Hi all - I started this post as a general post, but it became long enough to become an announcement. I’ve been thinking this week about our relationship to our technically inclined and developer communities. We’ve seen amazing community-led development projects, and we’ve also seen some confusion, and misinformation about how we view our developer and technical audience and their projects.
So we just want to make some things clear about the way we operate in regards to developers, modders, etc and view different things that are going on here.
It’s our wish that we are considered friendly, honest and transparent in the way that we interact with everyone, including people from a technical background. That means identifying what is and what is not acceptable.
We may not have always hit the mark on this in the past, and while we can’t change anything that’s happened, we can try to ensure that we do better in the future.
That starts with understanding the lay of the land. As such, I teamed up with our security team to broadly identify a few different categories.
1) Hobbyist or professional developers interested in integrations, working with things like webhooks and rabbithole.
We 100% support this, and will work with you to be developer friendly on our end. As you may have heard, in the second half of the year, we are planning to officially support webhooks on rabbithole, and we’re always open to more ideas in this category for developer led integrations that we could support.
2) Hardware and ROM flashers.
Most if not all hardware devices have people in their communities who live dangerously with their devices. Many of us here have jailbroken or flashed alternate ROMs on our phones and gaming consoles etc in the past.
As a company, for obvious reasons we can’t officially condone this, and, as you probably know, when you do that, you invalidate your warranty and run the risk of bricking or otherwise breaking your device. At the same time, it’s your device, and we understand that people will do what they wish with them. Provided that you are not actively trying to undermine our security and/or other work, or doing anything that is illegal or poses a risk, we’d like to simply remain aware of these efforts, and we hope you will communicate with us about what you’re doing, on Discord or the developer discussion category on our forum. Additionally, if you make any documentation encouraging or informing others on how to do this, we’d encourage you to strongly state that users do this at their own risk, that doing so will invalidate their warranty, and that rabbit takes no liability for any damage caused to devices by engaging in this activity. It’s simply the responsible and right thing to do.
Please note that we see a difference between, “I want to do custom things with my r1”, and “I want to connect to r1 services directly” / “I want to build my own r1”.
Your r1 is yours to enjoy however you like, but accessing services designed for the r1 using a custom/3rd party client puts you into the border of group 3 or group 4 described below. Providing services like text to speech, speech to text, and accessing LLMs has monetary costs for the company, so we can’t just let anyone use those services in a “free for all” fashion outside of their r1.
3) Ethical hackers & security researchers
We actively welcome folks who fall in this category to continue their research provided that you act responsibly and in line with our vulnerability disclosure program. Your work is crucial and important, and we would like to recognize it provided you have the right intent. You can read more about our vulnerability disclosure program here.
4) Unethical hackers
Unfortunately there are people in the world who engage in any and/or all of the above without good intent – that is, people who seek to maliciously damage our company, products, and reputation. This risks real world harm to not just us, but to our users in general, and we will take every possible step available to us to prevent this from happening both now and in the future. If you seek to cause us and/or our users harm through public disclosures, the possession or sharing of stolen intellectual property or proprietary information, malicious hacking attempts to try to obtain user data, trade secrets, private materials, or through helping others who wish to cause us harm or reputational damage, that is completely unacceptable. If you, as members of our community, become aware of anyone you think may be engaging in this behaviour, or if anything seems suspicious, please report it to us via security@rabbit.tech
We believe that the vast majority of you with any interest or level of development, engineering and/or security backgrounds fall into the first three buckets. Yet, it would be irresponsible of us to not acknowledge that the 4th bucket exists, and to make sure you’re all aware of it.
We know that misinformation and speculation thrive in a vacuum, and so we strive to be open to avoid that. We’re committed to answering questions about our products and infrastructure as clearly as we can, and with the most amount of responsible transparency as possible.
Thanks for reading, and thanks for helping us make rabbit and r1 better every single day!
