rsync.net is (minimally) an openai customer. I've used it mostly as a curiosity but others here have used it in more professional manner.
When we created the account we shared essentially zero personal information and used a purpose-specific email, etc. No ID scans, no passports, no robust ID verification. It is a company account, after all, so it would make no sense to tie it to a particular person ...
All of this to ask:
In 2026, if I choose to boycott openAI on behalf of my firm, and perhaps sign up for Claude with the intention of using either the web interface or a terminal CLI ... what will be demanded in terms of identity and personal information ?
IME, zero. None of them require things like this for the web interface or terminal CLI.
And if you want to use the API? OpenAI requires full identity documentation upload and potentially selfies sending to Persona (the exact thing Discord was just chastised over) if you want to use a remotely recent model. Anthropic doesn't ask for any of this - and neither does any other model provider.
You could put your onion address into an “oh by code”[1] and just write it down … or chalk it on the sidewalk for someone to see … post it on a physical bulletin board.. hold it up on a sign…
This way you could establish communication with an unknown future party, totally offline.
Trying to repurpose hex literal notation as a "recognizable" URL shortener seems like a questionable idea. At least write it as 0x.co/FFFF so it's obvious to readers how to interpret it.
If you're printing something why not go with a QR code?
However, if you're walking down the street and need to quickly generate and apply a message, how will you pass along a QR code to an unknown future viewer ?
Can you draw a QR code with chalk or freehand with a pen, etc. ?
I will admit that the use-cases for "oh by codes" are weird and infrequent but I am convinced they will emerge ...
I don't disagree that URL shortening is incredibly useful at times. Merely that writing out the whole url is almost certainly a better approach and that any sufficiently short domain name is fit for purpose.
It would be more useful and beneficial to have a privacy oriented twilio than a privacy oriented carrier.
If we treat the carrier as adversarial, dumb pipes we can move the security and all of the capabilities into the cloud platform. A personal comms stack like this should be carrier-agnostic, phone-agnostic, sim-agnostic.
See my other post in this HN topic - I have done this since 2016 ...
You would be better off hosting your “phone number “at Twilio and then forwarding that number to a throwaway SIM card that nobody knows the number to.
Your “phone number “that people interact with cannot be hijacked with SS7 because it’s not a real number… you’re immune to sim swaps … And you can Jettison your physical phone and SIM card at any time with no penalty.
As a bonus, because your actual phone number is now programmable you can do interesting things like set up a SMS firewall. You can, for instance, collapse all incoming text messages to ascii-256. Or truncate their overall length. Or CC your incoming SMS to a dedicated mailbox.
I have operated like this since 2016. I have no idea what my physical SIM phone number is and neither does anybody else.
You can sign up for US mobile service, which is a Verizon MVNO, right this moment with no personally identifiable information at all.
Remember: neither the visa nor MasterCard payment networks have any support for customer name. Everyone pretends that they do, but they do not. In the absence of an additional security layer like “verified by visa “there is no way to verify cardholder name.
They're a US mobile telco, a warrant canary wouldn't last a year here. That's not, on the surface, a useful differentiator between mobile service providers. Did you have a specific kind of warrant canary in mind that would act as a differentiator, or is there some aspect of warrant canaries I've overlooked that makes them meaningful for US telecoms that are governed by US federal and state laws, or..?
This is correct. We talked about canaries a bunch internally and came to the same conclusion-- not really worth it in this context (but please do offer up a model that makes sense if you see one).
I came to the conclusion the best we can do is what you see in our privacy policy: we notify our users when we're served with legal process that is not subject to a gag order, and we pledge to push back on any law enforcement request we receive that is not properly formed or narrowly tailored as required by law. I'd love input/ideas on how to be stronger here.
When my children were younger I used configurator to adopt, and configure, their ipod touch devices. It was a bit of a pain but not too bad.
Anyone can do this - configurator is free and runs on any old macbook ...
reply