is almost complete.
After reading Jacques's response to my question, my list got smaller. Personally, I still like Proton, but I get that they have made some people unhappy. I also agree that Hetzner is a reliable provider; I have used them a bunch of times in the last ten years.
Then my friend, we have to worry about fiber/network providers I suppose.
This general topic is outside my primary area of competence, so I just have a loose opinion of maintaining my own domain, use encryption, and being able switch between providers easily.
I would love to see an Ask HN on secure and private agentic infra + frameworks.
> There are very few companies who I trust with my digital data and thus trust to host something like OpenClaw and run it on my behalf: American Express, Capital One, maybe Proton, and maybe Apple. I managed an AI lab team at Capital One and personally I trust them.
I don't really understand what this has to do with the post or even OpenClaw. The big draw of OpenClaw (as I understand it) was that you could run it locally on your own system. Supposedly, per this post, OpenClaw is moving to a foundation and they've committed to letting the author continue working on it while on the OpenAI payroll. I doubt that, but it's a sign that they're making it explicitly not an OpenAI product.
OpenClaw's success and resulting PR hype explosion came from ignoring all of the trust and security guardrails that any big company would have to abide by. It would be a disaster of the highest order if it had been associated with any big company from the start. Because it felt like a grassroots experiment all of the extreme security problems were shifted to the users' responsibility.
It's going to be interesting to see where it goes from here. This blog post is already hinting that they're putting OpenClaw at arm's length by putting it into a foundation.
You raised a good point I am now personally basically expecting to see this year ( next at the latest ). Some brave corporate will decide for millions of users to, uhh, liberate all users data. My money is not of that happening at Googles or OpenAIs of the world though. I am predicting it will be either be a bank or one of the data brokers.
With any luck, maybe this will finally be a bridge too fast, like what Amazon's superbowl ad did for surveillance conversation.
Sorry to break it to you but I would not trust any financial companies with my personal data. Simply because I’ve seen how they use data to build exploitive products in the past.
Quick plus one for Capital One after also working there. They're by far the most tech-forward of all the larger financial institutions, and by virtue of being a FI they take data-security much more seriously than any other "tech" companies.
Not a paid post but a bunch of generalities with no specifics. C1 is by far the worse of the bunch in the banking sector. C1 now openly engages in stack ranking and has absolutely destroyed employee morale, all due to hiring ex Amazon directors.
For any future workers, be highly forewarned that if ex Amazon leadership enters your company their number one goal becomes inducing mass misery to magically raise the share price. It'll never work because they are coming from a company that has a massive unregulated monopoly (or oligopoly if you want to be technical) that is able to subsidize poor business ideas indefinitely. They mistake working in this environment as having competence so be warned: they will fuck everything up, collect massive bonuses, and you'll be collecting unemployment soon enough under their guidance.
Didn't have to click the link. Words don't matter. The fact that their phone security was poor enough for someone to get killed and thousands of others exposed... Oh and PRISM, so...
Well it’s not even just data, you have to trust actions taken if you want the assist to, you know, assist. I have been yoloing it and really enjoying it. Albeit from a locked off server.
There are very few companies who I trust with my digital data and thus trust to host something like OpenClaw and run it on my behalf: American Express, Capital One, maybe Proton, and *maybe* Apple. I managed an AI lab team at Capital One and personally I trust them.
I am for local compute, private data, etc., but for my personal AI assistant I want something so bullet proof that I lose not a minute of sleep worrying about by data. I don't want to run the infrastructure myself, but a hybrid solution would also be good.