Get the top HN stories in your inbox every day.
saalweachter
miroljub
> So purely from a hacker perspective, I'm amused at the whining.
> Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.
From a pure hacker perspective, I'm surprised there are people calling a legitimate usage a "weakness you could exploit"?
What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.
Then Google unilaterally changed the TOS of a product people already purchased and started pulling the rug. And again, there are people who call themselves hackers who approve of that? Even worse, they call people calling out Google for their monopolistic behavior whining.
novaleaf
Arn't they yoinking an OAuth token for replay in the Claw app?
If so, I don't think anybody who knows how auth works could feign complete innocence.
gck1
People got banned for calling `gemini -p` (non-interactive mode) from wrappers like pi or opencode, too.
I understand how grabbing an oauth token via reverse engineering could be a ToS violation. But there's no other purpose for the `-p` flag other than to use it with a wrapper. Unless people enjoy having interactive conversations via non-interactive mode for some reason.
Even their documentation clearly states this flag exists for "building custom AI tools" [1]. How is OpenCode, OpenClaw etc not a "custom AI tool", where exactly is the line drawn?
This is just a rug pull.
[1] https://github.com/google-gemini/gemini-cli/blob/c7237f0c795...
rolymath
Google changed the ToS to disallow this usage? I'm pretty sure it was disallowed from the beginning
saalweachter
I mean, the "exploit" is really "we have an access key with overly-broad permissions and poor monitoring", but that's ... also kind of like 70% of old hacker stories?
"The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".
You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.
But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.
tapvt
This is where my mind went.
A curious person or two poking around is one thing.
A few hundred, or thousands, of "AI enthusiasts," or however you'd like to imagine OpenClaw users, could likely approach the scale of "a problem."
ValentineC
> What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.
It's technically possible, but Google didn't provide a feature allowing the creation of Antigravity or Gemini CLI API keys for use outside the respective apps.
bigyabai
> they call people calling out Google for their monopolistic behavior whining.
Google's monopoly is not in AI, it's advertisement. When you accuse them of ridiculous and unfounded crimes, you're diluting the chance of Google being held accountable. As someone that wants to see Google ripped apart by the FTC, we can't just lie and say everything Google does is criminal.
8note
the monopoly here is on web indexing, isnt it?
RobotToaster
> you could exploit to get free/cheap thing
$249/mo isn't cheap
panarky
If you pay $249 to get $1,200 of compute, "cheap" seems like the right word.
mschuster91
> You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.
It's the same with vulnerabilities in slot machines. Damn rare but they exist - in 2014, when I worked in that industry, one gang made a big bang: in a single night, casinos across Germany had to say goodbye to probably 10 million € [1]. Of course, that vulnerability made massive waves... but from what I heard back then, it had been circulating for many months beforehand. Of course, 10 million € is nothing to sneeze at, but keeping a low profile could have made everyone in the know far more profit.
[1] https://www.t-online.de/digital/aktuelles/id_68982394/softwa...
plorg
Back in maybe 2017 there was a YC startup called Audm that hired professional audiobook narrators to read magazine articles. I found them through their embeds in The New Yorker. The app was pretty mediocre and I wanted to use it in my podcast app, so I started writing a scraper. Very quickly I realized that the page embeds were making calls directly to their production database with no authentication whatsoever. So I pivoted to dumping the entire archive, hosting it on my LAN, and serving it as RSS over my VPN. It was cool, and I found that articles from some publications would post as much as 2 weeks before publication. Eventually they were bought by the NYTimes, and in 2020 they either set up permissions or moved the infrastructure. I gave up on the project, and I understand that most of the content is no longer available. I unfortunately lost my archive with a lot of data when my storage array died a couple of years later. I think the product space got commoditized very quickly by AI readers (none of which, to my ear, are as engaging as the human professionals). I think maybe 4 other people knew about my project when it existed.
tda
I fondly remember finding and exploiting a buggy slot machine on the night the Euro got introduced. A classmate (I never played slot machines) made some money but didn't understand what was going on. I observed and it became apparent (in my slightly intoxicated state) the machine would pay out 2 Euro coins where is should pay out 20 cents. And when playing a 1 Euro game, you would often "win" 80 cents. Pay-out immediately and you got 8 Euro. Of course after a few rounds, the 2 Euro coins ran out and it would do some RNG to pay out 1 Euro with 80% chance. Don't know if I tried feeding it back the 2 Euro coins, I recall just made enough to have a free new years eve
saturnite
That reminds me of a vending machine ran into as a little kid. It was in a private place and it had an out of order sign posted. Being hungry and young, I plugged it back in so I could take my chances. Every time I put in a quarter, three or four would fall into the coin return. When it was time to leave, all of the pockets on my cargo shorts were bulging so much that I had to hold my shorts up.
mschuster91
that was possibly just some attendant accidentally messing up which hopper they refilled (or with which coins), or someone screwed up the assignment on the control board which hopper was connected to which bus identifier.
Reminds me I gotta eventually write up what I found reverse-engineering the one armed bandit in my basement LOL
ValentineC
How did something like this not pass a Monte Carlo simulation, which I'd assume they'd conduct in an audit?
JKCalhoun
Kind of a built-in feature of a Cool Thing is that it will get found/shared/widespread.
(See Napster.)
lucky-rathore
wise. couldn't agree more. I
newalexandria
literally this is why we can't have nice things.
tabs_or_spaces
So the timeline is basically
* User uses Google oauth to integrate their open claw
* user gets banned from using Google AI services with no warning
* user still gets charged
If you go backwards, getting charged for services you can't access is rough. I feel sorry for those who are deeply integrated into Google services or getting banned on their main accounts. It's not a great situation.
Also, getting banned without warning is rough as well. I wonder if the situation will be different for business accounts as opposed what seems like personal accounts?
The ban itself seems fair though, google is allowed to restrict usage of their services. Even though it's probably not developer friendly, it's within their rights to do so.
I guess there's some level of post mortem to do on the openclaw side too.
* Why did openclaw allow Google anti gravity logins?
* The plugin is literally called "google-antigravity-auth", why didn't that give the signal to the maintainers?
* Why don't the maintainers, for an integration project, do due diligence checks on the terms of service of everything you're integrating with?
Aurornis
> * Why did openclaw allow Google anti gravity logins?
OpenClaw went from virtually unheard of to a sensation in a couple weeks. There was intense commit activity and the main author bragged about not even reading the code himself. It was all heavily AI driven and moving at an extreme rate. Everyone was competing to get their commits in because they wanted to be a part of it.
The entire project was a fast and furious experiment. Nobody was stopping to think if something was a good idea or not when someone published a plugin for using this endpoint. People just thought “cool!” and installed it.
lucianbr
That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.
But I guess it's only ok when you work on regular joe facing projects, where the consequences of bugs are on powerless users. If the consequences are on Google, well, that's not acceptable now is it?
ddalex
The consequences for Google are that the people are misusing the keys and the Google is fixing that. They're not banning anybody using proper API keys
Aurornis
> That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.
Not really. There’s a difference between accelerating development in the hands of an experienced developer versus having somebody just slop code by hoping for the best.
Adopting AI doesn’t equal removing code review. These were two separate choices combined.
shevy-java
> Also, getting banned without warning is rough as well.
Agreed. The lesson is: do not become dependent on Google. Ever.
(Unfortunately I still use youtube and a chromium-based browser. Long-term I hope to find alternatives to both problems. Google search I no longer need because Google already ruined it a few years ago; the quality now is just horrible. I can not find anything useful with it anymore.)
Chaosvex
Literally just use Firefox.
rvnx
Firefox is financed by Google and makes them survive (but yes, clearly the only realistic alternative that is not Chromium-based)
twohaibei
Zen browser. Or floorp.
vincston
What google search alternative have you found? Im trying out ecosia, duckduckgo and brave search, but i find their search results even worse, so in the second query i tend to bang to google..
bobmcnamara
Google Search is over. There may not be a free alternative, it they've lost the arms war between phone number incrementing ad pages, AI spew, and rank hackers.
distances
Have you tried Kagi yet? It's pretty popular among HN folks, and I find it easily worth the price.
coryrc
I use ddg and haven't found better results from searching with google in a long time, but that might just be the kind of things I search for.
beAbU
I've been using ddg for years now, and it's heen probably 2 years since I needed to use the "!g" escape hatch.
Very very happy with it.
Yizahi
DDG is good enough that I've switched many year ago and never went back. Any time I use Google (!g) to repeat query (recently it's maybe a few times per year) it fails to show anything useful too, so I don't see any benefit to even check it lately.
mark_l_watson
Maybe have to pay for search? I am experimenting with paying Proton another $10/month for a paid lumo+ account. lumo+ is a private chat like ChatGPT that uses a strong Mistral model and also privacy-preserving web_search LLM tooling under the hood. For about a month I just use lumo+ with the web_search tool enabled. I may not do this forever, but for now I like just having one tool to use. Note: I still use gemini for technical work, but lumo+ for day to day chat and web search.
In the past I just use DuckDuckGo for most search, occasionally Google. That also worked well for me.
MrDresden
Kagi
cess11
Might want to try https://www.mojeek.com/ .
axus
It doesn't seem fair at all; though I'm glad to see it's not as bad as I feared (yet?).
> Hoping for some transparency, I left a single, polite comment asking for clarification on why the update was removed. Surprisingly, my forum account was banned shortly after posting that question.
bootsmann
Have you seen the code of OpenClaw? It would not surprise me if there is a mistake in there somewhere that causes the bot to hammer google auth for the refresh token in a very identifiable manner because noone in that repo is bothering to look at the code before merging. Moved fast, broke things.
anon84873628
I don't understand step 1. OAuth client applications have to be registered in GCP, right? They have to request specific scopes for specific APIs, and there is a review process before they can be used by the public. Did none of that happen for the Open Claw client? How is it the users' fault for clicking a "Sign in with Google" button? And if there was a mistake, why not ban the whole client?
I could see a problem with logging into Antigravity then exfiltrating the tokens to use somewhere else... But that doesn't sound like what happened. (And then how would they know?)
I haven't used Open Claw, so what else am missing to make this make sense?
integralpilot
To my understanding, OpenClaw pretends to be Antigravity by using the Antigravity OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.
When I first tried OpenClaw and chose Google Sign-In, I noticed the window appeared saying "Sign into Google Antigravity" with a Google official mark, and a warning it shouldn't be used to sign into anything besides official Google apps. I closed it immediately and uninstalled OpenClaw as this was suspicious to me, and it was a relatively new project then.
It amazes me that the maintainer(s) allowed something like this...
anon84873628
Ah, ok. I guess there is no way for Google to prevent this since desktop apps are public clients that use PKCE.
I imagine Open Claw must also have registered the Antigravity custom URL scheme in order to receive the redirect.
Remaining question is how Google determines that traffic is not actually coming from Antigravity.
coffe2mug
> OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.
Still surprised.
Client ID ok.
But openclaw needs the secret also?
Does it also mean Antigravity did not restrict to specific applications?
andrew_lettuce
>>it amazes me that the maintainer(s) allowed something like this...
Really? In today's landscape this is the part that surprises you? I'm seeing these types of decisions repeatedly and typically my only question is do they not know any better, or intentionally not care?
fmbb
1. Did a human really knowingly decide to allow that?
2. Did a human create the plugin?
3. Are the maintainers human?
By human I mean an animal that is intelligent enough to understand the agreements and what code they are writing.
animuchan
Most people aren't human then, sad.
saalweachter
I think Dune is easily a top ten franchise among computer people, so that sort of thing is nothing new.
renegat0x0
I think as a society we miss some kind of 'laws', or 'rules' around accounts and banning.
I feel that sometimes corporations have all 3 montesquieu powers. Google can define eulas, decide if you should be punished, and apply a ban.
Can a shop decide who to serve? I may be wrong, but big tech should not be able to 'just close' accounts, or demonetize accounts on their whim.
RobotToaster
> Why did openclaw allow Google anti gravity logins?
There's a good chance the plugin was written by gemini, why did it allow that?
xnx
Additional information from Google employee https://x.com/_mohansolo/status/2025766889205739899 :
"We’ve been seeing a massive increase in malicious usage of the Anitgravity backend that has tremendously degraded the quality of service for our users. We needed to find a path to quickly shut off access to these users that are not using the product as intended. We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users."
KronisLV
> We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users.
It feels like a good default for this would be something similar to video game bans: where you get a "vacation" from the service with a clear reason for why that is, but can return to using it later. Given how much people depend on cloud services, permanent bans for what could be honest mistakes or not knowing stuff would be insane.
ljm
Getting your Google Workspace account nuked because an employee hooked their company Gemini account to OpenClaw would certainly be a novel business risk.
StopDisinfo910
Google services are banned at the very large company I work at and that's not because they are technically poor.
It's just that the last time we had to deal with their customer support, they were so bad someone at the exec level said they were banned from now on. It's to the point we have to explicitely schedule high level meetings and carve out exceptions when they happen to buy products we use.
We work with nearly everyone in the cloud space except Google. That should tell you everything you need to know.
AnthonyMouse
Isn't that pretty much par for the course for these megacorps? Account gets banned as a disproportionate response to something minor, or in many cases for no explicable reason at all, and anyone without enough of a platform to do "bad PR escalation" via social media or traditional media gets to learn the hard way that their "customer service" is just a brick wall that can't or won't do anything about it.
Adopting a massive dependency on a single company is generally a mistake.
ValentineC
As far as I can tell, most of the offenders just had their access to Antigravity and Gemini CLI suspended, not the rest of the Google ecosystem.
There are probably some boundaries set by Google's legal team, especially for Workspace.
owebmaster
what you described is that using google is a novel business risk
qingcharles
I wish all the social media services would implement some sort of "vacation" bans instead of outright perma-banning you, when more oft-than-not the ban is a mistake caused by AI. I'd be less mad about some arbitrary nonsense ban if it was only a week.
DaedalusII
yes. i am not using google ai services because i am afraid i might accidentally get permanently banned
leetrout
I posted an "Ask HN" around this a while back. I think we will see a lot more of it and we will be hurting legitimate users. I like your temp ban idea but I doubt they would give reasons why.
michaelcampbell
> give reasons why
Because it'll be an LLM guided bot handing out bans, so no one will actually KNOW why.
oger
While I see the point of limited capacity, it also shows that Google did not plan for rate limiting / throttling of high usage customers. This is ALWAYS the problem with flatrate pricing models. 2% of your customers burn 80+% of your capacity. Did see that in former times with DSL, not too long ago with mobile and now with AI subscriptions. If you want to provide a "good" service for all customers better implement (and not only write in your T&Cs) a fair usage model which (fairly) penalises heavy users.
Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.
BUT: The industry is missing a significant long term revenue opportunity here. There obviously is latent demand and Claws have a great product market fit. Why on earth would you deactivate customers that show high usage? Inform them that you have another product (API keys) for them and maybe threaten with throttling. But don't throw them overboard! Find a solution that makes commercial sense for both sides (security from API bill shock for the customer / predictable token usage for the provider).
What we're seeing right now is the complete opposite. Ban customers that might even rely on their account. Feels like the accountants have won this round - but did not expect the PR backlash and possible Streisand effect...
zarzavat
Yeah this is a massive fuckup on Google's part and they are taking it out on their customers as per usual.
It's not hard to define a quota system and enforce it. If the quota is too high then reduce the quota. If people are abusing the quota with automated requests then detect that and rate limit those users.
If I'm paying $200+ a month I should be able to saturate Google with requests. It's up to Google to enforce their policies via backpressure so that they don't get overloaded.
Then again this is the same company that suspended people's gmail because they sent too many emotes in YouTube chat. Sadge.
cheonn638
> If I'm paying $200+ a month I should be able to saturate Google with requests
Says who? You?
The customer? Who always wants a lower price?
lm28469
> Google did not plan for rate limiting / throttling of high usage customers
Antigravity has very low daily and weekly quotas unless you pay for their most expensive plan, so it means these people drop $200+ a month to run these bots, insanity
embedding-shape
> so it means these people drop $200+ a month to run these bots
It doesn't mean that it's the only thing they're doing, could be they have the plan for other purposes, and also use it for that.
embedding-shape
> Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.
Are they though? Another comment (https://news.ycombinator.com/item?id=47116205) seems to indicate these people are all indefinitely suspended with no path to unsuspend them:
> [...] I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. [...]
sva_
> it also shows that Google did not plan for rate limiting / throttling of high usage customers.
There is a (pretty generous and imo reasonable) request quota that reset every 24h
hn_throw2025
There is consensus on r/gemini that the window is a matter of hours now, not 24h.
I subscribe to the AI Pro plan. I knew of a published limit of 100 Pro prompts per day, but before this month it seemed they were relaxed about it. I have now started to be rate limited on Pro when nowhere near that quota, due to too many prompts within a short time window (probably due to short prompts and not aggregating my questions). So now I use the Thinking (basically Flash) model and bump up to Pro for certain queries only.
There will always be a minority who spoil it for the majority.
olyjohn
A fair usage model isn't some handwavey bullshit throttled quota buried in the ToS and marketed as "Unlimited." Its applying a realistic usage quota equally to everybody in the same payment tier that is spelled out right up front so that people know exactly what to expect.
The whole concept of service "abusers" is made up bullshit by companies that over promise, over sell and under deliver.
JKCalhoun
My fascination with local LLMs has waxed and waned over the past year or so. And then something like this comes along and it waxes again mightily. ;-)
FloorEgg
I wonder if this was causing the increase in the number of 429 errors I've been getting from Gemini on vertex.
cube00
> will get a path for them to come back on
That's not what support has been telling their $250 a month customers.
we are unable to reverse the suspension [1]
I get the need to move fast to stabilise the service but similar to an outage it doesn't take much to put a banner on the support page to let customers know bans are temporary until they can come up with a better way of educating customers. Further more it doesn't much to instruct ban appeal teams to tell customers all bans are under review no matter what the reason is to buy them time to separate Claw bans from legitimate abuse bans that need to be upheld.
The fact that users are paying $250 for a service they can't use for at least the last 11 days kills any sympathy I had that Google needed "quickly shut off access", it's like they just sat on their hands until the social media storm hit flash-point.
After 11 days there still isn't even an official statement, just a panicked tweet from a dev likely also getting hammered on socials, goodness knows how long before accounts are restored and credits issued.
Even the original Google employee in the forum thread just ghosted everyone there after the initial "we're looking into it".
PunchTornado
come on, using a monthly paid subscription to obtain auth tokens to use claws bots is quite obviously agains T&C. you need to pay api prices for that. I am sure 100% of those knew they were doing something wrong but proceeded anyway.
infecto
Sometimes I wonder where I am when people are so shocked. I genuinely don’t understand who would think this is allowable? Is this simply a younger generation and I am old now? API keys vs the auth tokens smells the same as public vs private APIs, don’t be surprised you get shut off if you are using a private API.
Havoc
It's a bit leftfield for sure, but "malicious"?
opsmeter
[dead]
bethekind
This is draconian.
> Our investigation specifically confirmed that the use of your credentials within the third-party tool “open claw” for testing purposes constitutes a violation of the Google Terms of Service [1]. This is due to the use of Antigravity servers to power a non-Antigravity product. I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. I am truly sorry to share this difficult news with you.
torginus
Isn't the reason companies are doing this because they're offering tokens at a discount, provided they're spent through their tooling?
Considering the tremendous amount of tokens OpenClaw can burn for something that has nothing to do with sofware development, I think it's reasonable for Google to not allow using tokens reserved for Antigravity. I don't think there's such a restriction if you pay for the API out of pocket.
jacquesm
> Isn't the reason companies are doing this because they're offering tokens at a discount, provided they're spent through their tooling?
Then maybe they should charge for that instead of banning accounts?
Google decided on their own business plan without any guns to their backs. If they decide to create a plan that is subsidized that's entirely on them.
NewsaHackO
So the issue is the same as Anthropic. They do charge for it though their API. The users, however, want to use the discounted "unlimited" flat rate through the first-party app instead, then get mad when they are told they have to use the same API every other third-party app does.
lelanthran
> Then maybe they should charge for that instead of banning accounts?
They do, though - you're free to buy tokens and use Google's AI/LLM via the API?
What OpenClaw was doing was pretending to be a different product (Anti gravity) in order to use the cheaper tier.
hatsix
Google wants usage that earns them street cred, not usage from bots who will never evaluate the output. They're all fighting tooth and nail to acquire customers, both free and paid... they didn't want their giveaways to be burned.
renewiltord
If I say “you can use my car for $250/month if you don’t smoke in it” and then you pay me that money and you drive around until one day you smoke in it, I’m not going to let you smoke in my car. I told you not to smoke in it and you smoked in it. That’s the deal. All seems fine to me tbh.
SilverElfin
Yep it sounds like Google is charging too little, and taking losses that would be unsustainable for other companies, to try and win the market on AI coding products. Which is a violation of anti trust law, I think. Now that people are using their pricing in an unexpected way where their product isn’t the one winning from their anti competitive practices, they’re punishing the users. Classic monopolistic behavior. And why we need to tax mega corp more and break them up.
anonym29
[flagged]
mark_l_watson
I agree. As others have mentioned here, the authenticate with AntiGravity web popup clearly says that this authentication is only to be used with Google products.
How can Claws users miss this?
What Google could have done better: obviously implement rate throttling on API calls authenticated through the Gemini AI Pro $20/month accounts. (I thought they did this, buy apparently not?) Google tries hard to get people to get API keys, which is what I do, and there seems to be a very large free tier on API calls before my credit card gets hit every month.
LegateLaurie
Given how popular OpenClaw is (and that OpenClaw itself supports antigravity), I think it's shortsighted to not publicly state that it's not allowed and to warn users. Permanently banning people from Antigravity (much like any Google product) feels really harsh.
blitzar
Can I at least log in one last time and download my gmail messages from 2004?
jimbob45
Then it should be “This is your first and final warning. The next time we catch you, it’s a ban.”. People are building their lives around this stuff and kneejerk bans erode good faith in your platform.
lelanthran
> Then it should be “This is your first and final warning. The next time we catch you, it’s a ban.”. People are building their lives around this stuff and kneejerk bans erode good faith in your platform.
This is actually the soft-touch approach: the users of these vibe-coded products need to understand that they are delegating their authority to the tool to work on their behalf.
In this case, they delegated to a tool that broke the ToS. The result could have been a lot worse, and in return they learned that the tool is acting with their full authority.
-----------------
EDIT:
One of the users got this response from google support:
> Our product engineering team has confirmed that your account was suspended from using our Antigravity service. This suspension affects your access to the Gemini CLI and any other service that uses the Cloud Code Private API.
Their decision? To break ToS on some other provider:
> I guess it is time to move on to Codex or Claude Code.
So, yeah, perhaps the users really are too stupid to understand what's going on, and even this soft-touch approach has done nothing to clue them in.
cogman10
Oh man.
What a wonderful way to stop people from using your LLM.
All these AI companies trying to get everyone to be locked into their toolchains is just hilariously short sighted. Particularly for dev tools. It's the sure path to get devs to hate your product.
And for what? The devs are already paying a pretty penny to use your LLM. Why do you also need to force them to using your toolkit?
usef-
There is a reality that when they control the client it can be significantly cheaper for them to run: the Claude code creator has mentioned that the client was carefully designed to maximise prompt caching. If you use a different client, your usage patterns can be different and it may cost them significantly more to serve you.
This isn't a sudden change, either: they were always up-front that subscriptions are for their own clients/apps, and API is for external clients. They don't document the internal client API/auth (people extracted it).
I think a more valid complaint might be "The API costs too much" if you prefer alternative clients. But all providers are quite short on compute at the moment from what I hear, and they're likely prioritising what they subsidise.
cedws
It reminds me of the net neutrality debate from a decade ago. I'm not American but I remember the discord and online hate towards Ajit Pai when they were repealing it.
On one side you had the argument that repealing net neutrality would mean you can save money on your internet bill by only paying for access to what you use. On the other, you had the argument that it would just enable companies to milk you for even more profit and throttle your connection as they see fit.
IMO we need 'net neutrality' for LLM clients. I feel like AI companies are hypocrites for talking about safety all the time, but want us to only use their LLMs in the way they intend. They're saying we're all going to be replaced by AI in 12 months, and we have to use their tools to survive, right?
Yann LeCun recently warned that the AI coming out of China is trending towards being more open than the American alternative. If it continues like this, I can see programmers being pushed towards Chinese models. Is that what the US government wants?
esskay
I imagine its a case of the providers not wanting to admit its costing them a fortune because suddenly all these low-medium usage accounts are now their highest use ones.
Not saying it's right. But it's also not exactly a secret that they are all taking VERY heavy losses even with pricey subscriptions.
jsheard
> But it's also not exactly a secret that they are all taking VERY heavy losses even with pricey subscriptions.
It's absurd, there's people out there paying $200 for the equivalent of $1600 in API credits. Of course there's a catch! What did you expect!
https://bsky.app/profile/borum.dev/post/3meynioealc2x
That tool is "ccusage" if you're a Claude subscriber and want to see what the damage will be if/when Anthropic decides to pull the rug.
llm_nerd
The devs are paying to use the UIs provided by the company. The usage-based API is a separate offering, and everyone knows that.
It's okay to be annoyed at being caught, but honestly the deer in the headlights bit is a bit ridiculous.
If you want to use an API, pay for the API option. Or run your own models.
chasil
Google has been particularly pernicious in the corporate exercise of zero-tolerance.
Because of their large footprint in so many areas, it is wise to greatly (re)consider expansion in the ways that you rely on them.
fy20
Antigravity is useless anyway. I tried it last week and it needs approval for every file read and tool call. There's an option in the app to auto-approve, except it doesn't work. Plenty of complaints online about this. Clearly they don't actually care about the product, some exec just felt that they need to get into the editor game.
Next I tried using the Antigravity Gemini plan through OpenCode (I guess also a bannable offense?) and the first request used up my limit for the week.
driverdan
Hopefully this gets people to stop using Google for more than just LLMs.
overgard
The tool thing is kind of infuriating at the moment. I've been using Claude on the command line so I can use my subscription. It's fine, but it also feels kind of silly, like I'm looking at ccusage and it seems like I'm using way more $ in tokens than I'm paying for with the subscription. Which is a win for me, but, I don't really feel like Claude Code is such a compelling product that it's going to keep me locked in to their model, so I don't know why they're creating such a steep discount to get me to use it. I'm perfectly fine using Codex's tools, or whatever. I dunno, it seems like way more cost effective to use the first party tools but I'm not sure why they really want that. Are the third party tools just really inefficient with API usage or something?
lelanthran
> I dunno, it seems like way more cost effective to use the first party tools but I'm not sure why they really want that. Are the third party tools just really inefficient with API usage or something?
No, the first party tools, even if they used the same number of tokens, gives them valuable data for their training.
Essentially, the first party tools are subsidised because it saves them money on gathering even more training data. When you use a 3rd party tool, you are expected to pay the actual cost of each token.
noosphr
You are being subsidised to the tune of 50 to 99.9 cents on the dollar compared to the API.
What the hell do you expect? To get paid for using other people's tools on Google's servers?
sowbug
Businesses do not have an entitlement to profit. Suspending customers for using a fairly expensive subscription plan -- especially forfeiting an annual prepayment for a day or two of coloring outside the lines -- sure does make Google appear entitled to profit without ever risking its own pricing model.
jacquesm
No, this is hilarious: company that rams their AI down your throat at every opportunity then turns around and shuts down your account because you actually use their AI... there is no limit to the idiocy around Google's AI roll-out. I wished I could donate the AI credits that I'm paying for (thanks Google for that price increase for a product I never chose to buy) to the people that need them more.
jcgrillo
This kind of reputational damage is just adding fuel to the fire. If my business depended in any way on google--GCP, GSuite, whatever--it would right now be a very urgent task to fire them and find replacements. They've been pretty sketchy for a while, but this kind of thing is over the top.
user34283
Terminating accounts that tried to cheat on pricing by having a third party application pretend to be Antigravity is entirely expected and does not damage Google's reputation in my view.
overgard
Yikes!! This is really unfortunate, because Google's models seem very good but there's no way I'm using a google service for this kind of thing with those policies. I don't even want to run OpenClaw, but that's scary! Plus, I have my google account tied to authenticating so many things that if my account were to be suspended or something that would be a nightmare.
I haven't tried Antigravity but I remember on release it had huge UX issues. Is this product just not ready for primetime?
ludjer
There is nothing stopping you from using google models just get the correct product, you can pay for tokens then they do not care what you use it for.
overgard
The issue for me is the customer support here, not necessarily that they don't have good offerings. (I know they've always been bad at customer support, but this all seems egregious)
mark_l_watson
Excuse me giving you advice, unasked for: as part of your ‘digital life spring cleaning’ spend some time converting auth with Google/Apple/GitHub for services to logging in with your email (on your own domain) and some other second auth.
BTW, I tend to only use Google for services I pay for (YouTube+, APIs, Gemini Plus, sometimes GCP).
user205738
Just create another Google account. I don't remember there being any restrictions for this. Every time the service required a Google account to log in or it was easier than registering and going through the checks, I just created a new Google account and registered.
therealmarv
How about giving the user a big warning to not do that and then block the account if the user continues. This total blocks are crazy. Especially for people who use their Google account for 20+ years or something.
jauntywundrkind
Google's bundling of so many services into one account is becoming a gargantuan liability for them & their users.
This "zero tolerance" policy is just absurdly mega-goliath out of touch with the world. The sort of soulless brain dead corporatism that absolutely does not think for even a single millisecond about its decisions, that doesn't care about anything other than reducing customer support or complexity, no matter what the cost.
Kicking people off their accounts for this is Google being willing to cause enormous untoward damage. With basically not even the faintest willingness to try to correct. Gobsmacking vicious indifference, ok with suffering.
smartbit
Maybe European DMA or DSA should act against google kicking people off their accounts without recourse?
moontear
Time and time again it is shown to *not* use your main account for everything. This goes for Apple and having a separate account for development work, for the App Store and your main iCloud account but this also goes for all other SaaS providers.
You are doing groundbreaking new and untested stuff with Claw? Do not use your main account. You want to access your main account's data? Sure, allow it via OAUTH/whatever possible way.
Have separate accounts, people. You don't want one product groups decision in those large SaaS corps to impact everything else.
bombela
> Time and time again it is shown to not use your main account for everything.
Good luck opening new google accounts for separation of concern. The new account is banned before the eula page finishes loading.
Google sends code via text msg to my main account phone number to unban, without me ever even filling a phone number.
After a day the account was banned again and pending automatic deletion. The appeal then took an artificial 5 days wait. I had to plead to what I presume is an AI. I had just paid $100 so it's not like I didn't show I was serious.
I am fairly certain that if they ban one account they will also ban the other anyways.
overgard
It seems like a temp ban here would be totally reasonable, like, "we disabled your account for a day here's why, don't do it again". Permanent though, eek!
TrackerFF
Nothing new. 10 years ago my (now 20+ year) google account was compromised for a whole 5 minutes. It was used by shady bots, and instantly banned. No warnings, no nothing. Trying to figure out what had happened was a challenge in itself.
Getting through to customer support was impossible.
5 years later I tried to get my account opened up, filled out some forms, and by some miracle it was.
My biggest takeaway from this (other than enabling 2FA) was that it is probably easier to get ahold of the scammers that control your account, than to get ahold of actual human customer support at google / alphabet.
rurp
Google will happily screw over users with 2FA as well. A few years ago I was out of state for the funeral of someone very close to me. I lost my phone and then needed to get into my email urgently. I didn't have my computer or any other devices with me and no way to get to them. Fortunately I had actually planned ahead for something like this and added my partners phone number as a 2FA method. So I tried to login with that and Google refused!
Google said that because I had more secure 2FA methods configured it wouldn't allow my to use one of the methods that I had very intentionally configured for exactly this scenario. My opinion of the company was already pretty low but I was still shocked that they would simply discard my security settings without any warning or override option. They made one of the worst trips of my life even more miserable. Google hates their own users so much.
anon84873628
Can you help me understand which of these happened?
1) Open Claw has a Google OAuth client id that users are signing in with. (This seems unlikely because why would Google have approved the client or not banned it)
2) Users are creating their own OAuth client id for signing themselves into Open Claw. (Again, why would these clients be able to use APIs Google doesn't want them to?)
3) Users are taking a token minted with the Antigravity client and using it in Open Claw to call "private" APIs.
Assuming it's #3, how is that physically accomplished? And then how does Google figure out it happened?
moontear
"how does Google figure out it happened" - no insider knowledge, but the calls Claw makes are very different than the regular IDE, so the calls and volume alone would be an indicator. Maybe Google has even updated their Antigravity IDEs to just include some other User Agent, that Claw auth does not have.
Everything just guesswork, but I don't think it is too hard to figure out whether it is Antigravity calling the APIs or any Claw.
hiuioejfjkf
[dead]
nucleative
I cannot de-Google fast enough.
So if I ask Google's AI studio the wrong question, I might get my G-drive, Gmail, API access, Play store, YouTube channel, "login with Google" tokens, and more all ripped away instantly with no recourse?
No thanks
ninjagoo
Google is a company well down the path of enshittification, they even got rid of their motto "Don't be evil".
As a consumer, you're better served by using services from companies earlier in that lifecycle, where value accrues to you, and that's not Google, and likely not many other big providers.
When those newer companies turn, you switch. Do not allow yourself to get locked into an ecosystem. It's hard work, but it will pay dividends in the long run.
t-writescode
I [ctrl+f]'d for this comment in the thread linked above, and couldn't find it. May I ask where you saw that?
cupantae
It’s there. User Jun_Meng.
t-writescode
Thank you. I wonder if partial loading or something was keeping me from finding it. Oh well.
Either way, for everyone else: https://discuss.ai.google.dev/t/account-restricted-without-w...
There's the direct link to the specific post.
SilverSlash
Same. Cannot find it in that thread and I would like to know the source too.
paxys
I don't know why people here can't accept the simple fact that AI companies are offering cheap "unlimited" plans as a loss leader to tie you to their ecosystem, and then make up for it via add-ons, upsells, ads etc. If you use those API tokens to access external services it defeats the purpose. The hack may have worked so far, mainly because no one was checking, but they are all going to tighten the access eventually (as Anthropic and Google have already done).
Either stick to first party products or pay for API use.
stevage
No one is shocked that they don't allow this. Everyone is shocked that they silently, permanently banned the user with no recourse and it took significant effort even to find out that much.
DavidPiper
Sorry to be that guy, but given how often Google has done this for lesser infringements (some reported here on HN), is anyone really "shocked" by the permabans?
The apparent shock around this sort of thing always feels like cope for the fact that we (myself included) understand the power imbalance between Google and its customers but don't want to admit it.
There's plenty of evidence at this point, and I feel like we should be using that emotional energy to actually do something about it (like switching providers for critical personal services, for example).
s3p
>Sorry to be that guy, but given how often Google has done this for lesser infringements (some reported here on HN), is anyone really "shocked" by the permabans?
Yes, we are surprised. Google understands our surprise, too. To quote the Google employee another commenter mentioned: "We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on"
techpression
When reading HN I get the impression that a lot of people are convinced monthly plans are very profitable for the companies, I don’t have any numbers but to me it always seemed like a bait and switch or ”bait and make you pay with your data too”.
vineyardmike
I'll bite. I suspect that these plans aren't as intensely subsidized as people assume. I believe that API usage is probably also not subsidized at all. First, yes, subs are probably subsided, but I bet a significant % of users are profitable to serve, especially the "chat" users who don't use dev tools and have short context window conversations. Yes, I think the subs also exist as a driver to get lock-in and market share. Claude Code, for example, is very good and I stopped using their competition when they released their superior product.
That said, I assume that (1) their long-term goal is to create cheaper-to-serve models that fit within their pricing targets, and use the (temporarily) subsidized subscriptions to find the features and costs that best serve the market. Maybe even while capturing more margin on the API in comparison (eg keep API prices high while lowering cost to serve a token). I've largely stopped using Opus, and sometimes even chose to use Haiku, because the cheaper models are fast and usually serves my needs. It's very possible to work all-day and barely hit the usage limits with Haiku on the $20/mo option. Long term, that could be profitable outright.
And (2) subscriptions with lower SLOs than API calls have the potential to provide "infill" usage for high fixed-cost GPUs as an alternative to idling, similar to their batch APIs. I'd believe that overnight usage limits could/should be higher than during California work-hours. I assume most big providers have pre-paid fixed cost servers, so pumping more tokens through an otherwise idle GPU is "free". They can also do a lot more cost-optimization behind the scenes, such as prompt caching, to reduce the cost of tokens.
techpression
As a company with little other (any?) revenue you have to include all costs though. Data centers, power, hardware, salaries, marketing, etc. Not just training models and serving requests.
I don’t see how it’s not subsidized substantially considering how much money they’re burning right now (I only base that on their rounds though).
lelanthran
> First, yes, subs are probably subsided, but I bet a significant % of users are profitable to serve, especially the "chat" users who don't use dev tools and have short context window conversations.
Why would WebChat users need a subscription? It's free; I've even pasted tarballs of entire repos in there, and haven't hit limits!
>
NitpickLawyer
> I'll bite. I suspect that these plans aren't as intensely subsidized as people assume. I believe that API usage is probably also not subsidized at all. First, yes, subs are probably subsided, but I bet a significant % of users are profitable to serve, especially the "chat" users who don't use dev tools and have short context window conversations. Yes, I think the subs also exist as a driver to get lock-in and market share. Claude Code, for example, is very good and I stopped using their competition when they released their superior product.
I somewhat agree, somewhat disagree with this. I think API based is not subsidised. If you do some basic napkin math they should have enough room there to serve the models below cost if the models aren't insanely large (you can compare with 3rd party openrouter offerings and have an idea of what $/Mtok you can serve per model size. e.g. Haiku level models can be ~700B tokens and still be profitably served)
I think 20-200$ all-you-can-prompt are likely subsidised. If you track token usage (there are many 3rd party tools that do this) you can get 4-5x the API usage out of them (it used to be even higher before they added weekly limits. People were seeing 10-20x usage). Now I think that's a bit tough to make the napkin math work out. I've compared sessions served over API with sessions from subscriptions, and you get much more usage out of them, even with 5h / weekly limits. Strictly for coding, I think they're subsidising them.
I somewhat disagree that they're doing it for market share / user lock-in. I think signals and usage trends are much more valuable for them. While there might be user retention for "casual" users (i.e. web) I think the power users in coding will move as soon as the competition has a better product. So at the end of the day having data to improve models and have the "best" model in a niche is more productive than retaining users with an inferior product. That is an assumption tho, and there isn't much math you can do to figure that out from the outside.
danny_codes
Seems like a hassle when open source models are just as good. Can go with any hosting provider. Might have to wait 3-4 weeks for them to duplicate whatever Anthropic is doing with token caching. But then you get 10x cheaper inference.
I feel like this game is just a hot potato, can you get retail to hold the bag game
disiplus
I have them all. They're not just as good. Whoever tells you that looked only at the benchmarks, not real use. They all fall short at some point.
Kimi K2.5 is the best one, but it's still not at the level of what Anthropic released with opus 4.5.
danny_codes
We’ll have to give it 3 weeks.
paxys
Open models are very far in performance from the top models of Anthropic, OpenAI and Google. And that's skipping over the fact you need somewhere to host them.
neop1x
Recent open-weights models(MiniMax, Kimi K2, GLM, Mistral) are also quite good, can be self-hosted or accessed through 3rd-party hosters or OpenRouter and they are sufficient for most of the tasks. Just stop paying overpriced "unlimited" subscription bul**hit.
CuriouslyC
OpenAI and the Chinese companies let you all you can eat openly. Anthropic's lead vs OAI is slight and these things are going to homogenize quickly. The market is going open and the people trying to keep it closed are just generating ill will pointlessly.
NewsaHackO
>OpenAI and the Chinese companies let you all you can eat openly.
You say this, but I guarantee that when they do offer a plan similar to Google/Anthropic's dedicated coding "unlimited" subscription, they will do the exact same thing. Maybe they will let OpenClaw in as a first party because of their partnership with the creator.
sfink
OpenClaw is a massive liability. Regardless of the creator's employment, OpenAI is not dumb enough to officially release a ticking PR bomb like that. I don't know what they'll do with the creator, I guess pump him for ideas and keep him off the streets. (Simply telling him to design out the same thing in a form that is releasable should be enough to keep him quiet for a good long time.)
OpenClaw doesn't need the creator in order to continue to be a reputation risk nightmare for all of the AI companies, though.
refsys
Where does Anthropic offer an "unlimited" subscription? All of the plans mentioned on https://claude.com/pricing have limits, same as usage of Codex on OpenAI's ChatGPT subscription plans. If Google forgot to actually enforce a rate limit (that they do mention on https://antigravity.google/pricing) on theirs, that sounds like a huge oversight.
wyre
hmm? openAI has a $200 subscription too.
LinXitoW
But none of these are unlimited, that was never the expectation. It's a flat rate for a flat (but hidden) amount of usage. What's disgusting is that they want the good parts of subs (low usage subs), but then just ban the bad parts (high usage people). I don't care whether that's technically possible, it's incredibly scummy.
javascriptfan69
So what are they supposed to do?
Race to burn as much cash as possible in hopes that the other goes bankrupt first?
These models aren't profitable at the fixed subscription tiers.
andersmurphy
That is the plan yes.
beAbU
> Race to burn as much cash as possible in hopes that the other goes bankrupt first?
This has been standard in the VC playbook for the last decade or so. The only moat these companies have is the size of their war chests.
cedws
Likely we'll just move to the Chinese models.
MattDaEskimo
I'm very confused here. The monthly plans are meant to be used inside of Google's walled garden, but people are somehow able to capture (?) and re-use the oAuth token?
Regardless, I thought it was pretty obvious that things like OpenClaw require an API account, and not a subsidized monthly plan.
zythyx
Exactly, OpenClaw (or I think possibly an addon/extension or unofficial method) is allowing Googles Antigravity authentication to connect the app. This allows for 'unlimited' calls through Antigravity models with a subscription, instead of the proper Gemini/Google AI Studio API key method (charged per million tokens)
API usage can get very high for automatic operations, especially with apps like Kilo/Roo/Cline, and now with OpenCode/OpenClaw. I often blast through $10-20 in a single day of just regular OpenCode usage through OpenRouter
If I could pay a subscription and get near unlimited use (with rate limits), of course I'd do that, but not like this. I'm pretty sure Antigravity has ToU somewhere that indicates it's only allowed for use in Antigravity and nowhere else, since I've seen other threads on this happening: https://github.com/jenslys/opencode-gemini-auth/issues/50
jauntywundrkind
Sure. But a zero strike getting kicked out of your Google account is a grotesque evil.
Edit: maybe it's not the whole account? https://news.ycombinator.com/item?id=47116330
__w1kke___
No - use OpenAI, no problem. OpenAI wins here big time.
hsaliak
Google's Pro service (no idea about ultra and I have no intention to find out) is riddled with 429s. They have generous quotas for sure, but they really give you very low priority. For example, I still dont have access to Gemini 3.1 from that endpoint. It's completely uncharacteristic of Google.
I analyzed 6k HTTP requests on the Pro account, 23% of those were hit with 429s. (Though not from Gemini-CLI, but from my own agent using code assist). The gemini-cli has a default retry backoff of 5s. That's verifiable in code, and it's a lot.
I dont touch the anti-gravity endpoint, unlike code-assist, it's clear that they are subsidizing that for user acquisition on that tool. So perhaps it's ok for them to ban users form it.
I like their models, but they also degrade. It's quite easy to see when the models are 'smart' and capacity is available, and when they are 'stupid'. They likely clamp thinking when they are capacity strapped.
Yes the models are smart, but you really cant "build things" despite the marketing if you actively beat back your users for trying. I spent a decade at Google, and it's sad to see how they are executing here, despite having solid models in gemini-3-flash and gemini-3.1
gck1
> Yes the models are smart, but you really cant "build things" despite the marketing if you actively beat back your users for trying
I think this is the most important takeaway from this thread and at some point, this will end up biting Google and Anthropic back.
OpenAI seems to have realized this and is actively trying to do the opposite. They welcomed OpenCode the same day Anthropic banned them, X is full of tweets of people saying codex $20 plan is more generous than Anthropic's $200 etc.
If you told me this story a year ago without naming companies, I would tell you it's OpenAI banning people and Google burning cash to win the race.
And it's not like their models are winning any awards in the community either.
lukeschlather
My impression is there's a definite shortage of GPUs, and if OpenAI is more reliable it's because they have fewer customers relative to the number of GPUs they have. I don't think Google is handing out 429s because they are worried about overspending; I think it's because they literally cannot serve the requests.
gck1
This sounds very plausible. OpenAI has hoarded 40% of world's RAM supply, which they likely have no use for other than to starve competition. They (or other competitors) could be utilizing the same strategy for other hardware.
Which is worrying, because if this continues, and if Google, who has GCP is struggling to serve requests, there's no telling what's going to happen with services like Hetzner etc.
solatic
OpenAI is dependent on same hyperscalers (most specifically Microsoft/Azure) as everyone else, and even have access to preferential pricing due to their partnership.
A better explanation is to point out that ChatGPT is still far and away the most popular AI product on the planet right now. When ChatGPT has so many more users, multi-tenant economic effects are stronger, taking advantage of a larger number of GPUs. Think of S3: requests for a million files may load them from literally a million drives due to the sheer size of S3, and even a huge spike from a single customer fades into relatively stable overall load due to the sheer number of tenants. OpenAI likely has similar hardware efficiencies at play and thus can afford to be more generous with spikes from individual customers using OpenCode etc.
tom_m
You can build plenty with Google ai pro plan and Antigravity. Yea there's some limits that should be even higher, but you can still build stuff.
mannanj
It's unfortunate though that they lie and deceive by having a name called "Open"AI when they are in fact "Closed". And the whole non-profit to profit and Microsoft deals are just untrustable and unethical.
They also actively employ dark strategies in cooperation with CIA and who knows when they will pull the rug under you again.
Do you really trust a foundational rotten group of people who avoid accountability?
gck1
I don't know what it's called when something becomes an irony and then this irony becomes an irony itself, but that's what's up with OpenAI today. On one hand, they started this 'we're closing things down because safety' line, they normalized $200/mo subscriptions, but now they're becoming the most open AI company between the big 3. Their tooling is open source, they're lenient on their quotas on lower plans, and their allowance of third party integrations is also unique.
I would still consider OpenAI naming incorrect, but between the 3, they kind of are, open.
tempaccount420
I'm guessing at least 50% of the "users" of Antigravity are actually OpenCode users exploiting the oauth and endpoint. Must be infuriating to them if they're subsidizing it.
The OpenCode plugin (8.7k stars btw!) even advertises "Multi-account support — add multiple Google accounts, auto-rotates when rate-limited"[1]
[1] https://github.com/NoeFabris/opencode-antigravity-auth/blob/...
ingatorp
I've stopped using Gemini models altogether because of this. I'm using Claude Code with MiniMax M2.5 for a while now and i couldn't be happier. I haven't noticed any drop in output quality and the biggest advantage is that even the $10 is pretty generous. I haven't been hit with rate limit, not even one time. And i'm pretty heavy user. I tried also GLM 5.0 but i hit rate limit there pretty early on.
AJRF
One thing with GLM 5 is they seem to do this weird thing where when your account is just opened it limits you really heavy, then this gets lifted later.
I had buyers remorse when the first hour or two I kept getting rate limited on GLM5, but since then i've not had a single rate limit and I am using it very heavily.
harshitaneja
Just adding for context that I use Gemini Ultra and across all models from Gemini 3.1 Pro to Claude Opus 4.6, I have never hit 429s as well as hitting model quota limits is incredibly rare and only happens if I am trying to run 3 projects at once. While not the biggest agentic coding fan, I have been toying with them and have been running it for at least 7-8 hours a day if not longer.
oofbey
I’ve often suspected these models of getting dumber when the service is under high load. But I’ve never seen actually measured results or proof. Anybody know of real published data here?
transcriptase
ChatGPT was brutal for it a couple years ago. You could tell when it would go into “lazy mode” during peak usage periods.
Suddenly instead of writing the code you asked for it would give some generic bullet points telling you to find a library to do what you asked for and read the documentation.
lelanthran
> ChatGPT was brutal for it a couple years ago. You could tell when it would go into “lazy mode” during peak usage periods.
ChatGPT web has been doing this for a week now, for me. Ask some technical question and get a reply absolutely filled with AI phrases (Not $X, Just $Y, the key insight, the deeper insight, etc) dominating about 50% of the text, with the remaining 50% some generic filler stuff partially related to the tech I asked.
Last night I read through a ChatGPT web response about solutions for a security bootstrapping problem without holding keys/password, and it spat out pages and pages of key insights, all nicely numbered sections with bullet points in each section, without actually answering the question.
Moved to Claude Web immediately, got a usable answer on the first try.
ayewo
Here's a recent comment [1] by an OpenAI engineer confirming that they do in fact make such trade offs between intelligence and efficiency.
int_19h
That comment only says that they have a lot of different options for smaller & faster models that people can opt into. It doesn't say that they dynamically scale things up or down depending on demand.
forgotTheLast
Not exactly what you're looking for but https://news.ycombinator.com/item?id=46810282
oofbey
This is exactly what I want for data, but doesn’t seem to draw any conclusions yet. Thanks!
sva_
It is indeed somewhat sad/ridiculous to see that my GH Copilot Pro grants me access to Gemini 3.1, but my Google AI Pro does not
obblekk
This is the first time in recent memory that software has had high variable costs so the surprise at these rules is understandable.
In this case, a the difference in context cache hit rate between openclaw and antigravity.
For example if openclaw starts every message with the current time hh:mm:ss at the top of the context window, followed by the full convo history, it would have a cache hit rate if ~0. Simply moving the updated time to each new message incrementally would increase hit rate to over 90%. Idk if openclaw does this but there’s many many optimizations like this. And worse, thrashing the cache has non linear effects on the server as more and more users’ cached contexts get evicted from cache due to high cardinality. The cost to serve difference could be >10x.
Google is the furthest behind on coding agent adoption and has all the incentives to allow off policy use to grow demand. But it would probably be better to design their own optimized openclaw and serve that for free than let any unoptimized requests in.
martinald
It's a fair point, but I think people are thinking too much about 'cost' and 'subsidies' and just the fact that everyone is so compute stretched.
While it's sort of the same thing, I think it's much more a symptom of not enough compute vs some 'dump cheap tokens' on the market strategy.
One related thought I had was that given OpenAI is the only one _not_ doing this of the big3, it probably indicates they have a lot more spare compute.
It doesn't make sense to me that given the absolutely brutal competition any of these companies would block use of 3rd party apps unless they had to. They clearly have enough cash, so I don't think it's about money - I think it's that an indicator that Google and Anthropic are really struggling with keeping up with demand. Given Anthropics reliability issues last week this does not surprise me.
rustyhancock
I agree with all this.
I would add though that many are also being caught up in antispam efforts.
I.e. that for every legimate OpenClaw user doing something trivial with their account misusing the sub. There is probably 10x using it to send spam emails and spam comments.
I suspect from googles perspective some of these people are just a rounding error.
That said I use API where I should and the sub in the first party apps. Perhaps I'm too much of a goody two shoes but AI already feels such an overwhelming value prop for me I don't care.
That said I think you're right in that money matters here but I think the subs as they intend people to use them is hugely profitable i.e. the people doing 10 chats per work day and a few in the evening but paying £20 per month.
easton
> One related thought I had was that given OpenAI is the only one _not_ doing this of the big3, it probably indicates they have a lot more spare compute.
Or, pessimistically, it could indicate they’re burning cash hoping the subsidized access will eventually result in someone giving them a product idea they can build and resell at a profit.
If they let *claw (or third party coding agents, or whatever) run for six more months and in those months figure out how to sell a safe substitute and then cut off access, maybe it will have been worth it.
goodmythical
>This is the first time in recent memory that software has had high variable costs
Running software has always had a variable cost.
Why should I be surprised if [cloud provider] were upset that I were running a thousand free tier servers? Or utilizing any paid plan at all to somehow effect utilizations far exceeding the clearly documented limitations of my plan?
Using the torrent network protocol on a VPN that doesn't support it, or fork bombing an email server, or using that one popular free video hosting service to host nigh unlimitted arbritrary data, or hosting content that is illegal to the server operator regardless of its legality to me, etc, etc, etc
It's all the same thing: TOS violation.
No one is being forced to use these products without reading and signing the terms of service. In this particular instance, you can even use the free version of the provided service to analyze the terms of service for the paid plan if you were really so lazy.
I really am genuinely confounded as to why people are so regularly surprised that they can't just do whatever they please with proprietary solutions. Like "oh what do you mean I can't lie about the date of my injury in order to get it covered by insurance?".
It's almost like people just assume that everything ever works exactly as they would deam it to (in their benefit), rather than the much more sane assumption that every company is going to be naturally inclined to cater to their own benefit before the users'.
danpalmer
If you go to an all you can eat buffet, ignore the plates they give you, and start filling up your own takeaway boxes with days worth of food, you'd expect to be kicked out.
No one would think this is unreasonable. You're not paying for unlimited food forever, you're paying for all you can eat in the restaurant right there.
gck1
I'm confused by this repeat analogy here. There's 0 offerings with all you can eat type of deal. No AI service is offering that.
They all have amounts defined in their service agreements of how much you can eat and in what intervals.
BoorishBears
I'm confused why the presence (or lack of) a limit is relevant to the pretty simple analogy...
A buffet is saying "pay $X to eat food one plate at a time [up to 100 lbs of food]", and you show up and start shoveling the food into your bag. Does not really matter if we remove the 100lbs part.
Could you technically eat the same amount of food one plate a time? Sure. But if everyone does this, $X needs to be significantly more: even for the people who eat one plate at a time.
-
You could also argue they're playing a mean trick and deceiving people because technically someone could eat the same amount of food 1 plate at a time...
But they priced $X based on how much the average person can eat, not how much food they can carry in their arms. If the limits are so high that people don't leave hungry eating 1 plate at a time, it still seems like a fair deal.
I'm not exactly the type to jump for joy at siding with a corporation, but I really don't get why people are in a hurry to ruin a good thing.
danpalmer
I don't think there's even a limit. The limit is a soft limit enforced through the UX of the tool, the features it provides, or even how it's marketed. There are always going to be high cost users and low cost users, service providers know this and build it into their revenue modelling.
Another example is home internet connections. They're unmetered where I live, but I'm also told I can't run public internet services on it. Why? Because with "personal/home usage" there's just a practical limit to how much I can use my ~1Gbps pipe, whereas if I ran a public service I might max out that pipe. I'm a pretty heavy user (~60GB a day), but that's a world of difference from the >10TB I could theoretically hit.
> but I really don't get why people are in a hurry to ruin a good thing
This is the crux of it. I like services limited by practicality because they're a heck of a lot cheaper. If people want more usage there's always API billing, they just have to pay for what they're actually using.
lelanthran
> They all have amounts defined in their service agreements of how much you can eat and in what intervals.
Seems like you're okay with honoring the terms of service, then? Because the client you can use is also in the terms of service.
josephcsible
No, if you did that, they'd start by saying "hey, stop that", not jump immediately to "you're banned from every Golden Corral location for the rest of your life".
ajsnigrutin
But it's not takeout boxes, it's not taking stuff home, not even sharing... it's just bringing your own spoon with which you can eat faster.
gck1
I don't understand how this can be enforced without ridiculous levels of false positives. I'm truly baffled. The same with Claude Code situation.
gemini-cli, claude-code, codex etc, they ALL have a -p flag or equivalent, which is non-interactive IO interface for their LLM inference.
If I wire my tooling (or openclaw) to use the -p flag (or equivalents), is that allowed?
Okay, maybe they get rid of the -p flag and I have to use an interactive session. I can then just use OS IO tooling to wire OpenClaw with their cli. Is that allowed?
How does sending requests directly to the endpoints that their CLI is communicating with suddenly make their subsidized plans expensive? Is it because now I can actually use my 100% quota? If that's so, does it mean their products are such that their profitability stands on people not using them?
What is even going on?
rustyhancock
The direct answer is their clients play extra nice with their backend.
Specifically all optimize caching.
The indirect answer is for everyone using third party tools to play about there are 10x using it to spam or malicious use cases hammering their backend far cheaper than if it was by API.
These people are the false positives in this situation, but whether Google or Claude care is unlikely. They're happy to ban you and expect you to sign up for the API.
This has always been a worry when you use a service like Google.
merlindru
claude -p is allowed as far as I'm aware.
if i understand correctly, they even have a wrapper around it to make it easier to use: the Claude Agent SDK
the thing that's disallowed is pretending you're the claude binary, logging in through OAuth
in other words, if you use some product thats not Claude Code, and your browser opens asking you to "give Claude Code access to your account", you're in hot water
as for how they detect it: they say they use heuristics and usage patterns. if something falls wildly out of the distribution it's a ban.
my take is that the problem is not the means of detection. that's fine and seems to work well. the problem is that its an instant outright ban. they should give you a couple warning emails, then a timeout, etc.
adastra22
The Claude Agent SDK is explicitly disallowed from subscription use, as of a few days ago.
BoorishBears
No it's not. You can't offer OAuth + the Claude Agent SDK in your own product, but you can use Claude Agent SDK locally by signing in through Claude Code.
It's no different than using Claude Code directly.
skeledrew
Why a couple warnings and timeout? 1 warning that the next incident will lead to a ban should be enough. Treat people like adults, not kids.
merlindru
adults make mistakes and the situation was murky without clear guidance.
this was the experience for some claude subscribers just a couple weeks ago:
1. download opencode
2. select claude as a model
3. browser window opens, asking you to sign in. typical oauth screen.
4. everything works, prompt away
5. some days/weeks pass
6. you get permanently banned
now if you add one warning email just before step (6.) then that doesn't really help. what if it bounces? what if people don't check their emails? put a big flashy red warning into claude code? sure, but what if users accidentally dismiss it or simply do not understand it (non tech folks, non native english speakers)
its just the friendly and correct thing to do, in my opinion
nikcub
> they say they use heuristics and usage patterns.
cache hit rate alone would stand out
mvdtnz
Why do you mean by this? What cache?
akssassin907
The heuristic detection approach is fine. The penalty ladder is broken.
Reasonable progression: warning email → quota throttle → AI Pro subscription suspended → Google account suspended.
They skipped to step 4 on a first offense, paid account, no appeal. That's not a terms enforcement system, that's a hostage situation. "Comply or lose your digital life."
The real lesson isn't "don't use OpenClaw." It's: never let one company own your primary identity infrastructure.
gopil
Is OpenClaw a product though? It's more like a system/framework.
googinsider123
Haha, no. I can tell you that it is so obvious and there is basically no false positives. Can’t share more details though.
If it makes you feel any better, some google employees have their personal accounts banned too (only Gemini access, not the whole account) for running opeclaw, and also have a hard time getting their account reinstated.
andersmurphy
Its obvious why this us getting blocked open claw will make multiple orders if magnitude more requests. For each open claw user you could support tens of thousands of regular users.
The financial costs would clearly be ruinous.
gverrilla
I'm sure google employees that were banned can talk to a HUMAN to solve it.
hendersoon
The -p flag should be fine, so long as you don't use their oauth in a third-party tool. Gemini also supports A2A for this sort of thing.
gck1
But the question is - why is the -p flag fine? It hits the same endpoints with the same OAuth token and same quotas.
Comments section here and on related news from Anthropic seems to be centered around the idea that the reason for these bans is that it burns tokens quickly, while their plans are subsidized. What changes with the -p flag? You're just using cli instead of HTTP.
Are the metrics from their cli more valuable than the treasure trove of prompt data that passes through to them either way that justifies this PR?
samuel
I assume that -p is the same that "codex exec".
The difference is that in this case the agent loop is executed, which has all the caching and behaviour guarantees. What I assume OpenClaw is doing is calling the endpoint directly while retaining its own "agent logic" so it doesn't follow whatever conventions is the backend expecting.
How important is that difference, I can't say, but aside the cost factor I assume Google doesn't want to subsidize agents that aren't theirs and in some way "the competition".
NitpickLawyer
> Are the metrics from their cli more valuable than the treasure trove of prompt data that passes through to them either way that justifies this PR?
Yes. The only reason they subsidise all-you-can-prompt subscriptions is to collect additional data / signals. They can use those signals to further improve their models.
adastra22
Because the ToS explicitly says the -p flag is fine, but the Agent SDK is not.
joshribakoff
There are examples of labs banning these use cases for sure, as well as the presence of terms and conditions allowing them to ban you for merely “competing” with them. If you’re building, it could be worth locking in a contract first.
lelanthran
> I don't understand how this can be enforced without ridiculous levels of false positives.
It's embarrassingly trivial, IMO - compare what antigravity reports for token to what the backend reports for token usage for that user.
mannanj
I feel like it's about data quality. They want humans using the tools because that data is valuable and helps them improve the product. AI's using their product like OpenClaw makes their training missions harder. And even if you opt-out of training, they are still using your data for non-training purposes (you can't open out of that) and that human data is valuable.
dev1ycan
Every subscription's profitability stands on people forgetting to unsubscribe, how is this surprising?
gck1
They're in the wrong business then. They're selling peak automation software, with the sales pitch of 'have AI do your work while you sleep'.
Are they banning their core offering? Are Ralph' loops also banned for building software? Because I can drain my quota with a simple bash loop faster than any OpenClaw instance.
harrall
You most likely don’t pay per call for your cellphone.
You most likely don’t pay per machine to use the gym.
You don’t pay per cup if they allow unlimited refills.
You are not supposed to go into an all-you-can eat buffet and stuff steaks into your bag.
Sometimes not all of us want to do the math à la carte for every thing we use in life. Don’t ruin it for us.
dmix
You must not work in the SaaS business if you think that
jcgrillo
Not sure if this is sarcasm, but I'll respond as if it isn't. Having worked my entire career to date in the SaaS business, it is well known in some verticals that a large portion of revenue comes from companies that literally do not know they have purchased your product. And when you have a large customer like that, people are very careful to walk quietly and not do anything to notify them. I've seen it happen quite a few times.
paultendo
Of course Google can restrict how their API is accessed. But locking paid accounts with no warning, no explanation email, and no functioning support path while continuing to charge $249/month is a different problem entirely. A reasonable enforcement process would have been a warning email, grace period to stop using the tool, then restriction.
What an awful way to lose trust, locking out their users but billing them all the same.
SilverSlash
Their "API" isn't what's being accessed here. As far as I understand it's using their subscription account oauth token in some third party app that's the issue here.
Aperocky
If they allowed oauth token to work like that then that is their (Google's) problem.
gildenFish
It is basically impossible to disallow the token to work that way on a technical level. It would be akin to trying to trying to set up a card scanner that can deny a valid card depending on who is holding it. The only way to prevent it from working is analyzing usage patterns/details/etc in some form or fashion. Similar to stationing a guard as a second check on people whose cards scan as valid.
allthetime
Well, it looks like they're not allowing it.
whywhywhywhy
Google have always done this if they suspect you’ve broken TOS, if anything this is better than usual because usually you lose your Gmail and YouTube accounts too with no human to talk to about it.
theturtletalks
I was using Antigravity the proper way, but why would I risk my account using this subpar software? OpenClaw and Opencode literally obfuscate the API call exactly like Antigravity calls it. Do you really trust Google to only catch misuse using this dragnet?
edandersen
Google, unlike all their competitors, actually give Cloud API credits to all paying users of AI Pro and AI Ultra [1] - just use those for direct Gemini/Vertex API access instead of trying to hack the OAuth of Google's apps.
[1] https://blog.google/innovation-and-ai/technology/developers-...
benatkin
I think they could object to some uses of OpenClaw for that as well - for instance if someone just used a skill without caring what model it used.
mark_l_watson
great point - I am a heavy user of API calls (using an API key) for gemini-3-flash-preview and I find it difficult to spend my free API credits.
Get the top HN stories in your inbox every day.
So purely from a hacker perspective, I'm amused at the whining.
Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.
Then someone shares the exploit with a bunch of script kiddies, they exploit it to the Nth degree, and the company immediately notices and shuts everyone down.
Like, my dudes, what did you think was going to happen?
You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.
And instead, you integrate your exploit into hip new thing, share it at scale, write blog posts and short form video content about it, basically launch a DDoS against the service you're exploiting, and then are shocked when the exploit gets patched and whine about your free thing getting taken away?
Like, what did you expect was going to happen?