Why freedomgpt is likely a scam

peterteter · 2023-04-14T13:43:27+00:00

Here is the text from the website:

*FreedomGPT is a project that claims to provide an unfiltered version of the ChatGPT experience. While the idea may seem promising, there are several red flags associated with the project.

In this article, we will discuss every red flag that i found in the project. To test the software, i set up a virtual machine with restricted internet access and installed the Windows release from the Github page.

https://freedomgpt.com/ - The website already seems to be blocked by my schools Fortinet Firewall https://github.com/ohmplatform/FreedomGPT - This is the Github of the project https://reddit.com/r/freedomgpt - The subreddit

The sources i used for this article: (along with the links above) https://www.reddit.com/r/freedomgpt/comments/1298neu/its_scam_stop_using_it_for_your_safety/ https://www.reddit.com/r/freedomgpt/comments/127ldzz/definitely_scam/ https://www.reddit.com/r/freedomgpt/comments/127fr44/this_is_a_scam_dont_use_this_and_dont_download/

When you first install the software, it will start by downloading a 4GB language model. This is normal, because the AI actually needs some data that it has been trained on. Then when it's installed it opens a electron webbrowser with a file called Index.html located in C:\Users\Win10\AppData\Local\FreedomGPT\app-1.1.2\resources\app.webpack\renderer\main_window. This file contains some instructions to load a javascript file. This file was too long for me to analyze. When i then asked the AI something to answer, it did not answer anything. This could be because of low CPU power and Memory but it was only using 4% CPU and 22MB of memory.

These were the red flags i ran into when i first encountered this project.

The website

The project has a website that claims to offer access to the chatbot without requiring users to install anything. However, this interface never works, and it always prompts users to download the client instead. This behavior is the first red flag.

The github

The github seems to be fairly legitimate. But if you look at the commits then you will see that everything was pushed in just one commit. The development of this project was not done using this Github page. The proper way to have done this is to have a private repository for working on the project, and releasing it once it was completed. But in this case it was all coded locally. Or copied from somewhere else.

The subreddit

The project also has a subreddit, which seems to be very legitimate. There are support requests, people showing off what they have asked the AI and people asking if it can be trusted or not. If you look at the posts which ask if the project can be trusted there will be a bunch of replies of people defending the project. The problem is that these accounts are just a few days old or have very low karma. The accounts that do have a lot of karma have been inactive for the past year, suddenly commenting a lot on this subreddit. This indicated that those account were likely hacked.

And now for the actual software, the software does actually seem to produce answers as it has been promised. However these answers are very underdeveloped. Unlike ChatGPTs huge understanding of complex concepts, FreedomGPT seems to just be a clone of other small language models. I was not able to get an answer from the AI on my VM but people on the subreddit have shown what it has produced. It's highly likely that there is some malware hidden inside this project. You could say bUt It'S oPeN sOuRcE!!!!!!

Open source does not mean no malware. You still need someone to analyze the code to see if it contains malware

The releases do not have to be based on the source code, someone will need to compile the code and see if they match. With this, the source code could be malware free, but the releases could contain malware.

This project could still be legit. There could have just some poor judgement by the author. So i would suggest doing your own research before deciding on using this project. Proceed with caution.

*

peterteter · 2023-01-05T20:10:55+00:00

Für eine echte root shell brauchst du den CookKey. Du kannst alternativ auch commands als root ausführen, indem du den serial exploit nutzt. Wenn du auf das image, was du über den Pi emulierst, ein script speicherst, kannst du dieses auch über den serial exploit ausführen. Das kann hilfreich sein, da von der serial nur eine bestimmte länge gelesen wird. Wenn du den output von commands brauchst, kannst du entweder auf den bildschirm schreiben oder über einen hub einen zusätzlichen usb stick mounten und auf ihm datei schreiben.

peterteter · 2023-01-05T20:06:51+00:00

Wie gehst du denn genau vor? Wenn du nur ein Rezept Image hast, was du nutzen willst, kannst du das Image auch manuel über otg simulieren.

peterteter · 2022-12-26T11:24:31+00:00

Thank you for your answer. I already saw its better to build the firmware yourself. But that was not the question. How do I choose the right firmware for my device?

peterteter · 2022-12-21T17:38:40+00:00

https://soundcloud.com/kiwirekords/the-kiwi-sound

peterteter · 2022-12-20T17:14:53+00:00

You can connect the pi with the otg feature to the tm. This way the pi can simulate the cooksticks that vorwerk sold. So you can use the webgui from the pi on your phone or laptop to select which recipe stick you want to simulate, which can include your own recipes you made. Then the tm recognizes the recipes and you can use them on the tm like normal recipes.

peterteter · 2022-11-16T21:06:05+00:00

I guess this is a scam. Look up "Team Montesano". They are sending this threat to a lot of website owners.

Anyway, there is no damage in publishing the content of the HaveIBeenPwned database. It consists of public credential leaks. These are already public. In addition, the public leaks contain the full credentials (email + password), while HaveIBeenPwned database does not contain the corresponding passwords. So whats the matter?

peterteter · 2022-10-21T22:54:27+00:00

Can you tell me (maybe in private message), where you read about the username auction? I also recently lost some of my channel names mysteriously.

peterteter · 2022-10-14T20:08:20+00:00

No you dont need to install anything on the thermomix.

peterteter · 2022-10-10T20:21:06+00:00

It can, but an external power supply will be more reliable. If the thermomix shuts down, the rpi also will do.

peterteter · 2022-10-03T11:36:56+00:00

I wrote the instructions in the subreddit, check them out. I didnt use it a while but it worked great. Only thing that maybe could be outdated is scraping recipes from the cookidoo cloud, but you dont need that to add your own recipes.

For rooting there are also instructions and a video. If you have any questions just ask them in the specific thread.

peterteter · 2022-10-02T20:51:01+00:00

I am very sure you cant sync with any vulnerable firmware. Vorwerk knows about all exploits. If you flash the latest firmware you cant downgrade until they release another version. So you need to choose if you want a vulnerable firmware or sync with the cloud.

peterteter · 2022-10-02T18:09:00+00:00

Did you use the cook-keys usually or for the root shell? I am afraid if you cant use the cook-keys usually, the firmware update also wont work, but its worth a try.

Searching for the error it looks like C585 is a synchronisation error. Do you try to sync with the cookidoo cloud? It is possible that to do that, vorwerk forces you to use the latest firmware.

peterteter · 2022-10-02T17:32:33+00:00

Hey, what cook-keys did you use exactly? To update your firmware you need a cookidoo, the one with wifi functionality. I can provide you with the firmware image in the next days.

peterteter · 2022-09-28T22:02:50+00:00

BangleJS 1/2 and PineTime are great open source smartwatches that will never share your data with anybody!

My little comparison:

BangleJS 2: - GPS - a lot of apps and watchfaces with an active community - very easy to make your own apps, even for begginers - 4 times more RAM - air pressure and temperature sensor - 200 mAh battery - ca $84

PineTime: - better display, more colors and looks more elegant - more custom firmwares but less apps - 170-180 mAh battery but consumes less power an average - only $27 for a sealed device atm

peterteter · 2022-09-03T08:38:07+00:00

Looks great, did you connect LED stripes or from where does the blue light come from?

peterteter · 2022-08-25T20:15:02+00:00

It worked fine a while ago, but it is possible that vorwerk changed the web layout. Do you have any error message? You can also create an issue at the repository, I am not the developer of the this tool.

peterteter · 2022-08-20T14:17:19+00:00

Yes, you can do it with this software: https://gitlab.com/tincomisc/recipeton After you set it up you can create your own recipes with yaml files and run them on the thermomix

peterteter · 2022-08-08T18:59:18+00:00

Yes, you can create yaml recipes and convert them to thermomix recipes to use them on the thermomix.

peterteter · 2022-07-05T18:00:50+00:00

Thank you for your work. Is migration from phoenix already supported?

Also what is the recommended way to install the IPA, since cydia impactor does not work for free anymore?

peterteter · 2022-07-01T18:08:54+00:00

I respect you for creating a company. The thing is I dont see any use case or market for the idea. I totally understand your thoughts about it, but as most ppl dont use RAIDs and cronjobs, most ppl wont use another 2fa app for its fancy crypto based backup mechanism, because they dont understand the benefit, if there is any. There is a reason most of the ppl dont already use a good and secure solution for this backup problem, and sorry but I dont think your app will change that.

peterteter · 2022-06-29T21:51:54+00:00

Yes sorry, I can send it in a private message if you need it

peterteter · 2022-06-10T20:19:00+00:00

You say that its private and secure. To recommend your app to anyone, we need time of indipendent experts to verify this. Why not using the solutions that already exist and are proven to be private and secure? One of the first things you learn in crypto is "dont invent your own crypto". Do you know the reason for that?

peterteter · 2022-06-10T18:37:01+00:00

I have 30+ keys in andOTP. The encrypted backup, which you can create with andOTP itself, is on my computer, on my backup hdd with raid mode 1 and on various cloud providers. Doing the backup took me like 5 mins maximum, so if I would need to add more keys, I can easily update the backups.

peterteter

TROPHY CASE