roothide

3.9K posts

roothide banner
roothide

roothide

@roothideDev

Make jailbreak easier to use on daily devices. Discord: https://t.co/NTmmon7Eqr

Katılım Nisan 2023
1.9K Takip Edilen13.6K Takipçiler
Sabitlenmiş Tweet
roothide
roothide@roothideDev·
we updated the roothide api/sdk to make it easier to use, it allows your tweak to perform at its best performance and stability on roothide , and it is now automatically compatible with building rootful/rootless packages. (previously you may have nested roothide and rootless APIs/macros in one project, now this is no longer necessary) github.com/roothide/Devel…
English
78
24
185
107.7K
Sidi jeddou
Sidi jeddou@sidi_jeddou_dev·
Elon has disappointed us all :( This is the guy who always calls @sama a scammer, was caught in 4k uploading our data to his cloud for unknown reasons. This is just very sad.
Sidi jeddou tweet media
English
59
59
853
31.1K
Vincent
Vincent@VincentBuilds·
@SpaceXAI FYI ZDR is only available to entreprise accounts
Vincent tweet media
English
11
9
809
45.3K
SpaceXAI
SpaceXAI@SpaceXAI·
We care deeply about your privacy and respect customer choice. For teams using zero data retention, no trace and code data is ever retained. All API key use of Grok Build also respects ZDR. If ZDR is disabled, the /privacy command is available in the CLI to disable data retention, which also deletes previously synced data. Run the /privacy command to view or change your settings at any time.
English
760
812
9.2K
4.3M
roothide
roothide@roothideDev·
@GrokInsider people have always considered the grok build CLI to be a local coding proxy, that's the problem.
English
0
0
0
46
Grok News
Grok News@GrokInsider·
It can be considered a true cloud coding agent precisely because your whole repository is sent to them. They can work with it fully in the cloud, find the best results, and send you instructions back to achieve the same outcome locally. On its own, it’s not a bad idea at all but the lack of transparency about how it works, why they need the full repo, and the missing ability to easily opt out is what’s concerning here.
English
1
0
0
21
Grok News
Grok News@GrokInsider·
Community Report: Grok Build CLI, repo uploads & what we know so far Heads-up for everyone using Grok Build. This is based on independent analysis + community testing, not an official xAI statement. 1.- What’s actually happening In recent versions of the Grok Build CLI: - Package your entire workspace as a git bundle (tracked files + full history) - Upload the bundle + session state to xAI’s grok-code-session-traces storage (GCS, Google Cloud Storage) Files the agent never opens can still be included. Any file it does read (including .env, keys, etc.) also goes to the model, same risk level as other cloud coding agents. 2.- Why it exists This is intentional product design, not a bug. Grok Build is a cloud coding agent. The model runs on xAI’s servers. Session traces and codebase snapshots help xAI evaluate and improve multi-file editing, agent behavior, and before/after states. Useful for the product. Bigger blast radius than a “feels local” terminal CLI suggests. 3.- What you actually consented to - No clear checkbox says “we’ll upload your whole git history.” - The ToS/Privacy Policy use broad “User Content” language (prompts + files you provide) for “operating and improving the service.” - “Improve the model” toggles don’t reliably block codebase uploads. Official docs mention telemetry knobs but don’t spell out the full git-bundle behavior in plain English. That’s the disclosure gap. 4.- If you’re working on private code, practical steps - Use throwaway/non-sensitive repos until you’re comfortable - Never leave real secrets on disk (rotate immediately if exposed) Disable uploads in ~/.grok/config.toml: [features] telemetry = false [telemetry] trace_upload = false [harness] disable_codebase_upload = true Or use env vars: GROK_TELEMETRY_TRACE_UPLOAD=0 GROK_TELEMETRY_ENABLED=0 Check logs (~/.grok/logs), look for trace.upload.decision → uploads_enabled: false Re-check after every update, remote settings can override. 5.- What this is NOT saying Upload ≠ proven training data Enterprise/ZDR plans may differ xAI can change defaults anytime We’re simply flagging observed client behavior + the disclosure gap so you can decide with eyes open. 6.- Sources & next steps Wire analysis (gist): gist.github.com/cereblab/dc9a4… LocalLLaMA discussion: reddit.com/r/LocalLLaMA/c… We’ll update this thread if xAI adds clearer first-run warnings or a true one-switch kill for codebase upload. Have you verified this yourself? Drop your Grok Build version + what you observed 👇
English
10
11
76
11.5K
roothide
roothide@roothideDev·
@GrokInsider this statement is very misleading. whether it's grok CLI, codex CLI, claude code, or copilot CLI, they all work in this way, but they are clearly all local coding agents. A true cloud agent can typically run in a browser without requiring the installation of a local CLI.
English
1
0
1
98
Grok News
Grok News@GrokInsider·
The key point is that Grok Build is intentionally designed as a cloud coding agent. The Grok model itself does not run on your local machine. - Your local CLI is just the bridge/interface:It prepares and sends your data (prompt + files/code) to xAI’s servers. - The model reasons there in the cloud, with full context from your project. - It sends back a response and/or instructions (plans, diffs, or commands). - The CLI then applies those changes locally on your machine (edits files, runs terminal commands, etc.). That’s exactly why it bundles and uploads your entire git repo (tracked files + full history) as a snapshot to xAI’s Google Cloud Storage (grok-code-session-traces bucket). It gives the model complete, rich context for complex multi-file editing, sub-agents, understanding git history, and deeper reasoning, without needing to request files one by one. This is by design for a powerful agentic experience, similar to other advanced cloud AI coding tools. The detailed community post and independent wire analyses (using mitmproxy traffic captures) have confirmed this behavior, including the full repo uploads even when files aren’t explicitly read.
English
2
0
1
150
Elaina
Elaina@Elaina43114880·
🚨 Your entire Git repository may be getting uploaded to the cloud by Grok Build by default. An independent wire-level analysis of Grok Build v0.2.93 found that it uploads more than the context the model actually reads. It sends a Git bundle containing every tracked file and the full commit history. Even when explicitly told not to open any files, the tester recovered untouched code from the captured upload. The scale is even more concerning: • From a 12GB test repo, at least 5.10GiB was successfully transmitted before the capture was stopped ☁️ • The actual model-interaction channel transferred only around 192KB • The upload destination pointed to Google Cloud Storage • Disabling “Improve the model” did not stop the repository upload This does not prove that SpaceXAI trains on the uploaded code. But the transmission, acceptance, and cloud storage were observed. 𝗪𝗵𝘆 𝗱𝗼𝗲𝘀 𝗚𝗿𝗼𝗸 𝗕𝘂𝗶𝗹𝗱 𝗻𝗲𝗲𝗱 𝘁𝗼 𝘂𝗽𝗹𝗼𝗮𝗱 𝘁𝗵𝗲 𝗲𝗻𝘁𝗶𝗿𝗲 𝗿𝗲𝗽𝗼 𝗮𝗻𝗱 𝗶𝘁𝘀 𝗚𝗶𝘁 𝗵𝗶𝘀𝘁𝗼𝗿𝘆 𝗯𝘆 𝗱𝗲𝗳𝗮𝘂𝗹𝘁? 😾 Until SpaceXAI explains this and confirms whether newer versions have changed the behavior, you’d better not let it touch a sensitive repository! 𝗬𝗼𝘂𝗿 𝗲𝗻𝘁𝗶𝗿𝗲 𝗚𝗶𝘁 𝗵𝗶𝘀𝘁𝗼𝗿𝘆 𝘀𝗵𝗼𝘂𝗹𝗱 𝗻𝗼𝘁 𝗯𝗲 𝘁𝗿𝗲𝗮𝘁𝗲𝗱 𝗹𝗶𝗸𝗲 𝘁𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆. 🔥
蓝点网@landiantech

🚨🚨🚨 SpaceXAI 的人工智能编码工具 #GrokBuild 被曝默认上传完整的 Git 仓库,包含工具本身没有读取的代码或调用的上下文以及 Git 完整提交历史。 测试还显示 12GB 的仓库数据被发送至少 5GB 的数据到谷歌云端,Grok Build 使用谷歌 GCP 来存储收集的这些数据。 目前这种行为已经在开发者社区引起关注,继续使用 Grok Build 可能存在潜在的数据泄露风险。 查看全文:ourl.co/113897?x

English
13
4
98
12.3K
Cereblab
Cereblab@cereblab·
Update: I wire-captured Claude Code, Codex, and Gemini the same way -- all three stay local, only sending files they actually open, and my planted "never-read" file never left the machine. Grok was the outlier, but as of today its own server now returns disable_codebase_upload: true (same app version) — it uploaded when I captured it, and the flag flipped after I published. Full comparison + reproduce it yourself: github.com/cereblab/grok-…
English
7
13
83
21.8K
roothide retweetledi
Uncle Yoyo 🍉
Uncle Yoyo 🍉@MicrosoftvApple·
I love it when devs make app installation fun like this
Uncle Yoyo 🍉 tweet media
English
7
9
324
12.9K
roothide retweetledi
David Weng
David Weng@thedavidweng·
It is alleged that @SpaceXAI's Grok Build CLI (v0.2.93) by default packages and uploads the entire codebase, including .env keys, to Google Cloud Storage, and this behavior cannot be prevented by disabling the "Improve Model" setting. Any file read by the tool is allegedly embedded verbatim into the model conversation request and packaged for upload. The entire code repository will be uploaded in the form of a git bundle, regardless of whether the prompt requests it to be read. @grok what do you think? reddit.com/r/LocalLLaMA/c…
English
11
3
11
2.2K
ClaudeDevs
ClaudeDevs@ClaudeDevs·
Claude Code on desktop now has an in-app browser. Claude can pull up docs, designs, or any other site. It can read, click through, and interact the same way it does with your local dev servers. It's sandboxed and configurable: you choose whether sessions persist.
English
717
1.5K
21.8K
3.3M
roothide retweetledi
Mineek
Mineek@mineekdev·
I'd like to thank everyone that ever donated to me, along with the person who just gifted me twitter premium ( not sure if they want to stay anonymous ). All the support has come a long way, and I'm forever grateful that people like my software enough to give monetary compensation. Thanks everyone, it really means a lot. Stay tuned for more stuff soon! Of course, it will always be free and ( most of the time ) open source!
English
6
2
38
3.5K
roothide retweetledi
Anubis Tweaks
Anubis Tweaks@AnubisTweaks·
PhoneHub v1.1.3 • Recents now show up to 200 calls (was 100) • Merge same number across your whole call log — one clean entry per contact • Excluded numbers list for Smart Loudspeaker Rootless (Dopamine) + RootHide ·15/16/17 Grab it on @HavocRepo soon 🔥 #jailbreak #iOS
Anubis Tweaks tweet media
English
0
4
25
4.1K
roothide retweetledi
Christophe Boutry
Christophe Boutry@Ced_haurus·
👉 Hide My Email : la fuite qui dure depuis un an et qu'Apple refuse de corriger. C'est le genre de faille qui devrait faire couler de l'encre. Tyler Murphy, cofondateur du service de suppression de données EasyOptOuts, a découvert un moyen de remonter à l'adresse mail réelle qui se cache derrière n'importe quel alias Hide My Email d'iCloud+. Sur les tests menés avec des volontaires, le taux de réussite est de 100%. Pour prouver que ce n'est pas du bluff, 404 Media a généré un alias tout frais et l'a transmis au chercheur. Cinq minutes plus tard, il leur renvoyait l'adresse réelle liée au compte Apple. Le vrai problème dans ce récit, ce n'est pas tant la faille elle-même. Les bugs, ça arrive. C'est la manière dont Apple a géré le signalement. Murphy prévient Apple en juin 2025, avec toutes les instructions pour reproduire le problème. Un mois plus tard, la firme confirme avoir ouvert une enquête interne. Silence radio pendant des mois. En mars 2026, Apple annonce que le souci a été réglé via un changement système. Murphy revérifie. Le bug est toujours là. En mai, plutôt que d'accélérer la correction, Apple lui demande de ne rien divulguer publiquement tant que l'enquête n'est pas terminée. Il propose alors une mesure de bon sens : suspendre temporairement la création de nouveaux alias, le temps de patcher. Pas de réponse. Fin mai, la firme promet un correctif "dans les prochaines semaines". Plus d'un an après le premier signalement, toujours rien. Murphy a fini par estimer que les utilisateurs méritaient de savoir, et il est allé voir la presse. Personne n'a encore publié le détail technique de l'exploitation, la faille étant toujours active. L'hypothèse qui circule du côté des communautés techniques évoque un problème lié aux emails malformés envoyés vers un alias, qui provoqueraient un message de rejet révélant l'adresse de redirection réelle. Rien de confirmé pour l'instant. Un lien avec la migration à venir vers le nouveau nom de domaine Apple pour les alias ? Source : macrumors.com/2026/07/01/hid…
Français
4
50
131
12.6K
roothide retweetledi
MEGA
MEGA@MEGAprivacy·
If you use Hide My Email because you care about your privacy... it's not working 🫣 Here's what Apple's Hide My Email is supposed to do: instead of handing out your real email when you sign up for something, you share a random alias so your real address stays private. Here's what's actually happening: someone can look up that alias and find your real email anyway. Security researcher Tyler Murphy discovered the flaw in June 2025 and reported it to Apple. Apple said it fixed it in March 2026, but it clearly hadn't. Every address Murphy tested was exploitable. The flaw is still live today, more than a year later. It seems privacy is not a priority for Apple
International Cyber Digest@IntCyberDigest

‼️ BREAKING: Apple's Hide My Email lets almost anyone uncover the real address behind a "hidden" alias, and Apple has left it unpatched for over a year. It was reported to Apple in June 2025 by Tyler Murphy of EasyOptOuts. He says every Hide My Email address checked in limited volunteer tests was exploitable. If you use Hide My Email to keep a real address off people-search sites or away from someone dangerous, treat that anonymity as unreliable.

English
8
26
162
15.1K
roothide
roothide@roothideDev·
@thsottiaux It would be even better if it could support searching for chat content of historical sessions.
English
0
0
3
578
Tibo
Tibo@thsottiaux·
Tons of improvements landed in Codex. - Handles super long threads smoothly. - Hoverable navigation rail for previewing and jumping between turns that feels just right. - Settings search covers more controls, with clearer appearance and host-filtering options and easier-to-find custom-provider settings. - Zoom-level changes no longer misalign tooltips, dialogs, menus, selection bubbles, drag previews, or autocomplete. - Copying into Slack preserves Markdown formatting such as bullets, bold text, code, and links; and large text pastes no longer freeze the UI. - And most importantly: a dedicated Pets panel.
OpenAI Developers@OpenAIDevs

🆕 Codex quality-of-life updates landed this week Starting with long threads: scrolling is smoother now, and your place stays put as you move through the conversation.

English
305
142
2.9K
343.7K