DEV Community: GokuScraper悟空爬虫

When 'I Can't Code' Becomes a Badge: Beware the AI Marketing Bubble

GokuScraper悟空爬虫 — Tue, 12 May 2026 08:38:44 +0000

When 'I Can't Code' Becomes a Badge: Beware the AI Marketing Bubble

On short-video platforms, a creator who calls himself an "independent developer who can't code" goes by the name Hushu. In his profile bio, he highlights two eye-catching claims: Kitten Fill Light (No. 1 on the App Store paid chart) and Nuwa.skill (8K+ stars on GitHub). Those two labels have earned him plenty of traffic and a strong trust halo.

But if you take a closer look at both projects, their actual weight may be far lighter than they first appear. This article is not meant as a personal attack; it is simply a fact-based review of two publicly verifiable claims.

1. Kitten Fill Light

1.1 Fact-checking the claim of being No. 1 on the paid chart

On short-video platforms, Hushu's bio still says "Kitten Fill Light (No. 1 on the App Store paid chart)." As of May 12, 2026, that line is still there, with no date and no further explanation.

So does that claim hold up?

If you open the App Store paid overall chart and scan through the top 100 apps, you won't find an app called Kitten Fill Light. In fact, the paid overall chart has long been dominated by products from major commercial companies. A $1 utility app making it into that list would already be pretty unusual.

Digging further, we find that the app is currently ranked No. 23 on the paid chart in the Photography & Video category.

That reveals the real meaning behind the phrase "No. 1 on the paid chart": it was never the No. 1 app on the overall paid chart. It was a peak ranking in a specific subcategory—the paid chart for the Photography & Video section. And even there, it has now slipped to No. 23.

The conclusion is straightforward: the slogan "App Store paid chart No. 1" leaves out three critical details—no time reference (is it still No. 1 now?), no scope (overall chart or subcategory?), and no current status (is it still at the top today?). By blurring those key details and packaging a temporary subcategory achievement as a permanent badge, the claim becomes misleading, whether intentionally or not.

1.2 Product barriers and replaceability

One of Hushu's core labels is "an independent developer who can't code." It sounds like an underdog story: someone without technical skills built an app that made it to the paid chart. But before getting impressed, it is worth asking what kind of product this actually is.

If you search for "Kitten Fill Light" in the App Store, the results page shows nearly 10 apps with the same or very similar names. Open them up and you'll find that the functionality is almost identical: they use the screen as a light source to simulate a fill light.

That raises a real question: if the market can quickly replicate an app nearly 10 times over, where exactly is the moat?

The answer is: there basically isn't one. The app's underlying logic is simple. It is essentially just controlling screen brightness and color temperature. The code footprint is small, the development cycle is short, and there is no meaningful technical barrier. Put more bluntly: if a developer wants to package and launch a similar product in an afternoon, there is almost nothing stopping them.

Which leads to another question: if someone who claims he "can't code" can still build something like this in such a low-barrier category, does that prove technical ability—or does it say something else? Maybe skill at understanding traffic channels, or an instinct for what certain users actually want?

That is worth thinking about.

1.3 Product reality and longevity

The life of an app ultimately comes down to what the numbers say.

Kitten Fill Light costs $1. According to its App Store page, it currently has 952 ratings with an average score of 4.7. That's not bad, but in the context of paid apps, the rating count is still modest.

What matters more is the timing of those reviews. A large share of them came in 2025, and once 2026 began, new reviews almost disappeared. Judging from the review content and user avatars, the audience is highly concentrated in one specific circle: female users on Xiaohongshu. That means the app's growth has depended mainly on a one-time traffic spillover from a single platform, with little evidence of sustained acquisition from multiple channels.

On top of that, the app's last update was three months ago. Combine that with almost no new reviews in the past six months and no visible user growth, and the picture is clear: this product has entered a decline phase. It is no longer being actively iterated, and it has not established stable growth in the market. It looks more like the byproduct of a short-term marketing event.

So we end up with a product that is already fading, barely updated, and yet still carries a bio line that says "App Store paid chart No. 1" with no date and no scope. Once an achievement is stripped of its limits, its time context, and its current status, and repeatedly used as personal branding, its persuasive power drops sharply.

2. Nuwa.skill

2.1 Community hype

If you open the GitHub repository for Nuwa.skill, the star count in the top-right corner shows 18.7K. That number is real. In the open-source world, it is a very respectable figure.

But here we need to clarify one concept: what exactly does a GitHub star count mean?

In the ideal case, stars reflect how much the developer community values a project. But in the real world of internet distribution, stars usually reflect attention, not necessarily technical depth. A project can get a lot of stars because it rides a hot trend, has a catchy title, or is marketed well, even if the code quality and technical substance are limited. That has been repeatedly proven during the recent AI open-source boom—high-star, low-quality projects are not rare.

So 18.7K stars may be real, but that does not automatically mean the project is technically strong. The real question is what exactly supports those ten-thousand-plus stars.

2.2 The core question: where is the dataset for the "distillation"?

One of Nuwa.skill's main selling points is that it can "distill" the style of public figures like Elon Musk and Donald Trump, then imitate their language patterns in conversation.

Let's be clear about a basic technical principle: in machine learning, "distillation" usually means using the outputs of a large model (the teacher) as training signals for a smaller model (the student), so the smaller model picks up similar capabilities. More broadly, it can also mean training a model on a specific person's language data so it learns to imitate that person's speaking style.

Either way, there is one unavoidable prerequisite: you need data.

If you want a model to learn how Elon Musk talks, what is the first thing you need? You need real speech data from Elon Musk. Where did that data come from? Was it collected by the project itself, or taken from an open dataset? How large is it? How was it cleaned? These are the foundational questions any style-distillation project must answer. A dataset is the prerequisite for reproducibility, and reproducibility is the baseline for technical integrity.

But if you look through the Nuwa.skill repository and resource list, there is no prominent explanation of the dataset. The project says it uses "six parallel agents" to collect data, but it does not clearly explain the source, scale, deduplication method, or compliance handling.

There is also an important technical reality here: large-scale scraping from X (formerly Twitter) is not easy. Since Elon Musk bought the platform, access controls have tightened significantly. Without logging in, even basic browsing and search are heavily restricted; after logging in, there are still rate limits and anti-scraping defenses. A reliable scraping setup requires account pools, proxy rotation, request throttling, and a full engineering stack around it. In essence, this is a competition of resources—not something you can solve just by slapping the word "agent" on it.

So if a project cannot clearly explain where its data comes from, then from a technical standpoint, its "distillation" result cannot really be verified.

A more reasonable inference is that this project is not true model distillation at all, but more likely a wrapper around advanced prompt engineering. The system prompt may preload the target person's common phrasing and stance, allowing the model to mimic that style in conversation. In technical terms, that is fundamentally different from distillation.

2.3 The whole AI bubble in one picture

Step back for a moment, and that 18.7K star count may be more interesting than the project details themselves.

Why would a project that struggles under serious technical scrutiny still attract such massive attention? It reflects one troubling side of the current AI wave: once the "AI" prefix is put on a pedestal, ordinary users develop wildly unrealistic expectations about what it can do.

In that atmosphere, words like "distillation," "agent," and "style imitation" sound magical to non-technical people. Project rigor, data transparency, and reproducibility—things that should be basic consensus in a technical community—get buried under a collective frenzy for novelty.

Nuwa.skill's huge star count is a monument to that collective mood. What it proves is not that this distillation technique is especially solid or innovative. It proves how big the AI bubble is right now, and how wide the information gap is between ordinary users and technical reality.

That is probably more worth thinking about than the project itself.

Conclusion: let technology be judged as technology, and marketing be judged as marketing

At the end, it is worth restating the point of this article: this is not an attack on any one person, but a verifiable fact-check of a public-facing technical persona.

Hushu, as an independent developer, clearly has a strong instinct for marketing and a sharp eye for traffic. In today's content environment, that is unquestionably an advantage. He identified two highly contagious narrative hooks—"I can't code" and "AI." Combined, they create a very attractive story: a person without a technical background uses AI tools to build a paid chart-topper and an open-source project with tens of thousands of followers.

But a story is a story. Facts are facts.

After checking each claim one by one, the so-called "App Store paid chart No. 1" turns out to be a time-limited achievement in a specific subcategory. Presenting it as a timeless, scope-free title is essentially using information asymmetry to crown oneself.

The so-called "Nuwa.skill 10K-star project" does have real GitHub stars, but a project that cannot clearly explain where its dataset comes from cannot have its technical substance independently verified. It looks more like a sophisticated prompt-engineering system dressed up with fashionable terms like "distillation" and "agent." Its real success lies in traffic mastery, not in solid technical contribution.

An expired subcategory No. 1 and a 10K-star project with an unclear technical foundation—those two cards alone do not support the image of a technical guru. What they do prove is that this developer is good at getting seen, not necessarily at creating.

In the current environment, where the AI information gap is still huge, cases like this are not rare. They remind everyone who cares about technology to stay skeptical and verify carefully: let technical achievements be judged as technical achievements, and let marketing capability be judged as marketing capability.

Only by keeping those two separate can we preserve clear judgment in an era full of hype.

I Curated Over 2,000 Seedance 2 Prompts into a Free Website and Open-Source Dataset for You to Use

GokuScraper悟空爬虫 — Sun, 10 May 2026 12:12:52 +0000

I Curated Over 2,000 Seedance 2 Prompts into a Free Website and Open-Source Dataset for You to Use

When I was making AI videos myself, finding good Seedance 2 prompts was a huge pain.

I scoured X (formerly Twitter), TikTok, and Discord, only to find endless screenshots that I couldn't even copy and paste. Most of the so-called "prompt collections" online were either hidden behind paywalls or just dry walls of text with no original videos, no categorization, and no structure. They were practically useless if you wanted to dig deeper.

So, I decided to organize a list myself. But the more I gathered, the bigger the project became. Eventually, I decided to just build a website and an open-source dataset.

The URL is prompthub.gokuscraper.com. It's ready to use right out of the box—no registration or login required.

Currently, the supported models include Seedance 2, Midjourney V6, Flux, GPT Image 2, and Nano Banana Pro. It essentially covers all the mainstream AI image and video generation tools.

The prompts are categorized by use case: Trending, Today's Updates, Entertainment/Memes, Business/Productivity, and Content Creation. There are also source-based categories like "From X (Twitter)" and "From TikTok" to help people with different needs filter quickly.

Every prompt comes with a video preview—it's not just a plain text list, so you can see the results at a glance. It also supports searching by title, tags, and content, so you can easily find specific styles. Just click the "Copy" button, and you can grab the entire prompt without the hassle of manual highlighting.

There's also a lightning-fast "Generate Image" ⚡ button that takes you straight to the corresponding platform. Scroll down, and it automatically loads more. It feels like scrolling through an endless feed, and before you know it, you've gathered a ton of inspiration.

But the website is just a shell. The real effort went into the dataset behind it.

If I just wanted to build a site to display prompts, I wouldn't have gone to all this trouble. From the very beginning, I believed this data shouldn't just sit on a webpage—it needed to be truly open data.

The dataset is called seedance-2-prompts-datasets, hosted on Hugging Face. The total size is 12GB, containing over 2,110 Seedance 2.0 generated videos (mp4) and cover images (jpg).

The core of it is a metadata.jsonl file, where every prompt has been structurally processed. Titles, tags, English/Chinese translations, video file mappings, resolutions, durations, and safety ratings are all neatly labeled and standardized. Here’s an example of a data entry:

{
  "id": "SD2_00133",
  "category": "Entertainment",
  "raw_p": "Environment: A colossal glacial canyon under pale blue twilight...",
  "media": {
    "v": "seedance-2/videos/SD2_00133.mp4",
    "c": "seedance-2/covers/SD2_00133.jpg"
  },
  "spec": { "width": 1280, "height": 720, "ratio": 1.78, "duration": 15.12 },
  "i18n": {
    "zh": { "t": "冰谷虎蛇战", "p": "环境：一座巨大的冰川峡谷...", "tags": ["冰川峡谷", "冰虎", "霜蛇"] },
    "en": { "t": "Glacial Tiger vs Frost Serpent", "p": "Environment: A colossal...", "tags": ["ice canyon", "cinematic"] }
  }
}

For developers, you can load the entire dataset with just one line of code:

import pandas as pd
df = pd.read_json("https://huggingface.co/datasets/GokuScraper/seedance-2-prompts-datasets/raw/main/metadata.jsonl", lines=True)

It’s perfect for secondary uses like research, tool development, or model training. The entire dataset is under the CC BY 4.0 license, meaning commercial use is totally fine—just give attribution.

Why bother making it structured data?

In the AI era, prompts are essentially a new "productivity language." But the current reality is that good prompts are scattered everywhere—in screenshots, tweets, and video comment sections. They are fragmented; you can find them, but you can't easily use them.

What I want to do is simple: collect those scattered, high-quality prompts and turn them into data that machines can read, humans can search, and developers can use directly. It’s not just a "display"—it’s a computable, redistributable data asset.

This project and website are just the first step.

Of course, it's far from perfect right now.

To be honest, building it is one thing, but making it great is another. There are still many things about this project and website that I’m not entirely satisfied with. I'll list them out frankly:

Regarding the website:

A total of 2,110 prompts is far from enough for something meant to be a "Hub".
Model coverage is still incomplete. Right now, Seedance 2 is the main focus, and the volume for other models is visibly lacking.
Categorization could be much more granular. Some tags are a bit too broad right now.
The mobile experience hasn’t been specifically optimized, so it’s not the most comfortable to browse on a phone.
There’s no user system yet. Features like favoriting, liking, and personalized recommendations haven't been built.

Regarding the dataset:

Structured organization currently only covers Seedance 2. High-quality prompts from other models haven’t been integrated yet.
Data sources lean heavily on X (Twitter) and TikTok; content from other platforms is sparse.
Updates currently rely mostly on manual work. I'm still slowly building pipelines for automated scraping and cleaning.
The quality of the Chinese translation is mixed, and some parts need proofreading and rework.
The tagging system isn't detailed enough. Ideally, you should be able to filter by dimensions like camera shot types, lighting styles, and motion types, but that’s not possible yet.

These are the tough nuts I need to crack moving forward. There’s no shame in listing them—hiding the flaws misses the point.

But the direction is clear.

Right now, this data is just a starting point.

In the short term, I want to expand model coverage. Prompts for Midjourney, GPT Image-2, and other models need the same kind of structured organization. I’m building automated update pipelines so I don't have to manually scrape data every time, allowing the dataset to grow sustainably.

In the medium term, I hope to see more creators join in and contribute the great prompts they’ve refined. I want this Hub to be more than just me dumping stuff in. The ideal scenario is that people find it useful and naturally decide to share their own hidden gem prompts, growing the data pool for everyone.

If I'm lucky, this project might go even further—becoming a genuine public infrastructure for prompt data. Not a private asset, no paywalls to unlock things, just a clean, continuously updated, open-source data resource that anyone can use. It’s an ambitious thought, but it's a direction worth pursuing.

How to Access and Download

🌐 Try it online: https://prompthub.gokuscraper.com/

🤗 Download the full dataset: https://huggingface.co/datasets/GokuScraper/seedance-2-prompts-datasets

⭐ Synced updates on GitHub, stars and issues are welcome!

Wrapping Up

I spent a lot of time on this project and website, but it’s still far from perfect.

If you use it and have any thoughts, complaints, or suggestions, please let me know. I built this for people to use, and your feedback will directly guide the improvements in the next version.

Thanks for checking this out! If you found this interesting, please don't hesitate to toss a like, share it, or spread the word!

If you want to see my future articles as soon as they drop, don't forget to star ⭐ my page, so you don't lose track of it later.

Alright, that's all for today.

Even Sam Altman Would Want to Buy From Them: The Hubris of Grassroots AI Proxy Bosses Billing With Their 'Entire Net Worth'

GokuScraper悟空爬虫 — Sat, 09 May 2026 06:16:32 +0000

Even Sam Altman Would Want to Buy From Them: The Hubris of Grassroots AI Proxy Bosses Billing With Their 'Entire Net Worth'

In our investigation into the supply chain of AI proxy services, one phenomenon caught our attention: some ridiculously cheap, grassroots proxies are actually claiming they can "accept corporate bank transfers and issue official invoices."

This is, undeniably, a contradiction. According to common sense, this type of business—which relies on gray-market sources like stolen credit cards, exploits, and vulnerabilities to sell API access at 20%-30% of the official price—should be hiding behind anonymous payment methods. However, the real samples we obtained present a completely different picture:

Upon verification, the operator of this studio is the site owner himself. He uses his real name, registered a sole proprietorship (个体户 in China), and opened a real corporate bank account.

This behavior itself is a puzzle worth deconstructing: Why would the operator of a business whose supply source is inherently shady proactively expose his real identity, business registration, and bank accounts to the sunlight? Does he not understand the law, or does he think he understands it too well? Is he truly fearless, or has he just not done the math?

This sample gives us the best entry point to observe the survival state of grassroots proxy services. It allows us to bypass industry rumors and start directly from pieces of living evidence left in the registry and banking systems, to see exactly what logic these end-of-the-line players are using and what kind of game they are playing.

1. The Industry Panorama: The Three-Tier Architecture of AI Proxies

Before diving deep into the "real name, real ID" sole proprietor sample, it's necessary to establish the entire coordinate system of the AI proxy industry. Based on the nature of the supply, operating entities, and compliance levels, the players in the current market can generally be divided into three tiers.

Tier 1: Grassroots Proxies. These are the core targets of our investigation. They are extremely small, usually consisting of a single person or a loose grouping of a few, with no decent office space and no formal employees. They have only one core competency: extreme low prices. The supply comes from upstream gray/black market channels, and financially, they have zero compliant procurement costs. Consequently, they can sell at 20% to 30% of the official prices—a discount that logically self-destructs: if this price were truly sustainable legitimately, major companies like OpenAI should be buying from them instead. Their existence is precisely the lowest-level noise signal in the entire supply chain.

Tier 2: Domestic "White Glove" Companies. These players have formal operating entities in China, but their compliance is not built on their own supply. Instead, it’s achieved through a "shell" structure—setting up a compliant front entity overseas, which makes formal purchases from vendors like OpenAI, and then resells them back into the country. The cost of this operation is that every layer of the compliance chain eats up profit margins, so their selling prices are mostly retail prices with very low discount rates. Essentially, they are earning a service fee for providing a compliance bridge, rather than performing informational arbitrage.

Tier 3: Legitimate Overseas Enterprises. The operating entities and core principals of these players are located overseas, subject to local laws, and the entire business chain operates within a compliance framework from start to finish. They don't need "shells" or "white gloves" and exist in a completely different legal and commercial coordinate system from domestic grassroots proxies and white glove companies. Their pricing is relatively flexible, but that is the product of a different set of rules and is beyond the scope of this article.

What this article will dissect next is a highly representative cross-section of the first-tier grassroots proxies: those who, despite having illegal supplies and deformed pricing, dare to operate as sole proprietors under their real names. Their existence provides us with a rare, verifiable window into the edge ecology of this industry.

2. "Sole Proprietorships" and Invoicing

Why do these grassroots site owners uniformly choose "Sole Proprietorship" (个体工商户) as their business identity? The answer lies in one word: Invoicing.

For a solo developer with no partners and no registered capital, legally there are only two ways to issue a formal invoice to a client: either go to the tax bureau as an individual to have them issue it on your behalf—which is cumbersome, has tight limits, and looks unprofessional—or register a market entity and use your own entity to issue invoices. Among all entity types, a sole proprietorship has the lowest barrier to entry, the fastest process, and the lowest cost. It doesn't require paid-in registered capital, partners, or a commercial office address. Within a few days, you can get a business license, complete tax registration, and obtain invoices.

In other words, a sole proprietorship is the only shortcut for an individual developer to gain "formal invoicing rights."

Once they have this identity, a series of functional upgrades follows: they can open corporate bank accounts to bypass various limits on personal collections; they can collect corporate payments, meeting the rigid requirements of clients who need to go through enterprise reimbursement processes; and they can issue VAT invoices, packaging a transaction that should be "shady" into a legitimate business dealing.

More importantly, this identity comes with a psychological camouflage. "Real-name registration, corporate collection, capable of issuing invoices"—when these three signals are combined, in the client's subconscious, they automatically translate to "legitimate, traceable, won't run away." For a site whose prices are suspiciously low, this aura of trust is an almost zero-cost customer acquisition tool.

But this is exactly where the problem lies: this "perfect shell" only solves the issue of form, it cannot cover up the substance. The sole proprietor identity gives him the right to issue invoices, but it doesn't give him a legal source of supply; it gives him the qualification to open a corporate account, but it chains him to unlimited joint liability. The identity is legal, the business is illegal. This crack between appearance and reality is the sum of this character's tragedy.

3. When the Most "Compliant" Facade Meets the Most "Illegal" Supply

Now, we arrive at the core tension of this specimen.

Looking from the outside, this studio possesses almost all the formal elements: traceable business registration, complete tax records, and a genuine corporate bank account. After an enterprise client completes the corporate payment process and receives a VAT invoice, no abnormal alerts will trigger in their financial system. On the surface, this studio is indistinguishable from the legitimate businesses operating on the street corner.

But flip it over, and the situation is entirely different. Its supply—the underlying resource supporting that extreme "20%-30% of official price" discount—financially does not exist. It's not that the margins are thin; there are simply zero compliant procurement costs. He doesn't need to pay OpenAI bills, doesn't need to ask for input invoices from any formal distributors, and doesn't need to record a single cent of traceable expense in the ledger. Every dollar he sells corresponds on the books to almost a dollar of pure profit. This is no longer an issue of operating efficiency; this is a financial illusion born of an illegal supply.

Put these two sides together, and you get an absurd picture: a micro-enterprise that looks flawless in the commerce and tax systems, while its true business core is a gray operation whose costs cannot be explained. And that invoicing capability, which the owner views as a "bonus feature," is precisely the deadliest finishing touch in this picture.

The invoice is the nerve ending of the entire tax system. The moment he issues an invoice, he is actively declaring income to the tax bureau. A clear data point is left in the system: on such-and-such date, this studio sold an API service for X amount. This data automatically feeds into his tax declarations. The income side is precisely recorded, but what about the cost side? Zero. Not a single input invoice. A severe mismatch between input and output—in the tax system, this signal doesn't require manual auditing to be discovered. As a basic risk control metric, the algorithm can flag it in red directly.

By issuing this invoice, he is essentially signing a confession.

What is an invoice, legally? It is black-and-white proof of a business action. It bears his invoice seal, his studio's tax ID, and spells out exactly what he sold. If law enforcement needs to secure evidence, these very receipts are the most direct physical proof. No advanced technical reconnaissance is needed, no complex digital forensics. The records pulled from the tax bureau and the bank are enough to piece together a complete flow of funds and paperwork. He has used the most standard commercial documents to leave the most standard evidence of his business model.

Bigger trouble awaits at the bank. A sole proprietorship account registered in Zhengzhou but opened in Shanghai, frequently receiving scattered payments from businesses and individuals all over the country, and then periodically transferring large sums out. This pattern of capital flow—large volumes in and out, fast money movement, cross-regional accounts—is almost a textbook profile for "abnormal transactions" in Anti-Money Laundering (AML) systems. As he starts invoicing, the frequency and scale of funds moving in and out will rise, meaning he actively feeds more analyzable signals into this system. It's only a matter of time before the account is flagged by risk control, restricted from non-teller transactions, or frozen entirely.

This is the most ironic part of this whole tale: He chose to package himself using the most standard, mainstream commercial practices—registering a sole proprietorship, opening corporate accounts, issuing invoices. Taken individually, each action is legal and compliant, and might even be seen as a sign of "business acumen." But it is precisely these actions that push him into the triple crosshairs of tax audits, legal prosecution, and financial risk control. He used standard methods to dig himself a precision trap.

4. The Structural Mismatch of Risk

The previous three sections dissected the logic of his identity, the black hole of his supply, and the invoicing trap. But all of these lead to one ultimate question: Who bears the risk?

This question separates these grassroots proxy owners from actual gray/black market masterminds.

In a normal illicit supply chain, risk is compartmentalized in layers. The upstream suppliers hide behind anonymous networks and encrypted communications. The intermediate financial channels turn money around using purchased shell identities or companies. The downstream cash-out ends are similarly layered in camouflage. There are firewalls between every level. If any one node is busted, it's hard for the fire to spread to other tiers.

But this sole proprietor sample from Zhengzhou presents an entirely inverted configuration.

He has placed his true identity—the operator name on the business license, his real name tied to his WeChat, the ID card used to open the bank account—directly on the outermost layer of the whole business. It's not a bought shell, not a borrowed name; it is him, personally. From the moment a client wires money to the corporate account for any transaction, a complete chain of evidence is generated: who the payee is, who the operator is, what the ID number is—all of it searchable, traceable, and fully retrievable in under three minutes.

Why would he do this? A reasonable explanation is that he confused two concepts.

He mistook a "Sole Proprietorship" for a "Limited Liability Company" (LLC). In most people's simple intuition, "registering a company" equals "personal assets are protected." If the company goes down, the company takes the hit, and it has nothing to do with the individual. But an LLC is called "limited liability" because it is a legally independent corporate person, responsible for its debts with its own assets. Shareholders only bear losses up to their subscribed capital. If the company goes bankrupt, the fire stops at the desks and chairs in the company's name.

A sole proprietorship is not like that. Under Chinese law, sole proprietorships lack independent corporate personhood. According to Article 56 of the Civil Code of the PRC, the debts of a sole proprietorship operated by an individual shall be borne by their personal property. Translated into plain English: The studio's debt is the site owner's personal debt. It is not limited to the startup capital he put into the studio; it is limited by every piece of personal property under his name.

What does this mean? When a tax audit comes down, discovers a massive input-output mismatch, and demands back taxes and fines, law enforcement can directly freeze his personal bank deposits, Alipay balances, and WeChat wallets. If the debt remains unpaid after these online accounts are drained, next up are real estate and vehicles under his name. After surviving these rounds, there is one final blow: being blacklisted as a "Dishonest Judgement Debtor" (失信被执行人). No high-speed trains, no flights, no loans, and he won't even be able to get a credit card.

This recovery path is not theoretical deduction; it is the most standard operational procedure in China’s civil enforcement process.

Even more worth asking is: By shouldering all this risk, whose business is he taking the fall for? The upstream suppliers hiding in the shadows bear zero legal responsibility and won't share a dime of the fines. This site owner uses his real identity, his entire net worth, and his personal credit score to act as the ultimate risk absorber at the tail end of the supply chain. The upstream makes a guaranteed profit, while the downstream walks on thin ice. This is the practical meaning of the legal concept of "unlimited joint liability" when it crashes into the grassroots proxy business.

This is the most mismatched relationship in the entire story: A side hustle that might only gross a few tens of thousands of RMB a year takes on legal risks completely disproportionate to its revenue—risks severe enough to obliterate a person's entire financial foundation. He isn't running a business. He is gambling. Gambling that he will never be noticed, that the risk control algorithm's threshold will always be slower than he is, and that his little puddle of "deemed taxation" will never run dry.

5. Unmanageable Content Compliance and the "Illegal Business Operations" Red Line

If the input-output mismatch is a slow-burning fuse, then content compliance is an immediate detonator.

In pursuit of extreme cost control, these grassroots proxies rarely possess—and refuse to spend money on—sensitive word filtering and content safety auditing systems (such as text moderation APIs). When their clients use these cheap API endpoints to input or generate politically sensitive, explicit, or terror-related illegal content through foreign large models, regulators will trace the data flows and financial trails upstream. The source will lock directly onto this real-name registered, completely exposed sole proprietor.

When that time comes, he won't be facing back taxes and fines. He will be directly crossing the criminal red lines of the "Cybersecurity Law" and the crime of "Illegal Business Operations" (非法经营罪).

Conclusion: A Gray Market Specimen "Naked in the Sunlight"

The account sample in our investigation—a real-name sole proprietorship, a cross-provincial corporate bank account, a gray business daring enough to issue invoices—ultimately patches together not a tightly organized black-market network diagram, but a staggering portrait of an individual.

He is not a hacker hiding in the dark. He uses zero technical means to conceal his identity. Quite the opposite, he plasters his real identity, business registration, and bank accounts right on the outermost layer, running a business consisting entirely of unmentionable supply chains in a manner akin to streaking naked. The sun shines on him not because he is innocent, but because he walked directly into the sunlight himself.

He attempts to use a compliant toolbox to carry illegal goods. Sole proprietorships, corporate accounts, VAT invoices—these commercial infrastructures meant for legitimate market entities have, in his hands, morphed into a hyper-realistic shell. This shell indeed fools his clients, and perhaps even fools himself for a while. But it cannot fool the input-output comparisons of the tax system, the fund flow analysis of anti-money laundering models, and certainly not the penetrating power contained in the short few dozen words of Article 56 of the Civil Code.

And the result of being penetrated is that he uses his entire savings, real estate, credit history, and future to shoulder unlimited joint liability for an arbitrage game that cost him zero to play.

This is the truest scene at the tail end of the current AI gray market arbitrage chain: it is more grassroots, more amateur, and more fragile than the outside world imagines. It is composed not of omnipotent crime syndicates, but of ordinary people daring enough to set up a stall on the edge of a cliff under their real names. Every single operational step they take leaves a trace; every invoice they issue acts as a footnote for the day of reckoning; every corporate account is standard evidence handed directly to law enforcement.

They are not doing evil in the dark. They are standing in the sun, assuming standard postures, and digging the deepest of graves for themselves. From any angle, this is arguably the most primitive, the most fragile, and the most pitiful existence in this supply chain.

Thank you for reading, friends! If you found this content interesting, please don't hesitate to like, share, and subscribe!

If you want to be the first to catch our articles in the future, don't forget to star ⭐ our account so you don't lose track of us.

That's all for today.

Through triumph and defeat, life is a grand adventure. See you next time!

Deconstructing the Fatal Bug of the “One-Person Company”: How to Write the Ultimate Legal Disaster Recovery Code with a 1% Family Share

GokuScraper悟空爬虫 — Fri, 08 May 2026 14:47:41 +0000

Deconstructing the Fatal Bug of the "One-Person Company": How to Write the Ultimate Legal Disaster Recovery Code with a 1% Family Share

1. Introduction

Open X (formerly Twitter) or Xiaohongshu (RED), and you'll see the myth of the "One-Person Company" has become rampant.

"No employees, no office, rely entirely on AI to write code, and make a million a year all by yourself." If you have even the slightest yearning for freelancing, this pitch will eventually find its way into your feed. They package this state as the ultimate form of an indie hacker: a "one-person business" in the physical sense, and a "One-Person Limited Liability Company" in the legal sense. It sounds both freeing and secure, allowing you to wear the legendary bulletproof vest of "limited liability."

As a result, masses of developers and freelancers, full of excitement, rush to the local commerce bureau to register a "One-Person Limited Liability Company" (一人有限责任公司). The moment they get their business license, many think they've finally put on the protective talisman of modern commercial civilization, sealing all risks strictly within their registered capital.

But Brother Biao is here to tell you a harsh truth: Operationally, you can be a lone wolf, but in terms of legal structure, going solo is like putting your entire net worth on the roulette table.

That bulletproof vest you think exists won't even stop a single bullet in court.

2. What Exactly is a "One-Person Company"?

The shortcomings of sole proprietorships (个体户) are well known: unlimited joint liability. You earn hard money, but you carry the risk of bankruptcy. Creditors can easily pierce that paper-thin veil and put your bank cards, cars, and house on the table for liquidation. Precisely because of this, those influencers have room to sell their "solutions."

Their selling point sounds perfectly logical: Just register a "One-Person Limited Liability Company." They claim this provides limited liability, meaning no matter how big the risk is, it only burns up to your registered capital. You hold 100% of the equity, you don't have to split money with anyone, and this is the dignity an indie hacker deserves.

The logic is beautifully flawless. But the problem is, this narrative ignores a legal clause specifically designed for you under Chinese Company Law.

The current "Company Law" stipulates that if the shareholder of a One-Person Limited Liability Company cannot prove that the company's property is completely independent of their personal property, they must bear unlimited joint liability for all the company's debts.

Read these words carefully: If you cannot prove it, you are jointly liable.

This is where all the scams blow up. In an ordinary LLC with two or three shareholders, if a creditor wants to pierce the corporate veil to go after your personal assets, they must pull your bank statements and dig up evidence of commingling personal and business funds. This is called "he who asserts must prove," and the burden of proof is extremely high. Most people simply can't break through.

But on the battlefield of a One-Person Company, the rules are inverted. The law assumes by default that you and your company are mixed together, and then places the entire burden of proving your innocence squarely on your shoulders. You need to spend your own money and time to produce flawless annual financial reports signed by third-party auditing firms, just to prove to the judge: I have never, in my life, spent a single dime inappropriately from this company's account.

What is the reality?

In reality, very few solo developers and freelancers can produce such a report, let alone a continuous, complete set of auditing materials covering the entire existence of the company.

Once you can't produce it, the verdict only has one outcome: that paper-thin limited liability instantly melts down.

Looking back at this deal now: you paid higher registration costs than a sole proprietor, hundreds of bucks a month in accounting fees, and adopted a complex financial process, all in exchange not for safety, but for a paper armor that can't withstand a single decent attack in court. A sole proprietorship is transparent about its unlimited liability; a One-Person Company first paints you a picture of limited liability, and then waits for you to fall into the trap during the burden-of-proof phase.

In terms of legal risk, it is essentially just a more expensive, more troublesome "pair of crotchless pants."

3. The Disaster Recovery Architecture: The "99% + 1%" Defense System

Now that the problem is disassembled, here is the solution.

People who truly understand risk management never bet their entire net worth on a line of code without exception handling. They bury an extremely lightweight, redundant node in the system. It stays completely silent normally but activates instantly when disaster strikes. In a legal architecture, this redundant node is called the "1% nominal share."

The architecture is simple and intuitive:

The execution is straightforward. You hold 99% of the shares, and you bring in your parents or a trusted relative/friend to hold the remaining 1%. With just this one step, in the corporate registry and the court's database, your company's nature instantly switches from a "One-Person LLC" to a standard "Limited Liability Company" (普通有限责任公司).

This 1% equity shift triggers a fundamental reversal of the legal rules. Remember what we discussed in the last section? If a One-Person Company gets sued, you must pay for audits to prove to the court you never commingled funds—this is a reversal of the burden of proof. But now, the rules of engagement change. If creditors want to pierce the corporate veil and go after your personal assets, sorry, the law reverts to a default track: the burden of proof lies with the plaintiff. The opposing party has to dig up your bank records and find traces of commingling themselves. In judicial practice, this represents a hellish difficulty level, and most plaintiffs simply can't make it work.

Your limited liability firewall is only truly electrified the moment this 1% equity transfer is completed.

Of course, this 1% nominal defense assumes your actual financial pipelines don't have "low-level bugs." If you use your corporate account every day to buy groceries or pay personal rent, even with that 0.1% family share, the court can still shoot right through you using the "Substantive One-Person Company" logic. The 1% is your legal shield, but "strict separation of personal and business finances" remains the underlying operational logic of your daily routines.

By the way, under the new 5-year paid-in capital rules in China, indie hackers should try to keep their registered capital as "lightweight" as possible (e.g., 10,000 or 50,000 RMB). This way, the actual paid-in amount for that 1% is only a few bucks, completely insulating your family member from any potential joint liability risks.

Many people's first reaction to this is anxiety: If I give my parents shares, do I have to pay them a salary and pay their social security? Do I have to give them a bonus at the end of the year?

The answer is no. This is ownership, not an employment relationship. They are purely shareholders, not employees. The law does not require any company to pay salaries or social security to shareholders; that obligation exists solely in an employment relationship. Their only theoretical source of income is "dividends," and whether to distribute dividends or not is entirely governed by your single vote as the 99% absolute majority shareholder. If you don't sign off, that 1% is purely a static configuration item that generates zero financial cost.

To close the loop: have that friend or relative who holds the 1% share also serve as the company's "Supervisor" (监事 - a statutory role in Chinese corporate governance). The law states a director cannot also serve as a supervisor. So, you serve as the Legal Representative, Executive Director, and General Manager, while the other shareholder takes on the role of Supervisor. Just two people perfectly close the loop of the statutory corporate governance structure, without needing to drag a third person into it.

4. The Complete Compliance Action Guide for Indie Hackers

With the architecture explained, here is the deployment manual.

Putting this plan into daily operation is nowhere near as complex as you might think. Just follow these three steps.

1. The Registration Phase: Don't Choose the Wrong Company Type

You cannot afford to make a mistake on step one. When registering, directly choose a standard "Limited Liability Company." Do not check the box for "One-Person Limited Liability Company." Set up the shareholder structure exactly as outlined above: you take 99%, your nominal proxy takes 1%, and they act as the Supervisor. The entire process is identical to registering a regular company; you just need to submit one extra ID copy.

The essence of this step is choosing the right underlying architecture at the time of system deployment. If you choose wrong, no patches will stick later.

2. Daily Operations and Accounting: Spend a Little to Save a Lot

Once the company is up and running, find a local proxy accounting firm. Do not skimp on this small expense. It solves two core problems for you.

First, cost pooling. Your server fees, AI API subscriptions, cloud bills, and hardware purchases (like laptops and phones) should all go through the corporate account. The accounting firm will compliantly process these as company R&D expenses, lowering your taxable profit on the books.

Second, salary design. Pay yourself a low salary, keeping the amount right around the individual income tax threshold, and stack it with special additional deductions (like mortgage, rent, and child education). This way, the money you transfer from the company account to your personal card each month incurs basically zero personal income tax. At the same time, your social security is normally paid by your company with no gaps. The combined cost is far lower than if you were to pay it yourself as a freelancer.

You'll find that this accounting framework is completely indistinguishable from any regular micro-enterprise. Even if you get audited, it doesn't matter—your costs are real, your salary is reasonable, and everything holds up to scrutiny.

3. Physical Isolation of Financial Links: Segregated Account Management

This is the biggest headache for many indie developers doing overseas business, but the principle is actually very simple.

If you don't immediately need to convert the USD you receive through channels like Stripe or Wise into RMB, just leave it in your offshore accounts. You can put it into low-risk USD money market funds (which currently yield around 5% risk-free annually) and use it directly to pay for your offshore servers and various SaaS subscriptions. The entire financial pipeline runs offshore, meaning it doesn't trigger any currency exchange processes and stays completely off the domestic tax system's radar.

Alternatively, handle your procurement and subscriptions for R&D tools directly offshore. This not only physically isolates your business operations but also legally avoids the compliance friction and double taxation costs of frequent currency exchanges. When you need to spend money domestically, you can repatriate it through compliant B2B channels, keeping your books crystal clear and unassailable.

Physically isolate the two pipelines; keep domestic and offshore separate. You no longer have to stress over whether and how to report taxes for every single payment received; the structure itself has already drawn the boundaries for you.

5. Conclusion

In the world of coding, no qualified system architect would bet their life and fortune on a piece of logic with zero exception handling. We write try...except, we deploy redundancies, and we bury monitoring nodes on critical paths. Because we know better than anyone: if the system doesn't crash, it's not because you're lucky, but because you caught every possible exception.

The commercial world operates on the exact same logic.

Those influencers online teaching you to register a One-Person Company are essentially urging you to deploy a production system with zero disaster recovery mechanisms. It might look like it's running smoothly, but the moment you face a moderately sized lawsuit, the entire system will crash through its illusion of limited liability, taking your personal assets down with it.

This 1% equity design is the most crucial line of exception-handling code you will ever write for your life's system. It stays completely silent normally, requires no maintenance, and consumes no resources. But when disaster truly strikes, it will be the first to activate, firmly erecting the firewall of burden-of-proof between you and your creditors.

Physically, you can absolutely be a highly efficient, free, and maverick one-person enterprise. But in terms of legal architecture, never register a naked "One-Person Company" that throws you onto the gambling table.

True freedom is never the bravery of streaking naked. True freedom is dancing in the air with a safety net below.

Thank you for reading, friends! If you found this content interesting, please don't hesitate to like, share, and subscribe!

If you want to be the first to catch our articles in the future, don't forget to star ⭐ our account so you don't lose track of us.

That's all for today.

Through triumph and defeat, life is a grand adventure. See you next time!

I Built a Feishu-to-Markdown Tool, and Overworked Office Workers Kept It Alive for Free

GokuScraper悟空爬虫 — Fri, 08 May 2026 06:42:32 +0000

I Built a Feishu-to-Markdown Tool, and Overworked Office Workers Kept It Alive for Free

1. The Pain Points of Feishu (Lark)

Feishu (known globally as Lark) is genuinely great for writing, but exporting your work is a nightmare. The official export feature is buried deep in the menus, and the formatting often gets completely messed up. If you want to feed your docs into Obsidian, Notion, or GitHub, you have to spend ages tweaking them manually.

What’s even more annoying are the public documents shared by others. The web version restricts copying and won’t let you download at all. If you want to save it locally for later reading, you're just out of luck. What are you supposed to do, transcribe it by hand?

So, I built a web app called the Goku Feishu-to-Markdown Exporter. You just paste a link, and it downloads a Markdown file directly, automatically grabbing the images from the document and zipping them all up.

No extensions to install, no login required. Just open the page and use it.

To be honest, I didn't write the core conversion code. I found an MIT-licensed open-source project on GitHub, wrapped it in a UI using Streamlit, and threw it up on the cloud. Rather than asking folks to clone the repo and set it up themselves, it made more sense to just provide an out-of-the-box online tool. And of course, my wrapper code is open source too.

2. Surprisingly, People Kept Showing Up

When I tossed this site onto the cloud, I knew about a specific catch.

Streamlit Cloud has a strict policy: if your app goes 24 hours without traffic, it gets aggressively put to sleep. The next person to open it has to sit there like an idiot for a minute or two while the container spins back up.

Hey, you get what you pay for when you're on the free tier.

So, I didn't have high expectations at first. I figured the site would spend most of its life napping. If someone used it, lucky them; if not, it would just lie dormant.

Then, after it had been running for a while, I peeked at the backend analytics and froze.

It hadn't gone to sleep. Not once.

It was online and stable every single day. Instant load times whenever I checked, as if the 24-hour sleep policy didn't even exist.

But wait—I definitely didn’t write a keep-alive script, nor did I pay for a premium tier. Who the hell was constantly hammering away at this scrappy little site that doesn’t even have a login page?

3. They Were All Real People

When I opened the backend visitor logs, I had to laugh.

Anonymous Altocumulus, Levitating Danish... strings of random aliases drifting through the server like a bunch of cyber ghosts.

I didn’t come up with those names. To protect privacy, Streamlit dynamically assigns these quirky pseudonyms to unauthenticated visitors. If you check the backend without user accounts, all you see is this parade of "anonymous pastries" and "unidentified weather phenomena" popping in and out.

At this point, you might wonder: Was it just search engine crawlers artificially bumping up the traffic?

Impossible.

Streamlit uses a Single Page Application (SPA) architecture. The UI is fully rendered via JavaScript, and communication runs entirely over persistent WebSocket connections. Your run-of-the-mill crawler—like a Python requests script, a curl command, or any basic scraper—will only ever see an empty HTML skeleton. They physically can't establish a WebSocket session.

In Streamlit's analytics, no session means no visit. Crawlers can't even get through the front door, let alone get assigned a name.

So, this bizarre list of "Danish pastries" and "Altocumulus clouds" in my backend? Every single one of them was a real, live human being.

The ones creeping in at 2 or 3 AM were programmers still wrestling with bugs, desperately trying to back up some technical specs from Feishu. The ones showing up at 6 or 7 AM were product managers rolling out of bed to organize their knowledge bases, converting a competitor's public docs into Markdown for their own notes.

The mismatched time zones combined with the heartbreaking reality of standard around-the-clock crunch culture meant that every few hours, guaranteed, an actual human body was opening the site, pasting a link, and hitting download.

They probably had no idea Streamlit has a 24-hour hibernation policy. They didn't know they were acting as "keep-alive" pings. They just needed the tool, used it, and left.

But every single click reset that 24-hour countdown.

No scripts, no black magic. Just an army of exhausted office workers, driven by pure necessity, manually keeping my server awake.

4. It Accidentally Became a Cyber Confessional

This tiny site has an incredibly stable Daily Active User (DAU) count of around 10 people. The number is so small that I couldn’t be bothered to build an actual user system. No database, no auth, no isolation. As long as it works, we’re good.

But that led to a totally unexpected side effect.

Because I never bothered to clear the input field state, whenever the next person opened the page, they’d see the leftover Feishu document link pasted by the previous user.

Sometimes I’d go to the site and see a completely foreign link sitting in the text box. I'd click it—sometimes it was a public manifesto from an influencer, sometimes an open document from a startup team, or maybe just someone’s public reading notes.

On this cold, free-tier server, that residual link became a strange sort of beacon. No chatboxes, no avatars, no social features—but when you saw it, you knew you weren't the only one grinding over documents in the middle of the night.

A tiny, leftover bug had turned into a digital safe haven.

Occasionally, I'd see that someone had pasted a link to a private, permission-locked document. Obviously, that extraction would fail. My tool can only grab public docs; anything behind a login wall is off-limits.

But they pasted it anyway.

Which means they really tried. Maybe out of sheer desperation, or just holding onto a "what if it actually works" kind of hope. Seeing links like that felt both funny and a little sad—just another poor soul driven mad by Feishu's export restrictions.

5. Turn Software into SaaS, and You Win

Honestly, there are plenty of open-source Feishu exporters out there. A quick GitHub search brings up several.

The problem is, almost all of them require you to jump through hoops. You either have to clone the repo, set up a Python environment, and run CLI commands, or you have to download some executable and configure a bunch of settings. Realistically, very few people are going to endure that workflow. Most users see the words "Please install dependencies" and immediately close the tab.

All I did was one thing: skip all those steps.

No downloads, no configuration, no installs. Open the page, paste the link, hit download, done. I turned a piece of software directly into a SaaS.

I didn't write the core code, and the UI is as bare-bones as it gets. But it has one massive advantage: if you show it to someone with zero technical background, they instantly know how to use it.

Put simply: keep the complexity for yourself, and give the simplicity to the user.

If you can find the pain point that forces someone to suffer for 10 minutes every day, and whittle that down to 10 seconds, you’ve built something that will survive on its own without a dime of marketing.

Wrapping Up

Looking back, the reason this sketchy little site didn’t get killed by Streamlit’s 24-hour sleep policy wasn’t because I summoned any keep-alive dark magic. It was simply because of one thing: it’s stupidly easy to use.

Finding pain points can be complex, or it can be simple. You just have to locate the dirtiest, most tedious chore that people spend 10 minutes a day complaining about, hack together an MVP as fast as humanly possible, throw it online, and make the experience zero-friction. You don't have to manage the rest.

Real demand will keep it alive for you.

Those overworked tech folks will use their own physical presence to stomp your server awake in the middle of the night. That pack of Anonymous Altocumulus and Levitating Danish had no idea they were doing a good deed, but every time they needed the tool, clicked in, and exported a file, they gave the container another 24-hour lease on life.

The server doesn’t sleep, because the users' bare necessity pumps oxygen into it every single day.

Thanks for tuning in, folks! If you found this interesting, don't hesitate to like, share, and spread the word!

To catch my posts as soon as they drop, don't forget to star/bookmark this page so you don't lose it.

Alright, that's all for today.

Deep Decryption of OpenAI's Anti-Gray Market Registration: "Outsourcing" Risk Control and "Deterring" via Costs

GokuScraper悟空爬虫 — Thu, 07 May 2026 11:28:57 +0000

Deep Decryption of OpenAI's Anti-Gray Market Registration: "Outsourcing" Risk Control and "Deterring" via Costs

In the past few years, OpenAI's payment gateway was essentially an ATM for the gray and black markets. From the mass opening of first-month free trials on Japan’s PayPal, to the replay of Apple App Store receipts for "one ticket, multiple charges," and the forced unlocking of trials via Frida hooking on Google Play—every single pathway had actors engaging in large-scale arbitrage. However, by mid-2026, these loopholes were entirely sealed, bringing the era of "zero-dollar purchases" on the payment side to an end.

But the demand did not disappear; the battlefield simply shifted. The main forces of the black market retreated from the payment side to the more foundational registration side: one strategy involves mass-registering free accounts to build a pool, accumulating small gains into a large one; another focuses on exploiting various trial events to shear free Plus quotas.

In response to this shift, OpenAI's risk control strategy completed a quiet paradigm shift. It is no longer obsessed with "identifying whether you are a machine or a real person," but instead focuses on increasing the cost of registration through risk control. It calculates a cold economic equation: when the money, time, and effort you spend registering an account exceed the price for which it can be sold, you will naturally give up.

It is from this precise angle that we launched a routine packet-capture audit of OpenAI's registration process. In the critical initialization request https://ab.chatgpt.com/v1/initialize, we captured a JSON configuration of over 3000 lines. This dynamic instruction set, relying on the Statsig feature management platform, constitutes the command center of OpenAI's global risk control.

Based on our deconstruction of this configuration, we identified the three pillars of this defense system: an email domain blacklist—cutting off resource supply at the source; differentiated verification channels—using WhatsApp to implement a dimensional strike against traditional SMS reception platforms; and multi-dimensional environmental fingerprinting with full behavior recording—leaving the traces of automated registration scripts nowhere to hide. The three are centrally orchestrated by the dynamic rollout engine driven by Statsig, empowering OpenAI with the ability to tighten or relax global strategies with a single click in the backend, without needing to release any code.

This article will break down this anti-black market defense matrix in the registration phase layer by layer.

Chapter One: Cutting It Off at the Source - The Strictest "Email Blacklist" Strategy on the Web

The first line of defense in traditional risk control is typically set at the "verification" stage—CAPTCHA, SMS verification codes, email confirmation links. But OpenAI's approach is much more direct: it moves the defense line forward to the "registration eligibility" itself. Before a user even reaches the verification step, the system has already made a judgment through a simple field—whether the email domain you are using is on the blacklist.

In the JSON returned by the ab.chatgpt.com/v1/initialize interface, under the configuration ID 739871931, there hides a list named disabled_domains, containing 156 email domains. This list is distributed by Statsig, meaning it can be added to or deleted from in the backend at any time, without a frontend release. It is the first gate of the entire registration process—those who hit it will not even see the verification code page.

These 156 domains were not randomly blacklisted. After breaking them down, we found that OpenAI's strike logic covers four clear dimensions, every cut severing the black market's resource lifeline.

Dimension One: A Blanket Ban on Privacy-Encrypted Emails

The most prominent category on the blacklist is email service providers that focus on privacy protection and end-to-end encryption: proton.me, protonmail.com, tutanota.com, etc., are all listed.

These types of emails are the "favorites" of black marketers hoarding accounts. They do not require a phone number to register, support unlimited aliases, and are insensitive to the registration IP, making them naturally suitable for batch automated operations. Black market teams often have tens of thousands of ProtonMail or Tutanota accounts backlogged, ready to be linked with registration bots. OpenAI's strategy is exceptionally simple: since the core selling point of such emails is "anonymity" and "difficult to trace," then to me, they equate to "untrustworthy." A blanket ban instantly turns the massive stock hoarded by the black market into garbage.

Dimension Two: Regional Email Blocking

A large number of local email service providers from specific countries appear on the list, presenting a clear geofencing logic:

Mainland China: qq.com, 163.com, 126.com, etc.

South Korea: naver.com

Japan: yahoo.co.jp

Russia: mail.ru, yandex.ru

Poland: wp.pl, op.pl

This is most likely not a random selection, but rather based on attribution analysis of registration data. OpenAI has clearly calculated the "low-quality registration rate" for email domains globally. When the proportion of spam accounts among registration requests from a country's local email exceeds the tolerance threshold, the entire domain is blacklisted. This means that the path for the black market to detour through niche local emails to bypass risk control is also blocked.

It is worth noting that the ban on qq.com and 163.com has an ancillary effect: it shows that OpenAI has no intention of leaving a loophole for users in mainland China through the traditional email registration path. To some extent, this is also part of forward-looking compliance risk management.

Dimension Three: "Mandatory SSO" for Big Tech Emails

The most surprising entries on the blacklist are gmail.com, hotmail.com, outlook.com, and icloud.com—the major tech emails with the highest global coverage.

This does not mean OpenAI is rejecting Gmail or Outlook users, but it wants you to enter in a different way—you must click the "Continue with Google/Microsoft/Apple" button and go through OAuth authorization login, rather than directly entering an email and custom password into the registration form.

The logic behind this is clear: POSTing an email address directly to a registration endpoint is too easy to simulate; automated scripts can do it in milliseconds. But going through OAuth means OpenAI can obtain structured credit data for this account from Google or Microsoft—how long the account has been registered, whether it’s bound to a phone number, whether its behavior in the Google ecosystem is normal. The cost of simulating a plain email is close to zero, but the cost of simulating an SSO login state from a major tech company with complete credit backing is orders of magnitude higher. This essentially transfers the cost of identity verification to Google and Microsoft.

Dimension Four: Phishing Prevention for Internal Corporate and High-Net-Worth Industries

Some special entries also appear on the blacklist: openai.com, mail.openai.com—these are OpenAI's own corporate email domains. Blacklisting their own emails might seem strange, but it is standard intranet security practice. It prevents internal employees from mixing company emails in the public registration process, and it also eliminates the possibility of attackers impersonating an OpenAI identity to carry out phishing.

In addition, domains of well-known consulting and financial companies such as bcg.com (Boston Consulting Group), bain.com (Bain), citadel.com (Citadel Securities), and moodys.com (Moody's) also appear on the list. Once the emails of these high-value enterprises are maliciously registered, they can be used for social engineering attacks—such as impersonating a BCG consultant to send a phishing request to OpenAI, or using a Citadel domain to register an account for internal or external fraud. Blocking such domains in advance is taking precautions.

From these four major dimensions, it can be seen that OpenAI's email blacklist has gone far beyond the crude traditional practice of "blacklisting a few disposable emails." It is a dynamically updated, multi-dimensional, precisely targeted resource blocking system. Its core philosophy is singular: to make the black market’s resource pool largely invalid right at the registration eligibility gate.

But this is only the first line of defense. Even if the black market acquires clean emails that are not on the blacklist, an even more thorny obstacle awaits them—the "dimensional strike on channels" during the identity verification phase.

Chapter Two: Dimensional Strike in Identity Verification - The Channel Game Between SMS and WhatsApp

The email blacklist is a block at the resource level. But for those black market actors lucky enough to use an email not on the blacklist, they immediately hit the second line of defense—identity verification. In this link, OpenAI did not choose to clash head-on with the endless stream of SMS receiving platforms, but instead used a beautiful "channel replacement," shifting the battlefield to a location of its own choosing.

In the JSON returned by the initialization interface, two arrays are hidden under the configuration ID 2516824722: sms and whatsapp, each containing a list of country/region codes. This seemingly ordinary list actually dictates which verification channel global users must go through during registration. And the allocation logic behind these two lists is the essence of OpenAI's suppression of the black market during the identity verification phase.

2.1 Core Logic: "Outsourcing" Risk Control to Meta

To understand this strategy, one must first look at how the traditional black market passes SMS verification. Virtual SIM card receiving platforms—these were once the core components of the black market's infrastructure. One machine packed with dozens of cheap SIM cards receives verification codes and automatically sends them back via API, with costs as low as a few cents per message. Faced with this infrastructure, simple SMS verification is practically useless.

But OpenAI's choice is: don't give them a chance to send an SMS.

In the configuration, countries/regions covering over 90% of the global population are forcibly assigned to go through the WhatsApp verification channel. The critical point of this decision is that, to have an account that can normally receive WhatsApp verification messages, you must meet the following conditions:

A real phone number (registering for WhatsApp with a virtual number easily triggers a ban).
The number must have successfully registered for WhatsApp and not been flagged by Meta's risk control system.
A stable network environment, as frequently switching IPs to log into WhatsApp is also high-risk behavior.

Each of these three conditions exponentially increases the costs for the black market. Traditional SMS receiving platforms are completely useless against WhatsApp verification, because these virtual numbers have never even registered for WhatsApp. Even if they had, they would be quickly identified and banned by Meta's anti-spam system.

Looking deeper, OpenAI's move is equivalent to outsourcing a thorny technical problem—determining whether there is actually a real person behind this phone number—to Meta. WhatsApp's parent company, Meta, has the world's largest social graph and top-tier anti-spam account detection systems. A phone number's historical behavior in the WhatsApp ecosystem, its group activity, its recorded reports, and its registration duration—all these dimensions collectively form a credit evaluation system far more complex than "can it receive a verification code."

For the black market to break through OpenAI's verification, it must first pass Meta's gate. And Meta's anti-spam capabilities are forged through over a decade of time and countless millions of attacks. This move of "borrowing a knife to kill another" is clean and decisive.

2.2 The Cost and Efficiency Game of SMS vs. WhatsApp

Of course, the SMS channel has not been completely shut down. The configuration still retains 12 countries/regions that can use SMS verification, including the US, Canada, Japan, South Korea, France, etc. The logic behind this is also an economic calculation, just with the algorithm reversed.

These exempted regions share a common feature: the cost of acquiring a phone number is extremely high, and telecommunications regulations are strict. In the US and Japan, the real-name authentication threshold for a SIM card itself constitutes a natural barrier. The cost of mass-registering in these markets, for the phone number alone, already exceeds the selling price of a free account. Since it's not viable for them to bot it, there's no need to defend it too tightly.

Conversely, in those countries forced to use WhatsApp—India, Indonesia, Brazil, Nigeria, etc.—international SMS in these regions is not only expensive, but delivery rates are also a concern. If OpenAI opened SMS verification to these regions, it would not only bear high SMS costs but also face the risk of the black market using cheap local SIM cards to mass-register accounts.

By going with the WhatsApp Business API, OpenAI pays Meta a lower fee and is completely untethered from the network quality of local operators. It's stable, cheap, and seamlessly uses Meta's risk control to block the black market—it is a win-win business.

2.3 The Deep Logic of the "Celestial Dragons" Country/Region Exemptions

So what is so special about the 12 countries/regions granted the privilege of using SMS? Breaking them down, they can be divided into three categories:

Category One: Five Eyes Alliance and Developed Economies—US (US), Canada (CA), Japan (JP), South Korea (KR), France (FR). Users in these markets have high value and a strong willingness to pay, and both the level of real-name registration and the acquisition cost of phone numbers are high. The comprehensive cost of botting accounts here far exceeds the returns, so OpenAI can safely give the green light.

Category Two: Geopolitics and Special Traffic Zones—Taiwan, China (TW), Thailand (TH). These two locations are relatively high-quality traffic pools for OpenAI in Asia, with relatively clean payment chains and low credit card fraud rates. The supporting payment risk control capabilities are strong enough, so there is no need for an extra lock at the SMS verification stage.

Category Three: A Few Small Places You'd Spend a While Looking for on a Map—Falkland Islands (FK), Niue (NU), Timor-Leste (TL), Vanuatu (VU), San Marino (SM). At first glance, this seems baffling, but the logic is simple: these places have extremely small populations, and large-scale black market SMS reception resources simply don't exist there. Since nobody is botting there, maintaining the status quo is the lowest-cost option.

From this list, it is clear that OpenAI's allocation of verification channels has no consideration of "principled fairness," only cold cost-benefit calculations. Which regions can use SMS, and which must use WhatsApp—every decision is built on a precise estimation of the abundance of local black market resources and the cost of identity falsification.

From the black market's perspective, this configuration means: unless you have a way to mass-acquire "clean," active WhatsApp accounts, the registration gateway in most parts of the world is closed to you. And the cost of mass-farming WhatsApp accounts is already beyond what traditional SMS platforms can cover.

This is the true meaning of a "dimensional strike." It's not about blocking your road; it's about forcing you onto a battlefield where building the road is too expensive.

But OpenAI does not stop there. Even if the black market handles a clean email not on the blacklist and procures a WhatsApp account that can pass verification, there is a third line of defense waiting in the backend—an "environmental fingerprint and behavior monitoring" system far beyond the imagination of traditional risk control.

Chapter Three: The Inescapable "Digital Portrait" - Full Behavior Recording and Environmental Fingerprints

The email blacklist filtered out the mass-registration resource pool, and WhatsApp verification blocked the pathways of cheap SMS receiving platforms. Up to this point, out of ten accounts the black market could push to the registration stage, maybe one survives. But OpenAI's defense is not over—even if you luckily make it here with a clean email and an active WhatsApp account, a monitoring net you can't even perceive is waiting for you in the backend.

The core of this monitoring net is not traditional CAPTCHAs, but full-dimensional collection and comparison of your "digital portrait." Every minute operational detail that you wouldn't even notice yourself is being recorded, quantified, and scored.

3.1 Human-Machine Behavior Analysis

At the very end of the initialization configuration, there is a field that looks innocuous: session_recording_rate: 1. This is the most spine-chilling value in the entire JSON.

It means that for every user who reaches the registration page, regardless of whether they ultimately register successfully, their current session is being recorded. The recording mentioned here is not screen recording, but a technology called human-machine behavior analysis—the system is collecting your mouse movement trajectory, click frequency, the millisecond interval between two keystrokes, page scrolling speed, and even the time the cursor hovers over a certain input box.

These behavioral data mean nothing on their own, but put together, they piece together a highly recognizable "personality portrait." When a real human fills out a form, the mouse trajectory has micro-jitters and random pauses, the typing rhythm alternates between fast and slow, and there are hesitant cursor movements when switching between different fields. However, a script—whether it's a browser extension or a Playwright-driven automated registration bot—has fixed behavioral characteristics: the mouse trajectory is either absolute geometric straight lines or mechanically generated curves; keystroke intervals are uniform, and the operational rhythm between page transitions is fixed.

Traditional CAPTCHAs can't see these differences. But human-machine behavior analysis can.

This behavioral analysis is not a real-time interception sieve, but a post-event chain of evidence. Your operations are recorded entirely and sent to the backend behavioral analysis engine for scrutiny. Even if you pass all verification steps on the frontend and successfully acquire an account, if you are judged as "non-human operation" during behavioral analysis, you will still trigger a ban later. The black market will never know which mouse movement was "too straight" that got them flagged.

3.2 Environmental Contradiction Detection: The "Deduction Items" in Risk Control Models

If behavioral analysis looks at "how you operate," environmental fingerprint detection looks at "what you are operating with." In the derived_fields and evaluated_keys fields of the configuration, the system records device profiles far more detailed than typical User-Agents.

Here lies an easily misunderstood yet exceptionally important risk control concept: environmental contradiction detection is not about "determining that you are a bad actor," but about "adding points" or "deducting points" from the current session.

Take geography and language environment as an example: when a request IP is geo-located to the US, but the browser language preference is zh-HK (Hong Kong Chinese), this will trigger a "deduction item" in the risk control engine. Of course, there is perfectly reasonable explanation for this combination—a Hong Kong immigrant living in San Francisco using their accustomed Chinese system, which is very normal. But what the risk control model looks at is not "whether it's possible," but "how probable this combination is in black market samples." In the scenario of bot mass-registrations, proxy IPs concentrated in US datacenters while the browser language exposes the script developer's Chinese environment is precisely a very typical configuration anomaly. Therefore, it won't be directly judged as "you are black market," but instead recorded as a risk weight, waiting to be compounded with other signals.

There are many dimensions like this:

Does the browser version you reported match the real version exposed by the JavaScript underlying navigator object? If the User-Agent was changed via script but underlying properties were left untouched, a hard mismatch appears here, serving as a heavily weighted deduction.

What is your browser window size? 1920x1080 is completely normal, but the default window size for headless browsers commonly used by mass registration bots is either very narrow and short, or vice versa—running desktop browser fingerprints within an obvious mobile viewport is equally a warning sign.

How many registration requests has your DeviceId been associated with in a short period? If the same device fingerprint appears in registration sessions across multiple different IPs within minutes, the device reuse logic of the black market is fully exposed. This item's weight is relatively higher because a normal person would almost never use the same device to complete multiple registrations from different IPs in a short timeframe.

Take any of these metrics individually, and every one has a reasonable exception. So, to prevent false positives, it does not do black-and-white, single-point interception; instead, it lets every suspicious signal cumulatively weigh in the backend. Only when the total score crosses a threshold does it trigger an action. This makes it very hard for the black market to reverse engineer exactly which step exposed them, and also ensures that normal users don't get accidentally harmed by an isolated "coincidence."

At this point, OpenAI's three lines of defense during the registration phase are clearly visible: the email blacklist cuts off the resource supply at the source, WhatsApp verification applies channel suppression during the identity verification phase, and environmental fingerprints and behavior recording weave an omnidirectional monitoring net in the backend. But the strength of these three layers is not set in stone. What truly makes this system come alive, and keeps attackers forever struggling to catch up, is the final trump card—the dynamic gray-release engine driven by Statsig.

Chapter Four: The Dynamic Defense Command Center - "Gray-Release Risk Control" Driven by Statsig

The email blacklists, WhatsApp verification, and environmental fingerprint monitoring described in the previous three chapters already look very tight. But if this system were hardcoded—the domain list hardcoded in the frontend, the verification channel configuration packed into a release—then the black market would only need to spend time reverse-engineering it once to find all the rule boundaries, and then bypass them one by one like solving a puzzle.

OpenAI's true trump card is making these rules alive. They are not static walls, but valves that can be tightened or loosened at will.

The core of this dynamic capability is the Statsig feature management platform. In the JSON returned by ab.chatgpt.com/v1/initialize, besides specific blacklists and configuration items, there are also a large number of boolean switches starting with gate__, mutable parameters carried by dynamic_configs, and functional entry points named with an enable_ prefix. These fields can be modified in real-time in the backend and synchronized to the initialization requests of all global users within milliseconds. What the black market is facing is a defense matrix that can evolve itself.

4.1 From Hardcoding to Valve-Style Adjustments: The Value of feature_gates

In the captured feature_gates list, there is a seemingly ordinary switch: gate__authapi_add_phone_enforce_sms_only_country_codes: false. At present, its value is false, meaning this rule is dormant, and nothing happens.

But once it is set to true, the situation completely changes.

Chapter Two of this article detailed how OpenAI suppresses SMS-receiving platforms by forcing most countries through WhatsApp verification. But if one day, black market teams in a certain region overcome this barrier—say, by relying on large-scale account-farming factories to produce enough cheap, active WhatsApp accounts, causing garbage registrations in that area to rebound—OpenAI doesn't need to rewrite any verification logic at all. It simply locates this switch in the Statsig backend, flips it to true, and all registration requests from that region are immediately forced back onto the SMS verification path. The WhatsApp accounts the black market painfully farmed are instantly rendered useless.

This is the truly terrifying part of this switch: it's not a lock, but a lock core that can be swapped out at any time. The black market spends weeks or even months pouring resources into breaking a verification path, and OpenAI uses a single click to make those investments practically worthless. By the time the black market readjusts its scripts to accommodate SMS verification, OpenAI can flip the switch back to false. The initiative of the attack-and-defense tempo is completely out of the hands of the black market.

4.2 Cold Start Contingencies for Real-Time Leak Database Validation

Another field captured in the config is even more intriguing: enable_signup_leaked_credential_check: false.

This switch is also currently off. But its very existence is a signal: OpenAI has already integrated the ability to compare against global known data leak databases (commonly known as "social engineering databases") at the code level. Once enabled, the system will check the current email against historical internet data leak events at the first step of registration—if the email account and password have ever been made public in a breach, it will be flagged as high-risk at OpenAI's registration entrance.

When the black market conducts large-scale account sweeping, they frequently use these real emails extracted from leaked databases. They look no different from normal emails, but the user is long no longer the original owner. OpenAI keeping this switch is like burying a cold-start landmine at its own door—normally it doesn't bother anyone, but once a wave of account sweeping attacks appears in a certain region, activating this field empowers them to intercept the attack within the very first second of registration.

4.3 The Labyrinthization of Registration Paths

In addition to specific defensive rules, the dynamic configuration also contains a series of switches designed to disrupt the flow of automated scripts. Their logic is not to intercept, but to make the bots' preset paths invalid.

enable_dynamic_redirect_for_existing_username_on_signup_screen: true is one of them. When a username is already occupied, normal flow would statically redirect to a specific prompt page. But if this switch is enabled, the system can randomly change the redirect target based on the current session's risk score—sometimes it's the email verification page, sometimes it demands more supplemental info, and sometimes it redirects straight to SSO. Automated scripts rely on fixed URL redirection logic; when the path becomes a labyrinth, the scripts freeze at unpredictable forks.

Partnered with it is the enable_redirect_to_social_for_existing_email series of switches. When the system detects the current email belongs to a high-risk category, it dynamically forces the registration flow from "fill out a form to register" to "please log in with Google/Microsoft." This means the exact same email will be directed to entirely different registration paths depending on its risk assessment. If a black market script only accommodates one path, the other instantly becomes a blind spot.

4.4 The Ultimate Advantage of the Attack-Defense Time Difference

The collection of all these dynamic capabilities ultimately translates into a tactical advantage that the black market can hardly overcome: time.

For the black market to study a set of risk control rules, crack the logic, develop adaptive scripts, test, and deploy at scale—this is a cycle measured in days, if not weeks. Yet, for OpenAI to shift its defensive focus—tweaking the value of a switch in the Statsig backend—takes only a few seconds, and this change is synchronized globally via CDN to all initialization requests in milliseconds. The time difference between the two is a weapon in itself.

More importantly, this time difference means OpenAI doesn't need to chase a 100% interception rate. Traditional risk control thinking requires catching every single attacker; missing one is failure. But in the logic of dynamic defense, missing some doesn't matter—because as the comprehensive cost of registration is continuously pushed higher, the black market finds the balance of input and output starting to tilt. If spending 30 to register an account yields a sale price of only 25, nobody is willing to continue this business after just three transactions.

The defensive philosophy exhibited across the entire configuration boils down to this single sentence: Do not chase a 100% interception rate, only aim to dynamically adjust the attacker's ROI. When the cost of registration exceeds the profit of selling the account, the black market will naturally exit the field without requiring you to seal every hole yourself. And what Statsig grants OpenAI is the power to tighten this cost valve at any moment.

Conclusion: Demanding Security from Cost - Lessons for Other Big Model Providers

Having broken down this system, looking back at the entire defense matrix reveals a clear thread.

The email blacklist is not verifying if you're a real human, but invalidating the black market's resource pool at scale. Mandatory WhatsApp verification is not adding an extra lock, but pushing costs upstream towards the account-farming supply chain. Environmental fingerprints and behavioral recordings are not outright blocking registration requests, but real-time scoring every session so that interception decisions are always delayed until sufficient evidence is compounded. The gray-release engine via Statsig allows all these strategies to be combined, toggled, and tightened or loosened based on specific regions or attack patterns at any moment.

From "identifying bots" to "raising registration costs", this is not just the defensive evolution of a single company, OpenAI, but a paradigm shift occurring across the entire internet risk control domain. For large domestic model providers, this system offers several transferable perspectives:

Firstly, rather than endlessly making additions at single points (more complex CAPTCHAs, trickier slider difficulties), consider shifting the frontline to the resource supply end—the email domain blacklist is a low-cost, high-efficiency paradigm.

Secondly, utilizing existing super-app ecosystems (WeChat, Alipay, etc.) to construct multi-layered verification channels is fundamentally the same logic as OpenAI borrowing Meta's WhatsApp network: outsource identity verification to platforms that have accumulated massive strata of user credit data.

Thirdly, the dynamization of risk control rules should not just be a slogan. Whether you possess infrastructure like Statsig, which allows strategies to take global effect in seconds, dictates who holds the initiative in the tug-of-war between attack and defense.

The future of black market offense and defense will no longer hinge on who can build thicker walls, but on which party can more finely manipulate the attacker's economic ledger. When an invisible cost tag is placed behind every gray market registration account, the defender has already won beyond the scope of rules.

Appendix: Blacklist of 156 email domains attached at the end of the article.

Thank you all for supporting! If you found this interesting, don't hold back—like, watch, and share directly!

If you want to see my articles as soon as they drop in the future, don't forget to star ⭐, so you don't lose it later.

Well, that's enough for today.

Win or lose, life is bold, we'll see you next time!

In-depth Investigation of API Transit Stations: From Black Gray Products to White Gloves, Where is the Future of Domestic AI?

GokuScraper悟空爬虫 — Wed, 06 May 2026 06:14:55 +0000

In-depth Investigation of API Transit Stations: From Black Gray Products to White Gloves, Where is the Future of Domestic AI?

Every day, millions of API requests are sent from the servers of Chinese developers, entrepreneurs, and even top AI companies. They bypass blockades, pass through hidden third-party transit nodes, and eventually reach the servers of OpenAI, Anthropic, and Google.

These nodes are called "transit stations" by insiders.

They are ubiquitous, yet few know who is behind them. This article will uncover the industry chain of this gray area.

Introduction

If you search for "free codex" on Bilibili, you will find a surprisingly detailed tutorial.

A content creator shared how to use self-built emails to mass-register OpenAI CodeX accounts, combined with receiving code platforms to mass-register payment platform accounts. After the new account is bound to a payment method, it automatically gets a one-month free trial. With this process, he can mass-register a large number of premium accounts, getting a whole month for free.

This initially just looks like a "technical sharing", right?

But he revealed one detail—the GitHub project homepage.

Insiders call this thing a "registration machine", an automated project for mass-registering CodeX. The project left a QQ group number. I searched it up, and it’s already full and expanding into the fifth group. This indicates that the first four groups were filled long ago. Based on 500-2000 people per group, a conservative estimate is at least 2,500 people, up to tens of thousands, are circulating around this project.

Even more "spectacular" is the website he made for the project.

Upon opening the site, advertisements rush to your face. On the left is a promotion for a certain transit station; on the right are clearly priced ready-made ChatGPT premium accounts—these were mass-registered using the method mentioned above.

The advertisement in the middle is the most interesting. The transit station set up a lottery to attract traffic and active community members.

10 Plus accounts. The official price is $20 each, with a total value of 1,400 RMB.

With a cost of 1,400 RMB, they bought thousands of clicks and precise developer users. This is far more cost-effective than running Baidu Ads.

This is the gateway to an industry chain. And the transit station in that advertisement is the first vine we need to trace down.

1. The First Vine - A Personal Site with "All-in-One Bucket" Architecture

The first target is hiding in the Bilibili tutorial's advertisement spot.

Its technical foundation can be described as "crude". The website is hosted on a sub-domain with a .top suffix—a "junk" domain that costs a few bucks a year, representing a complete grassroots approach. Yet, its official site looks decent because it directly uses the template from the open-source project new-api. This project has 30K stars on GitHub, offering a clean interface and comprehensive features.

This genuinely reflects the current ecosystem of transit stations: The technical threshold has been leveled. With open-source wheels, anyone who solves the "supply source" and knows a bit of operations can open their doors to customers. Their real "technical content" has shifted elsewhere—where to mass-register accounts? Where to exploit more free quotas? Where to find cheaper upstream channels? And where to pull in more users? This is their fundamental basis for survival.

Even the site's login method hints at its supply sources: besides the standard GitHub login, there's a portal for a "fleece-hunting station" next to it.

What truly exposes its core operations is its supplier list.

This list is chaotic yet rich. It includes official sources like OpenAI, Google, and Anthropic, cloud vendor channels like Azure and AWS, and even peer transit stations, as well as suppliers dedicated to "reverse engineering". So-called "reverse engineering" means hacking the protocols to forcibly "extract" free or restricted AI web interfaces and package them as APIs for sale.

The sole purpose of this "all-in-one bucket" procurement strategy is: Trading chaos for extremely high availability. If a certain upstream channel gets blocked, the station master can instantly switch to a backup link, leaving the users completely unaware.

Looking again at the "available token grouping" on the left, there hide the code words for supply channels:

Azure Claude / AWS: Represents relatively stable enterprise-class cloud channels.

Anti-gravity model / Ali reverse: This is pure underground tech work, cracking web version interfaces.

CCMAX-Unlimited: Implies some kind of high-concurrency, unthrottled special supply.

I also noticed an unexpected name in the groups: Xiaomi. A while ago, Xiaomi held an event where new registered accounts were gifted a certain quota. It seems someone has already exploited these quotas in bulk and is reselling them here.

By now, the business model of this site is very clear:

Sourcing: Exploiting cloud vendor free credits, registering trial accounts, acquiring cheap API Keys, and even reverse-engineering web interfaces.
Whitewashing: Accessing the new-api system to uniform all interface formats of different sources into the standard OpenAI format.
Distribution: Selling to those developers who need a vast amount of AI calls but don't want to maintain hundreds of accounts themselves.

It solves a real pain point: Chinese developers cannot smoothly use overseas AI services due to networks, payments, account restrictions, and high-price barriers.

But it simultaneously sends a signal: Things here are cheap, but not necessarily stable.

2. The Second Transit Station

In the supplier list of the first transit station, one was marked as the most crucial upstream. Its name lay in the first row.

This is the second vine we need to trace.

Upon opening the site, the style changes dramatically. This is a top-tier .ai domain. Amidst the current AI boom, such domains cost usually in the six figures. The page is no longer a crude open-source template but a meticulously designed "enterprise official website" that highlights enterprise-class services. A company name hangs at the bottom, looking respectable and proper.

This is an entity wanting to run B2B (Business-to-Business) business.

Since there is a company, let's do a background check.

The official website notes a Hong Kong company at the bottom, which indeed can be found; the entity exists. But digging deeper, things go wrong. I unearthed the founder's information—a Chinese entrepreneur, whose company is actually located in Xiamen, categorized as a micro-enterprise.

Checking Qichacha, another Singaporean company pops up.

Thus, I gathered its complete corporate entity list:

Entity Level	Company Name	Registry Location	Core Functions	Legal Liabilities	Actual Status
Top Holding Entity	xxx. LTD.	Singapore	Global holding, overseas collection, App Store/Google Play listing, international compliance	Assumes major international legal responsibilities	Active, current official overseas entity
Domestic Registered Entity	Xiamen xxx Company	Xiamen, China	Domestic domain filing, ICP qualification, domestic corporate collection	Assumes domestic internet service legal responsibilities	Active, pure shell company (0 insured people)
Historical Legacy Entity	xxxx Limited	Hong Kong, China	Early cross-border collections, overseas business signing	Basically holds no legal liability	Dormant, no public business activities

The founder’s background makes this "white glove" positioning even more self-consistent.

He previously ran a cross-border proxy business. Anyone who has done overseas business knows that massive API calls must be combined with proxy IPs, otherwise, the accounts are instantly blocked. Proxies are used to bypass risk control.

Transit stations, fundamentally, are also bypassing risk control—bypassing overseas vendors' account reviews, payment limits, and network blockades against Chinese users. If domestic companies could legitimately buy directly, who would buy from him?

Thus, stepping from cross-border proxy into API transit is not a cross-industry move at all, but a natural upstream and downstream extension of a business chain. Previously selling ladders, now selling water, the users haven't changed, and the demands never wavered.

But an eerie price contradiction arises that I cannot avoid.

Returning to the first transit station's supplier list. It explicitly noted this transit station as the upstream supplier and offered outrageous prices—Opu 4.5, Sonnet 4.5, and Gemini 3 Pro Image Preview were marked down to an 80% discount compared to official prices.

But on this transit station's own site, these three models were blatantly marked at original price.

The exact same supply source: retail original price, wholesale 80% off, a five-fold price difference. What does this mean? Either it possesses some secret channels where costs are close to zero, or what it sells in both channels are fundamentally different things.

Of course, it might be possible that the original webmaster priced it wrongly, and the data got outdated.

However, a boss starting from proxies, entering an industry gray area conceptually built to "bypass risk control"—how official are his so-called official channels exactly? This question could likely only be answered by himself.

The site also links to a company GitHub page, which pretends to be engaging in tech community building.

Clicking through, it’s entirely filled with AI-generated traction projects with meager star counts. Fundamentally, these are SEO and promotional materials, zeroing in contributions to the open-source community. Hanging out a GitHub page is nothing short of rounding out their "enterprise official site" persona better.

Evaluating the scale, this is a typical small-to-medium AI tool company, with 50 to 100 employees, pulling in tens of millions of revenue. It doesn't do fundamental research, rarely trains models, and avoids open source. It only conducts one role: constructing the most hidden pathway possible between overseas AIs and Chinese users.

And this road leads not only to average developers but also to names familiar to us all.

On February 24, 2026, Anthropic published an industry-shocking report, explicitly naming three top Chinese AI labs: DeepSeek, Moonshot (Kimi), and MiniMax. The report provided definitive data—these labs utilized around 24,000 fraudulent accounts generating over 16 million interactions.

What were they doing? In industry slang, this is called a "distillation attack"—crazy API calls to Claude, extracting out its logical reasoning, thought chains, and Agent capacities bit by bit, and feeding them to their proprietary models.

And these prominent AI enterprise factions would never use their official IPs to perform these tasks. If an official account gets banned, it's a severe compliance accident sufficient to trigger international lawsuits. But if an agent's account gets banned, they can shrug: "I just bought the services, I don't know how they handled it."

This embodies the "professional value" of transit stations. For tech giants, transit stations provide more than just sock puppets; they provide complete "adversarial engineering capabilities": when accounts are banned, new ones pop up instantly. Massive attack traffic is layered inside normal user requests, much like swarming ants, making the platform’s AI audit system fail to distinguish them.

Because the matter exploded, the US government pushed the PAIP Act in April 2026. The controls aren’t merely about "banning accounts" anymore; they are now focused on targeted sanctions against proxy service providers furnishing infrastructures for distillation attacks.

Looking backward, those convoluted offshore architectures, the seemingly excessive compliance designs, were likely not just guarding against OpenAI, but against these truly devastating legal consequences.

3. The Third Transit Station

This is also a supplier of the first transit station; though marginally lower in status than the second, it remains crucial.

This one uses generic Chinese pinyin allied with .ai for domains—a tier-two Top-Level Domain that costs around 100,000 RMB. Compared to the first station, it's fairly decent; compared to the second, it still lacks quite a bit of substance.

Its after-sales pipeline involves the standard gray-production trio: QQ groups, Telegram, and emails.

But what substantially shocked me was that it imitated vast model enterprises, providing Resource Packs and Coding Plans. This is not merely selling APIs; it's practically marketing "Developer Meals". Functionally, its product layout has increasingly drawn towards the formalized subscription models from certified manufacturers, trying to ascertain a steadier user relationship.

The platform embodies strict positioning: tilting towards developers, sometimes enterprises. Lacking the whole string of offshore company architectures and grand website layouts akin to the second, it understands superiorly than the first station what developers demand—beyond merely lowering prices, a bundled, predictive stability matters more. It occupies a role hovering midway between the grassroots forces and official corps.

4. Horizontal Comparison - A Chart Exposing the Segregated Realms

Three Transit Stations: Grassroots, White Gloves, Strikers, individually exemplifying three different ecological sectors stretching traversing this industrial chain. Aligning them reveals astonishing dissonances.

Dimension	Transit Station A	Transit Station B	Transit Station C
Domain Strategy	Secondary + .top	Top-Level + .ai	Secondary TLD + .ai
Domain Cost	Below 10 RMB	Above 200k	Above 100k
Website Operation Period	Under 6 Months	Over 2 Years	Over 10 Months
Tech Base	Open Source `new-api`	Self-developed	Self-developed
Supplier Structure	Bulk signup + Extracted + Peers	Official + Unknowns	Official + Unknowns
Ratio to Official GPT5.4	36x Cheaper	Original (Debatable)	5% Cheaper
Model Count	115	200+	200+
Promotional Tracks	QQ Groups + GitHub Ads	Self-Media + Rebate invites	Self-Media + Rebate invites
After-sales	QQ Groups	Email + Live chat	Email + Live chat
Target User Base	C-End freeloaders	B-End Local Enterprises	C-End Developers
Company Backdrop	Individual	HK + Singapore	Unknown

Browsing through the chart, the disconnects across these pivotal parameters appear piercingly glaring:

Domain translates to Class. One operates a sub-ten-bucks sub-domain, one drops two-hundred grands on a Top-Level .ai, and the final balances with a one-hundred-thousand-range tag. The domains inherently signal the ambition scopes and commitment inputs of their handlers respectively. The first chases brisk profits, the second nurtures long-term stakes, and the third strives upward to elevate itself.

The Contrasts behind Pricing. GPT-5.4 portrays models that sell 36 times cheaper, normal-priced, or 5% cheaper. Yet "Original price" masks the underlying crevices we discovered prior: If they wholesale identical inventories at 80% discounted metrics downriver, does "original" remain pristine, or are they exclusively displaying this frontally for you? Anything 36 times cheaper obviously houses tainted issues—they directly brandish their discounts transparently. The one tagging with identical metrics, however, harbors deeper abysses beneath it.

Fragmenting the Consumer Strata. C-End freeloaders, B-End regional enterprises, and C-End domestic developers. The tiers differ across three spending budgets and their comprehension of "stability." The first pool shifts when accounts vaporize instantly upon bans. The second's loss evokes commercial penalties and project debacles—necessitating corporate frontals, legal frames to masquerade into pure-hearted SaaS platforms.

An Unavoidable Void. Station C writes "unknown" towards official firm backings. A hub running upward of ten months clutching over two hundred models built atop proprietary schemas seldom boils down to mere indie ventures. Neglecting naked operations akin to A, discarding multi-shore framings analogous to B, it picks complete silence. Often, such deliberate taciturnity signals another painstakingly concealed shell game.

Three Transit Stations epitomize triad segments atop this commercial sequence: Grassroots Plunderers, Enigmatic Enterprise Gloves, and Aspirational Aggressors towards Official ranks. They aren’t combatants amongst themselves—A serves downriver of B—co-existing on shared trails absorbing disparate profit streams up along the path.

5. Beneath the Surface — E-commerce Platforms

If the aforementioned hubs dealt fundamentally with "Developer Business," the token exchanges on Taobao define the very bottom of this hierarchy.

Searching "CodeX" on Taobao uncovers overwhelming search results boasting meticulous operational phases. Keyword unifications are profound—"Domestic direct links", "Stabilized applications", "Issuance of Invoices", "Corporate transaction acceptance"—they target squarely upon local demographic weaknesses.

Their starting tags range dirt-cheaply: Ten bucks for two hundred calls spanning twenty-four-hour windows. Visually unmatchable, yet gazing deeper exposes calculating algorithms disjointed from authentic platform measures. Legitimate realms measure across 'tokens', not 'calls' nor 'queries.' Exploiting technological ignorance, these vendors specifically pamper layman mentalities.

Worsening matters, their currency is labeled as "USD". Obviously, this fails reality checks—a basic conversion of yuan into real-dollar quotas spells huge losses for them otherwise. These Taobao corners function on similar transit site backends pushed over to e-commerce shells. You are paying physical currencies into proprietary metrics, manipulated natively on customized scaling values handled implicitly behind doors! Sellers flex immense dictation adjusting rules universally over margins and refunds without clear-cut validations!

Going by the sellers' claims, 26 RMB can buy CodeX's "$50 USD" quota. This conversion ratio looks tempting, but keeping the previous transit stations in mind, it is essentially taking cheap inventory exploited upstream, cloaking it in a custom pricing module, and reselling it to laymen who know nothing about the industry. Multipliers can be adjusted, pricing units can be custom-defined, and refund policies are utterly up to the seller. Even those transit stations with their own websites never promised unbreakable prices. Once it reaches the Taobao level, transparency plummets to zero.

Browsing the comment section, the demands are highly concentrated. Someone asks if an invoice can be issued—yes, and it supports corporate payments. Someone asks if it can be used without a VPN—yes, via a domestic direct connection. These are gray demands that official channels simply cannot fulfill but exist massively in reality. Invoices and direct connections have become the core competitive advantages for Taobao token sellers.

But the deadliest issue within this entire chain is Trust.

You fundamentally have no idea what model is being called behind the screen. How can an ordinary person verify this? There are indeed people in the market who have created "model verification tools" to help users check whether the returned results genuinely come from the purported models. However, this verification faces a dead end: it’s impossible to stare at it 24/7. Sellers might use the real model during the day and switch to an inferior one late at night—no one would know. A user who bought "CodeX quotas" for 26 RMB might find the results generated at 2 A.M. completely switched to a cheap model trying to cut corners.

With no supervision and zero guarantees, everything relies solely on the seller's conscience. And unfortunately, in an industry chain starting at 10 bucks, "conscience" is probably the most worthless commodity.

However, in this ocean, it’s not only the small fish swimming around.

6. Entry of the Sharks: Fu Sheng and Justin Sun Eye the Same Cake

While grassroots webmasters were quietly raking in cash via the gray market, genuine sharks eventually caught the scent of blood.

This time, petty players stayed home. One is the CEO of a listed company, and the other is the controversial king of the crypto world. Almost concurrently, they reached into the same waters.

Cheetah Mobile: Fu Sheng “We Are Not a Transit Station”

Fu Sheng, Chairman and CEO of Cheetah Mobile, helm of a listed enterprise with over a million followers on Douyin/TikTok—the exact guy who drunkenly yelled at Zhou Hongyi in a group chat not long ago.

Here he comes, presenting a transit station attempting to mask itself otherwise.

He refuses to admit they are transit stations. But let's establish a strict reality check: the definition of a transit station is not delineated by whether they dabble in dark-gray markets or not. When there is something wedged between you and the primary AI model enterprise, dictating requests away from direct official connectivity—you function strictly as an intermediary station, period. The term "Transit Station" naturally stinks within common reputation, making evasion understandable, yet undeniable size and facades don't whitewash definitions.

Since it’s driven by a listed entity, reviewing UI visuals or framework structures becomes trivial. Let’s target directly at models and pricings.

ChatGPT-5.4 reflects an 85% markdown tag equivalently—15% cheaper than official paths. The model range runs limited, fielding roughly 37 options—clinging tightly to restrained layouts compared to the rampant 200+ selections littering general proxy sites, acting instead like a legit SaaS structural selection. Another tagging reveals the core strategy: DeepSeek-V4 sits at merely a quarter against official metrics! Naturally, this slashing defies sustainable realities; they are violently hemorrhaging investment pockets aggressively securing user mindsets to claim the early traffic domain.

Fu Sheng swoops in throwing cards embedded in compliance standards and branding. Ironically, the platform fails to manifest a direct corporate owner attached; nobody knows accurately which entity signs off, bills, or invoices the revenues drawn! How does a corporate-run pipeline maintain blurring this key feature? It beckons potential enterprise users into cautious second thoughts!

Justin Sun: A One-Letter Top-Tier Declaration

Justin Sun joined the game too.

He omitted preliminaries entirely and outright grabbed a prime top-tier AI domain—featuring solely a single letter! Such scales cost effortlessly within millions. Domain mirrors declarations: one letter broadcasts boldly, stating "I have arrived, I am serious, and I rule at the top-tier."

On the domain's landing, yet again—nobody can directly tell which company holds ground. Their pricing game twists remarkably distinctive: GPT-5.4 maintains absolute 1-to-1 official equivalence!

Not exactly cheap.

Coupled with an ultra-expensive domain alongside strict full-price structuring, Justin Sun plainly steers away from the price wars altogether! His trajectory signals an entirely different road: wielding an ultra-tier domain generating immense branding leverage, consolidating legitimized settlement channels targeting legitimately wealthy corporate clientele exclusively! Scarcity and raw trust represent his true weaponizations over pricing numbers!

Sharks have arrived, will the waters run clearer?

Fu Sheng slices 15% off official marks, Justin Sun peddles raw official metrics. One blasts venture capital aggressively securing tractions, the other constructs branding off colossal domains. These respectful sharks might visually contest with indie proxy nodes—in truth, they lock horns ferociously among themselves atop entirely separate evolutionary chains!

Shark invasions hardly guarantee the obliteration of gray markets. Sharks engulf mid-to-high level shoals consisting of enterprises insisting on invoices, contracts, and stable frameworks. The low-level small fry demographic remains continually lingering around the £10 Taobao proxy realms feeding on cheap, 200-call-rate scraps.

The division of this industry's layout becomes terrifyingly transparent.

The Final Chapter: The Legal Red Line and the Endgame Forecast

Coming this far into the investigation, a fundamental question must be addressed: Why is it called a "transit station"?

The antonym for a transit station is a direct connection. Direct connection means dynamically buying services straight from giant model vendors directly sending device pings into international servers—while additionally functioning strictly within legit internet connectivity pipelines. However, this trajectory stays notoriously severed for immense swaths of domestic denizens.

Therefore, transit points execute one distinct directive: setting up proxy server points domestically. A user ping reaches this domestic point first to be routed externally toward foreign hubs afterwards!

What does this indicate?

This falls fundamentally under illegal circumvention tapping into global internets! Disregarding how attractively disguised they are, any foreign AI proxy presenting local interfaces crosses into statutory breach domains right from inception point architectures!

Descending strictly beyond this boundary line, legal frictions crash across three cascading planes:

First Threshold: Illegal Business Operations. Proxies fundamentally transact telecommunication value-added features illegitimately. Marketing information transit capacities to locals devoid of licensing credentials falls flat beneath telecom authorizations entirely.

Second Threshold: Infringement by Providing Tools Invading/Illegally Accessing Computer System Configurations. Services waving flags of "Interface reverse engineering" lean exclusively upon cracking network communication paths tapping into authorized architectures illegally! Facilitating such hacks and charging entry defines crystalline violations procedurally!

Third Threshold: Fraud alongside Data Security Violations. Large-scale exploiting via fraudulent subscriptions scraping trial cash breaches fundamental swindling! Exporting civilian data through contraband internet pipes illegally across international servers inherently ignites strict data-safety charges respectively! Triple thresholds represent independent criminal liabilities collectively.

However, courtlines hardly comprise the exclusive threats proxy operators suffer from. Defensive retaliation originating upstream simultaneously constricts heavily!

OpenAI and Anthropic witness rapid enhancements into their scanning mechanisms heavily weaponizing precise behavioral biometric 'fingerprinting' structures. Eras permitting trivial evasions via swapping IPs plus spamming newly scripted signups are closing swiftly; mouse winning-odds diminish exponentially! Simultaneously, streams of supply vanish continuously—Google, Microsoft, among cloud giants tighten limits enforcing stronger registration walls cutting gifting allocations. Ultimately, these historically cheap limitless inventory veins will drain completely.

Justice lines restrict externally whilst source avenues suffocate at their roots; wedged heavily between these two crushing parameters paints an unequivocally crystalized endgame path going forward!

Over eighty percent of indie runners alongside small group fractions will melt away silently amongst these collapsing pressures. Chat rooms disassemble, proxy links yield infinite error pages—erasing them as completely unproven occurrences altogether. Without proper legal backbones shielding them, dealing defensively is genuinely non-existent.

A rare fractional cut of robust syndicate frames won't die easily; instead forcing them backward into far deeper obscure crypt markets shedding away open marketing entirely transacting strictly internally beneath dense security parameters exclusively restricting entry altogether.

The evacuated consumer voids finally invite assimilation handled dynamically via Cheeta or Justin Sun-styled semi-legit platforms equipped adequately with vast corporate bankings covering immense legal buffers surviving offshore! These titans hardly enter intending toward exterminating shadows; instead charging resolutely simply capturing the abandoned user spoils left completely vulnerable beforehand!

Standing statically observing this whole theater—one peculiar question overshadows concerns over proxy-bustings vastly: Why exactly does this market flourish robustly anyway?

Thriving proxy hubs directly manifest twisted necessities stemming between the local delay traversing domestic AI breakthroughs matching alongside ravenously demanding consumer pools respectively! Millions of devs, businesses, coupled with startup nodes never truly wish upon violating laws voluntarily—they just crucially thirst for code strings functioning seamlessly generating operational solutions guaranteeing they avoid dropping dead entirely behind progressing era parameters!

Blocking proxy nodes stands as standard statutory jobs; yet strictly enforcing proper, mighty domestic AI parameters yielding capable power thresholds comparable across globally competitive fronts—enabling developers the sheer grace completely absolving "stealing fired promethean elements" exclusively guarantees this obscure abyss dissipating permanently off radar charts finally!

Before that very horizon crosses lines, millions upon millions of these exact API paths shall endlessly tunnel onward through identical shadows.

Thanks for tuning in my friends! Should this content serve properly interesting, be kind enough directly pressing like, forward, and save interactions without hesitations!

Fancy catching my latest releases instantly onwards, be certain slamming a star highlight ⭐ avoiding missing me next time around!

That hits the stopping point for today folks.

OpenAI Shut the Door, and Relays Are Out for Blood: The "Tragedy of the Commons" in the Token Economy

GokuScraper悟空爬虫 — Mon, 04 May 2026 04:17:50 +0000

Right now, when you try to sign up for a new OpenAI Codex account, you are no longer greeted by that familiar email verification interface, but by a cold, hard wall – overseas phone number verification is now mandatory.

This is not just a UI interaction change; this is an iron door, and one that has been completely welded shut. Once upon a time, all kinds of "freeloading" secret manuals circulated through tech circles: account generators, account pools, seamless switching. That was the idyllic era of the Token economy, when developers were self-sufficient, sharing the thrill of bypassing restrictions on GitHub.

But now, the door is closed.

Why was it closed? Because OpenAI got sick of being leeched. This is no longer the "jungling" behavior of a handful of tech geeks; it has become an organized, large-scale industrial plunder. When tens of thousands of API Keys roll off the black-market assembly line like snowflakes, and when cloud computing resources are used like a free cash machine running day and night, the "Tragedy of the Commons" inevitably strikes. Resources are limited, but greed is infinite. When everyone pursues their own maximum benefit, the result is the pasture degrades, the gates are locked, and everyone is left outside.

I. Anatomy of an Industry: The Quadruple "Russian Doll" of the Token Economy

Behind this welded-shut door lies an already highly stratified and meticulously operated gray industry. It is like a Russian nesting doll; peel back one layer to reveal another, each layer feeding on the corpse of the one above it.

L1 – The Bottom Layer (Black Zone): Digital Ghosts That Make Something From Nothing
At the very bottom of the chain lies pure criminal activity. The main players here are credit card fraud and batch automation scripts. Black-market actors use credit card information stolen from all over the world to fraudulently purchase cloud services or directly register for API access. For them, this is the true "something for nothing" business. Card issuing, account registration, and token consumption are all done in one seamless motion. They are the fuel suppliers of the entire arbitrage game, and also the segment bearing the highest risk.

L2 – The Technical Layer (Gray Zone): A Frenzied Reverse-Engineering Race on the Web
This layer is closer to home, inhabited by many self-proclaimed "tech geeks" and developers. They don't directly call the paid API; instead, they conduct "packet sniffing" on the ChatGPT web interface through reverse engineering. They analyze request headers, simulate Session sessions, and forge browser fingerprints to forcibly convert the free or subscription-based chat capabilities of the web version into a programmable "Web2API." It sounds cool, but in essence, it's an act of bypassing the billing system and conducting a large-scale "account sharing" fraud.

L3 – The Circulation Layer (Arbitrage Traders): Exchange Rate Gaps and Information Asymmetry
This is the "smartest" layer. They do not produce illegal accounts; they are movers of profit. They exploit pricing differences between countries or buy accounts directly from upstream sources, acquiring genuine subscriptions or API quotas at extremely low discount prices in bulk, then break them apart and sell them retail. Some go even further, exploiting AI enterprise discount agreements or even educational offers obtained by some startups, fraudulently registering massive numbers of sub-accounts to resell. They are parasites living in the cracks of a global pricing system.

L4 – The Top Layer (White Zone): The Difficult Survival of Compliant Aggregation
At the very top are aggregation platforms aiming for legality and compliance. They try to solve the demand problem with business logic – direct official connections, invoices, SLA guarantees. They have the highest costs and thinnest margins, walking on the edge of the tech giants' ecosystems, struggling to act as a "compliant router" between developers and models. They are currently the most stable key, but one that could be snapped at any moment by an upstream policy change.

Of course, reality is far more chaotic than this layered breakdown. The vast majority of relay stations are actually a four-tier hybrid abomination. A little black-card volume pumped in at the bottom, a Web2API setup running in the middle to keep things afloat, and some cheap genuine accounts from Turkey to prop up the facade—if risk controls tighten, they scramble at the last minute to sign an enterprise discount agreement. The proportion of each layer is like a hotpot base recipe: outsiders will never know it, and the owners themselves will never volunteer it.

II. Infighting: When the "First Traitor" Attacks with Full Fury

This seemingly stable pyramid is full of internal mistrust. And the "Killeryou" incident was the knife that tore through this veil.

The sequence of events was simple: "Killeryou," a big player running multiple relay stations in the gray-market world, suddenly launched a full-frontal attack on OpenAI's official community. He openly posted, exposing in detail the cheating methods of his other gray-market peers, including how to batch-register accounts using forged identities and how to evade risk controls, in a tone fierce enough to sound like a righteous whistleblower.

However, he was not a righteous man; he was a player whose interests had been damaged. The truth soon came out: a mass rug-pull on the "black cards" supplied to him upstream led to the banning of three stores under his name, costing him a direct loss of $25,000. With his upstream supplier fleeing and his downstream customers coming for him, he chose to flip the table, cornered and desperate.

This is a textbook case of "thieves falling out." It reveals a brutal truth: when the stability of the gray market completely collapses, and the fraudulent chain it depends on breaks, infighting is the only outcome. There are no rules here, no contracts, only interests. When interests are harmed, the cost of betrayal approaches zero.

III. The Truth About Relays: No Contracts, Only the "Right of Interpretation"

In the black and gray industries, especially those on the internet, no one talks to you about contracts.

1. Top-up Equals "Donation": A Digital Illusion in Lawless Territory

The logic of a relay station is absurdly simple: you send money, which goes through several layers of untraceable money-laundering links. The boss receives the money, then adds a few digits to your ID in the backend database.

This is a game of "Bro, trust me." The Chinese yuan you top up shows on the web panel as a "balance," but that is essentially just a string of code that can be wiped out with one click, or evaporated completely by the "accidental" server shutdown. In the gray-market world, there is no such thing as a "User Agreement." The moment you press the top-up button, you are essentially making a directed donation in a lawless territory. If the boss decides tomorrow to switch to selling pork ribs somewhere else, or if the server gets taken down by the authorities, your balance won't even count as a worthless piece of scrap paper.

2. Multiplier: The Arbitrary Baton in the Boss's Hand

The so-called "multiplier" is essentially the "shadow tax" that relay stations use to harvest dynamically. If the multiplier is 2, then the purchasing power of your 1 Chinese yuan shrinks instantly to 50 cents.

Everyone knows the multiplier can change, but don't expect any "agreement protection." This thing is a dynamic sickle the boss uses to balance costs and harvest profit.

No Law, Only the Backend: The gray market is gray precisely because it is not subject to any regulation. If the boss feels costs are high today, or if upstream black cards get banned, he can just move his finger in the backend, adjust the multiplier from 1x to 10x, and your balance will collapse ten times faster in an instant.

The Logic of Violent Cost-Shifting: Exchange rates fluctuating? The boss wants a new computer? He doesn't need to issue an announcement, let alone ask for your consent. This absolute centralization of arbitrariness is the biggest pitfall of relay stations—your usage cost depends entirely on the boss's mood and greed that day.

3. The Ultimate Price: You're Not Just Paying, You're "Feeding Data"

This is the most insidious and real price in the entire chain. You think you've spent money to buy a service, but you are actually a self-funded miner, personally feeding your most core data assets into the relay station's hands.

Prompt as an Asset: Every single API request is as transparent as the emperor's new clothes in a relay station's backend. Your painstakingly optimized Prompt templates, your company's core business logic, even the code for your closed-source project—all of it lies "awaiting review" in someone else's database.

Self-Funded "Distillation Corpus": The boss, while taking your money, can conveniently export these high-quality conversation datasets. What can this data be used for? It's the most coveted "distillation corpus" for model training. While charging you a fee, he casually places you on the chopping block, turning you into free fertilizer for someone else's model evolution.

IV. The Endgame of Risk Control: KYC

This cold wave is not unique to OpenAI. The recent risk-control actions of its biggest competitor, Anthropic, foreshadow an even harsher future—mandatory real-name verification.

This is not a simple wave of bans, but a combination punch: account bans, a tightening of refund policies, and strong real-name authentication (KYC). Now, to register a stable Claude API account, you may need to submit a government ID (identity card/passport) and cooperate with a real-time selfie verification. This directly blocks countless domestic developers.

This has created a massive structural dilemma. The high wall of network latency, the barrier of international credit cards, and strict real-name requirements—these three mountains are the soil that has nurtured the living space of relay stations. But this parasitic service has never been stable—developers are sinking into a deep anxiety of "interrupted supply at any moment": the service you built based on a certain Key might wake you up to a screen filled only with 429 errors.

The so-called "right to access top-tier foreign models" is being stripped away layer by layer—it is not a privilege, but a temporary pass that can be revoked at any moment.

V. Epilogue: Those 29 "Crying Faces"

At the end of the story, let's turn our eyes to that relay station community channel that collapsed in an instant. Beneath the service shutdown announcement, 29 crying-face emojis lined up in a silent queue.

They are students, indie developers, and micro-entrepreneurs. They just wanted to test a demo at a lower cost, or build a niche AI application. They are not the initiators of this industry chain, but they are the most direct bearers of the cost every time the "Tragedy of the Commons" erupts. Supporting characters in the tide, the ones breathing their last bubbles as they drown.

But this time, their crying faces should not just mourn the death of a relay station. This screenshot should become a piece of evidence—evidence of the predicament we were in, parasitizing our creativity on someone else's ecosystem.

As OpenAI and Anthropic weld one door after another shut, we are finally pushed to the real question: Do we keep looking for the next crack in the wall? Or do we stop and forge the key ourselves?

This question brooks no further delay.

我瞎填的申请“入选”了小米百万亿 Token 计划，顶级营销就是让你觉得“只有你入选了”

GokuScraper悟空爬虫 — Sat, 02 May 2026 03:30:04 +0000

我瞎填的申请“入选”了小米百万亿 Token 计划，顶级营销就是让你觉得“只有你入选了”

大家好，我是彪哥。

事情是这样的。

前两天刷到一个活动页面，叫“Xiaomi MiMo Orbit——百万亿 Token 创造者激励计划”。

名字挺唬人，百万亿，还是“创造者激励”，听着像是要选拔什么硬核开发者。

我随手填了个邮箱就提交了，连那个“你的 AI 驱动能力体现在哪里”的问题，我都没填，就填了一个邮箱就提交了。

然后前几天，邮件来了。

标题是正经的通知口吻，打开看下：

“我们认真评估了你提交的申请，你展现出的 AI 驱动能力及实际创造成果，让我们印象深刻。恭喜正式入选 Xiaomi MiMo Orbit-百万亿 Token 创造者激励计划！”

我笑了。

我明明交的是白卷，哪来的“创造成果让人印象深刻”？

这就是一封人人都能收到的邮件，换谁填谁入选，系统自动审核，自动发送，“认真评估”四个字，是写给每一个收到邮件的人看的。

这波操作，恰恰说明小米真会做营销。

人家不是简单粗暴地砸优惠券、在页面上贴一个“注册即送 token”，而是让你先“申请”，再“等待”，最后“被选中”。把一套标准的系统触发

流程，包装成了一次带有荣誉感的入选仪式。与其说是 AI 激励计划，不如说是人性激励计划——你永远可以对“你是被选中的那个人”这句

话产生一瞬间的爽感，哪怕你知道这是群发的。

而我，就是一个被这套流程精准击中的样本。

二、为什么确定是“机审”？

因为那封热情洋溢、恭喜我“AI 驱动能力让人印象深刻”的邮件，是躺在我的垃圾邮件箱里被翻出来的。

邮件发送服务是托管在 Cloudflare 的一套营销邮件分发系统上的。

这意味着这不是一个人坐在电脑前，对着你的 GitHub 截图发出一声赞叹，然后手动点下的“发送”。而是你提交的那一刻，你的邮箱地址

就被收进了一个用户列表里。到了某个预设时间，这个搭载在云端、用来群发营销邮件的系统就自动激活，把定制好的漂亮模板，推送到

这个列表里的每一个地址上。

至于为什么进了垃圾箱，原因很简单：短时间内大量发送内容高度相似的邮件，邮件服务商的安全机制一秒就把你识别成营销邮件，直接

扔进垃圾箱。如果真是点对点手动发送的人工审核通知，恰恰不会触发这种屏蔽规则。这才是“机审”最硬的铁证。

所以，逻辑链条还原出来其实很残酷：你辛辛苦苦截的图、上传的账单，很可能根本没被任何人看过。

那些材料的作用，不是为了“筛选”，而是为了表演“筛选”。它们的存在，只是为了让你在看到“恭喜入选”四个字时，有那么一秒钟觉

得“嗯，我确实付出了努力，我值得”。

让你交作业，是为了让你更信这份成绩单。

而所谓的“入选”，还是原来那个逻辑——你来了，你就是创造者；你注册，就是胜利。只不过小米为了让这场“荣誉授予仪式”显得更逼

真，在门口多设了几道看起来需要费力跨过的门槛，让你更投入，更相信。

这就像是，别家群发是直接往你手里塞传单；小米是让你先填了一份意愿表，再郑重地把传单交给你，说：“先生，由于您的卓越品味，

我们特地为您预留了本次优惠。”

传单还是那张传单，但多巴胺已经不一样了。

三、对比：别人送优惠，小米送“荣誉”

到这里，不妨横向看一眼同行们在干什么。

你去翻翻各大 AI 平台的活动页面，话术基本都长一个样：“注册即送 2000万 token”“新用户专享，点击领取免费额度”。

这是一套标准动作：平台把优惠摆出来，你来拿，拿完爱用不用。用户的心态也很直接：免费的，不拿白不拿。拿到之后呢？

可能白嫖完就走了，连账号都不一定记得住。这不是说这些平台做得不好，而是说，优惠券这三个字，天生就带着一种“我是赠品”的气

质。你领了不会觉得有什么——因为本来就是你免费发的。

小米的做法，完全走了另一条路。

它不叫“优惠券”，叫“激励计划”；不叫“注册领取”，叫“提交申请”；不叫“到账通知”，叫“入选邮件”。

你从头到尾经历的不是一个领券流程，而是一个“申请-等待-被选中”的仪式。哪怕你知道它是假的，情绪上还是会先信一秒。

小米把整个用户触达的过程，从“你来领吧”扭成了“你被选中了”。这两者的区别，在消费心理学上是一条巨大的鸿沟。

人性有个很有趣的规律：免费送到手的东西，人会本能地低估它的价值；但你让他觉得这是“争取来的”，哪怕争取的动作只是填了个邮箱

加等了几个小时，他对这份东西的珍视程度就会出现一个跃升。这背后是经典的认知失调理论——当人们为一个结果投入了精力（哪怕是

极少的），他们会倾向于高估这个结果的价值，以证明自己的投入是合理的。小米的“申请-入选”流程，恰恰在所有人心里种下了这颗种

子。

同样是发免费额度，别家说的是“你来试试，不行拉倒”，小米说的是“你值得拥有，我们相信你能做出好东西”。

这是话术的差别吗？不，这是定位的差别。别家把新用户当领取者，小米把新用户当创造者。你不是来白嫖资源的，你是来参与一项百万

亿级别宏大计划的。这层身份一旦给出去，用户对待这件事的态度就完全不一样了——token 到账了，你总要登上去看看能不能真的做点

什么吧？万一我真的能创造点东西出来呢？

这才是这套策略最聪明的地方。它没有多花一分钱做补贴，也没有多发一个 token，只靠一整套精心设计的用户旅程，就把“不得不发的

新人福利”变成了“你主动争取来的荣誉”。免费额度谁都能发，但能让人拿到免费额度还觉得自己被高看一眼了，这功夫，一般的市场团队

真学不来。

五、结尾

坦白讲，虽然被“套路”了，但这封邮件并不让人反感。

因为它够聪明，聪明到让你明知道是系统群发，还是忍不住在心里给小米的市场团队鼓个掌——懂人性到这地步，确实有两下子。

这种“机审式入选”的玩法业内也不是没人用过，但用在 API 开放平台拉新上，再裹上“百万亿 Token”这种大手笔措辞，就格外讨巧。

你以为你薅到了小米的 token 羊毛，打开网站准备白嫖一波；实际上人家用一封邮件，就让你记住了 MiMo 这个名字，还顺手让你注册

了账号。这才是真正的“AI 驱动营销”——AI 负责自动群发，人心负责主动上门。当然，话说回来，这招好归好，但不能一直用。如果小米

后续能把真正优秀的项目真的选出来，给点曝光、给点资源，那“入选”这两个字就从套路变成了承诺，口碑会翻倍。否则，再动人的仪式

感也架不住用户疲惫，三五次之后大家就都知道这扇门是自动旋转的了。但至少在这第一波，小米赢得很漂亮。

感谢各位朋友捧场！要是觉得内容有有点意思，别客气，点赞、在看、转发，直接安排上！

想以后第一时间看着咱的文章，别忘了点个星标⭐，别到时候找不着了。

行了，今儿就到这儿。

论成败，人生豪迈，我们下期再见！

国外给数据集，国内吹牛逼：锐评女娲马斯克乔布斯Skill

GokuScraper悟空爬虫 — Sat, 02 May 2026 02:24:52 +0000

国外给数据集，国内吹牛逼：锐评女娲马斯克乔布斯Skill

说句得罪人的话：中国AI圈有些项目，正在重新定义“开源”二字——把README写得像史诗，却连一个原始数据都不敢往外放。

这不是技术差距，是诚意的差距。

一、国外的“开源”是卸了妆见人，咱们的“开源”是化了浓妆念经

国外的AI开源项目，玩的是“交货”。什么叫交货？

你说你开源了个模型，好，数据给我。训练数据的每一行json、每一个csv，全都扔出来。EleutherAI发The Pile，800个G的原始文

本，下载脚本都给你写好——就怕你复现不了。LAION发图文对数据集，不光给数据，连怎么筛掉NSFW内容的脚本都公开。道理很简

单：开源不交数据，就像卖车不给发动机——你他妈让我推着走？

再看国内某些项目，玩的是“交作业”。什么叫交作业？

你点进去一看，data/文件夹是空的，原始语料没有，训练数据没有，标注文件没有。

没有一克米，但README里已经把满汉全席的菜名报完了。

国外的论文告诉你，“我这数据是拿GPT-3.5生成的，有偏误，请注意”。知道吗？敢于露怯，才是真专业。咱们的呢？

README里全是“蒸馏”、“认知操作系统”、“五层提取”、“三重验证”——没一句人话，但每句都像在说“我是你爹”。

国外的复现脚本，从数据清洗到训练到评测，一行不少。为什么？因为他们怕你复现不了。咱们的呢？

就一个SKILL.md，里面几段Prompt，几张聊天截图。为什么？因为他们怕你真复现了——一复现就露馅。

开源的底线，不是你把代码开源到GitHub。

是你把数据的底裤脱了，站到大家面前说：看，我就长这样。连底裤都不敢脱，你跟我谈什么“开源精神”？

二、国内某些“开源神作”，开源了个啥？

拿最近火得一塌糊涂的某个项目当标本解剖一下。

16.7k星标，2.7k fork，“女娲造人”、“蒸馏灵魂”、“认知操作系统提取”——光README就能出一本玄幻小说。点进去一看，仓库结构清

晰：有examples/，有references/，有skill，有文档，什么都有。唯独没有data/。

没有原始语料，没有训练数据，没有标注文件。13个所谓“已蒸馏人物”的example文件夹里，装的是调好的系统提示词和聊天截图。你说

你有“六路并行采集”，采集产物在哪？你说你有“三重验证”，验证记录在哪？你那些Agent跑了那么多轮搜索，原始输出呢？

就一份AI拿谷歌搜索结果写的读后感。这叫数据？这叫搜索引擎摘要，连文献综述都算不上。

更可笑的是，学术圈正经研究“认知建模”和“数字人格蒸馏”的团队，第一步永远是数据采集和标注。人家会详细列出：用了哪些检索式、

排除了哪些来源、双人标注的一致性系数Kappa值是多少。你连一个inter_annotator_agreement.csv都没有，连一个

cohen_kappa.txt都没有，也好意思叫“提取认知操作系统”？

这就像一个人写了本《造车方法论》，辞藻华丽，插图精美。翻开一看，没有发动机图纸，全是4S店拍的汽车美图。你问他发动机呢？他

说：“你看这车多漂亮。”你问他零件清单呢？他说：“我用六路并行去4S店拍的，还三重验证过，这辆车确实存在。”

谁他妈问你是不是存在了？我问你零件清单。

三、你那不叫“没交数据”，你那叫“连数据长什么样都不知道”

好，我再退一步。你说你没数据集，是因为数据难收集？反爬太厉害？行，我姑且信你。

那请你告诉我——马斯克的推特数据，在Zenodo上有完整数据集，结构化，带时间戳，带情感标注，公开可下载，有DOI可引用。

Hugging Face上另一个版本被下载了13万次。点一下就下载，合法的，不要钱，不需要和反爬斗智斗勇。

乔布斯的公开访谈、发布会QA、传记一手素材，学术圈已经有人替你整理好了——转录、清洗、时间戳对齐、阶段标注，全做完了。语

料库就摆在那儿，点一下就下载。

这些数据集，你用了没有？

没有。

你干了什么？你让AI去谷歌搜了一圈，然后把搜索结果归纳成几段读后感。你管那叫数据？

一个马斯克的完整推文数据集，是从他2009年加入Twitter到今天，每一条推文的完整文本、发布时间、转推数、点赞数、是否被删除、

是否被修改——结构化地躺在几十万行CSV里。你下载下来，能在Excel里做筛选、统计、时间序列分析。这叫数据。

而你呢？“用六路并行Agent采集”——翻译成人话就是：让AI上谷歌搜了六个关键词，把前十个结果的摘要拼在一起。就这点东西，你管

它叫“采集”？你连一个大学生写期末论文的材料收集量都不如。

一个乔布斯的完整语料库，是从1976年到2011年的所有公开对话、发布会QA、杂志访谈、传记一手引用——每一条都标注了年份、年

龄、语境类型、信息源可信度。你下载下来，能看到他在不同年代怎么回答同一个问题，能看到他的想法怎么变。这叫数据。

而你呢？“三重验证提炼”——翻译成人话就是：让AI把谷歌搜索结果读了一遍，然后归纳出几条“心智模型标签”。没有原始文本，没有时

间戳，没有阶段标注，没有矛盾标注。就给了一张标签。你在超市买个苹果都知道上面贴的是什么标签，你“蒸馏”了一个人，就给出了几

个标签？

这两样东西的区别，是矿石和考古报告的区别。

学术圈在Zenodo上放的，是矿石——你可以自己挖，自己分析，自己检验，自己得出跟别人不一样的结论。

你放在examples/里的，是考古报告——别人挖完了，挑了几块好看的放在玻璃柜里，写了张卡片，说“这是商周的”。

而你连考古报告都不是。考古报告至少告诉你：出土于哪个地层，碳14检测结果是多少。你的“报告”只写了：“我们挖到一件牛逼的东西，

牛逼在哪不知道，反正就是牛逼。”

稍微动点脑子，你都知道该怎么做？

直接把Zenodo上的马斯克推文链接甩出来，下载下来，跑个词频统计，也算你做了一个“数据集”。你就把学术圈已经整理好的乔布

斯访谈转录链接甩出来，标注几个关键年份，也算你做了“阶段建模”。你就把Hugging Face上13万次下载的数据集链接甩在你的README

里，说一句“感谢前人整理，这是我们基于此数据集做的蒸馏”——这也算你对开源社区做了一点贡献。

你做了吗？你没有。你甚至连一个链接都懒得放。

因为一放链接，别人就知道：哦，原来数据是现成的，你只是把AI读后感的输出格式调了调。原来你那些唬人的术语——“五层提取”、“三

重验证”、“认知操作系统”——只是往开源社区已经做好的基座上加了一层Prompt。

别再说“数据难收集”了。数据就在那里，公开的，免费的，合法的，连整理都有人替你做好了。你不动手，只有一个原因：你把时间都花

在写README上了。

四、垃圾开源配“速食用户”

最可悲的还不是骗，是骗成了榜样。

整理数据是苦功夫。扒一个人所有的公开文本，洗数据，打时间戳，做标注，至少得半个月吧。写一个华丽的README，配上神话包装，

一晚上够了。当后者比前者更受追捧，当零数据集拿到1.7万星成为标杆，这个圈子就在系统性奖励那些最廉价的投机。

我们的用户也不在乎。他们要的是“一键获得乔布斯思维”的幻觉，不是真的去理解乔布斯。他们需要的是晒出聊天截图那一刻的颅内高

潮，不是坐下来慢慢研究这个人的复杂和矛盾。供需双方在低水平上达成了完美的共谋。

于是“开源”这个词被彻底搞臭了。它不再意味着你交出成果供世界检验，而是意味着你把一篇华丽文案放在GitHub上，然后等着KOL转

发、星标暴涨、投资人敲门。

这不是开源，这是流量生意。

五、真正的牛逼长什么样

如果有人真的想做“乔布斯skill”，牛逼的做法是这样的：

公开一个结构化语料库，从1976年到2011年，乔布斯每一次公开对话、每一场发布会QA、每一封能找到的邮件、每一篇传记里被证实的

一手引用。每条数据标注发言年份、乔布斯年龄、语境类型、信息源可信度等级。公开矛盾标注：1983年说的和2005年说的如果打架，

别藏着，标出来，写清楚：“阶段矛盾，不可统一”。然后你告诉我，基于这个语料库，你提取了什么、丢弃了什么、为什么。

这才叫蒸馏。蒸馏之前，你得先有水。

这个水不是AI搜出来的，是你一条一条扒出来的。是你花了几个月时间，一条一条标的。是你咬着牙，把那些不性感、不酷炫、没有传播

价值的脏活干完，然后端出来的。

结尾：不配比

一定会有人说，DeepSeek 不也没公开预训练数据吗？

说得对。但那是圈内大佬在对它提更高的要求：“你明明做到了 98 分，为什么不冲刺 100 分的数据全透明？”这是一种基于认可的遗憾。

你拿这种要求去套某些项目，就是给它开光。它不是还差 2 分到 100。它是从 0 开始，连数据都不存在。

DeepSeek 交出的是一套完整的技术体系。某些项目交出的，是一个用搜索引擎结果拼凑的 Prompt。两者唯一的共同点，是都没把原始

数据公开。但这就像说“我和马斯克唯一的共同点是都吃米饭”——这种共同点，除了侮辱马斯克，毫无意义。

下次反驳别人没有数据集，当心把它抬到不该有的高度。它不配。

感谢各位朋友捧场！要是觉得内容有有点意思，别客气，点赞、在看、转发，直接安排上！

想以后第一时间看着咱的文章，别忘了点个星标⭐，别到时候找不着了。

行了，今儿就到这儿。

论成败，人生豪迈，我们下期再见！

AI 写代码写得越溜，架构师就越值钱

GokuScraper悟空爬虫 — Fri, 01 May 2026 11:30:23 +0000

AI 写代码写得越溜，架构师就越值钱

大家好，我是彪哥。

你有没有遇到让 claude 给你写个小脚本，对付几百条数据的时候跑得贼溜，但等数据量一上来，

同样的代码就开始各种摆烂：缺字段、格式错乱、死循环……你盯着满屏的红字报错，真的很想连电脑一起砸了。

对，这就是咱们常说的“屎山代码”。

后来我复盘了一下，发现这锅不全在 AI，更多是因为我自己图省事，把一大堆任务全塞进了一个 Prompt。

上一个项目我就踩了一回坑，然后我换了个思路——用“流水线+一件事一个人干”的方式重写了一遍，结果就发生了天壤之别。

最初跑几千条能挂几十条，后来跑几万条几乎零失败。

今天我把这个翻车到重构的过程完整分享出来。

一、项目需求

当时手里攒了几万条游戏、影视类的 AI 提示词，数据长这样：

{
  "id": "xxx",
  "raw_p": "A cinematic shot of a futuristic city...",
  "i18n": {}
}

需求不复杂：

1.把正文 raw_p 翻成中文和英文（有的原本是中文，有的是英文，还有少部分是日语）；

2.翻完之后，分别从中英文里提取标题和几个标签；

3.再生成一个英文的 URL slug，还要分个类。

看着平平无奇对吧？我起初也这么觉得。

二、万能就是啥也不能

当时心态就是懒，心想大模型那么强，我一口气把要求全列出来，它肯定能给我咕嘟咕嘟吐出来一个完美 JSON。

我那个 Prompt 大概长这样：

你是专业的视频内容分析师，请一次性完成下面的事：

判断语言；

如果是英文就翻成中文，中文就翻成英文；

给中文内容起个不超过 10 字的标题和 3 个标签；

给英文内容起标题、标签、slug（限 6 个词），还要从 Commercial / Entertainment / Content Creation 里挑一个；

全部严格按 JSON 格式返回……

瞅着是不是逻辑满满？真跑起来全是惊吓：

前几百条还行，到后面 AI 开始“忘事”，slug 直接没了；

有个条目给我分了个 Gaming，但这根本不在我给的三个选项里；

更离谱的是碰到日语来源的，它居然只给了英文翻译，中文那块直接编了一段上去；

中文标题偶尔直接照抄原文，压根没翻。

几千条跑下来，挂了有二三十条，字段丢失、分类乱飘各种bug都来了。

而且我的重试逻辑也很粗暴，挂掉就重复请求好几次，白白烧掉一大堆 token。时间也全搭进去了。

那会儿我才反应过来：不是我用的 AI 蠢，是我设计这套流程的时候本身就埋了个大坑。

三、问题在哪？

我们都知道一个道理：一个函数最好只干一件事。

但在写 Prompt 的时候，我们经常反向操作——把识别、翻译、提取、格式化全搅在一锅里，指望模型一次完美出锅。

小规模、不太讲究的场景可能真能混过去，可一旦数据量上去，任何一点格式偏差都会被成倍放大：

模型注意力被分散，小字段容易丢；

多个约束之间暗暗冲突，输出就开始左右横跳；

碰到一些变态长文本或者离谱的文本，模型直接开始出现严重的幻觉；

你后面做的校验也兜不住所有异常。

最后只能不停地补 if 'slug' not in data 这种补丁，活生生把代码补成一座屎山。

四、推倒重来

想明白之后，我把整个流程拆成了四个独立步骤，每一步只让模型集中精力干一件事。

新的处理流变成这个样子：

第一步：只判断语言

截取正文前 1000 个字符扔进去，让它返回一个 lang（en / zh / other）。

Prompt 短到一句话：”Identify text language. Only return JSON: {'lang': ...}“

第二步：纯翻译，别的都别干

根据上一步的结果：

英文的 → 翻成中文；

中文的 → 翻成英文；

其他语言 → 中英文各调一次单独的请求。

每个请求只让模型输出 zh_p 或 en_p，禁止它加戏。

第三步：中文元数据提取

拿着翻译好的中文，提取一个不超过 10 字的标题和 3 个标签。

系统提示写得特别聚焦，绝不提一丁点英文要求。

第四步：英文元数据提取

基于英文内容，拿标题、标签、slug、分类。分类那三个选项直接写死在提示里，不给它产生幻觉的机会。

核心就一句：一次只让 AI 当一种专家，绝不让它同时干两件性质不同的事。

五、光拆分不够，还得加上监工

拆是拆了，但要真变成能扛住几万条的工程代码，还得靠这几个不起眼的细节：

1. 强制 JSON，缺一个字段就翻脸

每个请求都设了 response_format={"type": "json_object"}，出来之后我对每个必填字段做一遍检查：

if expect_keys:
    for key in expect_keys:
        if key not in res or res[key] is None:
            raise ValueError(f"缺少字段或非法: {key}")

这样只要少东西，马上扔异常去重试，不会悄咪咪把错误吃成空字符串。

2. 失败了就退几步再试，别跟服务器硬刚

网络波动、服务端限流谁都躲不过，我给每个请求塞了最多 3 次机会，每次的等待时间慢慢加长：

for i in range(6):
    try:
        ...
    except Exception as e:
        print(f"重试({i+1}/6): {str(e)[:50]}")
        time.sleep(3 * (i + 1))

3. 随时可能崩，所以要能断点续跑

写文件的时候加锁，每次启动前先去读输出文件里已经搞完的 ID，绝不重复跑。

这样即使半夜脚本挂了，早上一键重启就能继续，不用心疼白花花的 token。

with write_lock:
    f_out.write(json.dumps(res, ensure_ascii=False) + '\n')
    f_out.flush()

六、前后对比

同样的数据集，跑完两版直接拉了个表：

指标	以前那个大杂烩	现在这条流水线
一次性成功率	大概 96%	99.8% 往上
单条平均耗时	3.5 秒	3.8 秒（稍微多一丢丢，但稳）
格式错误导致失败	每千条崩三四十	几乎没有
白烧的 token	一堆	很少
分类编出白名单外	每百个有五六个	一个都没有

对我来说最爽的不是成功率，是我终于不用半夜盯着日志修 bug 了。

让脚本自己跑，过几小时直接验收干净数据的感觉，懂的都懂。

七、怎么让自己别写出 AI 屎山

踩了这次坑，我给自己立了几条死规矩。

别让模型同时做两件不同质的事

翻译就翻译，提取就提取，分类就分类。宁愿多调两次也别合体。

给每次调用一个清晰的身份

提示词开头就像委任状：“你现在的工作只有一个，就是……”

对输出格式要像安检一样严格

开 JSON mode，列必填字段清单，少一个都不行。不通融。

把偶尔失败当日常设计

重试、日志、断点、并发控制，这些看着啰嗦，量产的时候能救命。

别上来就追求一步到位

先保证流程对，再提速。我一上来想少调一次 API，结果翻来覆去重试烧掉的钱更多，还累死人。

八、最后说几句

AI 时代，人人都在喊“写代码要被替代了”，但我反倒觉得，写代码的能力会贬值，做架构的能力会越来越贵。

因为代码解决的是“怎么做”，架构解决的是“怎么选”。

选技术路线、拆模块边界、定容错策略——这些事儿，没有标准答案。

它依赖的是你对业务的判断、对风险的嗅觉、对组织里各种隐性约束的掂量。

而这些，全在黑盒里，在会议吵架里，在踩了十年坑攒下的直觉里。

AI 学不到，它就不可能替你做这些决定。

所以，未来真正稀缺的，不是能把功能写出来的人，而是能在无数条岔路里，拍板定方向的那个人。

那个人，就是架构师。

感谢各位朋友捧场！要是觉得内容有有点意思，别客气，点赞、在看、转发，直接安排上！

想以后第一时间看着咱的文章，别忘了点个星标⭐，别到时候找不着了。

行了，今儿就到这儿。

论成败，人生豪迈，我们下期再见！

避坑指南：免费大模型API全是坑，连沙特土豪喜欢的Groq都没救

GokuScraper悟空爬虫 — Fri, 01 May 2026 07:26:36 +0000

避坑指南：免费大模型API全是坑，连沙特土豪喜欢的Groq都没救

大家好，我是彪哥。

一、免费API就是个“智商税”

找免费大模型API这件事，折腾了我一上午。结论先放前面：免费的基本都不行。

为什么？因为低质量模型的智商上限就在那里。翻译虽然是个基础任务，不要求推理能力，但它至少需要模型能理解上下文、处理长句结构。

很多参数小的模型连这点都做不到。你花时间调提示词、优化参数，最后发现和默认效果差不多——不是方法的问题，是模型底子的问题。

我的需求其实很明确，就四点：

1.免费。不是新用户送额度，不是邀请好友解锁，是注册就能免费用。

2.有并发。没有并发的API跟网页端手动粘贴没区别。

3.量够用。别搞什么每分钟3次、每天200次那种。

4.不搞身份验证。邮箱注册即可，不要手机号实名。

这要求不算过分。但市面上那些被吹上天的“免费API”，我挨个实测了一遍，结果一个能打的都没有。

第一个让我失望的，是智谱。

二、智谱——新老模型，两套待遇

智谱的免费API，分两个版本。

老模型 GLM-4-Flash，以前我试过，最高支持 200并发。翻译任务勉强够用，量大管饱，虽然效果差点。

新模型 GLM-4.7-Flash，是另一回事。

我登录账号实测，调通API后发并发请求，结果：没有并发。请求全部排队，一个个处理。

没有并发，API和网页端手动粘贴就没区别了。并发不给，每天的请求量和Token上限也不用指望。

老模型保持200并发，新模型 GLM-4.7-Flash 直接不给。智谱的策略很清晰——新模型只让你“试用”，不让你“批量用”。

三、硅基流动——伪免费的文字游戏

硅基流动是网上推荐最多的。理由是“注册送免费额度”。

但送额度和免费，是两码事。额度用完就没了，等于试用，不是免费。

这不算重点。真正的槽点是：硅基流动把所有国外模型全部下架了。一个不剩。

官网的口号写的是“致力于成为全球领先的AI能力提供商”。国外模型一个没有，怎么服务全球用户？改成“致力于成为中国领先的AI能力提供商”更准确。

不过吐槽归吐槽，后面的事情让我发现，有些服务光看口号不行，得看实际能干什么。这是后话。

四、Groq——额度管够，模型不行

智谱新模型没并发，硅基流动送的是体验额度。绕了一圈，我找到了Groq。

为什么一开始觉得它靠谱？

细看Groq的模型限制表，我发现了点不一样的东西。除了Llama这样的主流模型，

它的表单里明确列着两个阿拉伯语相关的模型：allam-2-7b（一个由沙特政府主导开发的阿拉伯语大模型）和 canopylabs/orpheus-arabic-saudi（一个专精沙特口音的语音合成模型）。

这种待遇，我在其他“免费API”平台还真没见到过。

能让沙特政府把国家级模型放在这儿当“免费用”的首选推理平台，甚至为沙特口音专门优化模型，说明背后有不一般的关系。

一个能让产油国掏钱、部署自己“国产模型”的平台，技术底子还是有点料的。

Groq的条件很直接：免费，邮箱注册就能用，不需要实名，不需要拉新。这就是我要的。

它是按模型给限制的，每个模型有自己的每日请求量和每分钟并发数。我扫了一遍它的免费模型限额定表：

模型	每分钟请求	每天请求
llama-3.1-8b-instant	30	14,400
llama-3.3-70b-versatile	30	1,000
其他常规模型	30	1,000左右

差距很明显。只有 llama-3.1-8b-instant 给到了每天 14,400 次请求，其他模型普遍只给 1,000 次。

当时我的判断是：选 8B 这个。翻译嘛，又不是写论文。

我还让gemini做了一个简单的对比分析：

	Llama-3.1-8B	Llama-3.1-70B
翻译质量	85-90分	95分
适用场景	日常/技术翻译	文学级/复杂长文
每天免费次数	14,400	1,000

结论很明确：翻译任务不需要95分，85分够了。选量大的。

我用 Python 调了 API 跑了一遍，速度也很快，2秒一个翻译请求：

额度、速度、注册门槛，全达标了。到这里为止，Groq 看起来就是最优解。

实际用起来什么样 ?

一上真实文本，问题全出来了。

稍微复杂一点的句子，翻译就崩。长句结构理不清，修饰关系搞反，技术术语胡乱对应。

别说 85 分，60 分都勉强。

结论就是：8B 模型连翻译任务都胜任不了，不建议使用。基本上就是没脑子的东西。

额度再多、速度再快，翻译结果是废的，就全是零。

回头看开头那句话——免费API只能处理一加一的事情，一加二做不了。翻译这件事，对8B来说，已经是“一加二”了。

Groq 的免费额度够诚意，并发给得足。但模型底子决定了上限。免费+量大管饱，架不住质量不及格。

五、免费的路，走不通

智谱新模型不给并发，硅基流动是试用，Groq 模型能力扛不住翻译。

全试了一遍，结论很简单：免费的都不行。

连沙特土豪都发不起免费的靠谱API，我们还能指望什么。

回过头看，硅基流动虽然免费策略让人不爽，但作为付费服务，它的模型生态和稳定性确实是国内第一梯队。吐槽归吐槽，干活还是得靠它。

如果你也试过一圈免费的、发现实在不行，可以用我的邀请链接注册，双方各得16元奖励券：

https://cloud.siliconflow.cn/i/ajjF89Lm

这篇文章不是广告。以后谁再跟你说“翻译用免费API足够了”，把这篇文章甩给他——我替你踩过坑了。

感谢各位朋友捧场！要是觉得内容有有点意思，别客气，点赞、在看、转发，直接安排上！

想以后第一时间看着咱的文章，别忘了点个星标⭐，别到时候找不着了。

行了，今儿就到这儿。

论成败，人生豪迈，我们下期再见！