Kickstarter is full of projects like this where every possible shortcut is taken to get to market. I’ve had some good success with a few Kickstarter projects but I’ve been very selective about which projects I support. More often than not I can identify when a team is in over their heads or think they’re just going to figure out the details later, after the money arrives.
For a period of time it was popular for the industrial designers I knew to try to launch their own Kickstarters. Their belief was that engineering was a commodity that they could hire out to the lowest bidder after they got the money. The product design and marketing (their specialty) was the real value. All of their projects either failed or cost them more money than they brought in because engineering was harder than they thought.
I think we’re in for another round of this now that LLMs give the impression that the software and firmware parts are basically free. All of those project ideas people had previously that were shelved because software is hard are getting another look from people who think they’re just going to prompt Claude until the product looks like it works.
How about complaining that brain waves get sent to a server?
I'm a neuroscientist, so I'm not going to say that the EEG data is mind reading or anything, but as a precedent, non privacy of brain data is very bad.
How useful could something like this be for research? I'm not a neuroscientist so I have no clue, but it seems like the only justification I can think of..
Not a neuroscientist either but I would imagine that raw data without personal information would not be useful for much. I can imagine that it would be quite valuable if accompanied with personal data plus user reports about how they slept each night, what they dreamed about if anything, whether it was positive dreams or nightmares etc. And I think quite a few people wouldn’t mind sharing all of that in the name of science, but in this case they don’t seem to have even tried to ask.
I would love to see the prompt history. Always curious how much human intervention/guidance is necessary for this type of work because when I read the article I come away thinking I prompt Claude and it comes out with all these results. For example, "So Claude went after the app instead. Grabbed the Android APK, decompiled it with jadx." All by itself or the author had to suggest and fiddle with bits?
This is exactly why we need audit trails for connected devices. Users have no visibility into what data is being sent
where. The fact that brainwave data is broadcast to an open broker without user knowledge is a governance failure, not
just a security bug.
There should be two separate lines of products. One in which privacy is priority and adheres to government regulations (around privacy) and probably costs 2x and one with zero government intervention (around privacy) which costs less and time-to-market is faster.
I don't want a few irrationally paranoid people bottlenecking progress and access to the latest technology and innovation.
I'm happy to broadcast my brainwaves on an open YouTube channel for the ZERO people who are interested in it.
It’s kinda like “qualified investors” - you want to make sure people who are wiling to do something extremely stupid can afford it and acknowledge their stupidity.
We don’t need regulation to protect those that can afford to buy protection: we need it for those who can’t.
It is also technically a user failure to have purchased a connected device in the first place. Does the device require a closed-source proprietary app? Closed-source non-replaceable OS? Do not buy it.
I have deployed open MQTT to the world for quick prototypes on non personal (and healthcare) data. Once my cloud provider told me to stop because they didn’t like it, that could be used for relay DDOS attacks.
I would not trust the sleep mask company even if they somehow manage to have some authentication and authorisation on their MQTT.
As an aside, it seems cool that the bar to reverse engineering has lowered from all the LLMs. Maybe we'll get to take full control of many of these "smart" devices that require proprietary/spyware apps and use them in a fully private way. There's no excuse that any such apps solely to interact with devices locally need to connect to the internet, like dishwasher.
"The ZZZ mask is an intelligent sleep mask — it allows you to sleep less while sleeping deeper. That’s the premise — but really it is a paradigm breaking computer that allows full automation and control over the sleep process, including access to dreamtime."
or if this is another scifi variation of the same theme, with some dev like embellishments.
Kickstarter is full of projects like this where every possible shortcut is taken to get to market. I’ve had some good success with a few Kickstarter projects but I’ve been very selective about which projects I support. More often than not I can identify when a team is in over their heads or think they’re just going to figure out the details later, after the money arrives.
For a period of time it was popular for the industrial designers I knew to try to launch their own Kickstarters. Their belief was that engineering was a commodity that they could hire out to the lowest bidder after they got the money. The product design and marketing (their specialty) was the real value. All of their projects either failed or cost them more money than they brought in because engineering was harder than they thought.
I think we’re in for another round of this now that LLMs give the impression that the software and firmware parts are basically free. All of those project ideas people had previously that were shelved because software is hard are getting another look from people who think they’re just going to prompt Claude until the product looks like it works.
At this point, I trust LLMs to come up with something more secure than the cheapest engineering firm for hire.
The cheapest engineering firms you hire are also using LLMs.
The operator is still a factor.
Yeah, but they’ll add another layer of complexity over doing it yourself
And the cheapest engineering firm won't use LLMs as well, wherever possible?
fun fact, LLMs come in cheapest and useless and expensive but actually does what's being asked, too.
So, will they? Probably. Can you trust the kind of LLM that you would use to do a better job than the cheapest firm? Absolutely.
this.
How about complaining that brain waves get sent to a server? I'm a neuroscientist, so I'm not going to say that the EEG data is mind reading or anything, but as a precedent, non privacy of brain data is very bad.
How useful could something like this be for research? I'm not a neuroscientist so I have no clue, but it seems like the only justification I can think of..
Not a neuroscientist either but I would imagine that raw data without personal information would not be useful for much. I can imagine that it would be quite valuable if accompanied with personal data plus user reports about how they slept each night, what they dreamed about if anything, whether it was positive dreams or nightmares etc. And I think quite a few people wouldn’t mind sharing all of that in the name of science, but in this case they don’t seem to have even tried to ask.
I believe they use it for sleep tracking
If they're taking patient data for research without permission, they are not ethical researchers.
I would presume data privacy laws already have good precedent for health data?
> I would presume data privacy laws already have good precedent for health data?
Google for a list of all the exceptions to HIPPA. There are a lot of things that _seem_ like they should be covered by HIPPA but are not...
Interesting...
Only for "covered entities" under HIPAA (at least in the US)
I would love to see the prompt history. Always curious how much human intervention/guidance is necessary for this type of work because when I read the article I come away thinking I prompt Claude and it comes out with all these results. For example, "So Claude went after the app instead. Grabbed the Android APK, decompiled it with jadx." All by itself or the author had to suggest and fiddle with bits?
Very little intervention tbh. I will try to retrieve it and post.
By default, Claude code keeps session history (as jsonl files in ~/.claude).
It’s wasteful not to save and learn from those.
Really is a derth of livestreams demostrating these things. Youd think if thetes so much Unaided AI work people would stream it.
This is exactly why we need audit trails for connected devices. Users have no visibility into what data is being sent where. The fact that brainwave data is broadcast to an open broker without user knowledge is a governance failure, not just a security bug.
There should be two separate lines of products. One in which privacy is priority and adheres to government regulations (around privacy) and probably costs 2x and one with zero government intervention (around privacy) which costs less and time-to-market is faster.
I don't want a few irrationally paranoid people bottlenecking progress and access to the latest technology and innovation.
I'm happy to broadcast my brainwaves on an open YouTube channel for the ZERO people who are interested in it.
otoh: the non regulated should cost more.
It’s kinda like “qualified investors” - you want to make sure people who are wiling to do something extremely stupid can afford it and acknowledge their stupidity.
We don’t need regulation to protect those that can afford to buy protection: we need it for those who can’t.
It is a governance failure.
It is also technically a user failure to have purchased a connected device in the first place. Does the device require a closed-source proprietary app? Closed-source non-replaceable OS? Do not buy it.
Remember that the S in IoT stands for Security.
I have deployed open MQTT to the world for quick prototypes on non personal (and healthcare) data. Once my cloud provider told me to stop because they didn’t like it, that could be used for relay DDOS attacks.
I would not trust the sleep mask company even if they somehow manage to have some authentication and authorisation on their MQTT.
Name the company, hiding it is irresponsible
As an aside, it seems cool that the bar to reverse engineering has lowered from all the LLMs. Maybe we'll get to take full control of many of these "smart" devices that require proprietary/spyware apps and use them in a fully private way. There's no excuse that any such apps solely to interact with devices locally need to connect to the internet, like dishwasher.
https://www.jeffgeerling.com/blog/2025/i-wont-connect-my-dis...
Well that’s a brand new sentence.
But not a beautiful sentence.
huh, not sure if life imitates snark and bull https://medium.com/luminasticity/great-products-of-illuminat...
"The ZZZ mask is an intelligent sleep mask — it allows you to sleep less while sleeping deeper. That’s the premise — but really it is a paradigm breaking computer that allows full automation and control over the sleep process, including access to dreamtime."
or if this is another scifi variation of the same theme, with some dev like embellishments.
That is the premise of HypnoSpace Outlaw, a neat game about 90s internet nostalgia and scifi.
Without a brand name, how can we verify this is real?
Without any skin in the game with your username, why should we take anything you say seriously?
>Since every device shares the same credentials and the same broker, if you can read someone's brainwaves you can also send them electric impulses.
Amazing.
Won't they sue for the reverse engineering?
cyberpunk