@Lonely__MH: WTF—this is the ‘A-team’? Guangdong Mobile drops HTTPS, ships API keys in plain HTTP
Summary
Guangdong Mobile’s Token Plan ditches HTTPS for plain HTTP, sending API keys in the clear and igniting security alarms.
View Cached Full Text
Cached at: 04/21/26, 12:40 PM
Holy crap—this is what the national team’s muscle looks like?
China Mobile Guangdong just dropped the Token Plan: a hard pass on HTTPS “red tape” and a proud return to plaintext HTTP.
Your API key isn’t yours alone; it belongs to the whole Internet.
The state squad’s vision is just too big for me to copy.
Similar Articles
@vintcessun: A pure Go LLM privacy gateway that redacts PII/secrets in milliseconds—already in production. Two-layer detection: structured PII via regex (email, phone, ID, bank card), secrets/credentials via gitleaks rules plus Shannan entropy as fallback. Key design: no NER (avoids latency), only irreversible redaction; Go's native regexp is RE2, linear time with no backtracking risk.
Introduces a pure Go LLM privacy gateway that uses two-layer detection (regex and gitleaks rules) to redact PII and secrets in milliseconds without additional models/GPU, already in production.
@axichuhai: There is an open-source project on GitHub that aggregates the free quotas of 12 major large model platforms into a single unified entry point. You just drop in your scattered API keys, and you can easily scoop up hundreds of millions of tokens. The usage is also very simple: 1. Clone it locally and open the admin panel. 2. Fill in your keys one by one. 3. Go to Playg…
This GitHub open-source project integrates free quotas from 12 major large model platforms into a unified entry point. Users only need to fill in their API keys to access multiple models through a single interface, with support for automatic polling and failover.
@changgaowei: https://x.com/changgaowei/status/2054428524749189518
The article announces a major upgrade to the ANP message protocol, designed to facilitate secure, cross-domain collaboration between AI agents. Key improvements include stronger security standards, enhanced end-to-end encryption using Signal-style methods and IETF MLS, and better file transfer support, while explicitly excluding multi-device support to maintain protocol simplicity.
@GYLQ520: Attention AI Agent developers! Token costs burning a hole in your pocket? There's an open-source tool called curl.md that converts web pages to Markdown format for AI, slashing token consumption significantly. Choose from CLI, browser extension, or API usage. Cursor, Claud…
curl.md is an open-source tool that converts web pages to optimized Markdown format for AI agents, significantly reducing token consumption and cost. It offers CLI, browser extension, and API usage, with integrations for Cursor, Claude, and other agents.
Some secret management belongs in your HTTP proxy
Blog post proposes offloading API-key injection to an internal HTTP proxy so apps and agents never see secrets, easing rotation and reducing exfiltration risk.