OpenRouter tells you if they submit with your user ID or anonymously if you hover over one of the icons on the provider, eg OpenAI has "OpenRouter submits API requests to this provider with an anonymous user ID.", Azure OpenAI on the other hand has "OpenRouter submits API requests to this provider anonymously.".
But does "anonymous user ID" mean that they make a user ID for you, and it's sticky? If I make a request today and another tomorrow, the same anonymous user ID is sent each time? Or do they keep changing it?
I believe they are static user ids that only OpenRouter knows is you (the anonymous part. Static id is required for any cached pricing. If the user id changes each request, it would be a massive security hole to reuse that cache between requests with different user ids.
Without caching, it would make sense to be per-request (more like a transaction-id, and would make sense to be) as this could then be tied internally back to a user while maintaining external anonymity, but unfortunately I don’t believe that is the case.
OpenRouter recently started enforcing account-level regional restrictions for providers that enforce it (OpenAI, Anthropic, Google) - ie blocking accounts that look like they are being used by users in China. The regional restriction used to be based on the Cloudflare edge worker IP's geolocation and enforced upstream, so a proxy/server running inside of supported regions would get around the geoblocks, but now OpenRouter are using (unspecified) signals like your billing address to geoblock. People say "banned" because the error message says "Author <provider> is banned", which really should be read as "Unable to use models from provider due to upstream ban".
What illegal activity? What another user pointed out about crypto isn't it, I'm talking about the fact that you can't open a service through Openrouter and charge your users per Token (aka "reselling" Openrouter), since when is this illegal?
Microsoft has been taking steps to mitigate the leaked code signing certificate problem.
On the driver side of things, new versions of Windows no longer trust the cross-signed certs, so you must submit your driver to Microsoft to validate and sign, so no private key to go missing. https://techcommunity.microsoft.com/blog/windows-itpro-blog/...
On the regular Authenticode side of things, the new CA/B Forum rules have prohibited storing new private keys outside of hardware modules for a while now, so eventually you won't be able to find a leaked private key for code signing that would still be valid.
NordVPN calls out when a location is virtual, so unless ipinfo is claiming they have virtual locations that are not labelled as such, they are at least transparent about it. They did document the physical server locations of their virtual locations at launch, but I'm not sure if there's a live doc for new locations. https://nordvpn.com/blog/new-nordvpn-virtual-servers/
The author was running a quantised version of GLM 4.5 _Air_, not the full fat version. API pricing for that is closer to $0.2/$1.1 at the top end from z.ai themselves, half the price from Novita/SiliconFlow.
1. Trigger Circle to Search with long holding the home button/bar
2. Select the image
3. Navigate to About this image on the Google search top bar all the way to the right - check if it says "Made by Google AI" - which means it detected the SynthID watermark.
> Recurring tasks fire up to 10% of their period late, capped at 15 minutes. An hourly job might fire anywhere from :00 to :06.
> One-shot tasks scheduled for the top or bottom of the hour fire up to 90 seconds early.
reply