So purely from a hacker perspective, I'm amused at the whining.
Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.
Then someone shares the exploit with a bunch of script kiddies, they exploit it to the Nth degree, and the company immediately notices and shuts everyone down.
Like, my dudes, what did you think was going to happen?
You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.
And instead, you integrate your exploit into hip new thing, share it at scale, write blog posts and short form video content about it, basically launch a DDoS against the service you're exploiting, and then are shocked when the exploit gets patched and whine about your free thing getting taken away?
> So purely from a hacker perspective, I'm amused at the whining.
> Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.
From a pure hacker perspective, I'm surprised there are people calling a legitimate usage a "weakness you could exploit"?
What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.
Then Google unilaterally changed the TOS of a product people already purchased and started pulling the rug. And again, there are people who call themselves hackers who approve of that? Even worse, they call people calling out Google for their monopolistic behavior whining.
I mean, the "exploit" is really "we have an access key with overly-broad permissions and poor monitoring", but that's ... also kind of like 70% of old hacker stories?
"The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".
You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.
But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.
> What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.
It's technically possible, but Google didn't provide a feature allowing the creation of Antigravity or Gemini CLI API keys for use outside the respective apps.
> they call people calling out Google for their monopolistic behavior whining.
Google's monopoly is not in AI, it's advertisement. When you accuse them of ridiculous and unfounded crimes, you're diluting the chance of Google being held accountable. As someone that wants to see Google ripped apart by the FTC, we can't just lie and say everything Google does is criminal.
> You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.
It's the same with vulnerabilities in slot machines. Damn rare but they exist - in 2014, when I worked in that industry, one gang made a big bang: in a single night, casinos across Germany had to say goodbye to probably 10 million € [1]. Of course, that vulnerability made massive waves... but from what I heard back then, it had been circulating for many months beforehand. Of course, 10 million € is nothing to sneeze at, but keeping a low profile could have made everyone in the know far more profit.
Back in maybe 2017 there was a YC startup called Audm that hired professional audiobook narrators to read magazine articles. I found them through their embeds in The New Yorker. The app was pretty mediocre and I wanted to use it in my podcast app, so I started writing a scraper. Very quickly I realized that the page embeds were making calls directly to their production database with no authentication whatsoever. So I pivoted to dumping the entire archive, hosting it on my LAN, and serving it as RSS over my VPN. It was cool, and I found that articles from some publications would post as much as 2 weeks before publication. Eventually they were bought by the NYTimes, and in 2020 they either set up permissions or moved the infrastructure. I gave up on the project, and I understand that most of the content is no longer available. I unfortunately lost my archive with a lot of data when my storage array died a couple of years later. I think the product space got commoditized very quickly by AI readers (none of which, to my ear, are as engaging as the human professionals). I think maybe 4 other people knew about my project when it existed.
I fondly remember finding and exploiting a buggy slot machine on the night the Euro got introduced. A classmate (I never played slot machines) made some money but didn't understand what was going on. I observed and it became apparent (in my slightly intoxicated state) the machine would pay out 2 Euro coins where is should pay out 20 cents. And when playing a 1 Euro game, you would often "win" 80 cents. Pay-out immediately and you got 8 Euro. Of course after a few rounds, the 2 Euro coins ran out and it would do some RNG to pay out 1 Euro with 80% chance. Don't know if I tried feeding it back the 2 Euro coins, I recall just made enough to have a free new years eve
* User uses Google oauth to integrate their open claw
* user gets banned from using Google AI services with no warning
* user still gets charged
If you go backwards, getting charged for services you can't access is rough. I feel sorry for those who are deeply integrated into Google services or getting banned on their main accounts. It's not a great situation.
Also, getting banned without warning is rough as well. I wonder if the situation will be different for business accounts as opposed what seems like personal accounts?
The ban itself seems fair though, google is allowed to restrict usage of their services. Even though it's probably not developer friendly, it's within their rights to do so.
I guess there's some level of post mortem to do on the openclaw side too.
* Why did openclaw allow Google anti gravity logins?
* The plugin is literally called "google-antigravity-auth", why didn't that give the signal to the maintainers?
* Why don't the maintainers, for an integration project, do due diligence checks on the terms of service of everything you're integrating with?
> * Why did openclaw allow Google anti gravity logins?
OpenClaw went from virtually unheard of to a sensation in a couple weeks. There was intense commit activity and the main author bragged about not even reading the code himself. It was all heavily AI driven and moving at an extreme rate. Everyone was competing to get their commits in because they wanted to be a part of it.
The entire project was a fast and furious experiment. Nobody was stopping to think if something was a good idea or not when someone published a plugin for using this endpoint. People just thought “cool!” and installed it.
That's how AI is supposed to be used, no? That's what the providers advertise - it increases development speed, a lot, it replaces devs and so on.
But I guess it's only ok when you work on regular joe facing projects, where the consequences of bugs are on powerless users. If the consequences are on Google, well, that's not acceptable now is it?
> Also, getting banned without warning is rough as well.
Agreed. The lesson is: do not become dependent on Google. Ever.
(Unfortunately I still use youtube and a chromium-based browser. Long-term I hope to find alternatives to both problems. Google search I no longer need because Google already ruined it a few years ago; the quality now is just horrible. I can not find anything useful with it anymore.)
What google search alternative have you found?
Im trying out ecosia, duckduckgo and brave search, but i find their search results even worse, so in the second query i tend to bang to google..
It doesn't seem fair at all; though I'm glad to see it's not as bad as I feared (yet?).
> Hoping for some transparency, I left a single, polite comment asking for clarification on why the update was removed. Surprisingly, my forum account was banned shortly after posting that question.
Have you seen the code of OpenClaw?
It would not surprise me if there is a mistake in there somewhere that causes the bot to hammer google auth for the refresh token in a very identifiable manner because noone in that repo is bothering to look at the code before merging. Moved fast, broke things.
I don't understand step 1. OAuth client applications have to be registered in GCP, right? They have to request specific scopes for specific APIs, and there is a review process before they can be used by the public. Did none of that happen for the Open Claw client? How is it the users' fault for clicking a "Sign in with Google" button? And if there was a mistake, why not ban the whole client?
I could see a problem with logging into Antigravity then exfiltrating the tokens to use somewhere else... But that doesn't sound like what happened. (And then how would they know?)
I haven't used Open Claw, so what else am missing to make this make sense?
To my understanding, OpenClaw pretends to be Antigravity by using the Antigravity OAuth client ID (and doesn't have its own), and then the takes the token Google returns to instead use with OpenClaw.
When I first tried OpenClaw and chose Google Sign-In, I noticed the window appeared saying "Sign into Google Antigravity" with a Google official mark, and a warning it shouldn't be used to sign into anything besides official Google apps. I closed it immediately and uninstalled OpenClaw as this was suspicious to me, and it was a relatively new project then.
It amazes me that the maintainer(s) allowed something like this...
"We’ve been seeing a massive increase in malicious usage of the Anitgravity backend that has tremendously degraded the quality of service for our users. We needed to find a path to quickly shut off access to these users that are not using the product as intended. We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users."
> We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users.
It feels like a good default for this would be something similar to video game bans: where you get a "vacation" from the service with a clear reason for why that is, but can return to using it later. Given how much people depend on cloud services, permanent bans for what could be honest mistakes or not knowing stuff would be insane.
Getting your Google Workspace account nuked because an employee hooked their company Gemini account to OpenClaw would certainly be a novel business risk.
I wish all the social media services would implement some sort of "vacation" bans instead of outright perma-banning you, when more oft-than-not the ban is a mistake caused by AI. I'd be less mad about some arbitrary nonsense ban if it was only a week.
I posted an "Ask HN" around this a while back. I think we will see a lot more of it and we will be hurting legitimate users. I like your temp ban idea but I doubt they would give reasons why.
While I see the point of limited capacity, it also shows that Google did not plan for rate limiting / throttling of high usage customers. This is ALWAYS the problem with flatrate pricing models. 2% of your customers burn 80+% of your capacity. Did see that in former times with DSL, not too long ago with mobile and now with AI subscriptions. If you want to provide a "good" service for all customers better implement (and not only write in your T&Cs) a fair usage model which (fairly) penalises heavy users.
Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.
BUT: The industry is missing a significant long term revenue opportunity here. There obviously is latent demand and Claws have a great product market fit. Why on earth would you deactivate customers that show high usage? Inform them that you have another product (API keys) for them and maybe threaten with throttling. But don't throw them overboard! Find a solution that makes commercial sense for both sides (security from API bill shock for the customer / predictable token usage for the provider).
What we're seeing right now is the complete opposite. Ban customers that might even rely on their account. Feels like the accountants have won this round - but did not expect the PR backlash and possible Streisand effect...
Yeah this is a massive fuckup on Google's part and they are taking it out on their customers as per usual.
It's not hard to define a quota system and enforce it. If the quota is too high then reduce the quota. If people are abusing the quota with automated requests then detect that and rate limit those users.
If I'm paying $200+ a month I should be able to saturate Google with requests. It's up to Google to enforce their policies via backpressure so that they don't get overloaded.
Then again this is the same company that suspended people's gmail because they sent too many emotes in YouTube chat. Sadge.
> Google did not plan for rate limiting / throttling of high usage customers
Antigravity has very low daily and weekly quotas unless you pay for their most expensive plan, so it means these people drop $200+ a month to run these bots, insanity
> [...] I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. [...]
A fair usage model isn't some handwavey bullshit throttled quota buried in the ToS and marketed as "Unlimited." Its applying a realistic usage quota equally to everybody in the same payment tier that is spelled out right up front so that people know exactly what to expect.
The whole concept of service "abusers" is made up bullshit by companies that over promise, over sell and under deliver.
That's not what support has been telling their $250 a month customers.
we are unable to reverse the suspension [1]
I get the need to move fast to stabilise the service but similar to an outage it doesn't take much to put a banner on the support page to let customers know bans are temporary until they can come up with a better way of educating customers. Further more it doesn't much to instruct ban appeal teams to tell customers all bans are under review no matter what the reason is to buy them time to separate Claw bans from legitimate abuse bans that need to be upheld.
The fact that users are paying $250 for a service they can't use for at least the last 11 days kills any sympathy I had that Google needed "quickly shut off access", it's like they just sat on their hands until the social media storm hit flash-point.
After 11 days there still isn't even an official statement, just a panicked tweet from a dev likely also getting hammered on socials, goodness knows how long before accounts are restored and credits issued.
Even the original Google employee in the forum thread just ghosted everyone there after the initial "we're looking into it".
come on, using a monthly paid subscription to obtain auth tokens to use claws bots is quite obviously agains T&C. you need to pay api prices for that. I am sure 100% of those knew they were doing something wrong but proceeded anyway.
> Our investigation specifically confirmed that the use of your credentials within the third-party tool “open claw” for testing purposes constitutes a violation of the Google Terms of Service [1]. This is due to the use of Antigravity servers to power a non-Antigravity product.
I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. I am truly sorry to share this difficult news with you.
Isn't the reason companies are doing this because they're offering tokens at a discount, provided they're spent through their tooling?
Considering the tremendous amount of tokens OpenClaw can burn for something that has nothing to do with sofware development, I think it's reasonable for Google to not allow using tokens reserved for Antigravity. I don't think there's such a restriction if you pay for the API out of pocket.
I agree. As others have mentioned here, the authenticate with AntiGravity web popup clearly says that this authentication is only to be used with Google products.
How can Claws users miss this?
What Google could have done better: obviously implement rate throttling on API calls authenticated through the Gemini AI Pro $20/month accounts. (I thought they did this, buy apparently not?) Google tries hard to get people to get API keys, which is what I do, and there seems to be a very large free tier on API calls before my credit card gets hit every month.
Given how popular OpenClaw is (and that OpenClaw itself supports antigravity), I think it's shortsighted to not publicly state that it's not allowed and to warn users. Permanently banning people from Antigravity (much like any Google product) feels really harsh.
Then it should be “This is your first and final warning. The next time we catch you, it’s a ban.”. People are building their lives around this stuff and kneejerk bans erode good faith in your platform.
What a wonderful way to stop people from using your LLM.
All these AI companies trying to get everyone to be locked into their toolchains is just hilariously short sighted. Particularly for dev tools. It's the sure path to get devs to hate your product.
And for what? The devs are already paying a pretty penny to use your LLM. Why do you also need to force them to using your toolkit?
There is a reality that when they control the client it can be significantly cheaper for them to run: the Claude code creator has mentioned that the client was carefully designed to maximise prompt caching. If you use a different client, your usage patterns can be different and it may cost them significantly more to serve you.
This isn't a sudden change, either: they were always up-front that subscriptions are for their own clients/apps, and API is for external clients. They don't document the internal client API/auth (people extracted it).
I think a more valid complaint might be "The API costs too much" if you prefer alternative clients. But all providers are quite short on compute at the moment from what I hear, and they're likely prioritising what they subsidise.
I imagine its a case of the providers not wanting to admit its costing them a fortune because suddenly all these low-medium usage accounts are now their highest use ones.
Not saying it's right. But it's also not exactly a secret that they are all taking VERY heavy losses even with pricey subscriptions.
Antigravity is useless anyway. I tried it last week and it needs approval for every file read and tool call. There's an option in the app to auto-approve, except it doesn't work. Plenty of complaints online about this. Clearly they don't actually care about the product, some exec just felt that they need to get into the editor game.
Next I tried using the Antigravity Gemini plan through OpenCode (I guess also a bannable offense?) and the first request used up my limit for the week.
The tool thing is kind of infuriating at the moment. I've been using Claude on the command line so I can use my subscription. It's fine, but it also feels kind of silly, like I'm looking at ccusage and it seems like I'm using way more $ in tokens than I'm paying for with the subscription. Which is a win for me, but, I don't really feel like Claude Code is such a compelling product that it's going to keep me locked in to their model, so I don't know why they're creating such a steep discount to get me to use it. I'm perfectly fine using Codex's tools, or whatever. I dunno, it seems like way more cost effective to use the first party tools but I'm not sure why they really want that. Are the third party tools just really inefficient with API usage or something?
No, this is hilarious: company that rams their AI down your throat at every opportunity then turns around and shuts down your account because you actually use their AI... there is no limit to the idiocy around Google's AI roll-out. I wished I could donate the AI credits that I'm paying for (thanks Google for that price increase for a product I never chose to buy) to the people that need them more.
This kind of reputational damage is just adding fuel to the fire. If my business depended in any way on google--GCP, GSuite, whatever--it would right now be a very urgent task to fire them and find replacements. They've been pretty sketchy for a while, but this kind of thing is over the top.
Yikes!! This is really unfortunate, because Google's models seem very good but there's no way I'm using a google service for this kind of thing with those policies. I don't even want to run OpenClaw, but that's scary! Plus, I have my google account tied to authenticating so many things that if my account were to be suspended or something that would be a nightmare.
I haven't tried Antigravity but I remember on release it had huge UX issues. Is this product just not ready for primetime?
Excuse me giving you advice, unasked for: as part of your ‘digital life spring cleaning’ spend some time converting auth with Google/Apple/GitHub for services to logging in with your email (on your own domain) and some other second auth.
BTW, I tend to only use Google for services I pay for (YouTube+, APIs, Gemini Plus, sometimes GCP).
Just create another Google account. I don't remember there being any restrictions for this. Every time the service required a Google account to log in or it was easier than registering and going through the checks, I just created a new Google account and registered.
How about giving the user a big warning to not do that and then block the account if the user continues. This total blocks are crazy. Especially for people who use their Google account for 20+ years or something.
Google's bundling of so many services into one account is becoming a gargantuan liability for them & their users.
This "zero tolerance" policy is just absurdly mega-goliath out of touch with the world. The sort of soulless brain dead corporatism that absolutely does not think for even a single millisecond about its decisions, that doesn't care about anything other than reducing customer support or complexity, no matter what the cost.
Kicking people off their accounts for this is Google being willing to cause enormous untoward damage. With basically not even the faintest willingness to try to correct. Gobsmacking vicious indifference, ok with suffering.
Time and time again it is shown to *not* use your main account for everything. This goes for Apple and having a separate account for development work, for the App Store and your main iCloud account but this also goes for all other SaaS providers.
You are doing groundbreaking new and untested stuff with Claw? Do not use your main account. You want to access your main account's data? Sure, allow it via OAUTH/whatever possible way.
Have separate accounts, people. You don't want one product groups decision in those large SaaS corps to impact everything else.
It seems like a temp ban here would be totally reasonable, like, "we disabled your account for a day here's why, don't do it again". Permanent though, eek!
Nothing new. 10 years ago my (now 20+ year) google account was compromised for a whole 5 minutes. It was used by shady bots, and instantly banned. No warnings, no nothing. Trying to figure out what had happened was a challenge in itself.
Getting through to customer support was impossible.
5 years later I tried to get my account opened up, filled out some forms, and by some miracle it was.
My biggest takeaway from this (other than enabling 2FA) was that it is probably easier to get ahold of the scammers that control your account, than to get ahold of actual human customer support at google / alphabet.
Can you help me understand which of these happened?
1) Open Claw has a Google OAuth client id that users are signing in with. (This seems unlikely because why would Google have approved the client or not banned it)
2) Users are creating their own OAuth client id for signing themselves into Open Claw. (Again, why would these clients be able to use APIs Google doesn't want them to?)
3) Users are taking a token minted with the Antigravity client and using it in Open Claw to call "private" APIs.
Assuming it's #3, how is that physically accomplished? And then how does Google figure out it happened?
"how does Google figure out it happened" - no insider knowledge, but the calls Claw makes are very different than the regular IDE, so the calls and volume alone would be an indicator. Maybe Google has even updated their Antigravity IDEs to just include some other User Agent, that Claw auth does not have.
Everything just guesswork, but I don't think it is too hard to figure out whether it is Antigravity calling the APIs or any Claw.
So if I ask Google's AI studio the wrong question, I might get my G-drive, Gmail, API access, Play store, YouTube channel, "login with Google" tokens, and more all ripped away instantly with no recourse?
Google is a company well down the path of enshittification, they even got rid of their motto "Don't be evil".
As a consumer, you're better served by using services from companies earlier in that lifecycle, where value accrues to you, and that's not Google, and likely not many other big providers.
When those newer companies turn, you switch. Do not allow yourself to get locked into an ecosystem. It's hard work, but it will pay dividends in the long run.
NotebookLM seems to be the only exception, or it could be an acquisition.
Subscription API ban could be part of a larger strategy because of OpenClaw’s association with OpenAI and Google will not be able to copy OpenClaw Personal Assistant model due to the security implications.
Pay as you go through API pricing is one of the easiest ways to drastically reduce mass adoption of a product. Pay per month works on consumption patterns where 80% of the users will barely use the product to compensate for the other 10 or 20% power users.
I'd assume API usage through tokens vs. OAuth are rate limited differently? I don't actually see hard numbers for Antigravity model rate limits on their website so guessing this is the case.
Basically Google is saying: You can't use Gemini with OAuth on other products than Google products (Anti Gravity).
I mean it's fair, just should have been documented properly and the possibility to use Gemini through OAuth restricted with proper scope instead of saying you broke the ToS we ban your 350$/ month account.
Can openclaw go through gemini-cli? Because they can and nobody would notice anything has changed. It would use the same OAuth down the line and consume the same quotas.
Maybe the ban is overstepping but I still continue to not understand the issue. Rarely in the history of APIs has a commercial company wanted folks to use the private APIs.
That’s my question too. Presumably one could even build an API that just runs things in cli? How would they plan to restrict that? Based on usage patterns?
I don't know why people here can't accept the simple fact that AI companies are offering cheap "unlimited" plans as a loss leader to tie you to their ecosystem, and then make up for it via add-ons, upsells, ads etc. If you use those API tokens to access external services it defeats the purpose. The hack may have worked so far, mainly because no one was checking, but they are all going to tighten the access eventually (as Anthropic and Google have already done).
Either stick to first party products or pay for API use.
No one is shocked that they don't allow this. Everyone is shocked that they silently, permanently banned the user with no recourse and it took significant effort even to find out that much.
Sorry to be that guy, but given how often Google has done this for lesser infringements (some reported here on HN), is anyone really "shocked" by the permabans?
The apparent shock around this sort of thing always feels like cope for the fact that we (myself included) understand the power imbalance between Google and its customers but don't want to admit it.
There's plenty of evidence at this point, and I feel like we should be using that emotional energy to actually do something about it (like switching providers for critical personal services, for example).
When reading HN I get the impression that a lot of people are convinced monthly plans are very profitable for the companies, I don’t have any numbers but to me it always seemed like a bait and switch or ”bait and make you pay with your data too”.
I'll bite. I suspect that these plans aren't as intensely subsidized as people assume. I believe that API usage is probably also not subsidized at all. First, yes, subs are probably subsided, but I bet a significant % of users are profitable to serve, especially the "chat" users who don't use dev tools and have short context window conversations. Yes, I think the subs also exist as a driver to get lock-in and market share. Claude Code, for example, is very good and I stopped using their competition when they released their superior product.
That said, I assume that (1) their long-term goal is to create cheaper-to-serve models that fit within their pricing targets, and use the (temporarily) subsidized subscriptions to find the features and costs that best serve the market. Maybe even while capturing more margin on the API in comparison (eg keep API prices high while lowering cost to serve a token). I've largely stopped using Opus, and sometimes even chose to use Haiku, because the cheaper models are fast and usually serves my needs. It's very possible to work all-day and barely hit the usage limits with Haiku on the $20/mo option. Long term, that could be profitable outright.
And (2) subscriptions with lower SLOs than API calls have the potential to provide "infill" usage for high fixed-cost GPUs as an alternative to idling, similar to their batch APIs. I'd believe that overnight usage limits could/should be higher than during California work-hours. I assume most big providers have pre-paid fixed cost servers, so pumping more tokens through an otherwise idle GPU is "free". They can also do a lot more cost-optimization behind the scenes, such as prompt caching, to reduce the cost of tokens.
Seems like a hassle when open source models are just as good. Can go with any hosting provider. Might have to wait 3-4 weeks for them to duplicate whatever Anthropic is doing with token caching. But then you get 10x cheaper inference.
I feel like this game is just a hot potato, can you get retail to hold the bag game
Open models are very far in performance from the top models of Anthropic, OpenAI and Google. And that's skipping over the fact you need somewhere to host them.
Recent open-weights models(MiniMax, Kimi K2, GLM, Mistral) are also quite good, can be self-hosted or accessed through 3rd-party hosters or OpenRouter and they are sufficient for most of the tasks. Just stop paying overpriced "unlimited" subscription bul**hit.
OpenAI and the Chinese companies let you all you can eat openly. Anthropic's lead vs OAI is slight and these things are going to homogenize quickly. The market is going open and the people trying to keep it closed are just generating ill will pointlessly.
>OpenAI and the Chinese companies let you all you can eat openly.
You say this, but I guarantee that when they do offer a plan similar to Google/Anthropic's dedicated coding "unlimited" subscription, they will do the exact same thing. Maybe they will let OpenClaw in as a first party because of their partnership with the creator.
I'm very confused here. The monthly plans are meant to be used inside of Google's walled garden, but people are somehow able to capture (?) and re-use the oAuth token?
Regardless, I thought it was pretty obvious that things like OpenClaw require an API account, and not a subsidized monthly plan.
Exactly, OpenClaw (or I think possibly an addon/extension or unofficial method) is allowing Googles Antigravity authentication to connect the app. This allows for 'unlimited' calls through Antigravity models with a subscription, instead of the proper Gemini/Google AI Studio API key method (charged per million tokens)
API usage can get very high for automatic operations, especially with apps like Kilo/Roo/Cline, and now with OpenCode/OpenClaw. I often blast through $10-20 in a single day of just regular OpenCode usage through OpenRouter
If I could pay a subscription and get near unlimited use (with rate limits), of course I'd do that, but not like this. I'm pretty sure Antigravity has ToU somewhere that indicates it's only allowed for use in Antigravity and nowhere else, since I've seen other threads on this happening: https://github.com/jenslys/opencode-gemini-auth/issues/50
Google's Pro service (no idea about ultra and I have no intention to find out) is riddled with 429s. They have generous quotas for sure, but they really give you very low priority. For example, I still dont have access to Gemini 3.1 from that endpoint.
It's completely uncharacteristic of Google.
I analyzed 6k HTTP requests on the Pro account, 23% of those were hit with 429s. (Though not from Gemini-CLI, but from my own agent using code assist). The gemini-cli has a default retry backoff of 5s. That's verifiable in code, and it's a lot.
I dont touch the anti-gravity endpoint, unlike code-assist, it's clear that they are subsidizing that for user acquisition on that tool. So perhaps it's ok for them to ban users form it.
I like their models, but they also degrade. It's quite easy to see when the models are 'smart' and capacity is available, and when they are 'stupid'. They likely clamp thinking when they are capacity strapped.
Yes the models are smart, but you really cant "build things" despite the marketing if you actively beat back your users for trying. I spent a decade at Google, and it's sad to see how they are executing here, despite having solid models in gemini-3-flash and gemini-3.1
> Yes the models are smart, but you really cant "build things" despite the marketing if you actively beat back your users for trying
I think this is the most important takeaway from this thread and at some point, this will end up biting Google and Anthropic back.
OpenAI seems to have realized this and is actively trying to do the opposite. They welcomed OpenCode the same day Anthropic banned them, X is full of tweets of people saying codex $20 plan is more generous than Anthropic's $200 etc.
If you told me this story a year ago without naming companies, I would tell you it's OpenAI banning people and Google burning cash to win the race.
And it's not like their models are winning any awards in the community either.
My impression is there's a definite shortage of GPUs, and if OpenAI is more reliable it's because they have fewer customers relative to the number of GPUs they have. I don't think Google is handing out 429s because they are worried about overspending; I think it's because they literally cannot serve the requests.
It's unfortunate though that they lie and deceive by having a name called "Open"AI when they are in fact "Closed". And the whole non-profit to profit and Microsoft deals are just untrustable and unethical.
They also actively employ dark strategies in cooperation with CIA and who knows when they will pull the rug under you again.
Do you really trust a foundational rotten group of people who avoid accountability?
I'm guessing at least 50% of the "users" of Antigravity are actually OpenCode users exploiting the oauth and endpoint. Must be infuriating to them if they're subsidizing it.
The OpenCode plugin (8.7k stars btw!) even advertises "Multi-account support — add multiple Google accounts, auto-rotates when rate-limited"[1]
I've stopped using Gemini models altogether because of this. I'm using Claude Code with MiniMax M2.5 for a while now and i couldn't be happier. I haven't noticed any drop in output quality and the biggest advantage is that even the $10 is pretty generous. I haven't been hit with rate limit, not even one time. And i'm pretty heavy user. I tried also GLM 5.0 but i hit rate limit there pretty early on.
One thing with GLM 5 is they seem to do this weird thing where when your account is just opened it limits you really heavy, then this gets lifted later.
I had buyers remorse when the first hour or two I kept getting rate limited on GLM5, but since then i've not had a single rate limit and I am using it very heavily.
Just adding for context that I use Gemini Ultra and across all models from Gemini 3.1 Pro to Claude Opus 4.6, I have never hit 429s as well as hitting model quota limits is incredibly rare and only happens if I am trying to run 3 projects at once. While not the biggest agentic coding fan, I have been toying with them and have been running it for at least 7-8 hours a day if not longer.
I’ve often suspected these models of getting dumber when the service is under high load. But I’ve never seen actually measured results or proof. Anybody know of real published data here?
ChatGPT was brutal for it a couple years ago. You could tell when it would go into “lazy mode” during peak usage periods.
Suddenly instead of writing the code you asked for it would give some generic bullet points telling you to find a library to do what you asked for and read the documentation.
This is the first time in recent memory that software has had high variable costs so the surprise at these rules is understandable.
In this case, a the difference in context cache hit rate between openclaw and antigravity.
For example if openclaw starts every message with the current time hh:mm:ss at the top of the context window, followed by the full convo history, it would have a cache hit rate if ~0. Simply moving the updated time to each new message incrementally would increase hit rate to over 90%. Idk if openclaw does this but there’s many many optimizations like this. And worse, thrashing the cache has non linear effects on the server as more and more users’ cached contexts get evicted from cache due to high cardinality. The cost to serve difference could be >10x.
Google is the furthest behind on coding agent adoption and has all the incentives to allow off policy use to grow demand. But it would probably be better to design their own optimized openclaw and serve that for free than let any unoptimized requests in.
It's a fair point, but I think people are thinking too much about 'cost' and 'subsidies' and just the fact that everyone is so compute stretched.
While it's sort of the same thing, I think it's much more a symptom of not enough compute vs some 'dump cheap tokens' on the market strategy.
One related thought I had was that given OpenAI is the only one _not_ doing this of the big3, it probably indicates they have a lot more spare compute.
It doesn't make sense to me that given the absolutely brutal competition any of these companies would block use of 3rd party apps unless they had to. They clearly have enough cash, so I don't think it's about money - I think it's that an indicator that Google and Anthropic are really struggling with keeping up with demand. Given Anthropics reliability issues last week this does not surprise me.
I would add though that many are also being caught up in antispam efforts.
I.e. that for every legimate OpenClaw user doing something trivial with their account misusing the sub. There is probably 10x using it to send spam emails and spam comments.
I suspect from googles perspective some of these people are just a rounding error.
That said I use API where I should and the sub in the first party apps. Perhaps I'm too much of a goody two shoes but AI already feels such an overwhelming value prop for me I don't care.
That said I think you're right in that money matters here but I think the subs as they intend people to use them is hugely profitable i.e. the people doing 10 chats per work day and a few in the evening but paying £20 per month.
> One related thought I had was that given OpenAI is the only one _not_ doing this of the big3, it probably indicates they have a lot more spare compute.
Or, pessimistically, it could indicate they’re burning cash hoping the subsidized access will eventually result in someone giving them a product idea they can build and resell at a profit.
If they let *claw (or third party coding agents, or whatever) run for six more months and in those months figure out how to sell a safe substitute and then cut off access, maybe it will have been worth it.
>This is the first time in recent memory that software has had high variable costs
Running software has always had a variable cost.
Why should I be surprised if [cloud provider] were upset that I were running a thousand free tier servers? Or utilizing any paid plan at all to somehow effect utilizations far exceeding the clearly documented limitations of my plan?
Using the torrent network protocol on a VPN that doesn't support it, or fork bombing an email server, or using that one popular free video hosting service to host nigh unlimitted arbritrary data, or hosting content that is illegal to the server operator regardless of its legality to me, etc, etc, etc
It's all the same thing: TOS violation.
No one is being forced to use these products without reading and signing the terms of service. In this particular instance, you can even use the free version of the provided service to analyze the terms of service for the paid plan if you were really so lazy.
I really am genuinely confounded as to why people are so regularly surprised that they can't just do whatever they please with proprietary solutions. Like "oh what do you mean I can't lie about the date of my injury in order to get it covered by insurance?".
It's almost like people just assume that everything ever works exactly as they would deam it to (in their benefit), rather than the much more sane assumption that every company is going to be naturally inclined to cater to their own benefit before the users'.
Readit News
Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.
Then someone shares the exploit with a bunch of script kiddies, they exploit it to the Nth degree, and the company immediately notices and shuts everyone down.
Like, my dudes, what did you think was going to happen?
You treasure these little tricks, use them cautiously, and only share them sparingly. They can last for years if you carefully fly under the radar, before they're fixed by accident when another system is changed. THEN you share tales of your exploits for fame and internet points.
And instead, you integrate your exploit into hip new thing, share it at scale, write blog posts and short form video content about it, basically launch a DDoS against the service you're exploiting, and then are shocked when the exploit gets patched and whine about your free thing getting taken away?
Like, what did you expect was going to happen?
> Like, a corporation had a weakness you could exploit to get free/cheap thing. Fair game.
From a pure hacker perspective, I'm surprised there are people calling a legitimate usage a "weakness you could exploit"?
What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.
Then Google unilaterally changed the TOS of a product people already purchased and started pulling the rug. And again, there are people who call themselves hackers who approve of that? Even worse, they call people calling out Google for their monopolistic behavior whining.
If so, I don't think anybody who knows how auth works could feign complete innocence.
"The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".
You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.
But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.
It's technically possible, but Google didn't provide a feature allowing the creation of Antigravity or Gemini CLI API keys for use outside the respective apps.
Google's monopoly is not in AI, it's advertisement. When you accuse them of ridiculous and unfounded crimes, you're diluting the chance of Google being held accountable. As someone that wants to see Google ripped apart by the FTC, we can't just lie and say everything Google does is criminal.
$249/mo isn't cheap
It's the same with vulnerabilities in slot machines. Damn rare but they exist - in 2014, when I worked in that industry, one gang made a big bang: in a single night, casinos across Germany had to say goodbye to probably 10 million € [1]. Of course, that vulnerability made massive waves... but from what I heard back then, it had been circulating for many months beforehand. Of course, 10 million € is nothing to sneeze at, but keeping a low profile could have made everyone in the know far more profit.
[1] https://www.t-online.de/digital/aktuelles/id_68982394/softwa...
(See Napster.)
* User uses Google oauth to integrate their open claw
* user gets banned from using Google AI services with no warning
* user still gets charged
If you go backwards, getting charged for services you can't access is rough. I feel sorry for those who are deeply integrated into Google services or getting banned on their main accounts. It's not a great situation.
Also, getting banned without warning is rough as well. I wonder if the situation will be different for business accounts as opposed what seems like personal accounts?
The ban itself seems fair though, google is allowed to restrict usage of their services. Even though it's probably not developer friendly, it's within their rights to do so.
I guess there's some level of post mortem to do on the openclaw side too.
* Why did openclaw allow Google anti gravity logins?
* The plugin is literally called "google-antigravity-auth", why didn't that give the signal to the maintainers?
* Why don't the maintainers, for an integration project, do due diligence checks on the terms of service of everything you're integrating with?
OpenClaw went from virtually unheard of to a sensation in a couple weeks. There was intense commit activity and the main author bragged about not even reading the code himself. It was all heavily AI driven and moving at an extreme rate. Everyone was competing to get their commits in because they wanted to be a part of it.
The entire project was a fast and furious experiment. Nobody was stopping to think if something was a good idea or not when someone published a plugin for using this endpoint. People just thought “cool!” and installed it.
But I guess it's only ok when you work on regular joe facing projects, where the consequences of bugs are on powerless users. If the consequences are on Google, well, that's not acceptable now is it?
Agreed. The lesson is: do not become dependent on Google. Ever.
(Unfortunately I still use youtube and a chromium-based browser. Long-term I hope to find alternatives to both problems. Google search I no longer need because Google already ruined it a few years ago; the quality now is just horrible. I can not find anything useful with it anymore.)
> Hoping for some transparency, I left a single, polite comment asking for clarification on why the update was removed. Surprisingly, my forum account was banned shortly after posting that question.
I could see a problem with logging into Antigravity then exfiltrating the tokens to use somewhere else... But that doesn't sound like what happened. (And then how would they know?)
I haven't used Open Claw, so what else am missing to make this make sense?
When I first tried OpenClaw and chose Google Sign-In, I noticed the window appeared saying "Sign into Google Antigravity" with a Google official mark, and a warning it shouldn't be used to sign into anything besides official Google apps. I closed it immediately and uninstalled OpenClaw as this was suspicious to me, and it was a relatively new project then.
It amazes me that the maintainer(s) allowed something like this...
2. Did a human create the plugin?
3. Are the maintainers human?
By human I mean an animal that is intelligent enough to understand the agreements and what code they are writing.
I feel that sometimes corporations have all 3 montesquieu powers. Google can define eulas, decide if you should be punished, and apply a ban.
Can a shop decide who to serve? I may be wrong, but big tech should not be able to 'just close' accounts, or demonetize accounts on their whim.
There's a good chance the plugin was written by gemini, why did it allow that?
Dead Comment
"We’ve been seeing a massive increase in malicious usage of the Anitgravity backend that has tremendously degraded the quality of service for our users. We needed to find a path to quickly shut off access to these users that are not using the product as intended. We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on but we have limited capacity and want to be fair to our actual users."
It feels like a good default for this would be something similar to video game bans: where you get a "vacation" from the service with a clear reason for why that is, but can return to using it later. Given how much people depend on cloud services, permanent bans for what could be honest mistakes or not knowing stuff would be insane.
https://news.ycombinator.com/item?id=40784126
Good on them that they want to provide a way to bring back customers on board that were burned / surprised by their move.
BUT: The industry is missing a significant long term revenue opportunity here. There obviously is latent demand and Claws have a great product market fit. Why on earth would you deactivate customers that show high usage? Inform them that you have another product (API keys) for them and maybe threaten with throttling. But don't throw them overboard! Find a solution that makes commercial sense for both sides (security from API bill shock for the customer / predictable token usage for the provider).
What we're seeing right now is the complete opposite. Ban customers that might even rely on their account. Feels like the accountants have won this round - but did not expect the PR backlash and possible Streisand effect...
It's not hard to define a quota system and enforce it. If the quota is too high then reduce the quota. If people are abusing the quota with automated requests then detect that and rate limit those users.
If I'm paying $200+ a month I should be able to saturate Google with requests. It's up to Google to enforce their policies via backpressure so that they don't get overloaded.
Then again this is the same company that suspended people's gmail because they sent too many emotes in YouTube chat. Sadge.
Antigravity has very low daily and weekly quotas unless you pay for their most expensive plan, so it means these people drop $200+ a month to run these bots, insanity
Are they though? Another comment (https://news.ycombinator.com/item?id=47116205) seems to indicate these people are all indefinitely suspended with no path to unsuspend them:
> [...] I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. [...]
There is a (pretty generous and imo reasonable) request quota that reset every 24h
The whole concept of service "abusers" is made up bullshit by companies that over promise, over sell and under deliver.
That's not what support has been telling their $250 a month customers.
we are unable to reverse the suspension [1]
I get the need to move fast to stabilise the service but similar to an outage it doesn't take much to put a banner on the support page to let customers know bans are temporary until they can come up with a better way of educating customers. Further more it doesn't much to instruct ban appeal teams to tell customers all bans are under review no matter what the reason is to buy them time to separate Claw bans from legitimate abuse bans that need to be upheld.
The fact that users are paying $250 for a service they can't use for at least the last 11 days kills any sympathy I had that Google needed "quickly shut off access", it's like they just sat on their hands until the social media storm hit flash-point.
After 11 days there still isn't even an official statement, just a panicked tweet from a dev likely also getting hammered on socials, goodness knows how long before accounts are restored and credits issued.
Even the original Google employee in the forum thread just ghosted everyone there after the initial "we're looking into it".
[1]: https://news.ycombinator.com/item?id=47116205
Dead Comment
> Our investigation specifically confirmed that the use of your credentials within the third-party tool “open claw” for testing purposes constitutes a violation of the Google Terms of Service [1]. This is due to the use of Antigravity servers to power a non-Antigravity product. I must be transparent and inform you that, in accordance with Google’s policy, this situation falls under a zero tolerance policy, and we are unable to reverse the suspension. I am truly sorry to share this difficult news with you.
Considering the tremendous amount of tokens OpenClaw can burn for something that has nothing to do with sofware development, I think it's reasonable for Google to not allow using tokens reserved for Antigravity. I don't think there's such a restriction if you pay for the API out of pocket.
Then maybe they should charge for that instead of banning accounts?
Google decided on their own business plan without any guns to their backs. If they decide to create a plan that is subsidized that's entirely on them.
How can Claws users miss this?
What Google could have done better: obviously implement rate throttling on API calls authenticated through the Gemini AI Pro $20/month accounts. (I thought they did this, buy apparently not?) Google tries hard to get people to get API keys, which is what I do, and there seems to be a very large free tier on API calls before my credit card gets hit every month.
What a wonderful way to stop people from using your LLM.
All these AI companies trying to get everyone to be locked into their toolchains is just hilariously short sighted. Particularly for dev tools. It's the sure path to get devs to hate your product.
And for what? The devs are already paying a pretty penny to use your LLM. Why do you also need to force them to using your toolkit?
This isn't a sudden change, either: they were always up-front that subscriptions are for their own clients/apps, and API is for external clients. They don't document the internal client API/auth (people extracted it).
I think a more valid complaint might be "The API costs too much" if you prefer alternative clients. But all providers are quite short on compute at the moment from what I hear, and they're likely prioritising what they subsidise.
Not saying it's right. But it's also not exactly a secret that they are all taking VERY heavy losses even with pricey subscriptions.
It's okay to be annoyed at being caught, but honestly the deer in the headlights bit is a bit ridiculous.
If you want to use an API, pay for the API option. Or run your own models.
Because of their large footprint in so many areas, it is wise to greatly (re)consider expansion in the ways that you rely on them.
Next I tried using the Antigravity Gemini plan through OpenCode (I guess also a bannable offense?) and the first request used up my limit for the week.
What the hell do you expect? To get paid for using other people's tools on Google's servers?
I haven't tried Antigravity but I remember on release it had huge UX issues. Is this product just not ready for primetime?
BTW, I tend to only use Google for services I pay for (YouTube+, APIs, Gemini Plus, sometimes GCP).
This "zero tolerance" policy is just absurdly mega-goliath out of touch with the world. The sort of soulless brain dead corporatism that absolutely does not think for even a single millisecond about its decisions, that doesn't care about anything other than reducing customer support or complexity, no matter what the cost.
Kicking people off their accounts for this is Google being willing to cause enormous untoward damage. With basically not even the faintest willingness to try to correct. Gobsmacking vicious indifference, ok with suffering.
You are doing groundbreaking new and untested stuff with Claw? Do not use your main account. You want to access your main account's data? Sure, allow it via OAUTH/whatever possible way.
Have separate accounts, people. You don't want one product groups decision in those large SaaS corps to impact everything else.
Getting through to customer support was impossible.
5 years later I tried to get my account opened up, filled out some forms, and by some miracle it was.
My biggest takeaway from this (other than enabling 2FA) was that it is probably easier to get ahold of the scammers that control your account, than to get ahold of actual human customer support at google / alphabet.
1) Open Claw has a Google OAuth client id that users are signing in with. (This seems unlikely because why would Google have approved the client or not banned it)
2) Users are creating their own OAuth client id for signing themselves into Open Claw. (Again, why would these clients be able to use APIs Google doesn't want them to?)
3) Users are taking a token minted with the Antigravity client and using it in Open Claw to call "private" APIs.
Assuming it's #3, how is that physically accomplished? And then how does Google figure out it happened?
Everything just guesswork, but I don't think it is too hard to figure out whether it is Antigravity calling the APIs or any Claw.
Dead Comment
So if I ask Google's AI studio the wrong question, I might get my G-drive, Gmail, API access, Play store, YouTube channel, "login with Google" tokens, and more all ripped away instantly with no recourse?
No thanks
As a consumer, you're better served by using services from companies earlier in that lifecycle, where value accrues to you, and that's not Google, and likely not many other big providers.
When those newer companies turn, you switch. Do not allow yourself to get locked into an ecosystem. It's hard work, but it will pay dividends in the long run.
Dead Comment
Gemini Chat: ChatGPT
Gemini CLI: Claude Code
Antigravity: Cursor
Nano banana: Midjourney
Subscription API ban: copied Anthropic
NotebookLM seems to be the only exception, or it could be an acquisition.
Subscription API ban could be part of a larger strategy because of OpenClaw’s association with OpenAI and Google will not be able to copy OpenClaw Personal Assistant model due to the security implications.
Pay as you go through API pricing is one of the easiest ways to drastically reduce mass adoption of a product. Pay per month works on consumption patterns where 80% of the users will barely use the product to compensate for the other 10 or 20% power users.
I mean it's fair, just should have been documented properly and the possibility to use Gemini through OAuth restricted with proper scope instead of saying you broke the ToS we ban your 350$/ month account.
Deleted Comment
swap out the direct api call with a call to gemini cli?
Dead Comment
Either stick to first party products or pay for API use.
The apparent shock around this sort of thing always feels like cope for the fact that we (myself included) understand the power imbalance between Google and its customers but don't want to admit it.
There's plenty of evidence at this point, and I feel like we should be using that emotional energy to actually do something about it (like switching providers for critical personal services, for example).
That said, I assume that (1) their long-term goal is to create cheaper-to-serve models that fit within their pricing targets, and use the (temporarily) subsidized subscriptions to find the features and costs that best serve the market. Maybe even while capturing more margin on the API in comparison (eg keep API prices high while lowering cost to serve a token). I've largely stopped using Opus, and sometimes even chose to use Haiku, because the cheaper models are fast and usually serves my needs. It's very possible to work all-day and barely hit the usage limits with Haiku on the $20/mo option. Long term, that could be profitable outright.
And (2) subscriptions with lower SLOs than API calls have the potential to provide "infill" usage for high fixed-cost GPUs as an alternative to idling, similar to their batch APIs. I'd believe that overnight usage limits could/should be higher than during California work-hours. I assume most big providers have pre-paid fixed cost servers, so pumping more tokens through an otherwise idle GPU is "free". They can also do a lot more cost-optimization behind the scenes, such as prompt caching, to reduce the cost of tokens.
I feel like this game is just a hot potato, can you get retail to hold the bag game
Kimi K2.5 is the best one, but it's still not at the level of what Anthropic released with opus 4.5.
You say this, but I guarantee that when they do offer a plan similar to Google/Anthropic's dedicated coding "unlimited" subscription, they will do the exact same thing. Maybe they will let OpenClaw in as a first party because of their partnership with the creator.
Race to burn as much cash as possible in hopes that the other goes bankrupt first?
These models aren't profitable at the fixed subscription tiers.
Regardless, I thought it was pretty obvious that things like OpenClaw require an API account, and not a subsidized monthly plan.
API usage can get very high for automatic operations, especially with apps like Kilo/Roo/Cline, and now with OpenCode/OpenClaw. I often blast through $10-20 in a single day of just regular OpenCode usage through OpenRouter
If I could pay a subscription and get near unlimited use (with rate limits), of course I'd do that, but not like this. I'm pretty sure Antigravity has ToU somewhere that indicates it's only allowed for use in Antigravity and nowhere else, since I've seen other threads on this happening: https://github.com/jenslys/opencode-gemini-auth/issues/50
But they're not near unlimited though. They're just hidden limits.
Edit: maybe it's not the whole account? https://news.ycombinator.com/item?id=47116330
I analyzed 6k HTTP requests on the Pro account, 23% of those were hit with 429s. (Though not from Gemini-CLI, but from my own agent using code assist). The gemini-cli has a default retry backoff of 5s. That's verifiable in code, and it's a lot.
I dont touch the anti-gravity endpoint, unlike code-assist, it's clear that they are subsidizing that for user acquisition on that tool. So perhaps it's ok for them to ban users form it.
I like their models, but they also degrade. It's quite easy to see when the models are 'smart' and capacity is available, and when they are 'stupid'. They likely clamp thinking when they are capacity strapped.
Yes the models are smart, but you really cant "build things" despite the marketing if you actively beat back your users for trying. I spent a decade at Google, and it's sad to see how they are executing here, despite having solid models in gemini-3-flash and gemini-3.1
I think this is the most important takeaway from this thread and at some point, this will end up biting Google and Anthropic back.
OpenAI seems to have realized this and is actively trying to do the opposite. They welcomed OpenCode the same day Anthropic banned them, X is full of tweets of people saying codex $20 plan is more generous than Anthropic's $200 etc.
If you told me this story a year ago without naming companies, I would tell you it's OpenAI banning people and Google burning cash to win the race.
And it's not like their models are winning any awards in the community either.
They also actively employ dark strategies in cooperation with CIA and who knows when they will pull the rug under you again.
Do you really trust a foundational rotten group of people who avoid accountability?
The OpenCode plugin (8.7k stars btw!) even advertises "Multi-account support — add multiple Google accounts, auto-rotates when rate-limited"[1]
[1] https://github.com/NoeFabris/opencode-antigravity-auth/blob/...
I had buyers remorse when the first hour or two I kept getting rate limited on GLM5, but since then i've not had a single rate limit and I am using it very heavily.
Suddenly instead of writing the code you asked for it would give some generic bullet points telling you to find a library to do what you asked for and read the documentation.
[1]: https://news.ycombinator.com/item?id=46909905
In this case, a the difference in context cache hit rate between openclaw and antigravity.
For example if openclaw starts every message with the current time hh:mm:ss at the top of the context window, followed by the full convo history, it would have a cache hit rate if ~0. Simply moving the updated time to each new message incrementally would increase hit rate to over 90%. Idk if openclaw does this but there’s many many optimizations like this. And worse, thrashing the cache has non linear effects on the server as more and more users’ cached contexts get evicted from cache due to high cardinality. The cost to serve difference could be >10x.
Google is the furthest behind on coding agent adoption and has all the incentives to allow off policy use to grow demand. But it would probably be better to design their own optimized openclaw and serve that for free than let any unoptimized requests in.
While it's sort of the same thing, I think it's much more a symptom of not enough compute vs some 'dump cheap tokens' on the market strategy.
One related thought I had was that given OpenAI is the only one _not_ doing this of the big3, it probably indicates they have a lot more spare compute.
It doesn't make sense to me that given the absolutely brutal competition any of these companies would block use of 3rd party apps unless they had to. They clearly have enough cash, so I don't think it's about money - I think it's that an indicator that Google and Anthropic are really struggling with keeping up with demand. Given Anthropics reliability issues last week this does not surprise me.
I would add though that many are also being caught up in antispam efforts.
I.e. that for every legimate OpenClaw user doing something trivial with their account misusing the sub. There is probably 10x using it to send spam emails and spam comments.
I suspect from googles perspective some of these people are just a rounding error.
That said I use API where I should and the sub in the first party apps. Perhaps I'm too much of a goody two shoes but AI already feels such an overwhelming value prop for me I don't care.
That said I think you're right in that money matters here but I think the subs as they intend people to use them is hugely profitable i.e. the people doing 10 chats per work day and a few in the evening but paying £20 per month.
Or, pessimistically, it could indicate they’re burning cash hoping the subsidized access will eventually result in someone giving them a product idea they can build and resell at a profit.
If they let *claw (or third party coding agents, or whatever) run for six more months and in those months figure out how to sell a safe substitute and then cut off access, maybe it will have been worth it.
Running software has always had a variable cost.
Why should I be surprised if [cloud provider] were upset that I were running a thousand free tier servers? Or utilizing any paid plan at all to somehow effect utilizations far exceeding the clearly documented limitations of my plan?
Using the torrent network protocol on a VPN that doesn't support it, or fork bombing an email server, or using that one popular free video hosting service to host nigh unlimitted arbritrary data, or hosting content that is illegal to the server operator regardless of its legality to me, etc, etc, etc
It's all the same thing: TOS violation.
No one is being forced to use these products without reading and signing the terms of service. In this particular instance, you can even use the free version of the provided service to analyze the terms of service for the paid plan if you were really so lazy.
I really am genuinely confounded as to why people are so regularly surprised that they can't just do whatever they please with proprietary solutions. Like "oh what do you mean I can't lie about the date of my injury in order to get it covered by insurance?".
It's almost like people just assume that everything ever works exactly as they would deam it to (in their benefit), rather than the much more sane assumption that every company is going to be naturally inclined to cater to their own benefit before the users'.