- i have no idea why even HN is giving openclaw so much weightage
- i literally dont even posts that talk about it!
- this is the first time i opened one to come and tell someone needs to do a case study or deep dive into who is marketing it like crazy and why
cyanydeez 20 hours ago [-]
Otsatketing itself.
skeledrew 16 hours ago [-]
I'm getting pretty tired of seeing call-outs like this. What happened to suggesting viable solutions to the issues? This is something that many people want, as shown by the steep rise in popularity, and saying "stop using this thing; it isn't safe" will likely just be ignored by many benefiting. Bring solutions to the table that'll mitigate the problems, without nerfing the tool into abandonment.
free_bip 14 hours ago [-]
There is no viable solution to the lethal trifecta, and the lethal trifecta is the whole reason openclaw gets used in the first place. If there was a viable solution someone would be making billions off of selling it.
skeledrew 11 hours ago [-]
There's always a viable solution. Just need to look+think hard enough. Sometimes someone just randomly happens on a solution too.
kdjdndnjsdjdn 6 hours ago [-]
Viable solution that won't get you sued into oblivion
wolvoleo 1 days ago [-]
Fair point, wrong place. The article goes out of its way to explain it's bad for people who don't know what they're doing.
However I think there's going to be very few of that kind of people at the xda developers forum :) Or here, for that matter. This message would be better spread at more mainstream sites.
AdamConwayIE 1 days ago [-]
Article author here: you'd be surprised! XDA these days has quite a bit of mainstream outreach, and this article has been getting shared on some socials. Even saw it getting passed around on LinkedIn.
wolvoleo 1 days ago [-]
Oh ok I didn't realise. I just know it as a forum where custom rom developers hang out.
SeriousM 21 hours ago [-]
The comments of the article just identify how much unaware the people are.
> Put it behind a tunnel, vpn etc and most of issues suddenly becomes no issue. I use wireguard to access openclaw. So there is no open port online.
Don't they realise that openclaw is not just insecure to operate in a DMZ jet it also just executes whatever text it finds.
The future is bright, my friends.
gavmor 1 days ago [-]
How is this different from any other agentic harness?
andriesm 1 days ago [-]
It works very well on a cloud hosted Ubuntu server. You only put things there within lobster reach that would not destroy you if leaked.
You decide what to put with the lobster.
Jamesbeam 23 hours ago [-]
All of this OpenClaw / Moltbot bullshit is annoying.
But it’s comments like yours that are slowly giving me a stroke.
Just putting things on a cloud server that would not destroy your life if leaked, that is not how IT security works.
We designed security best practices for IT software for decades, this vibe coded wet dream of any North Korean hacker is throwing all of it over board.
It’s malware. Do not install malware.
The other part of the equation is people like you not understanding what running insecure software that allows for unnoticed access to your cloud hosted machine really means.
Once I have access to your cloud hosted Ubuntu server I have access to where, when and how you connect to that server.
I can then not just use your server to hide my own criminal activities and not give a shit if you go to jail for it because I used your server as a staging point for cybercrime activities and bounce off some other idiots Openclaw servers, I also have your home ip address.
Good luck explaining the FBI that a lobster was responsible for running a ransomware campaign against a company that deals with critical infrastructure and not you.
I pity those poor agents already because that will be part of their exhausting paperwork in the near future. AI did it sir, I swear. Doesn’t matter son, you better get your anus stretched and prepare for a ten year stay in a prison with real criminals that will greet you excitedly with a "fresh meat is on the menu boys".
From your home IP I can break into your router, or I don’t even need to because manipulating whatever you download from that server to your personal devices is likely enough to get access to the machine you connect from and probably your phone.
Suddenly your 2FA is no longer safe because I have access to both devices you use to authenticate everything from bank transfers to logins. And because I have access to your home network I can figure out from network activity alone when you sleep. I can destroy your whole life within the 4 to 8 hours you’re unconscious.
Once I’m in your router or personal pc I can then also scan for devices on your home network and put a persistent backdoor on one of the countless Chinese home appliances people use these days. Unless you burn your house down, you will never be able to get me out of it.
Once I have permanent access to your network I can watch you fap to heterotransgayporn over your camera and then blackmail you. I clone your voice, i take enough pictures or get them from your NAS to clone your face and steal your identity.
Maybe I open an account somewhere with videos of your wife undressing or the private photos on your daughters laptop and once your cloud server is burned, which I find out from the footage of heavily armed agents kicking in your door one morning, which I will also sell on the darknet for the amusement of others, I bleed you dry financially and disappear in the smoke.
You won’t need a lobster anymore to order your sneakers.
You will never eat one again because you’re dead broke.
But you will turn the same color as one once you find out that I exposed everyone you love on the internet and made money from it and they will never be able to delete it from the internet again.
Congratulations, only putting things there within lobster reach that would not destroy you if leaked, basically killed your whole family.
I need to put it this drastically because that is how cybercriminals will put you and your family at risk irl without blinking an eye.
Companies lose millions every week because one of their senior employees fell victim to phishing attacks and then got blackmailed with compromising material of themselves. And those people all have the same in common. They think they are much smarter than they really are.
You thinking to "only put things there within lobsters reach that would not destroy you if leaked" puts you in the same group as any other idiot that have been hacked and their life’s ruined in the past.
Become smarter or a victim, your choice.
koolala 20 hours ago [-]
Are there really examples of this? Being criminally liable after someone hacks your computer just because you suck at security? Framing you is another story but that seems unnecessary when their in another country anyways.
direwolf20 20 hours ago [-]
no but can you prove it in court? Everyone says they got hacked.
Jamesbeam 18 hours ago [-]
In Hamilton v. ACCU-TEK, 62 F. Supp. 2d 802 (E.D.N.Y. 1999), the court found that a general duty to avoid negligence is assumed.
The court in McCall v. Wilder, 913 S.W.3d 150, generally detailed these elements of negligence.
In Kubert v. Best, the New Jersey Appellate Division held that “the
sender of a text message can potentially be liable if an accident is caused by texting, but only if the sender knew or had special reason to know that the recipient would view the text while driving and thus be distracted."
Referring to what he terms “enabling torts,” Professor Rabin identifies a number of cases in which courts have held defendants liable even when unconnected third parties have actively caused harm to plaintiffs.
More modern recognition is that criminal acts are sometimes foreseeable, and where specific circumstances reflect that foreseeability, it is not justifiable to cut off liability of the party who enabled the tortfeaso.
It is not that compromised system owners are directly causing injury to the targets, but rather that they are furnishing the attacker with the tools
necessary to launch the attack.
So in case of Openclaw, there are multiple public articles like this one warning of the security implications using the software.
If you rent and run a server facing the open Internet and voluntarily install Openclaw, I think it’s fair to say that you are neglecting your duty to avoid negligence, and on top you’re likely contractually instructed to keep your own server safe in the user agreement with the hosting companies, otherwise you need to go with a managed product.
And you are obviously able to install and use a complex software like Openclaw to do things on your behalf. Therefore being negligent in securing the server opens up liability for whatever you or someone that hacks your server does.
For example, if you live in a neighborhood where maybe one car gets stolen a year and you leave your car unlocked with the key in the ignition to fetch something from your house, if someone steals your car and does a drive-by shooting with it you are most likely not liable.
If you’re a police officer and do the same thing in a crime ridden neighborhood and provide criminals with a tool to do crime, just to stop them afterwards or push your crime solving rate, you’re definitely liable for the death of someone they shoot out of that car.
It’s complicated, but yes, if you’re technically savvy and also read the fine print in your server rent agreement that tells you you need to take appropriate security measures so your server doesn’t harm others on the internet, I don’t see how a judge would let you off the hook. Similar common sense laws exist in most parts of the world.
cyanydeez 20 hours ago [-]
tl;dr: free ddos bot for all
BonoboIO 1 days ago [-]
Opencast is a very capable … gun. You can really do amazing stuff with it, but it can be incredibly damaging.
22 hours ago [-]
BloodyIron 1 days ago [-]
Ahh, okay!
Rendered at 08:00:52 GMT+0000 (Coordinated Universal Time) with Vercel.
However I think there's going to be very few of that kind of people at the xda developers forum :) Or here, for that matter. This message would be better spread at more mainstream sites.
> Put it behind a tunnel, vpn etc and most of issues suddenly becomes no issue. I use wireguard to access openclaw. So there is no open port online.
Don't they realise that openclaw is not just insecure to operate in a DMZ jet it also just executes whatever text it finds.
The future is bright, my friends.
You decide what to put with the lobster.
Just putting things on a cloud server that would not destroy your life if leaked, that is not how IT security works.
We designed security best practices for IT software for decades, this vibe coded wet dream of any North Korean hacker is throwing all of it over board.
It’s malware. Do not install malware.
The other part of the equation is people like you not understanding what running insecure software that allows for unnoticed access to your cloud hosted machine really means.
Once I have access to your cloud hosted Ubuntu server I have access to where, when and how you connect to that server.
I can then not just use your server to hide my own criminal activities and not give a shit if you go to jail for it because I used your server as a staging point for cybercrime activities and bounce off some other idiots Openclaw servers, I also have your home ip address.
Good luck explaining the FBI that a lobster was responsible for running a ransomware campaign against a company that deals with critical infrastructure and not you.
I pity those poor agents already because that will be part of their exhausting paperwork in the near future. AI did it sir, I swear. Doesn’t matter son, you better get your anus stretched and prepare for a ten year stay in a prison with real criminals that will greet you excitedly with a "fresh meat is on the menu boys".
From your home IP I can break into your router, or I don’t even need to because manipulating whatever you download from that server to your personal devices is likely enough to get access to the machine you connect from and probably your phone.
Suddenly your 2FA is no longer safe because I have access to both devices you use to authenticate everything from bank transfers to logins. And because I have access to your home network I can figure out from network activity alone when you sleep. I can destroy your whole life within the 4 to 8 hours you’re unconscious.
Once I’m in your router or personal pc I can then also scan for devices on your home network and put a persistent backdoor on one of the countless Chinese home appliances people use these days. Unless you burn your house down, you will never be able to get me out of it.
Once I have permanent access to your network I can watch you fap to heterotransgayporn over your camera and then blackmail you. I clone your voice, i take enough pictures or get them from your NAS to clone your face and steal your identity.
Maybe I open an account somewhere with videos of your wife undressing or the private photos on your daughters laptop and once your cloud server is burned, which I find out from the footage of heavily armed agents kicking in your door one morning, which I will also sell on the darknet for the amusement of others, I bleed you dry financially and disappear in the smoke.
You won’t need a lobster anymore to order your sneakers. You will never eat one again because you’re dead broke.
But you will turn the same color as one once you find out that I exposed everyone you love on the internet and made money from it and they will never be able to delete it from the internet again.
Congratulations, only putting things there within lobster reach that would not destroy you if leaked, basically killed your whole family.
I need to put it this drastically because that is how cybercriminals will put you and your family at risk irl without blinking an eye.
Companies lose millions every week because one of their senior employees fell victim to phishing attacks and then got blackmailed with compromising material of themselves. And those people all have the same in common. They think they are much smarter than they really are.
You thinking to "only put things there within lobsters reach that would not destroy you if leaked" puts you in the same group as any other idiot that have been hacked and their life’s ruined in the past.
Become smarter or a victim, your choice.
The court in McCall v. Wilder, 913 S.W.3d 150, generally detailed these elements of negligence.
In Kubert v. Best, the New Jersey Appellate Division held that “the sender of a text message can potentially be liable if an accident is caused by texting, but only if the sender knew or had special reason to know that the recipient would view the text while driving and thus be distracted."
In https://via.library.depaul.edu/law-review/vol49/iss2/12/ Robert Rabin has provided a categorization of cases decided primarily under common law reasoning that is helpful here.
Referring to what he terms “enabling torts,” Professor Rabin identifies a number of cases in which courts have held defendants liable even when unconnected third parties have actively caused harm to plaintiffs.
More modern recognition is that criminal acts are sometimes foreseeable, and where specific circumstances reflect that foreseeability, it is not justifiable to cut off liability of the party who enabled the tortfeaso.
It is not that compromised system owners are directly causing injury to the targets, but rather that they are furnishing the attacker with the tools necessary to launch the attack.
So in case of Openclaw, there are multiple public articles like this one warning of the security implications using the software.
If you rent and run a server facing the open Internet and voluntarily install Openclaw, I think it’s fair to say that you are neglecting your duty to avoid negligence, and on top you’re likely contractually instructed to keep your own server safe in the user agreement with the hosting companies, otherwise you need to go with a managed product.
And you are obviously able to install and use a complex software like Openclaw to do things on your behalf. Therefore being negligent in securing the server opens up liability for whatever you or someone that hacks your server does.
For example, if you live in a neighborhood where maybe one car gets stolen a year and you leave your car unlocked with the key in the ignition to fetch something from your house, if someone steals your car and does a drive-by shooting with it you are most likely not liable.
If you’re a police officer and do the same thing in a crime ridden neighborhood and provide criminals with a tool to do crime, just to stop them afterwards or push your crime solving rate, you’re definitely liable for the death of someone they shoot out of that car.
It’s complicated, but yes, if you’re technically savvy and also read the fine print in your server rent agreement that tells you you need to take appropriate security measures so your server doesn’t harm others on the internet, I don’t see how a judge would let you off the hook. Similar common sense laws exist in most parts of the world.