Yeah that happens all the time. Anyone/thing with popular public releases has fans/journeys scraping the website looking for unreleased material or scoops.
In the early days one of the high profile soaps in the UK published their "catch up" summaries for the week ahead which you could get just by editing the date in the URL. But back then not so many people were looking, so they were doing it for months...
Well, the angle is kind of important here. The company gets their name in the news, they have a reasonable explanation why they were scraping around, and we end up with a story about innovative tech company whiz-kids who made a funny discovery, while it was the webdevs on the other side that goofed up.
Imagine a private individual just scraped the website (or simply clicked 'view source') for no reason in particular and then told people about it... They'd be labeled an uber-haxxor, face a civil lawsuit asking for ridiculous damages while being threatened with a prison sentence over CFAA violations. Hell, that might even drive some people to suicide.
The fact that an egregious case happened once, decades ago, is probably not sufficient grounding to act like every bit of equally trivial “hacking” always results in massively disproportionate law enforcement response.
Sucks it happened. But we all know that is not the typical scenario.
>But we all know that is not the typical scenario.
Eh, it's typical enough that most cyber security researchers are cautious. The laws around 'hacking' can be rather stupidly written while judges and juries aren't the smartest bunch.
> But we all know that is not the typical scenario.
Back in the day, you could read a stories on Slashdot practically every other week that usually went something like this: Company/institution does something stupid, somebody finds out, tries to be a good citizen and tells them. The organization then throws a tamper tantrum in the media, fires the legal department on all cylinders, screaming "hacker!" and throwing the book at them. The most egregious cases usually happened in the US, the CFAA happens to be a particularly strong book to throw.
People eventually got the hint and either talked to the press instead, or organizations like the CCC (at least in this part of the world) and let them deal with the organization and not talk to them directly.
At least in my perception/memory, it started improving over the 2010s, but stories like this are now starting to pop up again in recent years. I guess we have a new crop of computer enthusiasts who need to learn the same lessons again.
Of the top of my head, the CTF group in Malta comes to mind who gave a talk at (last years?) CCCongress. A badly worded E-mail asking about a bug bounty resulted in several arrests, house searches and ultimately a presidential pardon (https://timesofmalta.com/article/pardon-issued-students-lect...).
"In early October, Renaud discovered that Social Security numbers for teachers, administrators and counselors were visible in the HTML code of a publicly accessible site operated by the state education department..."
"Yet despite the fact that officials within the Missouri Department of Elementary and Secondary Education initially wanted to thank Renaud for uncovering the flaw... [Governer] Parson labeled the reporter a hacker and called for criminal prosecution."
Most of what an LLM does "could have" been done by a human if you throw enough human hours at it. But the reality in this circumstance is that a new tool helped find this leak. Saying this could have happened in a "non LLM world" is analogous to "someone else could have discovered special relativity, let's not mention Einstein"
My point is about the emphasis of Codex in the title. That emphasis makes more sense when Codex is credited with finding something that would have been difficult or impractical to discover without substantial human effort.
I've been working on a site. It's new, domain is only a few weeks old. It's got SSL, so all the bots know it exists. It's never had any sub-pages exposed, just the placeholder lander, no links.
Somehow in Google search one of the unguessable pages is indexed. We have used Claude and Gemini to assist with some design aspects.
I'm thinking some aggressive data ingestion/indexing is happening by all the bots in the quest for frontier models.
I've also seen Google indexing pages with random values in the path that don't get linked to statically (server asks for the URL then redirects to it immediately). I'm pretty sure they index straight out of the Chrome address bar.
Why don’t they also capture information you enter into forms on Chrome?
They control the entire browser surface, technically they can know everything, even TLS and E2E encrypted data, that they silently phone home…
If you think this is silly, consider that Microsoft Recall had been observing everything on people’s entire SCREENS and phoning home much of it. That is how a guy was caught recently: https://x.com/t3chfalcon/status/2074134314145489195
The tools in gmail in some sense "read" all your mail in order to classify spam and do things like calendar integration. The extent to which they do other things with the information is .. unclear.
It’s absolutely true. It is a documented fact. It was discovered and entered into public record during the DOJ antitrust investigation into Google Chrome.
They call the signal „popularity“ and it is a successor of the Google Toolbar signal.
I'll take a wild guess and assume they are of a German or Polish language background. Wait 'til you encounter a French person who accidentally uses guillemets if you want one even «weirder».
This is why Chrome begs you to login constantly and will do it automatically when you login to Gmail through Chrome. Everything you do in the browser (bookmarks, settings, address bar) is data about you sent to Adsense. No need for cookies when you control the browser and know who is using it.
Edit: also private browsing isn’t exactly private when you’re logged in to the browser.
Chrome sends home the urls you visit together with the page performance data (and probably more). That's how they build Chrome User Experience Report (CrUX) for the most popular sites: https://developer.chrome.com/docs/crux
Yep. I remember a similar story as GP described from a friend back in 2008. The site he was working on that wasn't linked to yet was suddenly indexed after he checked out what it looked like in the fancy new "Chrome" browser that Google had just released, causing some moderate panic on his end.
There's a couple avenues besides just stealing what's in your URL bar.
If you don't use wildcard certs all of your subdomains can be scraped from the certificate transparency logs.
Additionally, any domain+cert using HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.
CT logs just explain how they found the domain. T doesn't explain how they could have found unlinked content on the domain itself. If I put up secret-example.com/asdf-1234567.html, how does that page get found if there are no public links to it?
> But if you never mention that url, it will not be found if not leaked by your server
That sounds like a claim that security through obscurity is infallible, which is dubious. Don't get me wrong, it can be a reasonable part of defense-in-depth strategy, but like, brute force attacks are kinda a well known thing, especially if your URLs aren't truly random...
Google misusing chrome browser history as a hitlist for indexing sounds wild to me, so I tried to see if there's another way.
It also felt unlikely because there's multiple subdomains of mine that aren't indexed, and wildcards+no preload are the only precautions I've made myself for my private sites.
This might also be an EU vs rest of World thing, or my stuff isn't interesting enough to index(in retrospect the most likely reason I suppose)
> HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.
HSTS preload is not for speed. It's to protect against SSL stripping on first connection. Modern browsers already try port 443 first or in parallel with 80.
Google Chrome used to report visited pages back to Google, not sure if this still the case. Also, Google Analytics can see visited pages and Google uses it.
Finding domains is easy, everybody uses CTL to find them.
Erm sorry when I said GP I meant of my comment - that is, phoghed's irrelevant comment about ISPs collecting data.
The information you mentioned is relevant. Unfortunately, it could be either Google/Chrome, or the LLM service you're using for development is misusing your data.
Isn't leaking browser extension used by one of people on the team (doesn't need to be developer, could be qa or anybody with whom the access was shared) more plausible?
Nothing you enter into an LLM not hosted by you, or put onto the web is safe from being collected and exploited by these "AI" companies and their LLM's voracious appetite.
They log all DNS requests made to their public resolver in a searchable internal database, at least when I worked there a decade or so ago. I wonder if they seed their crawler with it?
DNS servers never see subpaths you request, only the domain itself, so that wouldn’t help with a hidden path. But there are lots of other ways to get it: caches/CDNs can leak paths, Chrome presumably sends Google a bunch of request details, and so on.
It’s a different story if it’s a subdomain though, OP wasn’t clear.
The tin hat guess. Did you include Google analytics embedded in the pages? Do you navigate to pages and Google analytics sends that data home? 10 years ago I discovered that Google analytics would send the equivalent amount as organic users; meaning if we sent an email newsletter with links to articles, Google would send almost 1:1 ratio the same number of people from search results. They are tracking everything and using it for more than just reporting.
Do you use a CMS or other tools that auto generate sitemap.xml? Perhaps you unknowingly told Google about those sub-pages.
It's indexed some unlisted draft blog posts of mine that were never touched by AI or published anywhere. I use a static site generator so there's no earthly way they ever found the pages by scraping, at most I visited the pages once or twice from my browser.
I have about 50 subdomains. One was used by a colleague who cant do his shoelaces without claude. That subdomain gets 10 times more spam and hacking attempts.
> The leak occurred when four Fields Medal laureate lecture fields, marked "HIDDEN," were discovered in the front-end code of the ICM 2026 official schedule.
So it was easier than I thought. Bot just scraped public page with hidden fields, not a secret page or to-be-published page from database.
People want simple answers to complex problems. When you find out most of society is held together with duct tape, promises, and trust, and then you have tool accelerant come along like GenAI, expectations violently meet reality. GenAI simply democratized the ability to evidence, inexpensively and at scale, in a wide variety of contexts, that "The Emperor has no clothes."
But scale and accessibility are absolutely a new class of problem.
In the 1960s you could pay thousands of people to watch hundreds of cameras and listen to hundreds of phone lines to monitor people, but the cost was so enormous that unless you were in East Germany or Moscow it wasn't a realistic threat model.
Now with computers we can cheaply have thousands of cameras with cheap storage that's retained forever and automatic image processing that means everyone is exposed to that kind of surveillance, which is a brand new problem.
I've often shared my prediction that future historians will study us all and that every living human will be the subject of someone's PhD thesis. I'm updating that prediction to be that those future someone's will be silicon based.
Yes but also as always a people problem. People put the cameras and monitoring systems in place and operate them, to govern other people who ultimately yield to be governed, as the alternative is made too costly / dangerous by the governors.
> as the alternative is made too costly / dangerous by the governors.
There's nothing government (corporate or political) has made "costly" or "dangerous" about not having them, society did that all by itself: people will actively pay more to have these things because they see the benefit more than the risk, video calls with friends and family, not a hacker being able to duplicate their keys from one photo.
There's 6 cameras on my desk right now, attached to internet-capable devices. Two phones, two laptops. I've got covers over all of them, which is easy, and sometimes mandatory e.g. when visiting the headquarters of certain big-tech firms.
I'd never buy a smart camera. Don't trust them not to spy on me. But I do have a Raspberry pi upstairs, with a NoIR camera module, and an AI-coded bit of webcam software. Might consider it for seeing what animal gets into the garden at night.
It’s still a problem we wouldn’t have without LLMs like Mythos existing. Yes, the solutions are different when you know the full context but “it’s just bad code” doesn’t mean there isn’t a problem.
> Oookay. Is this a Mythos problem? Or a lazy/greedy/uncaring people problem?
¿Porque no los dos?
All AI risk can be described with a narrative that ends in "some human were lazy and didn't care enough", it's just which humans and how much caring was enough.
“6-12 mo to shaky profitability + ability to quickly iterate” is a business that has a good chance of surviving while “However long it takes to be fully secure” is a business that is not only rigid but needs massive up-front capital to get there and even then there’s no guarantee that the market fit is right
And after that is something we could call the “Pareto spiral”: if a company find market fit and builds an excellent product, competitors can survive at 80% of that quality. If the “100%” fails for any reason, the competitors become the new ceiling and now their competitors can survive at 80% of that (now 64%)
And only one round in, how secure could that 64% company be?
Heartbleed, one of the worst bugs in terms of exploitability and reach, was a bug that many engineers would be able to spot, if they were explicitly looking for it.
That's the risk of tools like Mythos/Fable/any LLM. While a human's eyes would glaze over what looks like a standard memcpy, an LLM with the right context might instantly realize the payload length was never actually verified.
And since Heartbleed existed for years, despite the full bug existing in pretty much one file, in one of the most important libraries out there, it's right to be afraid of what other obvious bugs exist and are just waiting to be found.
This is like when a news site throws up a paywall and hides half the article. Open inspector. Select the body, delete the overflow/scroll capture styles, delete the masks... and boom there is the entire article. Only some sites are smart enough to actually truncate the content server-side.
ashu1461 | 8 hours ago
This is on the devs and feels like a very basic leak which could have exploited in the non LLM world as well.
ajb | 8 hours ago
In the early days one of the high profile soaps in the UK published their "catch up" summaries for the week ahead which you could get just by editing the date in the URL. But back then not so many people were looking, so they were doing it for months...
st_goliath | 8 hours ago
Imagine a private individual just scraped the website (or simply clicked 'view source') for no reason in particular and then told people about it... They'd be labeled an uber-haxxor, face a civil lawsuit asking for ridiculous damages while being threatened with a prison sentence over CFAA violations. Hell, that might even drive some people to suicide.
brookst | 7 hours ago
Sucks it happened. But we all know that is not the typical scenario.
pixl97 | 6 hours ago
Eh, it's typical enough that most cyber security researchers are cautious. The laws around 'hacking' can be rather stupidly written while judges and juries aren't the smartest bunch.
st_goliath | 6 hours ago
Back in the day, you could read a stories on Slashdot practically every other week that usually went something like this: Company/institution does something stupid, somebody finds out, tries to be a good citizen and tells them. The organization then throws a tamper tantrum in the media, fires the legal department on all cylinders, screaming "hacker!" and throwing the book at them. The most egregious cases usually happened in the US, the CFAA happens to be a particularly strong book to throw.
People eventually got the hint and either talked to the press instead, or organizations like the CCC (at least in this part of the world) and let them deal with the organization and not talk to them directly.
At least in my perception/memory, it started improving over the 2010s, but stories like this are now starting to pop up again in recent years. I guess we have a new crop of computer enthusiasts who need to learn the same lessons again.
Of the top of my head, the CTF group in Malta comes to mind who gave a talk at (last years?) CCCongress. A badly worded E-mail asking about a bug bounty resulted in several arrests, house searches and ultimately a presidential pardon (https://timesofmalta.com/article/pardon-issued-students-lect...).
Cycl0ps | 5 hours ago
"In early October, Renaud discovered that Social Security numbers for teachers, administrators and counselors were visible in the HTML code of a publicly accessible site operated by the state education department..."
"Yet despite the fact that officials within the Missouri Department of Elementary and Secondary Education initially wanted to thank Renaud for uncovering the flaw... [Governer] Parson labeled the reporter a hacker and called for criminal prosecution."
https://missouriindependent.com/2022/02/11/prosecutor-isnt-p...
sigmar | 7 hours ago
dghlsakjg | 7 hours ago
ashu1461 | 6 hours ago
rurban | 8 hours ago
bananaflag | 8 hours ago
grommz | 8 hours ago
bromuro | 7 hours ago
rurban | 7 hours ago
lode | 7 hours ago
inigyou | 7 hours ago
Some Indian restaurants near me sell Aloo Saag, others sell Alu Sag.
rurban | 7 hours ago
Esp. in this case with Wang having a special meaning in China.
treetalker | 7 hours ago
bananaflag | 7 hours ago
malfist | 7 hours ago
Amusing to see someone complaining about not using their definition of "proper language" when they themselves are not using proper language.
jryle70 | 7 hours ago
Such as waste of energy to argue on
opjjf | 6 hours ago
bananaflag | 8 hours ago
[OP] zaikunzhang | 8 hours ago
https://news.ycombinator.com/item?id=48902814
See also
Zhihu (Chinese Reddit): https://www.zhihu.com/question/2060133066643879544/answer/20...
Reddit: https://www.reddit.com/r/math/comments/1urv4id/comment/oxak6...
picafrost | 8 hours ago
Interestingly, if true, it will also be the first time an MIT PhD graduate has won the Fields Medal.
edoceo | 8 hours ago
Somehow in Google search one of the unguessable pages is indexed. We have used Claude and Gemini to assist with some design aspects.
I'm thinking some aggressive data ingestion/indexing is happening by all the bots in the quest for frontier models.
resonious | 8 hours ago
foobarbecue | 8 hours ago
nicce | 8 hours ago
DANmode | 7 hours ago
Especially if you have autocomplete-while-searching type of features on.
EGreg | 7 hours ago
They control the entire browser surface, technically they can know everything, even TLS and E2E encrypted data, that they silently phone home…
If you think this is silly, consider that Microsoft Recall had been observing everything on people’s entire SCREENS and phoning home much of it. That is how a guy was caught recently: https://x.com/t3chfalcon/status/2074134314145489195
And it is actually much worse than even that:
https://community.qbix.com/t/increasing-state-of-surveillanc...
pixl97 | 6 hours ago
For some reason people are downvoting you, but yea, one day we'll likely see a lawsuit where they do exactly that.
inigyou | 7 hours ago
EGreg | 7 hours ago
And maybe have access to EVERY site actually, with “forgot password” type stuff in addition to providing oauth tokens…
applfanboysbgon | 7 hours ago
Boy do I have news for you.
saghm | 6 hours ago
dbdr | 7 hours ago
https://arstechnica.com/information-technology/2023/05/micro...
pjc50 | 6 hours ago
inigyou | 6 hours ago
FabCH | 7 hours ago
They call the signal „popularity“ and it is a successor of the Google Toolbar signal.
https://www.justice.gov/opa/pr/department-justice-wins-signi...
NuclearPM | 6 hours ago
Why are you using weird quotes?
evilduck | 6 hours ago
robin_reala | 6 hours ago
FabCH | 4 hours ago
NuclearPM | 3 hours ago
chasd00 | 6 hours ago
Edit: also private browsing isn’t exactly private when you’re logged in to the browser.
jacekm | 6 hours ago
st_goliath | 8 hours ago
morpheuskafka | 7 hours ago
edoceo | 5 hours ago
Vvector | 6 hours ago
dreambigwrkhard | 8 hours ago
edoceo | 5 hours ago
cynerx | 7 hours ago
[1] https://developers.cloudflare.com/cache/advanced-configurati...
edoceo | 5 hours ago
pohuing | 7 hours ago
If you don't use wildcard certs all of your subdomains can be scraped from the certificate transparency logs. Additionally, any domain+cert using HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.
fragmede | 7 hours ago
Lomlioto | 6 hours ago
Creating Sitemaps, sharing it somewere public, putting the url in some 3th party service, server logs, some indirect path in javascript.
But if you never mention that url, it will not be found if not leaked by your server.
saghm | 5 hours ago
That sounds like a claim that security through obscurity is infallible, which is dubious. Don't get me wrong, it can be a reasonable part of defense-in-depth strategy, but like, brute force attacks are kinda a well known thing, especially if your URLs aren't truly random...
pohuing | 4 hours ago
Google misusing chrome browser history as a hitlist for indexing sounds wild to me, so I tried to see if there's another way.
It also felt unlikely because there's multiple subdomains of mine that aren't indexed, and wildcards+no preload are the only precautions I've made myself for my private sites.
This might also be an EU vs rest of World thing, or my stuff isn't interesting enough to index(in retrospect the most likely reason I suppose)
brookst | 7 hours ago
But I think the other explanations take care of pages: cloudflare hints, chrome reporting addresses visited, etc.
basilikum | 6 hours ago
HSTS preload is not for speed. It's to protect against SSL stripping on first connection. Modern browsers already try port 443 first or in parallel with 80.
f311a | 7 hours ago
Finding domains is easy, everybody uses CTL to find them.
VladVladikoff | 7 hours ago
phoghed | 7 hours ago
soblemprolver | 7 hours ago
throw10920 | 7 hours ago
edoceo | 5 hours ago
I have visited that page from a signed-in Chrome profile.
throw10920 | 5 hours ago
The information you mentioned is relevant. Unfortunately, it could be either Google/Chrome, or the LLM service you're using for development is misusing your data.
mirekrusin | 7 hours ago
htek | 7 hours ago
brador | 7 hours ago
Also that browser setting to check urls are safe sends them out “sometimes“.
malwrar | 7 hours ago
Analemma_ | 7 hours ago
It’s a different story if it’s a subdomain though, OP wasn’t clear.
dataviz1000 | 6 hours ago
Do you use a CMS or other tools that auto generate sitemap.xml? Perhaps you unknowingly told Google about those sub-pages.
edoceo | 5 hours ago
stavros | 6 hours ago
animex | 6 hours ago
NDlurker | 6 hours ago
DonHopkins | 5 hours ago
Might have been an evil chrome extension, but ever since Google went IOK2BE ("It's OK to be Evil"), maybe it's just Chrome itself.
yread | 5 hours ago
micromacrofoot | 8 hours ago
efficax | 8 hours ago
tw1984 | 7 hours ago
crypttales | 5 hours ago
sixtyj | 7 hours ago
So it was easier than I thought. Bot just scraped public page with hidden fields, not a secret page or to-be-published page from database.
bronson | 6 hours ago
"Mythos will end the world!!"
"How?"
"By finding a bunch of wide open security holes that have existed for years."
Oookay. Is this a Mythos problem? Or a lazy/greedy/uncaring people problem?
toomuchtodo | 5 hours ago
Arainach | 5 hours ago
But scale and accessibility are absolutely a new class of problem.
In the 1960s you could pay thousands of people to watch hundreds of cameras and listen to hundreds of phone lines to monitor people, but the cost was so enormous that unless you were in East Germany or Moscow it wasn't a realistic threat model.
Now with computers we can cheaply have thousands of cameras with cheap storage that's retained forever and automatic image processing that means everyone is exposed to that kind of surveillance, which is a brand new problem.
intrasight | 5 hours ago
I've often shared my prediction that future historians will study us all and that every living human will be the subject of someone's PhD thesis. I'm updating that prediction to be that those future someone's will be silicon based.
afarah1 | 5 hours ago
ben_w | 5 hours ago
There's nothing government (corporate or political) has made "costly" or "dangerous" about not having them, society did that all by itself: people will actively pay more to have these things because they see the benefit more than the risk, video calls with friends and family, not a hacker being able to duplicate their keys from one photo.
There's 6 cameras on my desk right now, attached to internet-capable devices. Two phones, two laptops. I've got covers over all of them, which is easy, and sometimes mandatory e.g. when visiting the headquarters of certain big-tech firms.
I'd never buy a smart camera. Don't trust them not to spy on me. But I do have a Raspberry pi upstairs, with a NoIR camera module, and an AI-coded bit of webcam software. Might consider it for seeing what animal gets into the garden at night.
afavour | 5 hours ago
ben_w | 5 hours ago
¿Porque no los dos?
All AI risk can be described with a narrative that ends in "some human were lazy and didn't care enough", it's just which humans and how much caring was enough.
joshspankit | 5 hours ago
“6-12 mo to shaky profitability + ability to quickly iterate” is a business that has a good chance of surviving while “However long it takes to be fully secure” is a business that is not only rigid but needs massive up-front capital to get there and even then there’s no guarantee that the market fit is right
And after that is something we could call the “Pareto spiral”: if a company find market fit and builds an excellent product, competitors can survive at 80% of that quality. If the “100%” fails for any reason, the competitors become the new ceiling and now their competitors can survive at 80% of that (now 64%)
And only one round in, how secure could that 64% company be?
dgellow | 3 hours ago
ApolloFortyNine | an hour ago
That's the risk of tools like Mythos/Fable/any LLM. While a human's eyes would glaze over what looks like a standard memcpy, an LLM with the right context might instantly realize the payload length was never actually verified.
And since Heartbleed existed for years, despite the full bug existing in pretty much one file, in one of the most important libraries out there, it's right to be afraid of what other obvious bugs exist and are just waiting to be found.
netvarun | 7 hours ago
Second, fitting that codex enters the picture.
The last time the fields medals were announced llms were still very nascent :)
And I am convinced this is the last time pure human fields medalists will be announced.
The next batch’s winners are all going to have llms as coauthors.
whalesalad | 6 hours ago
contact9879 | 6 hours ago
google translate link:
https://mp-weixin-qq-com.translate.goog/s/DPsMKToa_sbi_Nx3X1...
logicallee | 6 hours ago