Norticus36

some context on what Mythos actually does: - found a 27-year-old bug in OpenBSD. on its own. for fun. - can hack every major operating system and browser autonomously - Anthropic did not train it to do this. it just... learned. - the US Treasury Secretary and the Federal Reserve Chair called an emergency meeting with top bank CEOs about this one model - they gave it to Apple, Google, Microsoft and Amazon to go find their own vulnerabilities before someone else does - the version they gave partners had "additional safety training" that made it refuse to do anything. so they had to walk that back. and now they're rolling it out "in the coming weeks" bro found a bug that survived 27 years of the smartest security engineers on earth and they're like yeah we'll drop it on a tuesday. the model that made the treasury secretary pick up the phone is getting a release date Anthropic's official position is that it did not train Mythos to be dangerous. the danger emerged "as a downstream consequence of general improvements." downstream consequence. they made it too good and now it's their problem and also everyone's problem coming weeks tho. OR is all these just marketing ?

🦎 Me: Hey guys, let's pause for a moment. I just want to thank our sponsor for this stream- 🤖 AI analyst: WE HAVE DETERMINED YOU DO NOT SOUND ENTHUSIASTIC ENOUGH. PAYMENT REDUCED BY 50% 🧑 Random chatter just arriving: My goldfish passed away :( 🤖 AI Analyst: CHAT HYPE REQUIREMENTS FOR SPONSORED DEAL NOT MET. PAYMENT REDUCED BY 50%

These two paragraphs of my verdict are crucial for everyone to read and understand. "Even if all of the statements made by Van Langenhove are based on scientific evidence and statistics, it makes no difference to the criminal intent. Van Langenhove is not charged with spreading false information. He is charged with presenting facts in a way that incites hatred against persons on the grounds of one or more of the protected criteria in the Anti-Racism Law.” 1⃣ "For Van Langenhove to have committed a crime, it is not necessary for him to have incited concrete acts of hate or violence. It suffices that others are incited to take on a general attitude of intolerance or disapproval regarding a group protected under the criteria of the Anti-Racism Law." 2⃣ This means you can go to jail for "inciting hatred" even if your statements were 100% factual (see 1⃣) and even if you did NOT incite concrete acts of hate (see 2⃣). The benchmark of "inciting hatred" , a crime punishable by prison, is thus "saying something that has the potential of inciting someone to have a general attitude of disapproval regarding a protected group". This means literally any criticism of mass migration is now a punishable offence. If you cite a statistic, and someone could potentially think less of a protected group (like migrants) because of it, you can be jailed. The craziest part is that there is no defence possible against this. I brought the scientific studies that I cited to court, but the judge didn't care 1⃣. I also proved that the hundreds of students present at the lecture included students of all different political affiliations, and everyone was able to voice their opinion or ask questions. The lecture went very calmly, so obviously nobody was incited to hatred. But this too did not matter 2⃣, because if the judge says he believes there is the possibility that someone COULD be incited to "a general attitude of disapproval", this is enough for the judge to send me to jail, even without any evidence. I'm telling you this to warn you that by the time these hate speech laws have come into place, it's already too late. You will NEVER be able to beat these laws in court. You have to stop them before they are implemented. Let my fate be your warning.

Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too. Google's Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition. The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it. Apple's Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web. Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems: https://t.co/7rQnioRa8A Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web. Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They're bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more. Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It's enormously anti-competitive. Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn't somehow specific to an AOSP-based OS. You can't avoid this by using a mobile OS based on FreeBSD instead. You'll just be more locked out. Google's Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it. It doesn't provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source. Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them. Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they're directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security. reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that. This isn't about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don't license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere. Services shouldn't ban people from using arbitrary hardware and operating systems in the first place. Google's security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It's for enforcing their monopolies via GMS licensing, that's all.

‼️🚨 ALARMING: Google now treats privacy as suspicious behavior by default. Users of GrapheneOS, CalyxOS, /e/OS, and other deGoogled Android phones are being locked out of millions of websites unless they install the exact Google Play Services software they deliberately removed. GrapheneOS is recommended by the EFF and used by journalists, lawyers, and activists in high-risk environments. The audience most likely to read Google's data practices and refuse its terms is now flagged as fraudulent for that exact decision. What happened?: ▪️ Google announced "Cloud Fraud Defense" at Cloud Next on April 22-23, 2026, branding it "the next evolution of reCAPTCHA." Existing reCAPTCHA customers were auto-migrated. ▪️ When the system flags traffic as suspicious, the old click-the-bus puzzle is gone. Users get a QR code instead. ▪️ Scanning the QR code requires Google Play Services running on the device. Internet Archive snapshots show this requirement has been live since at least October 2025, silently rolled out for 7 months before anyone noticed. ▪️ No Play Services = no QR scan = locked out. The bigger picture: ▪️ Google already tried this in 2023. It was called Web Environment Integrity (WEI), and it would have let Google decide which devices were "real enough" to access the web. Standards bodies and the public pushed back hard, and Google killed it. Three years later, the same idea is back, just hidden behind a QR code instead of a browser feature. ▪️ reCAPTCHA runs on millions of websites. Every developer who keeps using it is now, by default, telling deGoogled Android users they're not welcome...

Using the internet in 2026, a vignette: > go to website, enter username and password "Please confirm your phone number so we can send it a verification code". > enter phone number > receive code > enter code "We've sent a code to your account's email address. Please enter that code to continue." > go to email > get code > enter code "Welcome to SomeWebsite! Our experience is better on the app. Would you like to download the app?" > X out > scroll down a ways to the thing you are looking for "SomeWebsite is better on the app. Please download the app to continue." > press X The website scrolls you back to the top > scroll down again Same message. You realize that accessing this, and most other functionality, is gated behind the app for you even though the website itself has this functionality too. > go to app store > search SomeWebsite > download app > open app "Welcome to SomeWebsite's app! To properly operate, this app needs permissions for your location, contacts, bodily fluids, and firstborn son. Please click below to go to settings and enable these permissions." > click button, go to settings > enable all sorts of permissions > go back to app > enter username and password "We've sent a code to your account's phone number. Please enter that code to continue." > get code > enter code "Thank you for logging in! Would you like to use passkeys instead? You can use Touch ID, facial recognition, or a retina scan." > no, I'm not gonna do biometrics "SomeWebsite would like to send you push notifications. Do you accept?" > no And now you can FINALLY do the thing you wanted to do.