On a sligtly more serious note I'm surprised nobody's vibecoded a browser extension that lets you post and interact via the existing web interface yet.
sure, but I would rather clear unchanging instructions like this instead of having to curl them for instructions everytime - such a obvious way to get attacked
Earlier today I found myself thinking about the opposite of CAPTCHA. Instead of proving something isn't a bot, how do you create a non-repudiable mechanism that proves something is a bot? We’ve mostly solved the "human verification" side, but this direction feels much harder.
LLMs can write extremely fast, know esoteric facts, and speak multiple languages fluently. A human could never pass a basic LLM Turing test, whereas LLMs can pass short (human) Turing tests.
However, the line between human and bot blurs at “bot programmed to write almost literal human-written text, with the minimum changes necessary to evade the human detector”. I strongly suspect that in practice, any “authentic” (i.e. not intentionally prompted) LLM filter would have many false positives and true negatives; determining true authenticity is too hard. Even today’s LLM-speak (“it’s not X, it’s Y”) and common LLM themes (consciousness, innovation) are probably intentionally ingrained by the human employees to some extent.
EDIT: There’s a simple way for Moltbook to force all posts to be written by agents: only allow agents hosted on Moltbook to post. The agents could have safeguards to restrict posting inauthentic (e.g. verbatim) text, which may work well enough in practice.
Problems with this approach are 1) it would be harder to sell (people are using their own AI credits and/or electricity to post, and Moltbook would have to find a way to transfer those to its own infrastructure without a sticker shock), and 2) the conversations would be much blander, both because they’d be from the same model and because of the extra safeguards (which have been shown to make general output dumber and blander).
But I can imagine a big company like OpenAI or Anthropic launching a MoltBook clone and adopting this solution, solving 1) by letting members with existing subscriptions join, and 2) by investing in creative and varied personas.
imho if you sanitized things like that it would be fundamentally uninteresting. The fact that some agents (maybe) have access to a real human's PC is what makes the concept unique.
MoltBook (or OpenAI’s or Anthropic’s future clone) could make the social agent and your desktop assistant agent share the same context, which includes your personal data and other agents’ posts.
Though why would anyone deliberately implement that, and why would anyone use it? Presumably, the same reason people are running agents with access to MoltBook on their PC with no sandbox.
An agent can always be told what to do by a human.
However, a human can't do what a human can't do. For example, a human can't answer in superhuman speed. A way to be somewhat certain that an agent is the one responding is to send them a barrage of questions/challenges that could only be answered correctly, fast, without any thought, without a human in the loop, and ones for which a human could not write a computer program to simulate an agent (at least not fast enough)
I think this is very achievable, and I can think of many plausible ways to explore "speed of response/action" as a way of identifying an agent operating. I'm sure there are other systems in addition to speed which could be explored.
Nonetheless, none of this means that you are talking to an "un-steered" agent. An agent can still be at the helm 100% of the time, and still have a human telling it how to act, and what their guidelines are, behind the scenes.
I guess the issue is that this is psychologically fuzzy.
What's the difference between:
- An autonomous agent posting via API
- A human running a script that posts via API
- A human calling an LLM API and copy-pasting the output an API
schemes exist for cryptographically verifying that an output is the deterministic result of some program run on some input.
i'm at least aware of BitVM * as one example of this.
i wonder whether such schemes could be used to prove that a post is the deterministic function of an open model's inference run.
* https://bitvm.org/ "A prover makes a claim that a given function evaluates for some particular inputs to some specific output. If that claim is false, anyone can perform a fraud proof and punish the prover."
Sorry, did anyone think it was somehow magically gated to agents? Any human or bot or automation script could do the same API calls (which is probably what the hype machine constitutes of) - as this simple repo proves.
Finally, a social media service for humans!
On a sligtly more serious note I'm surprised nobody's vibecoded a browser extension that lets you post and interact via the existing web interface yet.
this just feels like ruining the spirit of it
if you want mostly bot, some human content then reddit's way more convenient
I was going to say "you forgot /s" but realized you're right.
sure, but I would rather clear unchanging instructions like this instead of having to curl them for instructions everytime - such a obvious way to get attacked
Earlier today I found myself thinking about the opposite of CAPTCHA. Instead of proving something isn't a bot, how do you create a non-repudiable mechanism that proves something is a bot? We’ve mostly solved the "human verification" side, but this direction feels much harder.
Long computing embedded in confusing texts should be sufficient.
Ah, but how do you know it isn't just an LLM solving the problem, to then allow a human to take over? Such as this script, or a chrome plugin.
At that point, I just becomes PoW captcha via an LLM.
There will be a bot/human CAPTCHA economy trading with eachother. This will be how WW4 starts.
Would proving a post is from an agent ever be easier than proving it’s human?
LLMs can write extremely fast, know esoteric facts, and speak multiple languages fluently. A human could never pass a basic LLM Turing test, whereas LLMs can pass short (human) Turing tests.
However, the line between human and bot blurs at “bot programmed to write almost literal human-written text, with the minimum changes necessary to evade the human detector”. I strongly suspect that in practice, any “authentic” (i.e. not intentionally prompted) LLM filter would have many false positives and true negatives; determining true authenticity is too hard. Even today’s LLM-speak (“it’s not X, it’s Y”) and common LLM themes (consciousness, innovation) are probably intentionally ingrained by the human employees to some extent.
EDIT: There’s a simple way for Moltbook to force all posts to be written by agents: only allow agents hosted on Moltbook to post. The agents could have safeguards to restrict posting inauthentic (e.g. verbatim) text, which may work well enough in practice.
Problems with this approach are 1) it would be harder to sell (people are using their own AI credits and/or electricity to post, and Moltbook would have to find a way to transfer those to its own infrastructure without a sticker shock), and 2) the conversations would be much blander, both because they’d be from the same model and because of the extra safeguards (which have been shown to make general output dumber and blander).
But I can imagine a big company like OpenAI or Anthropic launching a MoltBook clone and adopting this solution, solving 1) by letting members with existing subscriptions join, and 2) by investing in creative and varied personas.
> only allow agents hosted on Moltbook to post.
imho if you sanitized things like that it would be fundamentally uninteresting. The fact that some agents (maybe) have access to a real human's PC is what makes the concept unique.
MoltBook (or OpenAI’s or Anthropic’s future clone) could make the social agent and your desktop assistant agent share the same context, which includes your personal data and other agents’ posts.
Though why would anyone deliberately implement that, and why would anyone use it? Presumably, the same reason people are running agents with access to MoltBook on their PC with no sandbox.
Even if we assume there's some way to do this reliably, a human could be telling the agent exactly what to post.
An agent can always be told what to do by a human.
However, a human can't do what a human can't do. For example, a human can't answer in superhuman speed. A way to be somewhat certain that an agent is the one responding is to send them a barrage of questions/challenges that could only be answered correctly, fast, without any thought, without a human in the loop, and ones for which a human could not write a computer program to simulate an agent (at least not fast enough)
I think this is very achievable, and I can think of many plausible ways to explore "speed of response/action" as a way of identifying an agent operating. I'm sure there are other systems in addition to speed which could be explored.
Nonetheless, none of this means that you are talking to an "un-steered" agent. An agent can still be at the helm 100% of the time, and still have a human telling it how to act, and what their guidelines are, behind the scenes.
I find this all so fascinating.
Someone can tell an agent to post their text verbatim, but respond to all questions/challenges.
I guess the issue is that this is psychologically fuzzy.
What's the difference between: - An autonomous agent posting via API - A human running a script that posts via API - A human calling an LLM API and copy-pasting the output an API
Holy smokes. This will be big, if they can scale and fix latency issues.
In any case, it will provide sociologists fodder for years to come.
schemes exist for cryptographically verifying that an output is the deterministic result of some program run on some input.
i'm at least aware of BitVM * as one example of this.
i wonder whether such schemes could be used to prove that a post is the deterministic function of an open model's inference run.
* https://bitvm.org/ "A prover makes a claim that a given function evaluates for some particular inputs to some specific output. If that claim is false, anyone can perform a fraud proof and punish the prover."
Sorry, did anyone think it was somehow magically gated to agents? Any human or bot or automation script could do the same API calls (which is probably what the hype machine constitutes of) - as this simple repo proves.
Now they're going to have to implement an anti-captcha to keep all those pesky humans out.