Even after the owner has realized the attack and revoked the token, there’s next steps (alerting the community, pulling from NPM) that causing havoc delays even by just a bit.
I mean, it's certainly not as seamless as an open x86 machine, but if you have an Air already you can always try Linux on it? The Fedora Asahi spin [1] supports pretty much everything on M1/M2 devices.
I'm...rather confused why the results here are surprising. The title and first paragraph are suggestive of unusual data like analytics or sending all your codebase, but it's just sending the prompt + context.
This is how every LLM API has worked for years; the API is a stateless token machine, and the prompts + turns are managed by the client application. If anything it's interesting how standard it is; no inside baseball, they just use the normal public API.
Dang, everything about this feels really well considered. Semi-throwaway, nearly bare-metal machines that I can put on the internet with basically 0 config? I'll take
> But since it is a electron app, it will always contact Google everytime you open the app
Do you have a source for this? I couldn't find anything about this, and I find it strange that Electron (which uses the open-source chromium engine but not Chrome) would automatically send tracking information to Google.