Comment by tabs_or_spaces
3 days ago
So the timeline is basically
* User uses Google oauth to integrate their open claw
* user gets banned from using Google AI services with no warning
* user still gets charged
If you go backwards, getting charged for services you can't access is rough. I feel sorry for those who are deeply integrated into Google services or getting banned on their main accounts. It's not a great situation.
Also, getting banned without warning is rough as well. I wonder if the situation will be different for business accounts as opposed what seems like personal accounts?
The ban itself seems fair though, google is allowed to restrict usage of their services. Even though it's probably not developer friendly, it's within their rights to do so.
I guess there's some level of post mortem to do on the openclaw side too.
* Why did openclaw allow Google anti gravity logins?
* The plugin is literally called "google-antigravity-auth", why didn't that give the signal to the maintainers?
* Why don't the maintainers, for an integration project, do due diligence checks on the terms of service of everything you're integrating with?
> * Why did openclaw allow Google anti gravity logins?
OpenClaw went from virtually unheard of to a sensation in a couple weeks. There was intense commit activity and the main author bragged about not even reading the code himself. It was all heavily AI driven and moving at an extreme rate. Everyone was competing to get their commits in because they wanted to be a part of it.
The entire project was a fast and furious experiment. Nobody was stopping to think if something was a good idea or not when someone published a plugin for using this endpoint. People just thought “cool!” and installed it.
That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.
But I guess it's only ok when you work on regular joe facing projects, where the consequences of bugs are on powerless users. If the consequences are on Google, well, that's not acceptable now is it?
The consequences for Google are that the people are misusing the keys and the Google is fixing that. They're not banning anybody using proper API keys
8 replies →
> That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.
Not really. There’s a difference between accelerating development in the hands of an experienced developer versus having somebody just slop code by hoping for the best.
Adopting AI doesn’t equal removing code review. These were two separate choices combined.
1 reply →
> Also, getting banned without warning is rough as well.
Agreed. The lesson is: do not become dependent on Google. Ever.
(Unfortunately I still use youtube and a chromium-based browser. Long-term I hope to find alternatives to both problems. Google search I no longer need because Google already ruined it a few years ago; the quality now is just horrible. I can not find anything useful with it anymore.)
Literally just use Firefox.
Firefox is financed by Google and makes them survive (but yes, clearly the only realistic alternative that is not Chromium-based)
4 replies →
Zen browser. Or floorp.
What google search alternative have you found? Im trying out ecosia, duckduckgo and brave search, but i find their search results even worse, so in the second query i tend to bang to google..
Google Search is over. There may not be a free alternative, it they've lost the arms war between phone number incrementing ad pages, AI spew, and rank hackers.
Have you tried Kagi yet? It's pretty popular among HN folks, and I find it easily worth the price.
9 replies →
I use ddg and haven't found better results from searching with google in a long time, but that might just be the kind of things I search for.
I've been using ddg for years now, and it's heen probably 2 years since I needed to use the "!g" escape hatch.
Very very happy with it.
1 reply →
DDG is good enough that I've switched many year ago and never went back. Any time I use Google (!g) to repeat query (recently it's maybe a few times per year) it fails to show anything useful too, so I don't see any benefit to even check it lately.
1 reply →
Maybe have to pay for search? I am experimenting with paying Proton another $10/month for a paid lumo+ account. lumo+ is a private chat like ChatGPT that uses a strong Mistral model and also privacy-preserving web_search LLM tooling under the hood. For about a month I just use lumo+ with the web_search tool enabled. I may not do this forever, but for now I like just having one tool to use. Note: I still use gemini for technical work, but lumo+ for day to day chat and web search.
In the past I just use DuckDuckGo for most search, occasionally Google. That also worked well for me.
Kagi
Might want to try https://www.mojeek.com/ .
have you tried Kagi?
It doesn't seem fair at all; though I'm glad to see it's not as bad as I feared (yet?).
> Hoping for some transparency, I left a single, polite comment asking for clarification on why the update was removed. Surprisingly, my forum account was banned shortly after posting that question.
Have you seen the code of OpenClaw? It would not surprise me if there is a mistake in there somewhere that causes the bot to hammer google auth for the refresh token in a very identifiable manner because noone in that repo is bothering to look at the code before merging. Moved fast, broke things.
I don't understand step 1. OAuth client applications have to be registered in GCP, right? They have to request specific scopes for specific APIs, and there is a review process before they can be used by the public. Did none of that happen for the Open Claw client? How is it the users' fault for clicking a "Sign in with Google" button? And if there was a mistake, why not ban the whole client?
I could see a problem with logging into Antigravity then exfiltrating the tokens to use somewhere else... But that doesn't sound like what happened. (And then how would they know?)
I haven't used Open Claw, so what else am missing to make this make sense?
To my understanding, OpenClaw pretends to be Antigravity by using the Antigravity OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.
When I first tried OpenClaw and chose Google Sign-In, I noticed the window appeared saying "Sign into Google Antigravity" with a Google official mark, and a warning it shouldn't be used to sign into anything besides official Google apps. I closed it immediately and uninstalled OpenClaw as this was suspicious to me, and it was a relatively new project then.
It amazes me that the maintainer(s) allowed something like this...
Ah, ok. I guess there is no way for Google to prevent this since desktop apps are public clients that use PKCE.
I imagine Open Claw must also have registered the Antigravity custom URL scheme in order to receive the redirect.
Remaining question is how Google determines that traffic is not actually coming from Antigravity.
2 replies →
> OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.
Still surprised.
Client ID ok.
But openclaw needs the secret also?
Does it also mean Antigravity did not restrict to specific applications?
1 reply →
>>it amazes me that the maintainer(s) allowed something like this...
Really? In today's landscape this is the part that surprises you? I'm seeing these types of decisions repeatedly and typically my only question is do they not know any better, or intentionally not care?
1. Did a human really knowingly decide to allow that?
2. Did a human create the plugin?
3. Are the maintainers human?
By human I mean an animal that is intelligent enough to understand the agreements and what code they are writing.
Most people aren't human then, sad.
I think Dune is easily a top ten franchise among computer people, so that sort of thing is nothing new.
I think as a society we miss some kind of 'laws', or 'rules' around accounts and banning.
I feel that sometimes corporations have all 3 montesquieu powers. Google can define eulas, decide if you should be punished, and apply a ban.
Can a shop decide who to serve? I may be wrong, but big tech should not be able to 'just close' accounts, or demonetize accounts on their whim.
> Why did openclaw allow Google anti gravity logins?
There's a good chance the plugin was written by gemini, why did it allow that?
[dead]