Unlinked domains can definitely be found in a lot of ways, but like I show in the article there was literally no fetching of the page except for Googlebot. So even if the hostname was leaked somehow the contents of the page require fetching the page, which was only done by Google. Also like I show in the article the content that ChatGPT knows identically matches what's in a Google search snippet, down to where a word-break is.

Oh, yes you’re right. I didn’t read the whole thing, which was clearly a mistake. I apologize. Good job with the article, and thank you. It’s pretty funny that they only get the excerpts.

No worries & thanks! Yea I didn't expect to get them with the excerpts too, that was a surprise bonus.

What I am saying is that this was a glitch where the full prompt rather than a translated prompt was sent to Google Search. OpenAI says they fixed the glitch, so yes it was definitely an error on their part. My research doesn't show how to repro that error, just that it existed.

That’s my biggest takeaway. I have almost completely de-googled my personal and business life, but do use ChatGPT for work occasionally, mostly boilerplate python but occasionally refining emails. I don’t know why it did not occur to me that the tool could just send my entire prompt, and a whole bunch of other identifiers and tags to an external source, but of course there’s nothing to prevent that, except possibly efficiency… but since Google and other external search engines are all doing AI summaries I wonder if this wasn’t a bit more intentional. ChatGPT makes the call out and offloads some “work” to someone else’s AI summary. Yuck.

I definitely wouldn't! Beyond the "glitch" I'm reporting here where full prompts are seemingly sent to GSC, it may still be that searches are scraped... meaning that while it's less obviously personal than a raw prompt it still could leak user intent.

GSC does filter and threshold what shows, but that doesn't always work 100%. Also those filters are built to work against traditional keyword searches, not prompts. It's also supposed to threshold low volume queries which should have kept a lot of things prompts out of GSC, but for whatever reason that wasn't very effective.

I've worked in many GSC consoles over the years, and I've never seen anything like what I saw in this case. (I'm the original author)

Ok this is pretty funny. Just like any good internet commenter this bot didn't actually read the article... which doesn't actually say "AI is a tool, not a panacea" anywhere.

I agree with your take. I've definitely owned and played some excellent sub-$1000 guitars, but at the lower price points things it can be frustrating to deal with things like low-quality tuners, improperly shielded components, etc. I'd say 90% is about pickups, strings, and frets. Most of the 60s guitars I've played were not great tbh.

The channel I mentioned measured the internal cabling of an 60s Les Paul and it had a WILD capacitance swing changing with humidity (more than 100% of the orignal value). Meaning the capacitance-induceed resonant frequency of the guitar would shift strongly over the course of a gig.

Needless to say, this is probably not a thing anybody is looking for.

Yes, it's very much like HotJar, focused on session capture & heatmap.

Unlike Plausible and Fathom, it looks like Rybbit is NOT salting by default ( (but that it's an option to enable per site: https://www.rybbit.io/docs/enhanced-privacy). Which is why they can offer retention reporting.

This seems incompatible with ePD.

I don't trust tools that don't disclose precisely how they track you. They say:

Combining Inputs: We combine key session details (which shall not be named for security reasons) with a cryptographically secure secret value. SHA-512 Hashing: This combined input is hashed using SHA-512, producing a highly secure, anonymized session ID.

They know that we can see what they send in their tracking payload right? They send: hostname, language, referrer, screen resolution, page title, url, and a website id.

So I would presume their highly secretive & secure user session id is: hash(salt + website id + ip + HTTP user-agent + screen resolution? + language?)

I don't see that it says how frequently the salts are rotated, which is one of the key points on which the "no consent banner required" tools like this claim that consent isn't required.

I recently wrote an article on this topic, focused on the power law dynamics that leave such a small amount of room at the top of the industry: https://www.quantable.com/analytics/power-laws-why-our-new-a...

I don't personally think it's new vs. old as much as the power law distribution coupled with the fact that old music is more available and promoted than ever. Plus the algorithms are focused on giving us more of the same thing we have shown it we like rather than new music discovery.