alt Hacker News> Retroactive Privilege Expansion. You created a Maps key three years ago and embedded it in your website's source code, exactly as Google instructed. Last month, a developer on your team enabled the Gemini API for an internal prototype. Your public Maps key is now a Gemini credential. Anyone who scrapes it can access your uploaded files, cached content, and rack up your AI bill. Nobody told you.
Malpractice/I can't believe they're just rolling forward
Replies
charcircuit • today at 6:36 AM
Maps keys should not be made public otherwise an attacker can steal them and drain your wallet and use it for their own sites.
➕ show 2 replies
They should limit the new features to new API keys that explicitly opt-in instead of fucking over every user who trusted their previous documentation that these keys are public information.