Been banned for AI-Slop on a few subs here on Lemmy as well as on Reddit.
I always provide a good amount of technical detail in my posts and i try to be as transparant and communicative about the details. My projects are very complicated and I try to document them well.
my project is pretty cryptography-heavy… the act of me sharing my efforts in an attempt to show transparency… but it is used against my project by calling it AI-slop (undermining Kerkhoff’s principles).
It’s 2026 and most developers are using AI. I have used it to create things like formal proof and verification.
my project is aimed to be a secure messaging app. i have all the bells-and-whistles there along with documentation… but if the conversation cant move past “its AI-generated”… then it seems the cryptography/cybersecurity/privacy community isnt aligned with the fact that using AI is now common practice for developers of all levels.
AI is a tool. you cant (and shouldnt) “trust” AI to do anything without oversight. AI does not replace the due-diligence that has always been needed. i dont “trust” my hammer to bash in a nail… i “use” the hammer. AI is not different in how you need to be responsible for how its used.
i’ve busted my ass on my project for it to be called AI slop. i think its completely fine when it comes from folks in the community. cryptography is a serious subject and my ideas and implementation SHOULD/MUST be scrutinised… but its simply ignorant if mods are banning me for the quality of my work considering the the level of transparency and my engagement on discussions about it.
It’s a bit reductive to call it slop. I think i try harder than most in providing links, code and documentation. Of course I used AI… and it’s clearer for it. (you can find more detail on my profile)
i am of course sour from being banned, but am i wrong to think my code isnt AI slop? Some parts of my project are clearly lazy-ui… but im not sharing on some UI/UX/design sub. the cryptography module has unit tests and formal verification. if that is AI-slop and can result in me being banned, i simply dont have faith in that community to be objective on the reality of where AI can contribute.
while its understandable people dont want to review AI-slop… i think the cryptography/cybersecurity community needs to get on board with the idea of using AI to help in reviewing such code. am i wrong? is the future of cryptography is still people performing manual review of the breathtaking volumes of AI code?
Thanks. Sadly I can’t even get the latest version to work. It does find the other peer and loads the chat interface, but doesn’t open a data channel, so it’ll say “not connected” and do an error popup everytime I try to send a message. And I’ve spend enough time debugging it for now.
Just some general words of my wisdom: I think software projects are first and foremost about focus. I don’t really know what you’re trying to do here. If that’s writing a cryptography library, I think focus is about right. You first need to lay down the design properly. Make sure you factor in advanced tech like formal proofs from the start. After that you need to write the actual code. And then also make sure it aligns with your testing. I mean it’s fairly common to make mistakes while writing computer code, or have bugs… And any of those could render your more formal methods useless. For example like that one time when some Debian package always sent the same random number as a seed… That meant the algorithms were 100% correct. Just used in a wrong way so most of the encryption was futile. Things like that require an equal amount of focus. If not more, since we already know how Double ratchet works, the important part is to implement it correctly and use it correctly. That deserves a massive amount of focus (and effort). It’s also the major part of a security audit of a software project as a whole.
We also have things like sidechannel-attacks, which aren’t covered. But I think that’s a minor thing with what we’re looking at.
And if you’re trying to develop a chat app, Your focus probably needs to be somewhere aimed to make it work, first. Make it connect reliably and across a multitude of devices. Cryptography is pretty much dispensable at that step. Then focus on the UX. Make sure it’s not vulnerable to just bypass any subsequent encryption because for example you don’t have script nonces and everyone in the chat can inject JavaScript and just bypass your entire encryption.
Think about metadata and if your software product wants to address that. You could be doing encrypted messages but all kinds of third parties know who is talking to whom… Make sure you do what your users expect!
And I think that’s also the reason for some of the downvotes here. You have a narrow focus on the formal proof of your encryption algorithm. While your audience probably expects a working Chat app. For all they care it could be entirely unencrypted in the alpha version, and encryption comes in a later version. We as users need something that works in the first place. We want to know what happens to our metadata. If there’s security vulnerabilities in the software. And once all of that is in place, then we start to worry about the specifics of the end-to-end-encryption.
Probably also related to the AI-slop argument. I don’t really know what shaped your focus. But it must look to your audience like you’re deep in some singular rabbit hole, because you write about formal proofs a lot. But then there’s this huge disparity with what your audience assumes you’re doing, or what you have to show off. Just my opinion. But it’s kinda like that for me. You write about how great AI assisted coding is, and where it led you. But then I try to use your software. And it doesn’t even connect. And that really shapes my first impression of it all, in a very negative way. I mean… If we hadn’t talked, I would have just assumed your cryptography is on the same level as your code to do the peer connections. And that wasn’t a good first impression.