So the whole selling point of this approach is that after coordination with other browsers - the server is completely out of the picture. All telemetry is done peer-to-peer instead of coordinating with a central server for someone to maintain and pay for.
For the past month or so I've been slowly having claude build something in the same ballpark. Basically something to nag you to take care of grown-up things so your boss/spouse/local municipality doesn't have to.
I was going to call it "Nagatha Christy", but the joke gets old after 48 hours. At the moment, its called "Jarbis" (old Simpsons reference).
For me, checklists are useful but I suck at creating them, maintaining them, etc. I want this thing to be able to look at my calendar/email/groupme and be able to say things like:
"Hey, you have 2 kid birthday parties this weekend and a soccer game - you're bringing snacks. You want me to update your shopping list?"
or
"The dentist office just sent out a reminder - you have an appointment on Thursday that's not on the calendar. It conflicts with your daily standup. You want me to create a task for you to resolve it?"
Its using:
- AWS CDK
- Telegram as primary chat interface
- Trello/Jira/Something Custom
- Integrations into GoogleCalendar and GMail
- Ability to use Claude/OpenAI and different models
FWIW, if someone figures out how to create a reliable "secretary in a box" that I don't have to DIY but doesn't scream data-collection-watering-hole (facebook) I'd _happily_ pay $200 / mo for it. ;-)
I've been thinking about this very thing the last few days. "secretary in my Mac" to be specific. An ever running daemon that uses an LLM model for smarts, but pretty much do as many dumb things deterministically as possible.
1. Fetch my calendars(Fastmail, work Google Calendar, Couple's calendar at Cupla) and embellish it with routine tasks like pickup/drop kids, and give me a Today view like this https://zoneless.tools/difference/london-vs-new-york?cities=...
2. Access to my TODO list on Apple Notes and basically remind my ADHD brain that I ought to be doing something and not let it slip because it is uninteresting.
3. Have access to all models via API keys I configure and maintain a "research journal" of all the things I go to LLMs for - "research of bike that fits my needs" whatever and figure out if there needs to be a TODO about them and add if I say yes.
4. View my activity as a professional coach and nudge me into action "Hey you wanted to do this at work this year, but you haven't begun.. may be it is time you look at it Thursday at 3 PM?"
5. View my activity as a mental health coach and nudge me like "hey you're researching this, that and blah while X, Y and Z are pending. Want me to record the state of this research so you can get back to doing X, Y and Z?" or Just talk to me like a therapist would.
6. Be my spaghetti wall. When a new idea pops into my head, I send this secretary a message, and it ruminates over it like I would and matures that idea in a directory that I can review and obsess over later when there is time..
As you see, this is quite personal in nature, I dont want hosted LLMs to know me this deeply. It has to be a local model even if it is slow.
I like this, but would note that each of this is effectively nagging you to do something.
I wonder if the real unlock is moving the task forward in some way. “I know you were interested in X, and the research approach petered out, here and some new approaches we could try:”
“You’ve got two kids’ birthdays next week, shall I order some legos?”
I've started using Claude code to review my linear tasks, add / propose new tags/labels and flag if it's a programming task (and if so flesh out requirements so I can toss it to an agent). It really helps me to just toss everything into it and see what I've got.
I'm actually going to take it further and use clawd to check Jira, linear, slack, and Apple reminders and help me to unify and aggregate them - as I'll often remember and record a reminder on Siri - and kind of ping me about these and adjusting dates when they're overdue so nothing slips through too past due
I've been spending some nights & weekends building exactly this recently. I wanted something that managed my email & calendar, and proactively helped out (or nagged me) when it identified anything important.
It has a handful of core features:
- key obligations & insights are grok'd from emails and calendar events
- these get turned into an ever-evolving always-up-to-date set of tasks; displayed on a web UX and sent to you in a personalized daily briefing
- you can chat via telegram or email with the agent, and it can research/query your inbox or calendar/create or resolve tasks/email others/etc
- if the AI identifies opportunities to be proactive (eg upcoming deadline or lack of RSVP on an event), it pings you with more context and you can give the green light for the agent to execute
Generally trying to identify finite list of busywork tasks that could be automated, and let users delegate the agent to execute them. Or, in the future (and with high enough confidence), let the agent just execute automatically.
Built the stack on Cloudflare (d1, Cloudflare Workers/Workfolows/queues, Vectorize), using gemini-3-flash as the model.
I have my own telegram bot that helps me and my wife. Reminders, shopping list, calendar. Small and simple, gets the job done :) At the start of the day it greets with a briefing, can also check weather and stuff
Btw, I'm in the process of training my own small model so that I can run it on my cpu-only VPS and stop paying for API costs
I set $10 on fire the other day as I was running through some tests.
Like old school arcade games "Please insert more ${money} to keep playing...". Local, smaller, specialized (unix philosophy?) seems like the way to go so you don't bk yourself having AGI distill pintrest recipes to just recipes.
Building it now. Basically raw agents you can talk to over any channel like Slack/Telegram/etc. (Should have SMS and voice calling working shortly.) Can connect to your email/calendar. Files and sqlite for memory/storage. Optional sandbox for coding or whatever. It's all a bit rough but working.
I'm tinkering around building "JARVIS" (I didn't want to come up with a clever self deprecating name - this works) - a personal project to manage my life. Integrates into Google Mail, Google Calendar, Trello, GroupMe, EveryDollar. Basically it nags me to do grown up thing and is a better UX than Google Calendar/Trello - I just talk to it and ask it things.
Also experimenting with a new Claude-Code flow; give the bot its own AWS account, Put a bunch of tickets on my personal JIRA, be persnickity about what constitutes "pass" and tell the bot "follow these instructions, pull down tickets until there are no more. Your branch cannot merge until you have integration tests passing in your own dev env first" (I use AWS CDK). Then let it loose to build. The instant feedback loop that Claude has with Build-Code->Deploy to AWS->Run Integration Tests->Address Failures is really nifty fwiw...
When the crusader army reached Béziers, they demanded that all heretics be handed over. The townspeople refused, and the crusaders stormed the city. Once inside, they couldn’t tell Catholics from Cathars—everyone spoke the same language and lived side by side.
That’s when the Cistercian legate Arnaud Amalric supposedly gave his infamous order:
“Caedite eos; Novit enim Dominus qui sunt eius.”
“Kill them all; for the Lord knows those that are His.”
It’s a paraphrase of 2 Timothy 2:19 (“The Lord knoweth them that are his”).
The crusaders slaughtered virtually the entire population—estimated between 10,000 – 20,000 people—before burning the city.
Here's my crack at a good-enough solution for the U.S.
It doesn't have a ton of granularity - but the concept is shovel ready now, dirt cheap, and privacy preserving.
3) Extract its public-key and id (this binds the credential you're creating to your device)
4) The user copies this data to their bank's Age-Verification-Section
5) The bank creates an object that it signs with an attestation of the user's age (KYC) and their pass-key-public-key
6) The user copies this back to app.hornpub.click
7) The passkey is verified on the server, the bank's signature is verified by the server, some other meta-data is verified to make sure nothing weird is happening.
8) The user's age has been verified by their bank without the bank knowing who is asking for verification
* This method is more private than anything requiring sharing your photo-id online
* This method doesn't trigger GLBA or GDPR (user copies data themselves)
What's crazy to me is why they didn't go for that kind of implementation. This works well, ensures privacy, can be audited easily, and doesn't need a f*cking app on my phone.
If you read the guidelines they actually want to implement a double-blind approach with ZKPs, which imo is significantly better than a challenge-response pub key system in term of privacy.
If you're not familiar this would mean the verifier doesn't learns anything except a statement about attributes (age, license, etc); and the EU doesn't learn what attributes have been tried to verify or by who.
What would need to happen in the United States to implement a reliable ZKP age verification system - and how long would it take to roll it out?
Asking because it feels like the Titanic has sunk, and we're eschewing a floating door because the coast guard has regulation conformant life rafts that would work better.
> United States to implement a reliable ZKP age verification system
(my emphesis)
Realistically at least 3-4 years, assuming they want to keep the same goals as eIDAS. I think the (software) implementation will be the least costly part, time-wise; but it takes a long time before everyone adopts a new social system. Especially in the US where there has been no precedent for digital identification. Even with full control of your own ID & and solid implementation details, there will be push-back just for suggesting that people/companies should adopt it.
What happens if some party is able to get logs of the bank's age attestation signings and of hornpub.click's steps #2 and #6? It appears this would present some risk of matching up hornpub.click accounts with real IDs.
This is called "linkability" and ideally should be avoided so anonymous age verification can be safe.
Can you elaborate on how the risk of ironbank and hornpub colluding by de-anonymizing you via rainbow tables or IP forensics is substantially greater than Chase and PornHub using - Google Marketing?
It isn't, but due to bureaucracy, when designing a solution, it's that solution that has to be "secure" without really considering that the current outside situation is already insecure..
Anyway I'm not advocating for this solution, just addressing the question directly.
This doesn't seem to work at all, maybe a Firefox issue, but it tells me to insert my security key when I generate passkey. I don't have a security key, so I'm totally at a loss of what to do.
(And somewhat poor style on Firefox's behalf, to not explain what is going on to someone who doesn't know what one is)
As a father of three, I think a lot about online safety. Kids need protection, but current age verification mandates are creating a dangerous precedent—not because of their goal, but because of how they’re being implemented.
Texas SB1181 and similar laws in other states require age verification for adult content. The intention is sound. The execution is problematic.
*Today’s verification methods are:*
• Expensive ($0.31–$1.53 per user)
• Privacy-invasive (require uploading government IDs)
• Easily weaponized (complex compliance makes selective enforcement trivial)
Make something costly and risky enough, and you’ve created a de facto ban without ever saying the word.
*There’s a better way.*
I’ve built a demo using passkeys and banks’ existing KYC infrastructure. Banks already verify your age when you open an account. My system lets them attest “this person is 18+” without knowing where you’re going or what you’re accessing.
The site sees: “Valid attestation from trusted institution”
Nobody sees: “John Smith, age 34, visited this specific website”
*Why this matters:*
Age verification isn’t going away. If we don’t build privacy-preserving solutions now, we’ll normalize surveillance infrastructure that gets repurposed for far more than protecting kids.
We can verify age without building databases of who visits which sites. We can protect children without creating tools for censorship. We can meet legitimate safety goals without sacrificing privacy as the cost of access.
If you see flaws in this approach or have ideas to improve it, I genuinely want to hear them. This problem deserves better solutions than we’re currently deploying.
h
In my opinion an anonymous age verification can not involve a third party in any way. There will be leaks, either because of unforeseen design limitations or due to bad implementations.
The only true anonymous age verification would be simply adding an RTA header [1] to the server/URL and then have laws requiring common user-agents look for said header. An intern could add the check that triggers parental controls at each browser company. Not perfect, nothing is but there are no third parties involved. Tablets and phones can be locked down so that small children can not add new user-agents or change configurations. Teens can and will bypass anything. Teens stream porn and pirated movies in video games rated PG today and that will always be a thing.
For what it's worth, I think it's cool that you created something to give corporations more options. No harm in more options.
I'm not as concerned with preventing kids from accessing adult materials. Thats what parents are for. My main driver here is to offer a free counter punch to tx sb 1181.
Making adult sites verify age with expensive and leaky third parties. Bad. My proposal is free, and helps to take the sting away from being required to perform age verification.
My attempt at _a_ solution isn't _THE_ solution; but it seems like there's legitimately something around leveraging existing KYC infra that could get a solid 98 out of 100 - and can realistically be implemented in a realistic timeframe.
If I'm AYLO and have been cut off from 1/3 of the U.S. for the last 18 months, I'm contacting every lawyer, cryptographer, and engineer I can get my hands on to try and get _anything_ out of this concept or ones like it.
I completely missed that I could hand the merchant string to a friend with a bank account and have them sign it. Pretty obvious in retrospect!
Its not perfect, but maybe reasonable enough to prevent resale by using a salted hash of the users ip.
Wrt hash linking, theres chaums blind signature thing which looks solid. It feels like a cheap enough, private enough, and reliable enough solution is that can be rolled out in under 6 months is in this neighborhood; maybe this provides something to trigger someone who can do it to do it.
Also, mulling over it; I would bet pornhub and chase.com both use google-ad trackers and 200 other ad networks. The issues my mvp create require chainalysis and a warrant. Maybe big picture, not so bad.
That's really cool - thanks for sharing!