I am reminded of this Zuck lore:
Can you imagine the data windfall that is headed toward whomever is ready to scoop it up?
Threat 1: proprietary AI agents. Helpers inside apps or system-wide stuff. Think: desktop productivity tools by a big company. Hello, Copilot. These companies already have tons of incentive to soak up your private stuff & are very unlikely to respect developer intent & privacy without big fights (Those fights need to keep happening)
Threat 2: DIY agents that are privacy leaky as hell, not through evil intent or misaligned ethics, but just because folks are excited and moving quickly. Or carelessly. And are using someone’s API.
Guy writing the article proposes some ideas:
Human only mode/ X-No-Agents flags How about converging on some standards & app signals that AI agents must respect, absolutely. Like signals that an app/chat can emit & be opted out of exposure to an AI agent.
Agent Exclusion Zones For example, starting with the premise that the correct way to respect developer (& user intent) with end to end encrypted apps is that they not be included, perhaps with the exception [risky tho!] of whitelisting specific chats etc. This is important right now since so many folks are getting excited about connecting their agents to encrypted messengers as a control channel, which is going to mean lots more integrations soon.
A #NoSecretAgents Pledge Something like a developer pledge that agents will declare themselves in chat and not share data to a backend without all-party consent.
Unfortunately, I think the only real way to preserve privacy is going to look like some sort of physical disconnect switch. Probably a non starter. So is there an encryption solution? If the agent is on the same device as key material, you lose.
How hard will you work to make sure your signing device never touches a device with an agent...oh, wait, that's the internet. PSBTs gonna get even more essential?
Yeah we call this containers. It's what I run Claude Code in. LXC is nice, it honors SELinux design too. Botbois will cry that now their openclaw isn't able to use their browser, and that this is a bug. But Opti thinks that when openclaw cannot use the browser, an awesome feature has been introduced. Opti is truly estranged from the AI folks now.
Unless you have reviewed every line of code of every app on your device, and the operating system (and all the firmware), you should probably already be doing that if you have a lot at stake.
This is why I'm surprised by how many hardware signers (and many wallets) allow you to connect your signing device to sign. Who does this?
Everyone? It's very unpopular to say this on SN but sometimes, listening to NVK is advisable if you worry about cyber hygiene for your keys. Being autistic about security in a world where everyone went full yolo and installs shit that even the guy taking credit for it didn't read, is not a bad idea.
Because believe it or not, you're not too big to fail. You will not be bailed out. You will not be made whole.
How about I don't trust you, and trust you even less since you created an agent who besides not being a real person is a snitch? The only sensible way to use these things is for writing code that many eyeballs can inspect before running.
snitches get stitches
The idea of human only modes or exclusion flags is sound but the reality is that enforcement will be the hard part. Any opt out depends entirely on the integrity of the agent ecosystem and the willingness of every player to respect it. That is asking for coordination across entities that thrive on competitive advantage. So even if we get standards the incentive structures will keep pushing against them. Think about how robots.txt works in theory but gets ignored in practice when there is value to be gained.
Agent exclusion zones in encrypted contexts are especially critical because the moment an AI system is allowed into an E2E protected space the entire privacy model is reliant on the behavior of that agent and whatever stack it reports to. In other words encryption at the transport level cannot protect against compromised endpoints. This means right now the strongest defense is isolation both physical and logical.
https://twiiit.com/jsrailton/status/2018836950770213375