Wasn't it posted a few weeks ago that the frontend code for Claude or maybe Gemini or one of them had a swearing-at-model classifier that passed a flag to the backend? (Not sure why it was even done in frontend, but it was.)
> iMessage is intended for communicating with family and friends, and is not for conducting commercial activities or disseminating unwanted messages. iMessage misuse may result in service limitations.
Apparently, they are against ANY commercial messages. Even if I personally sent marketing messages and typed them myself. So of course they are not going to like you making it easier for people to do that at scale.e
Technically, you are right that being programmatic is not the issue (so presumably those openclaw adapters are okay).
But let's not mislead investors or customers -- Apple has clearly stated your use case is not welcome (except through the iMessage Business Program they control).
Seeing that YC will even fund something as risky as this, I'm going to go ahead and late apply. I have a feeling I shouldn't write that as the reason though ;)
Seriously though, this is wild. How is this different from those click farms with a wall of phones viewing livestreams or tapping on adds or whatever?
There might not be space left? I know of a few companies that have already been admitted, and they're filling slots fast.
I don't know how much they budget for overflow.
Don't let me discourage you. I'm just following my own suspicions. My company is at a $2M run rate and I'm thinking I shouldn't bother applying since I missed the window.
(Dang, care to comment?)
I still want OP to make the best of their time in YC and their runway. There are plenty of other great ideas out there rather than being a freight train hop-on.
I agree, even if they decide to persist with this, they need to grow into a more robust business (ex. focusing on the abandoned cart followup niche) than just being an API that can get shut down overnight.
And yeah it's definitely late, but I'll just take what you said as a push to actually bang it out today and try to fight my tendency to write and say way too much on those kind of things, haha. It's only half tech related anyway, similar problem space as Firstbase.
> We rotate sending identities, warm them gradually, and cap volume per identity per day to stay well below the heuristics Apple uses to throttle abusive senders. Anyone promising \"unlimited blast\" volume is one ban away from disappearing.
If you are violating Apple's policies, even if they cannot identify each account you create, can they not simply ban you as a legal entity from using their service, and then sue you for damages if you do so anyway?
It's no different from getting a ban from Walmart for trying to sell stuff inside their store.
> iMessage is intended for communicating with family and friends, and is not for conducting commercial activities or disseminating unwanted messages. iMessage misuse may result in service limitations.
Regardless of the ToS violation... isn't this trivial to detect?
Even if they keep the message volume low, detecting a swarm of accounts that are sending duplicate/similar messages seems rather trivial? The entire business model depends on Apple turning a blind eye, i'm quite amazed they got any VC money at all.
probably VC bit at the 'agentic' part. Using that word makes some folk lose their minds, and they may then find themselves investing in a whole range of things that they otherwise wouldn't.
> But it's not. Some FAANGs are doing amazing things with unlimited tokens
Giving someone unlimited access to a resources is not the same as directing or incentivizing them to use it for the sake of using it which is what the parent comment criticized.
As for the other FAANGs, Meta and Google have (not good but still) frontier models of their own, so they are very different from a company paying API costs per token.
Thanks for the clarification, in that case the text is indeed really weak. Does that system work in practice, or are companies just claiming they are HIPAA compliant with close to no actual auditing mechanism?
It's been a few years since I worked in this space, but HIPAA doesn't really work under the same kind of legal framework. Oversimplifying here, but basically HIPAA defines what constitutes personal health information, how such information may be used, and establishes monetary penalties for improper use and unauthorized disclosure. The law doesn't have any certification standard, no more than the prohibition on stealing cars does.
Maybe there's some kind of third party certification system to support signing information sharing agreements ("BAAs") with other health information systems. I worked at CMS on first-party stuff so I'm not really familiar with how it works in the private sector.
And the way they verify you are doing what you say you are doing is by asking you to provide evidence, which is usually pretty easy to demonstrate that a policy was followed once or twice, a lot harder for them to pick up consistency issues or exceptions.
I've had SOC2 auditors choose a random commit from our GitHub history, then ask to see the associated Jira ticket, logs from the build and deployment, etc. Hard to reliably pass an audit if you don't know which changes they'll drill down into.
They also asked for proof of system-enforced processes (e.g. GitHub branch protection rules and the setting for enforcing peer review for each change) which were basically proof of consistency.
They do that because in the DRL process you specified a change management process involving Github and Jira. If you specified a different process (for instance, Post-It notes applied to the bathroom wall), they would randomly ask for evidence about those Post-It notes.
That's what we're talking about when we say virtually any tool you can come up with will satisfy "vulnerability scans". For Cloudflare, it was nmap. I think they're right about this.
A SOC auditor who tells you that you can’t use an nmap scan to meet SOC2 obligations is a bad SOC auditor, because they’re attempting to enforce a constraint on you that SOC2 does not.
But the far more likely thing is that a medium SOC auditor, upon being told “we do our vulnerability scanning with nmap”, would say “I haven’t heard of nmap. You should use Tenable,” and if you’re letting SOC auditor drive your engineering you’d make a mistake and accidentally think that meant you needed to change your answer for SOC2 and go buy Tenable licenses.
The whole thread drifted way too far from a very mild push back I had regarding the claim « any automated process that can plausibly be described as instrumental in finding some kind of vulnerability is a "vulnerability scan" ».
My experience is that no, SOC2 auditors won’t consider literally any automated process of that sort as compliant. Which in no way implies the auditors are forcing you to use a licensed tool or driving your engineering.
I will stop that thread here, I don’t think that exchange is productive
It absolutely doesn't rely on competent auditors. The AICPA that fabricated SOC2, is the same AICPA that gives licenses to the auditors. At some point, they opened it up to getting it over the internet.
Indian companies open up shell businesses in Wyoming and elsewhere, get "certified", and offer rubber stamp auditing services. Few ever check if you actually have SOC2, or what auditor you used (since, by definition, they need to be "legit").
By the way, the AICPA website was recently throwing https expired cert errors. Their solution after weeks of me pointing it out on twitter, was to take down the entire website.
> As I said, this is inherently a violation of the commitment the visitor made when entering the US on a non-immigrant visa, as much as (say) exceeding the limit on the hours per week an international student can work.
Your concept of "commitment" doesn't match the legal structure here. A visa is not a contract with the government. What is relevant legally is whether the information presented was truthful at the time of entry and of visa application.
> A plurality of Americans don’t pay federal income taxes
What does a plurality even mean here? This is a binary question, so plurality and majority are the same thing. And I don't think it is factually correct that the majority of Americans do not pay income taxes.
I didn't look hard but that's the first thing I found. Famously, Mitt Romney complained that 47% of Americans don't contribute to federal income tax revenue, which is what I was thinking of.
Side note...I hate this stat because it makes it sound like the rich are paying their share of taxes. The reality is that people who make large w2 income pay a large part of federal taxes, and while they would be considered rich they are not the ultra-rich we see in the news every day.
> .I hate this stat because it makes it sound like the rich are paying their share of taxes
Yes! I agree, I don't mean to sound like I support the status quo. In this particular case, I wanted to clarify that green card-holding immigrants carry a disproportionate amount of tax burden (but that is not to support the current state of things).
I didn't mean to imply you did support the status quo. And you're right about GC holders as they tend to make good money and fall into the worst spot tax wise - having a large w2 income.
Yes, technically payroll taxes are not income taxes.
And people who that x number of people do not pay income tax are implying they are paying no federal taxes when that is not true. It is a disingenuous argument.
The child has Chinese citizenship (and presumably some kind of Dutch PR) from birth in that case.
> Any person born in China whose parents are both Chinese nationals or one of whose parents is a Chinese national shall have Chinese nationality.
> Any person born abroad whose parents are both Chinese nationals or one of whose parents is a Chinese national shall have Chinese nationality.
> But a person whose parents are both Chinese nationals and have both settled abroad, or one of whose parents is a Chinese national and has settled abroad, and who has acquired foreign nationality at birth shall not have Chinese nationality.
- "Settled abroad" means having unrestricted, legal permanent residence. Recently, it was clarified that the two-year conditional US green card does not count, for example.
- Due to an "interpretation," as this law was written pre-handover, the "settled abroad" limitation sentence does not apply where (one of) the Chinese parents is a HK/MO resident.
- A parent from HK/MO pre-handover, or Taiwan, is still a Chinese citizen and will transmit citizenship to their children.
If both/the only Chinese parent is a mainland or Taiwan resident, not settled abroad, the child would get a Travel Document to enter mainland China. They cannot get a visa to do so inside the foreign passport. Foreign passport can still be used for HK/MO/TW.
The child cannot get the ordinary red Chinese passport (unless they "resolve the conflict" by abandoning the other citizenship). They can, IIRC, still get a resident ID card if their parents still have hukou and register them?
In your scenario (not overseas citizen at birth), the child does have a regular red Chinese passport. Because they live overseas, they can get a permit from the Chinese embassy inside the passport to visit HK/MO, and they can also get an entry permit from the Taiwan authorities to visit for two weeks at a time, which is a loose leaf paper.
If one Chinese parent is a permanent resident of HK/MO, the child generally gets both Chinese nationality and HK/MO residence. Thus they are issued a full HK/MO passport. These passports still cannot enter the mainland directly, so they can ALSO get a Travel Document OR first visit HK/MO and then apply for the Home Return Permit using the domestic procedures.
Dual nationality for kids in China is a PITA and we were careful to avoid it for our son. I had a coworker who had a mess in figuring it out, with Beijing (where they had residence) demanding documents from Shanghai (where the mom had hukou) that Shanghai didn’t issue anymore.
China considers it a "nationality conflict," the child is issued a Travel Document and treated as a citizen domestically, they can still be registered on hukou and get ID card. Apparently they used to unofficially force you to decide as an adult, but stopped a few years ago and now issue the Travel Document for life.
edit to add -- that assumes the parent is not a unconditional green card holder, which is the scenario here.
Singapore allows dual citizenship until 21. Which is not necessarily a good thing, as if you do not do their national service you will effectively get banned from ever going there even if you renounce it later.
Japan and Korea both allow it forever from birth in practice, but the latter also has some complexities regarding the military (either renounce before a certain age or you have some restrictions returning until past a certain age).
They are not entirely wrong. The person you replied to said "that country's citizenship":
> So a person who was born in the US and is therefore US citizen at birth will not be allowed to have that country's citizenship
Taking example of China, you said "the child is issued a Travel Document and treated as a citizen domestically"
"Treated as a citizen" is not same as "having Citizenship". OCI card holders are India are pretty much treated as citizens, except few rights such as the right of suffrage/ability to engage in agricultural land use etc, but that doesn't make them citizens of India.
There is a huge political difference between OCI and a Chinese travel document. A CTD explicitly lists the bearers nationality as Chinese.
An OCI card, as you said, is effectively like a PR card for former citizens. It is explicitly not citizenship politically and India fully recognizes their foreign citizenship.
If an OCI holder with a US passport gets arrested, India will notify the US consulate as they are a citizen. The same would not apply for a Chinese travel document holder. That is what I meant as “treated as a citizen domestically.”
As to political rights, I assume in practice that one cannot join the Party without first revoking their other citizenship, if at all. But since it is not a democracy, that was never a right/element of citizenship in the first place.
reply