@Lonely__MH: WTF—this is the ‘A-team’? Guangdong Mobile drops HTTPS, ships API keys in plain HTTP
Summary
Guangdong Mobile’s Token Plan ditches HTTPS for plain HTTP, sending API keys in the clear and igniting security alarms.
View Cached Full Text
Cached at: 04/21/26, 12:40 PM
Holy crap—this is what the national team’s muscle looks like?
China Mobile Guangdong just dropped the Token Plan: a hard pass on HTTPS “red tape” and a proud return to plaintext HTTP.
Your API key isn’t yours alone; it belongs to the whole Internet.
The state squad’s vision is just too big for me to copy.
Similar Articles
@axichuhai: There is an open-source project on GitHub that aggregates the free quotas of 12 major large model platforms into a single unified entry point. You just drop in your scattered API keys, and you can easily scoop up hundreds of millions of tokens. The usage is also very simple: 1. Clone it locally and open the admin panel. 2. Fill in your keys one by one. 3. Go to Playg…
This GitHub open-source project integrates free quotas from 12 major large model platforms into a unified entry point. Users only need to fill in their API keys to access multiple models through a single interface, with support for automatic polling and failover.
@changgaowei: https://x.com/changgaowei/status/2054428524749189518
The article announces a major upgrade to the ANP message protocol, designed to facilitate secure, cross-domain collaboration between AI agents. Key improvements include stronger security standards, enhanced end-to-end encryption using Signal-style methods and IETF MLS, and better file transfer support, while explicitly excluding multi-device support to maintain protocol simplicity.
Some secret management belongs in your HTTP proxy
Blog post proposes offloading API-key injection to an internal HTTP proxy so apps and agents never see secrets, easing rotation and reducing exfiltration risk.
@seclink: Indeed, the token plan is not very transparent. I used up the 1.6 billion tokens Xiaomi gave me in less than a week (counting only workdays). When you think about it, that's more than 100 million per day. And think: there are 10 million programmers like me across the country. In 2026, there will still be a computing power shortage...
User complains that the 1.6 billion tokens gifted by Xiaomi were used up quickly, believes the token plan is not transparent, and predicts a computing power shortage in 2026.
@GoSailGlobal: Cloudflare has fully revealed its internal architecture for running MCP. Read this alongside OpenAI's recent "Running Codex Safely" report for two essential templates on enterprise agent security. The most explosive move: Code Mode cuts MCP token consumption by 99.9%...
Cloudflare publishes its internal architecture for securely running Model Context Protocol (MCP) agents, introducing 'Code Mode' to reduce token usage by 99.9% and advocating for centralized remote server governance over local deployments.