| ▲ | mark_l_watson 6 hours ago |
| I have not run OpenClaw and similar frameworks because of security concerns, but I enjoy the author's success, good for him. There are very few companies who I trust with my digital data and thus trust to host something like OpenClaw and run it on my behalf: American Express, Capital One, maybe Proton, and *maybe* Apple. I managed an AI lab team at Capital One and personally I trust them. I am for local compute, private data, etc., but for my personal AI assistant I want something so bullet proof that I lose not a minute of sleep worrying about by data. I don't want to run the infrastructure myself, but a hybrid solution would also be good. |
|
| ▲ | jacquesm 6 hours ago | parent | next [-] |
| AMEX, Capital One and Apple are not even close to the top of the list of companies that I would trust with my digital data. |
| |
| ▲ | rukuu001 6 hours ago | parent | next [-] | | Never mind the list of companies - I'd be very curious to know what the 'trust signals' are that would help you trust a company? | | |
| ▲ | amelius 5 hours ago | parent | next [-] | | For hardware, I'd only trust a company if they didn't also have an interest in data. In fact, I'd trust a hardware company more if they didn't also have a big software division. A company like AMD I would trust more than a company like Apple. | |
| ▲ | jacquesm 6 hours ago | parent | prev | next [-] | | Decent management. A lack of change of business model, no rug pulls and such. Fair value for money. Consistency over the longer term. No lock in or other forced relationships. Large enough to be useful and to have decent team size, small enough to not have the illusion they'll conquer the world. Healthy competition. | | |
| ▲ | NBJack 5 hours ago | parent | next [-] | | Admirable, but short of a local credit union I used to use (which I am no longer with as they f'd up a rather critical transaction), I can scarcely imagine a business that fits such a model these days. The amount of transparency needed to vet this would be interesting to find though, and its mere presence probably a green flag. | | | |
| ▲ | 5 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | 5 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | lovich 5 hours ago | parent | prev [-] | | Are there any companies existing you would trust? I honestly can’t name a single one I know of who could pass that criteria Edit:found your other comment answering a similar question |
| |
| ▲ | nikcub 5 hours ago | parent | prev | next [-] | | the way they respond to security and privacy incidents + publishing technical security + privacy papers / docs | | |
| ▲ | jacquesm 5 hours ago | parent | next [-] | | Good one, yes, that is important. | |
| ▲ | belter 4 hours ago | parent | prev | next [-] | | And do they approach Security as a Feature or as a Process. The fingers on one hand are enough to count them... | |
| ▲ | PlatoIsADisease 5 hours ago | parent | prev [-] | | Apple = Run more commercials with black backgrounds and white text that says SECURITY PRIVACY --- Heyyy it never said "good privacy" perceive as you want... Don't publicly acknowledge that you were the reason someone got murdered and 1000 VIPs got hacked. One day when I'm deemed a 'Baddie', I looked at Apple as inspiration. |
| |
| ▲ | elxr 5 hours ago | parent | prev | next [-] | | No past history of shady planned-obsolescence sprinkled in a bunch of their products, for one. So that rules out Apple. A leadership team that is very open and involved with the community, and one that takes extra steps, compared to competitors, to show they take privacy seriously. | | |
| ▲ | selectodude 4 hours ago | parent [-] | | Planned obsolescence tells me they don't make money on the daily use of their software and they need me to buy more hardware in order to make money. |
| |
| ▲ | 3 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | 8note 5 hours ago | parent | prev [-] | | I'd go for a co-operative ownership model rather than capitalist? and make sure the member/owners are all of like mind, and willing to pay more to ensure security and privacy | | |
| ▲ | jacquesm 5 hours ago | parent | next [-] | | Mondragon for IT... it's been my dream for decades. | | |
| ▲ | komali2 5 hours ago | parent [-] | | We're no mondragon but I founded a co-op in IT space a few years back and it surprised me how open to the vision the members and customers have been. I had assumed I'd have to lean more on the capitalistic values of being a co-op, like better rates for our clients, higher quality work, larger likelihood of our long term existence to support our work, more project ownership, so as to make the pitch palatable to clients. Turns out clients like the soft pitch too, of just workers owning the company they work within - I've had several clients make contact initially because they bought the vision over the sales pitch. I'm trying to think about if I'd trust us more to set up or host openclaw than a VC funded startup or an establishment like Capital One. I think both alternatives would have way more resources at hand, but I'm not sure how that would help outside of hiring pentesters or security researchers. Our model would probably be something FOSS that is keyed per-user, so if we were popular, imo that would be more secure in the end. The incentives leading to trust is definitely in a co-op's favor, since profit motive isn't our primary incentive - the growth of our members is, which isn't accomplished only through increasing the valuation of the co-op. Members also have total say in how we operate, including veto power, at every level of seniority, so if we started doing something naughty with customer data, someone else in the org could make us stop. This is our co-op: 508.dev, but I've met a lot of others in the software space since founding it. I think co-ops in general have legs, the only problem is that it's basically impossible to fund them in a way a VC is happy with, so our only capitalization option is loans. So far that hasn't mattered, and that aligns with the goal of sustainable growth anyway. | | |
| ▲ | jacquesm 4 hours ago | parent [-] | | Amazing, please write a book. My current venture is still called after that idea ("The Modular Company"), but I found that it is very hard to get something like that off the ground in present day Western Europe. | | |
| ▲ | komali2 4 hours ago | parent [-] | | > but I found that it is very hard to get something like that off the ground in present day Western Europe. Yes, agreed for the USA/Taiwan/Japan where we mostly operate. For us it's been understanding and leveraging the alternative resources we have. Like, we have a lot of members, but really only a couple are bringing in customers, despite plenty of members having very good networks. Is your current a co-op? 200+ sales at 30k a pop seems to be pretty well off the ground! | | |
| ▲ | jacquesm 3 hours ago | parent [-] | | Effectively, yes, but it is tiny. There is a corporate entity but it just serves to divide the loot between the collaborators. |
|
|
|
| |
| ▲ | YetAnotherNick 5 hours ago | parent | prev [-] | | Co-operative will have significantly worse privacy guarantee compared to shareholder based model. In the no one company wants to sacrifice on privacy standard just for the sake of it. They do it for money. And in shareholder based model, the employees are more likely to go against the shareholder when user privacy is involved, because they are not directly benefiting from it. | | |
| ▲ | jacquesm 5 hours ago | parent [-] | | That's nonsense. Shareholders have an incentive to violate privacy much stronger than any one employee: they can sell their shares to the highest bidder and walk away with 'clean hands' (or so they'll argue) whereas co-op partners violating your privacy would have to do so on their own title with immediate liability for their person. | | |
| ▲ | YetAnotherNick 5 hours ago | parent [-] | | > Shareholders have an incentive to violate privacy much stronger than any one employee Exactly what I said. We need lower shareholder interference not more, and in co-operative it's the opposite. > with immediate liability for their person. What do you mean? | | |
| ▲ | jacquesm 5 hours ago | parent | next [-] | | A cooperative does not have shareholders in your sense of the word. | |
| ▲ | komali2 4 hours ago | parent | prev [-] | | The only shareholders in a co-op are the owners/operators ("employees"), or the owners/operators + customers (for example REI I believe). There's nobody seeking to extract value at the expense of the employees or the customers. If, as a shareholder operator, a co-op member pressured themselves to exploit user data to turn a quick buck, I guess that's possible, but likely they'd be vetoed by other members who would get sucked into the shitstorm. In my experience, co-op members and customers are more value-oriented than profit-motivated, within reason. |
|
|
|
|
| |
| ▲ | mark_l_watson 6 hours ago | parent | prev | next [-] | | Jacques, do you mind sharing your list of trusted companies? Thanks in advance. | | |
| ▲ | jacquesm 6 hours ago | parent | next [-] | | It's going to be pretty short. Proton would be there for comms, for hosting related stuff I would trust Hetzner before any big US based cloud company. For the AI domain I wouldn't trust any of the big players, they're all just jockeying for position and want to achieve lock-in on a scale never seen before and they have all already shown they don't give a rats ass about where they get their training data and I expect that once they are in financial trouble they'll be happy to sell your private data down the river. Effectively you can trust all of the companies out there right up until they are acquired and then you will regret all of the data you ever gave them. In that sense Facebook is unique: it was rotten from day #1. Vehicles: anything made before 2005, SIM or e-SIM on board = no go. I'm halfway towards setting up my own private mail server and IRC server for me and my friends and kissing the internet goodbye. It was a fun 30 years but we're well into nightmare territory now. Unfortunately you are now more or less forced to participate because your bank, your government and your social circle will push you back in. And I'm still pissed off that I'm not allowed to host any servers on a residential connection. That's not 'internet connectivity' that's 'consumer connectivity'. | | |
| ▲ | blueaquilae 6 hours ago | parent | next [-] | | Proton is quite a privacy washing front. Surprised than even in HN nobody check behind the facade what was signed. | | |
| ▲ | Aurornis 5 hours ago | parent | next [-] | | > Surprised than even in HN nobody check behind the facade what was signed Such as? These aloof comments that talk about something we're supposed to know about without referencing anything are very unhelpful. | |
| ▲ | jacquesm 6 hours ago | parent | prev | next [-] | | Yes, they're losing it. It's a pity, they were doing well for a long time. I'm surprised that someone on HN would paint all of HN with the same brush. It's one of those 'lesser evils' things. If you know of a better email provider I'd love to know. | |
| ▲ | unethical_ban 6 hours ago | parent | prev [-] | | Proton complied with a court order once (that we know of), no? I have seen a lot of negative sentiment from HN commenters toward them but not a lot of evidence to back it up, particularly when you consider the email marketplace. | | |
| ▲ | Itoldmyselfso 5 hours ago | parent [-] | | It was a legally mandated court order they couldn't just refuse. No encrypted data, the contents of their emails, was handed over. The person would've also been safe had they used vpn/tor as I recall the story. |
|
| |
| ▲ | jjtheblunt 5 hours ago | parent | prev | next [-] | | why the (e)SIM cars concern? i ask since the data transmission (bidirectional) can be used to justify lower insurance rates, for an example, than without that data. ( https://www.lemonade.com/fsd is an example ) | | |
| ▲ | rcoder 4 hours ago | parent | next [-] | | "Justifying lower insurance rates" is just algorithmic bias described from the perspective of someone it doesn't (currently) harm. See also: credit scoring, insurance claim acceptance, job applications, etc., etc. You only get offered a discount if most other customers are being compelled to pay full (or even increased) prices for the same offering. Otherwise revenue goes down and company leadership finds itself finding other ways to cut costs and increase profits. | |
| ▲ | jacquesm 5 hours ago | parent | prev [-] | | Because I don't trust that that location data won't end up in the wrong hands. | | |
| ▲ | jiveturkey 3 hours ago | parent [-] | | This, but stronger. It’s not a story of why Johnny can’t trust anyone. The vast majority of companies have proven time and time again that they are not capable of handling this data securely against inadvertent disclosure. Not even mentioning the intentional disclosure revenue stream. |
|
| |
| ▲ | BoredPositron 6 hours ago | parent | prev [-] | | Proton? After the last two years of enshitification and purely revenue driven product decisions really? | | |
| ▲ | jacquesm 6 hours ago | parent [-] | | Barely. Your points are well made and I'm sure that it is just a matter of time before they're just as untouchable as the rest. Hence the remark about mail. The Siloization of the internet is almost complete. |
|
| |
| ▲ | 6 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | marxisttemp 6 hours ago | parent | prev [-] | | Mark, can you conceive that some people don’t trust any companies? | | |
| ▲ | mark_l_watson 5 hours ago | parent [-] | | Yes, I can! After reading Jacques's response to my question, my list got smaller. Personally, I still like Proton, but I get that they have made some people unhappy. I also agree that Hetzner is a reliable provider; I have used them a bunch of times in the last ten years. Then my friend, we have to worry about fiber/network providers I suppose. This general topic is outside my primary area of competence, so I just have a loose opinion of maintaining my own domain, use encryption, and being able switch between providers easily. I would love to see an Ask HN on secure and private agentic infra + frameworks. |
|
| |
| ▲ | 5 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | appplication 6 hours ago | parent | prev [-] | | I’d be very curious what your list would be | | |
|
|
| ▲ | Aurornis 6 hours ago | parent | prev | next [-] |
| > There are very few companies who I trust with my digital data and thus trust to host something like OpenClaw and run it on my behalf: American Express, Capital One, maybe Proton, and maybe Apple. I managed an AI lab team at Capital One and personally I trust them. I don't really understand what this has to do with the post or even OpenClaw. The big draw of OpenClaw (as I understand it) was that you could run it locally on your own system. Supposedly, per this post, OpenClaw is moving to a foundation and they've committed to letting the author continue working on it while on the OpenAI payroll. I doubt that, but it's a sign that they're making it explicitly not an OpenAI product. OpenClaw's success and resulting PR hype explosion came from ignoring all of the trust and security guardrails that any big company would have to abide by. It would be a disaster of the highest order if it had been associated with any big company from the start. Because it felt like a grassroots experiment all of the extreme security problems were shifted to the users' responsibility. It's going to be interesting to see where it goes from here. This blog post is already hinting that they're putting OpenClaw at arm's length by putting it into a foundation. |
| |
|
| ▲ | iugtmkbdfil834 4 hours ago | parent | prev | next [-] |
| You raised a good point I am now personally basically expecting to see this year ( next at the latest ). Some brave corporate will decide for millions of users to, uhh, liberate all users data. My money is not of that happening at Googles or OpenAIs of the world though. I am predicting it will be either be a bank or one of the data brokers. With any luck, maybe this will finally be a bridge too fast, like what Amazon's superbowl ad did for surveillance conversation. |
|
| ▲ | blks 5 hours ago | parent | prev | next [-] |
| Privacy aside, you can never trust an LLM with your data and trust it to do exactly what it was instructed to do. |
|
| ▲ | internet2000 5 hours ago | parent | prev | next [-] |
| Sorry to pile on, but Capital One is an insane name to drop there. |
|
| ▲ | shevy-java 5 hours ago | parent | prev | next [-] |
| You really trust them? My trust does not extend that far. |
|
| ▲ | vessenes 2 hours ago | parent | prev | next [-] |
| Well it’s not even just data, you have to trust actions taken if you want the assist to, you know, assist. I have been yoloing it and really enjoying it. Albeit from a locked off server. |
|
| ▲ | lvl155 5 hours ago | parent | prev | next [-] |
| Sorry to break it to you but I would not trust any financial companies with my personal data. Simply because I’ve seen how they use data to build exploitive products in the past. |
|
| ▲ | PlatoIsADisease 5 hours ago | parent | prev | next [-] |
| >Apple Lol Their marketing team got ya. I aspire to be as good as Apple at marketing. Who knew 2nd or worse place in everything doesnt matter when you are #1 in marketing? |
| |
|
| ▲ | jiveturkey 3 hours ago | parent | prev | next [-] |
| sorry to say it, but C1 LOL. they don’t care at all about privacy! Don’t mistake your team for the company values. |
|
| ▲ | throwjjj 5 hours ago | parent | prev [-] |
| [flagged] |
