Doesn’t this fierce debate exist because people cannot agree what Satoshi would have written had he known Bitcoin would take off in such a massive way, versus what Satoshi believed back when bitcoin was just a paper? If it actually is the case that Adam Back is Satoshi, we shouldn’t find it surprising that Back’s views on bitcoin changed as bitcoin’s viability and real world impact changed
Pretty compelling story. Not necessarily for its revelations, but for the fact that John Carreyrou and the NYT decided to publish it at all. If it were by anyone else, I would have stopped reading after the first thousand words of meandering narrative, but Carreyrou is staking his massive and impeccable investigative journalistic reputation on this mountain of circumstantial evidence and statistical analysis. Him torching his reputation (especially with Elizabeth Holmes fighting hard for a pardon/clemency!) would be as interesting as a story as actually finding Satoshi's real identity.
The evidence is good. What was more interesting to me is the section where he explains how he eliminated all the other asserted and likely candidates. Since the story is already a very long read, I imagine much of this section got left out. So some of the reasons for eliminations are too brief to be convincing on their own. For example:
> What about other leading Satoshi suspects, I wondered? Were there any who fit the Satoshi profile better than Mr. Back? A 2015 article in this newspaper put forward the thesis that Satoshi was Nick Szabo, an American computer scientist of Hungarian descent who proposed a Bitcoin-like idea called “bit gold” in 1998. Mr. Szabo remained at the top of many people’s lists until recently, but a heated debate that played out on X about a proposed update to the Bitcoin Core software exposed his ignorance of basic technical aspects of Bitcoin.
A 2015 article in this newspaper — Decoding the Enigma of Satoshi Nakamoto and the Birth of Bitcoin, by Nathaniel Popper [0]
[Szabo] proposed a Bitcoin-like idea called “bit gold” in 1998 — Szabo's post on his Blogger site [1]
but a heated debate that played out on X about a proposed update to the Bitcoin Core software exposed his ignorance — links to a Sept 29, 2025 tweet by Adam Back replying to Szabo, who had tweeted:
> Good info thanks. Follow-up questions: (1) to what extent is such an OP_RETURN-delete-switch feasible in practice? (I know it is feasible in theory, but there are many details of core that I am not familiar with). (2) has such a thing been seriously proposed or pursued as part of Core's roadmap?
exposed [Szabo's] ignorance of basic technical aspects of Bitcoin — links to another reply tweet by Back in October 2025 [3]:
> Nick, you're actually wrong because there is a unified weight resource. eg byte undiscounted chain space reduces by 4 bytes segwit discounted weight. no need for insults - people who are rational here are just talking about technical and risk tradeoffs like rational humans.
Szabo's tweet was: "Another coretard who thinks their followers are mind-numbingly stupid."
----
Can someone explain why this relatively recent tweet fight is convincing evidence that Szabo is too ignorant to have been behind Bitcoin? I know he went silent for a bit when Bitcoin first got big, but he hadn't revealed his ostensibly overwhelming ignorance until a few months ago?
Didnt follow everything here, but wouldn't that make for a perfect cover story? If you're Satoshi, and people are getting close to verifying (or at least nominating you as "most likely candidate"), what better way to throw people off than to engage in a public conversation in which you (creatively) get all kinds of technical details wrong and make yourself look too ignorant or dumb to ever have been Satoshi?
The funny thing is that the author uses your exact logic when he finds evidence that goes against his hypothesis. He made posts that asked questions about things that Satoshi definitely would've known? Misdirection! Somebody else does it? Strong evidence against them!
The interesting thing to me is, it seems likely that whichever individual or small group actually is Satoshi must have planted at least a few misdirection false flags like that at some point. But how in the world would you ever tell which ones are that sort of misdirection and which are real?
Well not quite. The author uses that logic for Satoshi and Adam back in the early 2000s but not for present day misdirection. The misdirection play would make more sense in real time (eg 2008) vs randomly in the 2020s.
Adam could have released the email metadata and that would have absolved him, but he didn’t.
>One can always suppose the identified individual is a double, triple, quadruple agent.
yes in general it's not good reasoning but given that in this case we know that we're talking about someone who tried to stay anonymous and comes out of the cypherpunk culture we can pretty much assume that if they've been interviewed they've denied it.
It's not like that accusation is random, it's that this is what the real Nakamoto, whoever it is, would have said
> Pretty compelling story. Not necessarily for its revelations, but for the fact that John Carreyrou and the NYT decided to publish it at all.
When is the line crossed from journalism into doxxing? Whoever created Bitcoin has a legitimate safety reason to stay anonymous. Anyone suspected of holding that much wealth becomes a target - as does their family.
There is no such line. The actual line is whether someone is newsworthy; the safeguard you have against journalism abusing random people (which it has done, often, over the last 150 years) is that journalists ordinarily don't write intrusive stories about random people.
(There are some other safeguards, but they're highly situational.)
The conflict between journalism and "doxxing" is a Redditism that people are frantically trying to import into real life. Maybe Reddit norms will upend the longstanding norms (and purpose) of journalism! But nobody should kid themselves that the norms have always been compatible.
But are they themselves newsworthy or is it what they created and that they hold a lot of coins?
There are many people, both FOSS devs and working for major corporations, that have contributed or singularly been responsible for very impactful technologies, but in general, if that person wants to keep their persona discreet and there is no evidence they have done anything of public interest, the reporting remains purely on what they have done. Akin to why Wikipedia generally has rules for notability (I’d argue Satoshi falls under ONEVENT if we are strict here).
To me, the way you describe it, the line appears to be less in whether there may be a public interest and more whether there is public attention. In other words, is the line in the sand whether people should know this or whether they want to (and thus buy copies)?
Genuinely asking, is there a rule set on this the NYT should adhere to? What is the APs position for dem asking a pseudononymous character only notable for a specific thing?
I agree, in that Journalism has always been an unethical business masquerading as moral imperative.
But I think this "Redditism applied to real life" is actually society grappling with the ethics of public safety and social accountability in the 21st century. Is it okay to dox a 16 year old Twitch streamer? Or a wealthy Satoshi? Or a crypto-Nazi? Laws only define so much, and we (society) have to fill in the gaps, which is messy. I think we're figuring out where the line is in real time.
Doxxing (and the moral judgements attached to it) is a relatively new and not widespread concept.
You can’t just say “but this is doxxing” and expect people to know what you are talking about and also attach the same negative label to it as you do the same way you would when you call out murder or theft.
I personally don’t find “doxxing” that useful as a concept and as a guidepost to what I consider ethical or not. People who use the concept tend to be extremely zealous with at, to a point where anything identifying anyone is doxxing (and doxxing is to those people self-evidently unethical) and that just doesn’t seem useful or practical to me at all.
As to this particular case: if you create something as corrosive, destructive and powerful as Bitcoin society should know you. You don’t get to hide in anonymity at all.
Isn't it a matter of legitimate interest for me to know whether you're obscenely rich or not? After all, if you are, you can probably do things like buying elections and sending hitmen after my family.
Either way, why can't they just deal with it the way other obscenely rich people deal with it?
Except Satoshi has been "anonymous" and those Bitcoin have never moved, even when the sum total of that wallet might have been $10,000 or so.
And if Satoshi's holdings now exceed $1B, well, for better or worse, multiple courts have ruled that billionaires are inherently public figures, because of their "outsized effect on public discourse".
It would be hilarious if he intentionally or accidentally lost the key, and has been trying to cash out through those Bitcoin adjacent business ventures ever since.
I hate this idea that doxxing is some kind if crime. “Who is the creator of bitcoin?” is a matter of great public and historical interest. Finding out who he is, is the purest form of journalism.
What does that say about pure journalism? Publish information despite doing harm? How do you present the information, and what impact does that presentation have?
Historically, newspapers often published the full name and physical address of every person they covered, from judges to drunks to rape victims to people suspected of a crime. I'm sure people back in the day called that pure journalism, but I don't think we'd call it "good" today. Our standards today might also not be as good as we assume.
Historically, people got a big book every year with the name and address of most people in it. You could get unlisted numbers but now everyone has a cellphone which just isn’t broadly published but because now many use it for everything it’s probably not that hard to find.
Also, has others have noted it’s trivial to put other a list of wealthy people. In fact, it’s probably better to skip the Forbes 400 list who probably have some level of private security. Just go through the board member lists of Fortune 500 companies.
Speculating about it using arguments like "he also uses C++ and has used words popular in those circles" isn't though or at least shouldn't be.
"Hey this guy probably had an access to a few billion USD worth of btc, maybe still has, his name is X, he lives in Y. He wishes to be anonymous but he knows C++ and we got him!".
> There is no wait they can be 100% sure, so they will ruin someone's life over what?
What harm is caused by this article, do you think? He is already incredibly wealthy, already has security, and many people already assumed he was Satoshi Nakamoto. Claiming that someone invented a world altering technology is neither libel, nor defamation, _even if it an intentional lie_. If it is not a lie, or is merely a mistake it _certainly_ is neither.
> I hate this idea that doxxing is some kind if crime.
The thing is, up until the advent of the internet it basically didn't matter - although in some cases, e.g. the German left-wing terror group "RAF", rich people did end up getting v&, in some cases killed. But that was a rarity.
But now with the possibilities of modern technology? Being able to be active on the Internet without hiding behind a pseudonym is a rare privilege. Wrong political opinion? Some nutjob from the opposite side can and will send anything from "pizza pranks" to outright SWAT to your home (or your parents, or ex-wife, or anyone they can identify as being associated with you). And if you got money? Stalkers, thieves, robbers, scammers, you will get targeted.
I think it's a pretty good case. I always wondered why would the inventor would use pseudonym in the first place. Surely, not even the most visionary person could anticipate how hugely popular the thing would become. This is why I was intrigued by Newsweek investigation [1]. However, seeing this article, I am leaning towards the person being someone who had been active in crypto culture for a long while, before creating Bitcoin. The story about Napster, and the paranoia around government going after the inventor ties in nicely towards the motivation to remain anonymous.
The word, phrasing use is a good evidence. I do wonder though why didn't the author try to analyze the source code similarly? Did it prove something to the contrary?
Also, Satoshi jumping in to defend block-size out of the blue sounds too reckless for someone so careful about anonymity. Possible explanation might be that he let his guard down seeing an attempt to "butcher" his creation.
In any case, I am convinced that it was most likely a single person and if not Adam, I think there are no more than 3-4 people who are possible candidates.
> I always wondered why would the inventor would use pseudonym in the first place.
Doesn't wondering such disqualify you as reasonably informed concerning any online culture related topics, let alone something connected to cypherpunk ideals? Pseudonyms were always the norm, it was always weirder to see somebody operating out in the open when they were plotting ways to use technology to asymmetrically alter society itself.
A major problem with the article is the author's inability to weigh the evidence: actual evidence, like presence/absence pattern, is buried whereas p-hacking stylometry (let me try another expert, this one didn't give me what I wanted! let me feed him the Satoshi/Adam Back tells that I'm already in love with!) is majority of the article. It also includes absolute garbage like the vistomail spoof email during the block size wars. And, oh by the way, both Satoshi and Adam Back knew C++. Theranos evidence was binary (machines either work or they don't) but it is not so here and the author is simply out of his depth here.
It is sad - but entirely unsurprising - that NYT decided to paint a big target on someone's back just for clicks. Judith Miller-tier all over again. Miller too had real evidence and junk evidence, couldn't distinguish between the two, and editors wanted a flashy headline. Carreyrou has exactly the same problem here: NYT editors need multimedia events (like junk stylometry filtering - watch the number shrink from 34,000 to 562 to 114 to 56 to 8 to 1!!!) because that's what its audience-product relationship demands. I think it not unfair to say that modern Times' editorial culture has no mechanism for distinguishing rigorous inference from merely compelling narrative. Open the front page on a random day: how often do you see the Times staking credibility on a causal claim "A causes B" vs simply "X happened. Then Y came." vibes/parataxis.
I've had the fortune/misfortune to be directly or peripherally involved in nearly a dozen situations that made it to press and there isn't a single case where the story represented in the article wasn't blatantly misinterpreted from the facts. In nearly every case what was mentioned in the article was the complete opposite of what actually happened. Biggest/Most-egregious offenders were Vice and Vox Media but included are the NYT, WaPo and Time.
One can only narrow the things they care about to those they can verify (or personally affect them) and go after primary sources themselves and form their own conclusions. I'm no longer convinced that modern journalism is good for anything more than starting bonfires.
can you give some examples? I'm very interested in this. (after all we had about a decade of crying "fake news" - and as far as I understand the verdict was that big traditional outlets get the basic facts right - who what where when - but are absolutely clueless about or intentionally spin the "why".)
No meaningful ones that I'd want to reveal without doxxing myself. I can give you one of someone else's that can be independently confirmed.
https://www.vice.com/en/article/sugar-weasel-the-clown-escor... This article by Vice is 100% bullshit. Vice basically published this PR piece for the guy as a favor. A lot of articles that you read are really coordinated press releases -- like the initial Blake Lively v Justin Baldoni NYT hitpiece. Yes, I know this is dumb and totally entertainment and not "news", but this article actually harmed the business of the actual guy that Weasel ripped his shtick off from. Aaron Zilch used to rant about this guy and how bullshit this article was for years. There's a small clown kink/BDSM community in Vegas and those in it at the time this was published all called it out for the bullshit it was. Asked Vice for a correction/retraction and they did nothing.
Somebody handed them a clickbait story and they published it for the clicks.
Knoll's Law of Media Accuracy: "Everything you read in the newspapers is absolutely true, except for the rare story of which you happen to have firsthand knowledge."
See also, Gell-Mann Amnesia effect.
Most reporting is garbage once you get into the details.
Impeccable? Carreyrou's articles and eventual book are built largely off of the deep investigative work done by Dr. John P. A. Ioannidis and Dr. Eleftherios P. Diamandis and a listserv with thousands of participating doctors...who aren't mentioned in the book once...Similarly-omitted are Softbank/Fortress and their eventual patent-holding shell company Labrador Diagnostics LLC...
> "this mountain of circumstantial evidence and statistical analysis"
On the stats side I'm seeing 1) stylometry expert finding nothing conclusive 2) The database made by scraping(?) the email archives being filtered in various ways to reduce the number of candidates.
On 2) I'm wondering if focusing on words without synonyms would basically mean (as writer says) technical vocabulary. Therefore anyone interested in the technical subject at hand would have to use those words, so the overlap in technical words just tells us that Mr Back was interested in the same kind of thing that Santoshi was interested in, which is already known as Back had a history with the hashcash stuff?
Random idea: can the database identify which subject threads the overlapping synonym-less words are in? I'm guessing a lot of them will be in a small number of threads.
I'm almost 100% certain he's the creator of Bitcoin. I didn't need to see his technical chops to suspect it -- all I needed was to read his article from 2002 which discusses the whole concept and key ideas that Bitcoin is currently based on: https://nakamotoinstitute.org/library/shelling-out/
Coming up with the idea and implementing it in the real world are two different things. You don’t think there’s any chance someone read the paper and used his ideas to create Bitcoin?
There is a chance - yes, but there's a lot of other evidence that he was involved in its creation (not just the 10+ years he talked about bit-gold prior to bitcoin). Bit-gold = bitcoin. My guess is that someone (like Hal Finny) implemented it with him but he was the originator of the idea and wrote the paper on it. Finny most likely had the original keys or he intentionally got rid of them on purpose (which explains why the wallet hasn't been active). Those are my guesses but the language in the paper very much gives me the impression that it was written by Nick Szabo.
Your aside suggests you might already have considered what I'm about propose, but why not Finney and Back both as Satoshi?
The reporting already establishes all three parties (Satoshi being the third) were familiar/friendly with one another. The reporting says that Finney was the recipient of the first ever Bitcoin transaction, which seems like a completely natural thing to do if the two of you are working together.
Finney's name also rises to the top in a few of the author's analysis, while also noting:
> "But his analysis had been hampered by the fact that most of Mr. Back’s papers were coauthored with other cryptographers, which made it difficult to know who really wrote them."
Again, why not both of them as Satoshi?
Hal Finney's passing also helps explain how such a monumental secret of Satoshi's identity has remained a secret for so long. The only other person who's in on the secret is Back himself.
Edit: To add further conjecture, it wouldn't surprise me if Satoshi's wallet is locked away in a trust or tied up with Finney's estate. I can imagine a scenario where the keys to the wallet are legally unobtainable until such time that both Finney and Back have passed, at which point the wallet is liquidated and its proceeds donated (Finney previously raised money for ALS research).
No evidence, just imagination. Reading the article was my first time learning about these people, so I'm unlikely to contribute anything new to the discourse that hasn't already been debated and scrutinised ad infinitum. I did find this person's post[1] to be the most compatible with what I had in mind when I made my original comment, in case you're looking for a more substantive viewpoint.
I do think there's something to my idea that the reason we haven't seen any activity from Satoshi's wallet is because it's being held in some sort of trust. An individual might not go to the trouble of setting something like that up, but a collective might be more inclined to do so. I haven't seen anyone else float this line of reasoning before and it seems to make more sense than the prevailing theories.
Reasoning: They have the chops to create the world's first system where consensus, scarcity, and ownership exist without a central authority... But, they also lack the ability to write a Perl script to "Send Later". Checks out.
Why would they believe that someone in the future would be tracking their mailing list post history and correlating email timestamps with real-life activity? There's no motivation to take steps to hide one's tracks (by setting up a remote email send while one is were away) unless one thinks that is going to happen.
Parent poster was talking about Hal Finney, not Back.
What the parent is suggesting is that Finney covered his tracks by leaving digital fingerprints (as Satoshi, supposedly) while he was actually out running. This requires that he not only thought someone was tracking Satoshi's email activity, but also tracking his own whereabouts. I can see someone trying to hide their digital identity, but intentionally setting up false alibis seems insanely paranoid to me, which is why I don't buy it.
But regarding Back, the article also points to periods where Back goes dormant while Satoshi becomes active or vice versa. That's not the behaviour of someone who is particularly devious at constructing false alibis.
Anyone sophisticated enough to hide their writing style and identity would be more than capable of setting an email to go out while they were at a public event.
Likewise, the argument discounting szabo because he exposed some ignorance of Bitcoin is exactly what someone might do to throw off the scent.
> Can someone explain why this relatively recent tweet fight is convincing evidence that Szabo is too ignorant to have been behind Bitcoin?
I’m a primary player in this sad saga. I can tell you that neither Szabo nor Back are Satoshi, as anyone who knows them would attest.
But to your question, all this does is make this “journalist” look dumb. The thing being discussed by Adam and Nick wasn’t wven proposed for bitcoin until 6 years after Satoshi disappeared.
> I can tell you that neither Szabo nor Back are Satoshi, as anyone who knows them would attest.
I'm sure you can tell us, and I'm sure you all will attest it, but is it true though?
You probably wouldn't "out" Satoshi if it was one of you working on anonymous payment systems on the mailing list, and it very obviously is - there were like ten people at most, if we're generous, who were working on what was at the time an extremely nice cryptography topic.
Which is fine I guess, bit the attestation doesn't mean much.
I co-founded a company with Adam Back. If he is Satoshi, I'd be pissed that we had to take money on really bad terms while he was sitting on billions. And I'd find it strange that I had to correct minor misconceptions about how bitcoin worked back in 2013/2014. That's all non-transferable evidence though that you just have to take, or not take at face value.
On the other hand, just go read Adam's twitter. Half the time it is incomprehensible word salad because Adam clearly still does not proof-read his communications. Yet Satoshi's emails and forum posts were always considered and well-crafted.
In any case, I have no stake in this. I don't even own bitcoin anymore. It's just frustrating to see people's lives continuously turned upside down for no reason other than to drive clicks towards the NYT, without even the most basic journalistic integrity.
I'm not one of those who thinks it's Adam Back, I believe it's Szabo - which means of course that I find your anecdotes perfectly convincing :)
And it seems also the thing you mention about taking money on bad terms should be independently verifiable, which the journalist writing this article should probably have checked.
I have trouble believing Satoshi would pursue a venture capital startup founder life in his personal life, assuming he didn't burn his wallets. I would find it a lot more likely that he pursued an academic career at his own tempo, writing a paper here and there, maybe teaching undergraduates even, etc. But that's a lot closer to my dream life, so maybe I'm biased there as well!
In 2014 I found myself having to explain the fundamental basis of bitcoin's economic model and Satoshi's contribution to ecash (that the value of proof-of-work is independent of the work it represents, something the cypherpunks consistently got wrong pre-bitcoin) to a non-comprehending Nick Szabo. It's not him.
Even if Nick Szabo didn't have anything to do with Bitcoin, I find it very unlikely that he wouldn't know about the core differences between his own system and Bitcoin by 2014.
That's a bit like a mathematician trying damn hard to prove something, proving it for most cases, and then be totally unaware of the proof six months later, relying on his own proof and proving it for all cases. That doesn't sound like it happens very often, especially not for heavily online academics.
Are you sure he wasn't just politely nodding along to the entrepreneur explaining his invention to him?
I think you have the roles backwards. He was the one explaining (at first) how bitcoin wouldn't scale -- couldn't scale -- because the generated value doesn't adjust with the difficulty, when in fact that is fundamental to why bitcoin DOES work and prior schemes did not.
Which is fine. Nick was only just starting to learn about bitcoin at this time. I didn't understand this until much after I was first exposed to bitcoin, tbh. Much of how bitcoin/crypto works, although we take it for granted now, was very non-obvious to people working on ecash-like systems at the time. Bitcoin basically violates every inviolable constraint that cypherpunks had put on digital money systems.
> No one in the cipherpunks mailing list thought any of this was odd, probably because it was obvious to them who Satoshi was.
If dozens of people affiliated on a mailing list knew that Sbazo was Satoshi is a decade ago, would’t his identity be treated as an open secret by now?
I don't blame you for this initial reaction, which would have been mine too had I not known who the author was. I don't mean that I automatically trust anything published by the reporter who busted Theranos (and won two Pulitzers for other major investigations). But I do mean that if John Carreyrou and his editors decided to publish something this long, that means they (and they're lawyers) are willing to die on this hill, no matter how meandering the first paragraphs of his 1st-person narrative.
Since the story doesn't end with: "And then Adam Back bowed his head and said, 'You have found me, Satoshi'", I'm guessing they preferred to go for the softer "how we did this story" first-person narrative. There is no explicit smoking gun, like an official document or eyewitness who asserts Satoshi's identity. But the circumstantial and technical evidence is quite thorough, to the point where the most likeliest conclusions are:
1. Adam Back is Satoshi
2. Satoshi is someone who is either a close friend or frenemy of Back, and deliberately chose to leave a obfuscated trail that correlates with Back's persona and personal timeline.
If Mr Carreyrou is such a good writer then he should be embarrassed to publish trash:
> In keeping with this belief, Mr. Back made his Hashcash spam-throttling software open source.
> Satoshi did a similar thing. He released the Bitcoin software under M.I.T.’s open-source license, which allowed anyone to use, modify and distribute it without restrictions.
The numerous observations such as this only seem impressive to people who don't know anything at all about the subject. Occam's Razor suggests that the reason that such irrelevant observations were included is because Carreyrou doesn't know anything at all about the subject.
> When we compared those errors with the writings of our hundreds of suspects, Mr. Back was a clear outlier. He shared 67 of Satoshi’s exact hyphenation errors. The person with the second-most matches had 38.
You’re talking about “Occam’s razor” while noticing things in an article that may not be relevant while informing huge swathes of the article.
Occam’s razor suggests you’re doing this because you want the article to be wrong and want to pretend to be a genius, not because you actually think it is
I neither want the article to be wrong nor right. I don't care who Satoshi is.
The article is written as if it's by some crazed conspiracy theorist. It's dripping with confirmation bias at every turn. Tiny coincidences are seized upon to confirm the author's suspicions whereas other explanations are minimized.
This kind of one-track reasoning almost always turns out to be wrong. Did the author accidentally stumble upon the truth? It's possible. Back has all the right qualifications to be Satoshi. But so do many other people.
wrt (2) that is if satoshi had the foresight btc would ever blow up in the way it did. obviously, he had some intuition, remaining anonymous, but deliberately creating a fake trail does not seem super plausible to me
yeah it’s totally plausible that Google would risk the reputation and legal status of its global multi-trillion empire to dunk on one of the handful of people who have the near-unilateral authority to dismantle them
Also - there's zero chance any employees at Google could decide to leak the contents of a specific inbox. That'd be an insane security hole which would've been exploited multiple times already.
I too am very curious about this. Even if his password was exposed and he didn’t have 2-factor auth, doesn’t Google by default ask for confirmation — e.g. texting a number or backup email associated with the account — when seeing an unrecognized device? Maybe he didn’t have any alt contact methods associated with his account?
(which might not be that unusual, he’s old enough to have opened a gmail account upon launch, before extra info hoops were put in place, and maybe he never touched his account config in the past 2 decades?
You are probably right... I tend to change my password semi often. It's always a super complex impossible to remember string - and always keep an eye on the account activity.
Not to mention ; you would assume he should have more than one device linked to the account and then that adds another layer, since Google will ask you " is this you trying to logon ". <-- that is the only way to get Google to do the unrecognized flow you mention.
If you are suggesting it was exposed and he didn't immediately randomise all his passwords.. WORDS FAIL ME
It's all security 101 the irony is immense...
if the US government / FBI need someone to give some talks on how to do security ...
Honeypot sure I didn't think of that.. But I was under the impression the FBI confirmed it ? So we can rule it out.
Making the password impossible to guess - how could that not be?
Since then you know you have a breach, as its randomised gibberish, if you then get the 2nd device asking " is this you trying to login " you can definitely know you are compromised....
I can't see your logic here, that isn't " theatre " ????
If you think that is theatre what is better then? Words and numbers.. easily brute forced.. Sorry can't agree.
Why would they willingly destroy their successful honeypot if the other party announced they've access to it?
I haven't seen what's in it either though, but I would not rule it out yet, especially when the FBI is involved - which love those tactics
When you're compromised, changing the password is obviously not theatre - but changing a password which is randomly generated with enough entropy is what's pointless theatre. A secure password is secure, esp. If you're already using a password manager then the act of changing isn't meaningfully increasing your security (unless you're aware that your password was compromised) because the way to compromise it is what...? Having a keylogger on a device you logged in on? Then the changed password will be just as compromised
That's why keepass is really useful since you aren't ever typing in the password.. its generated and then copied to the clipboard.. That clipboard is then wiped after X seconds.
So then you know that you have been rooted => If that fails to resolve it.
Reduce the number of vectors to know what you have to change asap. in this scenario you don't want to be guessing about how they did it.
The randomised gibberish just means you can rule out certain things. I can agree on part of what your saying but a string high entropy password, makes it harder to brute..
Many services don't really do that whole retries thing properly. So make it take as long as possible.
If you don't use a random gibberish your password can be cracked on any consumer device in a surprisingly short amount of time...
This way you can then focus on that a session token is probably how they got in.. It's the most common vector these days...
Maybe they're like me, who didn't spend a lot of time investigating Claude until 4.6 launched and the hype was enough to be the tipping point to invest energy. I do know that I've been having good/great results with Opus 4.6 and the CLI, but after an hour or so, it'll suddenly forget that the codebase has tab-formatted files and burn up my quota trying to figure out how to read text files. And apparently this snafu has been around since at least late last year [0]. Again, I can't complain about the overall speed and quality for my relatively light projects, I'm just fascinated by people who say their agents can get through a whole weekend without supervision, when even 4.6 appears to randomly get tripped up in a very rookie way?
There's definitely a productivity curve element to getting it to behave effectively within a given codebase. Certainly in the codebases I work with most frequently I find Claude will forget certain key aspects (how to run the tests or something) after a while and need a reminder, otherwise it gets into a loop like that trying to figure out how to do it from first principles with slightly incorrect commands.
I think a lot of the noise about letting Claude run for very extended periods involves relatively greenfield projects where the AI is going to be using tools and patterns and choices that are heavily represented in training data (unless you tell it not to), which I think are more likely to result in a codebase that lends itself to ongoing AI work. People also just exaggerate and talk about the one time doing that actually worked vs the 37 times Claude required more handholding.
The bigger problem I see with the "leave it running for the weekend" type work is that, even if it doesn't get caught up on something trivial like tabs vs spaces (glad we're keeping that one alive in the AI era, lol), it will accumulate bad decisions about project structure/architecture/design that become really annoying to untie, and that amount to a flavor of technical debt that makes it harder for agents themselves to continue to make forward progress. Lots of insidious little things: creating giant files that eventually create context problems, duplicating important methods willy nilly and modifying them independently so their implementations drift apart, writing tests that are..."designed to pass" in a way that creates a false sense of confidence when they're passing, and "forest for the trees" kind of issues where the AI gets the logic right inside a crucial method so it looks good at a glance, but it misses some kind of bigger picture flaw in the way the rest of the code actually uses that method.
I've always suspected video-gen is basically a loss leader for OpenAI, Gemini, and Grok. They can't convince the general population that AI is world-changing trillion dollar tech with "vibe coding", but realistic fake videos are impressive at a glance, and might convince many non-technical people that AI/LLMs are something revolutionary.
I think of them all Gemini has the most viable use case when Veo is paired with their advertising platform. It does genuinely open the door to a lot of cost saving for promo shots of products etc
Agreed. For reference, if sora 2 was able to generate me a Google ugc product video, it would cost me like $10 and I would get it within 30 minutes if including editing. Paying a ugc content creator would cost me $50-200 plus no control over final shots plus I gotta wait for them to respond. I have 30 products in my e-commerce store— these costs add up like crazy
The other one is TV ads/cinamatic ads. For a 30 second clip expect to pay an agency $5-10k. Within a couple of days, I can make a video ad and have like $50 in api costs. Cost of production is so crazy in marketing.
Obv this is under the assumption ai is good to do either of those things. Which it hasn’t so far, best I’ve gotten is doing b-roll shots to stick together for an ad
This is what I see, outside the HN bubble. If you work retail or weld pipes together or whatever, AI is of no use to you. On the contrary, if tech thought leaders are to be believed, you'll be out of a job soon, replaced by a lifeless robot. Fuck that.
You do realize that there a lot of people who sit at a desk and use a computer all day, right? Those are the ones whose jobs are vulnerable, not the ones who work with their hands or interact with the public.
we will come for them with real world AI, it takes time. dont worry. they are not safe in a decade, they are %100 safe for few more years. Learning from them at scale and updating is nothing impossible.
It's fine to have a reaction. It just rhat a lot of the comments totally ignored this this caveat. So basically, as I read it by default, they're banned unless approved, which is pretty much what all regulation does anyway, isn't it.
During the last years USA has banned a lot of things by default, but in all cases there were exemptions for things receiving specific approvals.
However, the approvals appear to have not been based on any objective methodology, but sometimes nothing has been approved, while otherwise there may have been some approvals but their randomness was suspicious.
Now this new interdiction continues the trend, so it is normal for people to be wary that any approvals will be based on some kind of bribing and not on any serious security audit.
Especially since the announcement provides no information about how the DoD or DHS will be evaluating what to approve, and it's unlikely that they have the resources to do any meaningful security evaluation on that many products.
The DOH and DOW have a lot of resources. And I would guess the DOW has a lot of intelligence resources and most likely the DOH also I mean it is their job to keep the homeland safe. But I would agree. It probably will involve a lot of marshaling of those resources and reorganization. But who's to say they haven't done that already. My general point is that the conversation in this thread completely ignores that this is an imposition of a different regulatory scheme, not a banning. And actually it's in favor of enforcing more security on routers which everybody has been screaming for for years.
reply