#echo-feedback

How can i upload the img?

You need to verify your account

@tacit carbon

thx u

This evidence should be enough?

or should i send any other evidence?

Needs to be the feedback from Echo when you complete the room 😊

If you completed the room before this week, you may need to go through it again to receive the feedback

Feedback lol

what does the feedback look like? i never noticed it.

The Linux Shells room is a really useful introduction to understanding different types of Linux shells and how they’re used in scripting. I appreciated that it was marked as Easy and could be completed in under an hour, which makes it perfect for beginners who want to build confidence with Linux basics. The explanations are clear and beginner-friendly, making the concepts easy to follow. I especially liked that the room included hands-on tasks, since they reinforced the theory and made the learning process more practical. Another strong point is that it covers multiple shells (such as bash, sh, and zsh), giving learners broader exposure early on. Finally, the estimated time of about 45 minutes proved accurate and manageable, which contributed to the overall positive experience.

like this?

In my opinion, the room was very beginner-friendly, which makes it great if you’ve never used any commands before. I really enjoyed that part. However, I don’t think it needed to be a premium room, since the content felt quite basic. It would also be better if next time they added more tasks that really make you think, instead of just straightforward exercises.

I'm not getting the new feature in picklerick

hello

are you guys trolling?

not getting in that style

lmao this report

The Pickle Rick room was a really fun and engaging challenge. I enjoyed how it introduced web exploitation and privilege escalation concepts in a beginner-friendly way. The humor and theme kept it interesting while still being educational. The tasks were straightforward but still required problem-solving, which made it a great learning experience.
Plus, this feature below is well-detailed

I did nothing just pasted my old flags and this showed up😂

Just realized that the feature is that useful, i'll use it for sure in the next days 🔥

Why does the ai did not provide me feedback? I even restarted the room and tried again but nothing

Delete echo

Really neat feature! Live updates and summary can help piece things together

Oh, they released this?

Nice.

Oh it's feedback

I over reacted then

I thought it's another get AI to solve

Yo they took my request into consideration let's go!

#announcements lol, I did not realise it's actual feedback and not some prompt thing

It did NOT look like that when they showed it to me a few months ago.

Looks way better.

I love this new feature

It feels like a mentor

echo $path

i completed the rick ctf and it didn't give me a feedback

this challenge is not really realistic. But the new echo chat-bot advice after complete the room make me impressive

this room is really helpful for me.

When did you do the room first?

I send post compeltion right here

Like a day before this feedback thing and like 2 or 3 years ago

Did this lab 2 times

The pickle rick lab to be specific

What is this

So the feedback you saw was likely from the recent attempt, the system had the telemetry still saved, that's why it showed things even though you just pasted flags this time

Oooo ok now i get it

If someone has never done it and just paste then what happens?

I think it just won't show, we have min data limits set

Oo ok thanks mam for the clarification

How to get this that my question

?

Has the event ended? I'm unable to attach my SS

hi

Need to verify to snd imgs

why is the hint in echo now?

I am absolutely sick and tired of AI being crammed down my throat everywhere I go

seriously

This is quite an update... it's cool having some feedback on the completed room, knowing what was done right and what could be done better. More like having a mentor walking you through. Awesome stuff

I would say this is quite a cool addition as it gives cool feedback. I will was that it did caught me by surprise when I, before I saw the announcement, solved the Browser Desync in HTTP smuggling room and was really confused why it was loading for a few seconds then saw this feedback from Echo. But don't get me wrong it is very cool nonetheless 🙂

Hey, were you doing the billing room, and in another tab answer the questions for another room?

overall, i think this is a great feature to have. it's nice to see AI giving me a feedback on the commands i used, furthermore, it provided suggestions for a better approach and it feels a lot more educational that way.

I like it but i feel called out 💀

The room should teach you to do an 'ls -la' as opposed to a standard 'ls' so you can check the permissions before you run a script. The feature is really there to help you improve your performance and give you tips to get better. It's not always easy to remember to do various things, but if you take the advice and practice it, it becomes a normal part of how you engage with such machines and will make you way better

yeah thats fair i like it i does help show u what need to improve on but the ai caught me lacking

I completed the Pickle Rick room and just like my love life, I have made repeated failed attempts that could have been simplified.

I think i just started the billing lab i think did no recon or anything when i was doing the pickle rick

did pickle rick

very cool feature, cant wait to see where it goes

even exposed me for bruteforcing login page lol

just finished picle rick, its an awesome room and this feature is really awesome to, it felt really fun and was pretty easy, the username being hidden in the page source is somthing i did not expect to be honest😂😂 that part was awesome

i also noticed that there are other tabs like potions which execute the denied.php when clicked on, will there be anything added to them in the futere? like tasks which ask us to exploit it @languid wren ?

Ya ik but they always know a tad bit more than us and besides I can really ask everyone if they know smtng abt it
(I tried it once and it did not end well) 😅

Did the room but got no echo post feedback window :/

Pickle rick room to be exact, guess im gonna do one of the two others and hope i get one at the end of those.

might happen, when I was testing this feature with a THM staff, it also happened to me. believe it happens when you use your own VM or smth, and the AI might not catch that you did smth (idk)

Does it track the commands and exploits we use in the attack box, cause it knew exactly what I did and commands I could've used. Also does anyone know when the submission for this closes

Same here , i'm using the thm machines too.

I believe it does? maybe? I'm not exactly sure

Hey MAFA, can you share your user name at THM? (you can inbox me)

Finished Pickle Rick - fun room and a cool feature! Echo highlighed where I struggled and what to improve.

Yes it does! On the target VM, and on the AttackBox if you use it - if you use your own VM then only the target VM obviously

Thanks for pointing this out. I thought I could simply ignore Echo.
I wish THM will avoid the widespread use of displaying hints in Echo and keep them as they were for good UX, in their separate popup.

Gave +1 Rep to @soft ravine (current: #936 - 6)

hi done

Maybe i'm stupid and thats not the right term, but idk

Big agree. Along with turning off AI all together. I honestly don't like it and hate seeing it.

if I need ai I have chatGPT in the next tab over. I already pay for chatGPT why would I want to use a subpar version of it integrated into the website? I'm here to work on pentesting and CTFs not interact with a custom AI that doesn't even do what I want

Try option flag or switch instead of flag. 🙏

¯_(ツ)_/¯

The above is only for random feedback of the bot not being very smart in this instance

Done!

[BANSPAM] I cannot DM hannasincynthia_29397#0!

Hello friends, nice to meet you all.
I've been in cyber security for less than 1 year, and i absolutely did not understand anything.
When i try solved several challenges, i have no idea!.
I try to solved it with AI(You can count lot of ai can be used)
But lot of them, are did not solve the problem and give us the learning process. It only make them instant.
And then i found this echo AI, an AI for THM task.
I will be honest, it's very fascinating.

Echo give us a hint about what should we do, and we could ask lots about the task to them, unlike the coach or other AI. Echo more personalised as our partner, he have our back when we are stuck.

Long story short, Thanks Echo!

Hello guys

We cannot make long entries from the echo panel. Perhaps this could be increased a little.

hello guys I did not get anything after completing one of the room. What should I do to get the feedback ?

Use the attack box to solve the room

why echo is not working!!!

What happens with Echo?

Echo is teh suck

fun room and a cool feature! echo-feedback

Hello, I've completed the Pickle Rick room, but the Echo feedback screen didn't show up. Here is a screenshot as proof of completion. I think the new feedback feature is a great idea for tracking progress!

me too

Restart progress and try again , try to disable browser extensions if you are using any

Why so much struggle ? Lol let it be.. pass on 100$

it was not working

complete Pickle Rick - fun room and a cool feature! echo-feedback

How long will this even run for?

Do you think tryhackme will be able to issue CEU's in the future to go in on renewing CompTIA certs?

Thanks THM! Echo is an amazing feature. It helps a lot in knowing what I can improve. Repeating the room with echo was a lot more fun.

When solving the room echo gave away /root/3rd.txt and /home/rick/second ingredients.

I think instead of this it should encourage the users to explore the dirs themselves while helping them with commands and alternate commands in case some of em are blocked

Wdym by its not working what happens

still not working

Respectully the Echo feedback is straight up buttcheeks

absolutely useless

and I hate seeing it when I'm done with a room

There's your feedback gimme 100 bucks

Yoo @craggy forge Team, I just completed the Pickle Rick, John the Ripper, and Linux Shells rooms.
Here are the screenshots showing my participation would love to get some Tryhackme swag from that $$$ ...

extra feedback + LOL

Hello, I'm from a team Valgrind, we took first place in THM Industrial Intrusion this year (2025). We are still trying to get our monetary prize but experience communication problems struggling to find anyone responsible for that matter. We are starting to worry and feel being ghosted. Is there anyone who are able to resolve that situation personally?

We already tried contacting support@tryhackme.com and used site's contact form no luck

I did the pickle rick two days ago but it didnt show an ai overview at the end for some reason. I have seen the ai overview at the end of other rooms tho. Here are the only screenshots that appeared

also it was pretty fun!

Echo realized that I used a reverse shell to get the last ingredient. It hadn't noticed this when i tested the feature a while ago, so this is definitely an improvement.
The "What to improve" screen at the end taught me "Wubbalubbadubdub" is somehow not a correct Linux command... Who knew? 🤔

that's wild

Well, actually we discovered that some other teams still have not received monetary prizes and being ghosted too

I'll chase our marketing team for you. I did let them know when you put the ticket in

Hey, finished Linux Shells, here is my pic: https://prnt.sc/lBBtt1DH2EMn
(Cannot post it directly)
I have seen Echo in other rooms. I even tried to ask for help stating which was my problem, and the answer was good 🙂

@sour wigeon is thm hack2win started??

Yes

But I just completed a room but I can't see any tickets in dashboard

😭

@tulip siren

it's not started i guess

When it will start?

no idea about it. but it supposed to start today i am also eagerly waiting

lemme know if you find out

Ok

I think it is 🙂

You need to verify to upload images directly , follow instructions from the link below 🙂

Thanks! Have done it 🙂

@sour wigeon please can you unban me
I accidentally used everyone @

🔊 Unmuted nikunjjoshi

Don't do that again bot will automatically mute you

Thanks🙏🏻🙏🏻😭🥹

Ok

are you sure sir?

They might want to respond to that asap, it's a violation of law in every EU country at least to host a competition and refuses to give prizes

"Prizes must be delivered in a timely and documented manner (shipping options, announcements, contact deadlines, like in the European Environment Agency's terms, where winners are contacted by email within 7 working days, etc.) ."

Don't take it lightly @silk cargo

Those are grounds for suing.

~law student

If you hear nothing write a formal notice "before action" basically, take screenshots of everything and get as much evidence as possible

Not sure 100% but it should start today , follow #announcements channel 🙂

Oh my, looks like I missed an event 👀 👀 👀

You didn't it's still active

Oh 🫡

DM me your email address please

done

Well I'm sure its not that serious, probably some misorganization and communication issues. As we actually received half of the prizes - swag vouchers, subs and even AirPods, which were shipped by contractor

BTW L3ak prize payout was the fastest across all our wins 🚀

Hi, I am from team Securani we should have gotten a monetary prize for students division and we also didn’t, should I dm you too?

Yes please

I sent the emails out - it's up to the participants to email back to claim their prizes. Nothing I can do if I don't receive a response.
As for the law, you're completely wrong, this is not grounds for suing.

Actually we used contact form previously and reached the point where were asked for bank details but got no confirmation that our banking details were received and no response on further mail. That was weeks ago

I can see the email - I reached out to you and you responded, there was no contact form 😅
Apologies, I did receive your details, I was communicating with an employee about your request of changing a user's prize email address which is why I didn't respond.

Following up now

We also did reply with the details of the account, on August 5th and got an email back confirming that you got the details

And that we would get an email confirming the payment

But it’s been a month without 4 days and nothing since

Yes, apologies for the delay, we had a lot of slow responses from the other teams which delayed the cash prizes (as they all are being sent at once) - I'll send an email out when the cash prize has been successfully transferred and I am really sorry for the delay

I may miss some details, as you were contacted by our captain, so maybe no contact form, just direct email. We're understand that we are living not in ideal world where everything happens instantly and okay with that, just want to be informed to be able to plan ahead 🥺

I agree, just some communication would be nice

I completely understand -- completely on me for not following up with the other participants, I apologise for the lack of communication

hehe spelling mistake

Haha, great to hear

Alright. Just fyi mostly

Sure, but read what I said again. If the host ignores and "ghosts" the winners that is very much grounds for suing

if that's not the case then that's the great

and obviously no grounds for suing either

I don't think it's appropriate that you weight in here 😅

Just making sure it's all fair and square 😁

Hey I just completed a room today and didn't get any ticket. I cannot see them in dashboard

event did not started.

okey cuz they say 1st september

please when ?

well its 1st september now according to BST. so should be close now in my opinion.

Hey everyone, please use the #1410191476201095178 for queries related to that event

okey thanks 😁

Gave +1 Rep to @night estuary (current: #2049 - 2)

When will the winner be selected?

Silver ticket draw is on 8th Sept and Gold ticket draw is on 10th Sept.

@stone torrent I'm not asking abt hack2win I'm asking abt echo bro

It is a good feature which monitor the activity and let us know what we are doing and gives us feedback

Thanks🙏🏻🙏🏻

@languid wren

How do I disable Echo completly?

You cannot disable echo

That's unfortunate

Is it against THM ToS if I do disable it myself via dev console?

You physically won't be able to disable it 😅 You may be able to hide it visually, which isn't against ToS as far as I am aware but I would be wary that it will likely show up again

How much resources is Echo using (CPU, VPN,...) on THM's VMs (attack boxes or targets)?

No opt out is crazy

Receiving feedback and steps one can potentially take to improve is an amazing idea. With a bit more training Echo has the potential to become very useful.

In this particular example Echo gave generic advice not specific to the task at hand. Missed that I previously ran ls -la which showed the script already had execute permissions, making their first suggestion redundant. Second suggestion is more on point but directly contradicts the instructions given in the task description which specifically asked to run sudo su.

useful feedback

How do I disable Echo completly?

u cant

i think

you can hide but cannot delete

They do yes

However I believe this is a limited trial on the specified rooms, and you were notified ahead of time so your completion of those rooms knowing all the facts can be viewed as your non-implicit consent. I would assume once it rolls out in production we'd get some way to opt out. Also, I'm not a lawyer, the above is just my thoughts on the matter.

you can hide it completely via css; issue is just that it now displays hints

here it is: https://userstyles.world/style/23870

but yeah less useful now

echo is improving.

Hey can anyone help me, ok, i have issue, internet is not working in my vmware where is kali linx, although i set at default setting, few day later the internet is working excellent but recently i got this problem. Pleaswe suggest me how to fix it.

thank you for the feedbacks helped a lot

🤖 was being silly. I didn't use tab completion b/c I was on an unstable shell, not that I didn't know about tab completion feature

Overall, the "what to improve" part of the feedback was wrong

I don't like this kind of messages. There's already enough feedback that the answer was correct and it also sent it for something trivial. Already without this there is redundant feedback about the answers in the toast and the submit button.

IMO, the toast is already a bad feedback:

1. It diverts the focus to another place in the screen
2. Too much generic text, the only relevant information ends up being the color of the outline
3. The toasts get in the way and there is no way to close them

All of these also fit for echo's message, plus
4. It's yet another feedback
5. I don't think it's valuable the encouragement messages from an AI model

All of this is, of course, my opinion. Maybe other users don´t agree

this is the main problem and they refuse to address it. I dont need to know I typed "gep" instead of "grep"

Echo made a suggestion that I did not use. Ai bot hallucinating

room: linux shells

What was the suggestion that you didn't use?

What don't you like about it?
If you can be as constuctive as possible, with examples, that'd really help

They explained why

And I can add more:

• It's completely goddamn useless and is killing the planet faster

I cancelled my premium over this insanely obnoxious crap

https://www.mdpi.com/2075-4698/15/1/6 AI use makes you stupider, it doesn't help.

Just curious

Is it because there is no way to turn it off?

If you had the choice to turn it off. would you have cared? Would you still have kept the subscription? Or does it not matter?

I don't wish to support companies that support the grift, especially this hard. There is no reason for perpetuating any of this on the site. An AI that lies to you while heating up the planet and making you lose your critical thinking only hurts people in the long run.

The obnoxious pop-ups constantly (I do NOT need a "welcome back!" message popping up every few goddamn mins), it even on highlighting all and any text, etc, is just absolutely horrific implementation regardless.

It's designed for short-term profits and appeasing shareholders, not actually to benefit users.

Speaking of morally questionable AI-related decisions designed to maximise profits... would it be safe to assume that the data mentioned here is siphoned out of THM users?

yes 🙂

oh fun, I might just quit the site now then.

Or have some fun and fuck it up

https://bsky.app/profile/edzitron.com/post/3ly44vahtv227 fantastic thread as well

This really needs an opt-out feature

Totally agree... i noticed i now sometimes depend on echo to give me the answer or hint instead of doing a good research

that probably wasnt AI but just a hint that the creator of room left

like earlier when you pressed "hint" it showed just what creator wrote

May be it's just this room. All hints had answers in them.

https://tenor.com/view/pesado-dios-mio-stressed-problematic-oh-no-gif-12622815322168322147

i didnt have echo feedback after completion pickle rick, not sure why

is it have to be first completion to have feedback or it doesnt matter

That would explain the lack of opt-out 🙃

Don't speak out or you'll get silently banned lmao

this is true. skidy will be answering whether there will be an opt out feature by the end of the week he says, among these questions:
regarding your startup/ data usage for training model,

• you say its in the terms and conditions, but are the users explicitly aware?

• does the terms and conditions in try hack me allow you to use this for the startup?

• do you know if this is what the userbase wants? (their data being used to train a pentesting agent)

• are you following proper guidelines for user privacy? dont you have a bad history of GDPR reporting?

• is the data being used or sold for anything or to anyone asides from tryhackme?

• can a user opt out?

• can a creator opt out of their room being used for data model training?

To be honest, the feedback here wasn't correct because all of shown commands were correct. I guess bot wanted to mean about types in commands (e.g. cdd, lss) but didn't, instead of it he named it as misspelling directory (which isn't the reality). Overall I'm glad to see a function in the future that could help me improve even my basic skills and I would say it could be helpful but not now because he's too focused on just user commands

If this is true, thats crazy. I have filed reports to the ICO for less.

Personally. I would like an opt out, I don't use it and find the pop up a distraction. The summary at the end of the box. Only had it once and it was useful. But would prefer it on a button as a choice

One thing I really don't like, is how when I press the button for a hint, it opens up the the little AI box and takes a few seconds to load and say what the hint says. The normal hint text box is so much faster and looks better. I don't need the ai to take longer to tell me the same thing.

we need the normal hint fr

One thing that annoys me about echo is that sometimes or maybe even all the time I dont think he understands what room we are actually present in.

I mean, you're not being forced to use the AI, I don't

correct me if I'm wrong, but isn't this a platform where we learn how to hack stuff? Trust issues kind of goes with the territory

this should be the concerning part

and honestly im going to be saddened if tryhackme chooses the AI hype train over its users. there are lots of people, in this channel especially who do not like echo. not only can it be wrong or misleading, but it prevents people from learning vital research skills when they come across problems.

not to mention every single point ashlynn has made previously

Hi all,
I'm going to address all the questions sometime later this week (most likely the weekend), but wanted to check in and say that we've had this vetted by legal - I also wanted to shed more light on why we have these journeys - so please see a screenshot of my message.
Hope this answers some of your burning questions - will respond to others later this weekend.

real quick question: how do you plan on addressing the questions if you are deleting them?

All respectful and relevant questions will be answered.

okay, what are your thoughts on the concerns users have around the privacy and accuracy of the AI used on the platform? can users trust THM to not eventually sell the data gathered on them?

can these be answered? #echo-feedback message

and if not, why?

Hi @summer crater!

As I think you know, I'm a huge fan and supporter of TryHackMe. Seriously love the platform, and all the ways you and the team give back to the wider community.

I'm going to address all the questions sometime later this week (most likely the weekend), but wanted to check in and say that we've had this vetted by legal

I think something being legal, is not the same as something being moral (esp. when it comes to user data). I think it's much easier to justify using the user data to create Echo which directly benefits users of the THM platform.

What is significantly more questionable is using THM user data to build an "AI Pentesting Agent Startup". Based on the job description posted on LinkedIn:

We have the world’s largest proprietary training dataset of hacker behaviour - and we’re using it to build the most capable AI pentesting agent.

We’re founding a new cyber security AI startup, and this is a unique opportunity to join as a co-founder (w/ equity), with all the unfair advantages: that dataset, $1M in seed capital (backed by TryHackMe), access to 1,000+ VMs for training, and the reach of 5M users plus enterprise clients to accelerate adoption.

I'd assume this proprietary training dataset is the users, user behavior, and rooms/machines on the TryHackMe platform. This includes volunteer-created rooms (including the official challenge machines I have created for the platform). Those of us in the community who have volunteered to support the platform by creating content (i.e. rooms) were not compensated for these rooms. It does feel odd that the volunteer work we have performed for the platform, is being used to create an AI startup without a prior warning.

Once again, I'm a huge fan of THM; it's how I got my start in the field and I use it regularly for upskilling and training but I think the concerns here are very valid. Legal does not mean morally right, and hackers (and future hackers) are very sensitive about how their data is being used by startups to build AI agents.

@summer crater does the AI bot capture your commands over OpenVPN (from your own machine) It would seem not in my n=1 test run of Pickle Rick. It only detected my commands used on the target's website. (may be a way for the user to partially opt out?)

No? THM has been in my experience one of the best when it comes to supporting and listening to its community. There's useful dialogue here from the community and THM and I appreciate that. That being said, a solution I can see to this would be either an opt out feature, or a secondary opt in to echo to increase transparency and accountability.

Personally I believe I should get a say if and how my data gets collected. If a company doesn't share my belief I stop using their service.

Building on what Tyler has said since you’re using the data collected FROM the users who are also doing machines created by the community, and you will be profiting from it heavily, I think the community members who have contributed to the platform must be compensated fairly, otherwise that’s just an ass move and straight up immoral, don’t you think @summer crater ?

It should try to help you when you get actually just get stuck , i only got a message when i miss-spelled the file path and 'format'. It didn't really bring up that i was using the wrong mode either

@summer crater Sometimes echo is good, but it has a lot of false assessment, recently I finished a room which didn't have THM virtual machine. To solve the task, the website of the room had to be accessed through our own machine. After finishing the room, echo has gave a feedback to improve that I have already done it. And In What You Did section, it said different thing from what I did. So I would say it is not accurate is some cases. That's my feedback about echo.

Greetings!

How can I post the screenshot? The option is disabled

I really like this new post-completion feedback feature. It feels like having a mentor walk me through what I did well and where I could improve. The highlights section gave me confidence, especially seeing successful privilege escalation noted, while the improvement tips on error handling and privilege issues were super practical.

It makes the learning process more engaging and reflective. I can clearly see what to focus on next instead of just moving on. Definitely a great addition!

Hey, you need to verify your account first.

They've banned two longstanding account that were talking in this thread

Lol seriously? Who?

Ashlynn [REDACTED] and LIKEROFJAZZ

Completed JtR room and had Echo feedback. I think the feature is a neat way for students to get some valuable review while combining the gaming aspect of each room. It's easy to study a technique, but forget the same since our main focus would be to gather flags, so having this feedback feature is quite handy from a continuous development perspective, which kicks in after a room is done and over with for the majority of us. Saying that, am curious to know how it works; does it connect with the target system to gather feedbacks, or does it gather inputs from the THM portal and decide based on the correct/incorrect answers provided. Anyway, a real neat way to add real value, and not just a gimmick at the same time.

its a nice feature, tells you about tiny mistakes like a teacher

Mfw you cant prompt inject echo to give u the answers

🙄🙄🙄🙄

(For being able to keep my account this is a joke)

I really like this new post-completion feedback feature. It feels like having a mentor walk me through what I did well and where I could improve. The highlights section gave me confidence, especially seeing successful privilege escalation noted, while the improvement tips on error handling and privilege issues were super practical.

It makes the learning process more engaging and reflective. I can clearly see what to focus on next instead of just moving on. Definitely a great addition!

this gave me feedback on room I had previously solved and not the current one.

👋 I am currently on vacation from the 5th until the 12th (Friday) - I am not aware or informed of any situations as I am not working currently

I had no idea Discord had out of office messages 🙂

Enjoy Jabba, disable discord till you get back lol

What is happening in regards to consent? Australian consumer law is very protective and doesn't allow for companies to change ToS after sale/transaction/sign up without it. Definitely requires, at minimum, laymen information prior to installation, in order to give customers a chance to make the decision for themself, if they want their data used in a new/different way.

• Australian Consumer Law - Unfair Contract Terms and, the Privacy Act of 1988.

I think you should be encouraging exploration & use of vimtutor rather than telling students to stick to the content. I thought the hints for LinuxFundamentals3 were a bit unclear and frustrating after the ones in LinuxFundamentals1 & 2 being super helpful.

it not only shows where to improve but also gives clear examples on how to enhance like with reverse shell payloads This guidance makes learning easier and more motivating

Looks like THM has lost its moral compass. I loved this community and platform for some time. I pushed large comapnies to adopt it and use it. I've been a strong advocate for THM since day dot. However, pulling the "surprise we've been using ur data to train our model" is not in any shape morally correct. You've even gone as far as banning people who opposed it, shame on you @summer crater shame on you. It takes a alot for me to raise my voice, but you've certainly done it now. I will no longer be pushing for THM as the go to learning platform, you've lost your way.

Hi Magna,
I'm surprised you've reached a conclusion without waiting for the question responses, or reading my messages in general. Additionally, no-one was banned for having an opposing view (I've said this many times, and even provided proof this was not the reason for some recent role changes), what you've been told is from misinformation spread. Either way, thanks for being an ex-THM advocate (seeing as you've been with the community for 5y), and I'll see you around.

Gave +1 Rep to @flint shell (current: #7438 - -30)

soo uhh...leaking private conversations without consent is proof...got it, and I see that you've chosen to completely ignore #echo-feedback message this right here

Could you explain why Ashlyn or Jaz was banned and had their messages all purged?

#FREEJAZZI

Hi @summer crater,

I'm writing to you today to express my serious concerns and disappointment regarding the recent events within the TryHackMe community, specifically the controversy surrounding the new AI venture and the team's handling of it.

I've been a member since 2020, and I've noticed a significant shift in the platform's culture. The Discord server, in particular, has become overly corporatized. The lack of transparency and the silencing of legitimate questions, with users' messages being deleted and erased is deeply concerning and frankly, out of character for the community I know. It's telling that so many long-time members and former community staff (like myself and many others) are speaking out and feel that their concerns aren't being addressed.

Furthermore, I am extremely unhappy about the use of our data for this new AI program. When I joined TryHackMe, I did not consent to my user information and activities being used to create or train AI for penetration testing. The fact that this is being forced upon us, with no clear way to opt out, is morally wrong. You need to be transparent with your community about how our data is being used and, at the very least, provide a clear and simple option for users to opt out or have their data erased before you use it for this new startup.

Until you properly engage with the community and explain everything, this situation will only continue to damage the reputation of yourself, the platform, and the community as a whole. I frankly want to say, time is ticking for an official response.

I sincerely hope you will reconsider your approach and listen to the community that has helped build TryHackMe into what it is today.

• Jack (HexChaosSec)

Upvote.

#DownWithTheClankers

#StopDataMining

@summer crater Hello,
Amid all the heated comments, I'll start off my message with sayng that TryHackMe is certainly one of the best places to start one's hacking journey. That being said, a cybersecurity learning platform should not be collecting user data and telemetry to this extent. A cybersecurity learning platform of all place, should be encouraging user privacy and trust. it should be least of all places to siphon user data with such ambiguity.

TryHackMe is not instagram or youtube. While some content on thm is free, users here have to pay here to access the full website and its learning content. You seemingly siphoning off user data against their consent to train an AI pentesting agent amongst other things, so you could make more money off our data is certainly not what we signed up for.

Something vetted by legal time does not necessarily mean that its ethical. I see a long list of people above, who have been long standing members of the community, far longer than I have been here on. I see an enormous mix of experienced cybersecurity professionals, community mentors, community legends and even ex discord moderators, all speaking out against what you are doing and your handling of this situation. You earlier sent us a screenshot of your message where you listed how echo's data collection might benefit us by providing a better user experience. However, I will personally say that echo has provided zero help to my cybersecurity learning so far and if anything it has slowed it down cause now I have to spend a good 5 seconds for the hint to load, which was not the case with the old hint feature.

You say that you are doing it for the community's benefit. However, despite so many long standing, experienced community members speaking out against this, if TryHackMe continues this direction, without at the very least providing an opt-out feature to its members, i really cannot see how this is anything more than a corporate profit strategy. Not to mention the fact that training the AI pentesting agent with thm user data against their content, goes completely against your statement of providing better user experience to thm members as your main motive.

I genuinely hope that you see that we all disagree with what's going on currently, and take that into consideration in your approach

At this point I can't tell if you are using our data or not for AI training - And if so, where is it stated? This is all I can find; https://tryhackme.com/legal/terms-of-use & https://tryhackme.com/legal/privacy-policy

Can someone officially working for THM confirm or deny this?

I'm not working not affiliated on any level, but they literally announced it on linkedin

I also hold the opinion that the few comments that are speaking in support of Echo, are likely being biased from the announcement where a price of 100 dollars was declared for providing feedback on echo

I can find the post

give me a second

@waxen gazelle @restive pewter

https://www.linkedin.com/posts/springben_wanted-technical-co-founder-for-ai-pentesting-activity-7366232974540828672-5nIj

Announcing it on LinkedIn, won't cut it for me. I'll hold my breath for an official statement, but from what I'm reading I'm not amused

Just so you know, that's the owner of THM posting that, and has not denied anything so far

Genuine anonymization of data is hard, so I really do wonder what happens if I throw my name in a terminal window on a THM VM

It. Gets. Collected.

Like I said I'll wait for an official statement, but it doesn't look too good as of now

Fair enough 🙂

Where should I send my objection and restriction to processing of my personal data for AI training until we have some actual real information on the table? Support?

Probably

As someone that has been extensively using THM for the past year and a bit, I have to say it is a great learning platform and I have learned a lot in a relatively short amount of time, but I think I also have to say that I am genuinely disappointed in how the company shifted their focus from actually making the platform good to just wanting more money on OUR expense.
As more people pointed out, using our data without clearing telling us or giving us an option to opt out is just unethical and I honestly regret using my real name in the THM settings now quite simply because I don't trust this company anymore.
And the hack2win event was also a flop imo with so many cheaters that made people playing fairly at a huge disadvantage, when I inquired about this exact problem to a higher up which I will not name on how they planned on sorting out cheaters was that, and I quote "We vet winners manually", which in other words translates to "we have no idea". And the censorship that is actively happening to certain people in the community for speaking out about this such ashlyn who got banned and all their messages were purge leave a sour taste in my mouth. Me and a lot of other people including community mentors, room testers, ex mods, and community legends are again, genuinely disappointed. I thought Cybersecurity was about protecting data, so what the fuck is this?

"Rules for thee, not for me"

Hopefully they get the message and scrap the idea, and maybe issue a formal apology :)

@summer crater #echo-feedback message You missed one. Do you require pings on every question because you skipped mine and it involves actual legal issues here.

I hope Skidy responds soon to all the questions

Or atleast gives an official statement

Me too. He seemed to reply Magna within an hour so I have hope.

Skidy stated earlier this week that he would respond to everything later in the week, most likely on the weekend.

Hopefully it will clear it up, but we should wait and see instead of jumping to conclusions.

Magna got a near instant response, in comparison. Wondering why the focus went to telling someone passive aggressively they will "see ya round" within an hour of that being posted but legal issues are ignored for now. Doesn't make sense.

Because he probably happened to be on. As an owner of a business you don't have time to be on discord. Secondly a business decision isn't made by one person, you have meetings to discuss items and how to address things. You need to talk to legal to clear your official responses.

You're missing the point.

Dataset of "Hacker behavior" is crazy. I wonder who are those "hackers"

It's OUR blood sweat and tears

That assumes they been gathering that "Dataset" long before.

mostly sweat and tears, but yes none of us paid the subscription fee so our data can be used for training an AI startup, which has nothing to do with tryhackme and does not benefit us in the slightest

Echo has been a thing for a while now

The irony of a "cybersecurity platform" is through the Oort cloud

i used it too

hey neo

@wicked cape

Hewwo~!! 🥺👉👈💖
thankies bwuddy~!! ✨😳 now I finawwy undewstand this compwex situwation >w< 🌸💫

Glad I could help. 😎

Thwankies Bweu, I suppwort ywou in thwis twoubled twines. 0w0 :3

HAHAHAHAHA

LMFAO

Okay, so Skidy is still choosing to ignore this

he said he will give a statement on the weekend

@twilit nymph Hey, I have deleted your message, as it is neither appropriate nor befitting this channel.

Sure.

Maybe free Jazzi and anyone else who had feedback but got banned for it

https://tenor.com/view/helldivers-automaton-robot-laptop-oil-gif-7384339337185613233

CLANKAH.

honestly feel bad for him when he gets back

nice

man why did discord change their UI again

its garbage

he doesn't know?

I think he's employed by THM, so he would know

But I might be wrong

ohh

he's on vacation

ohh

he'll be confused after hearing these

I think he said he doesn't actually work there on site but I might recall wrong

Jabba is a THM employee

Seriously!? This is unbelievable

There is no "on site"

Please consider this my opt out as per gdpr regulations for the usage of any and all data pertaining to my behaviour and my rooms on tryhackme for the use of this or any future AI projects

I don't think a discord messages satisfies the legal requirements

There's no opt out feature at the moment

Maybe in the future

There is no clear communication on what it all means either. That should come by this weekend.

Not having an opt out doesn't satisfy the legal requirements in Australia

so

🤖 nO

The legal requirements don't specify, and the Discord server is an official part of THM. I reckon you'd struggle to argue that point in court.

That looks like a clear revocation of consent to me.

this doesnt begin to touch on trying to remove your data from an AI that its been trained on, i doubt any company is williing to retrain an AI every time that get a RTBF, which scares me if this is the direction that were going in ehre

https://tenor.com/view/gamers-gaming-dark-souls-trying-to-defeat-the-final-boss-final-boss-gif-5372017

Not my problem

Already e-mailed support, can't wait to see the reply

Gl

Can't remove my roles cause I got none

😉

Here they come for them roles

Scorched earth

I could've sworn you had CM role

He did

I see

He also had community legend as well

¯_(ツ)_/¯

Apparently my messages were not in line with tryhackme standards

As I'm not under nda...

Let's keep the messages here constructive and on-point regarding the topic of Echo feedback.

Why does opt out of data collection for echo means complete account deletion?

I think it would be useful for Echo users to understand how GDPR and data privacy are handled in relation to this feature. Would you consider this part of on-topic Echo feedback? It’s hard to give complete feedback without knowing the full picture.

Such a bizarre and rather strong arm like way to threaten users to keep using their data when they don’t want you to

Surely you should have thought about that before you went and did this not after the fact using it for training and then threaten with account deletion as the “opt out” option

If you didn’t think about that then it’s negligence, if you did and decided against it then that’s just shameful

If not then in many jurisdictions actually illegal

How’s that for constructive? Did that tick the box?

This channel was created for this announcement: #announcements message

Is that a no?

the channel is called feed back... 🤷‍♂️ , they're simply giving the feedback, if you want constructive feedback, rename it to echo-constrictive-feedback

lol

Because they don't know how to extricate user data from the AI training results

Just out of interest -- and to add to your list of questions if you don't mind please @summer crater 🙂
If echo is powering most of the platform and cannot currently be opted out of, does that mean you are currently (and historically have been) processing the data of children under the age of 13 for the behavioural model?
Because I know for a fact you have schools / local authorities as business clients 😄

Oh 100 percent they have been.

This is the only reference I can see in your ToS. Can you remove children's data from the model?

Otherwise, where would that "Largest Dataset of hacker behavior" come from?

COPPA will bite

I mean, hopefully from users who are over the age of consent and who have explicitly consented to having their behavioural data collected and profiled to build a GenAI model.
We'll find out at the weekend

Yeah!!! Funny that I don't remember consenting

You, uh, seen GDPR?

Hey what about Donut whos not even in the age to be legally able to agree to any contracts??

Have you also collected his data

I don't even remember recieving an e-mail when the ToS / Privacy policy was last updated 🙂

Yup

But this is like even more close to COPPA

in the context of ppl who're not old enough to even agree to contracts

Anyways, let's just wait for the update :)

Hopefully all of this was just a bad dream

Nope. Will respond to all on the weekend.

Cheers 🙂

Wtf are you all talking about?

Nobody is stealing your data people

Welcome to the internet 🤣

Like discord aint stealing data and selling

Or every f thing on this internet

Sweet sweet child, your innocence is endearing

Your inabillity to spot sarcasm

Worries me

Yep, indeed 🙂

https://tenor.com/view/don’t-shoot-me-ministry-gif-12380406165177721215

Speaking of sarcasm

What mods

yeah legal stuffs get tricky

also shadow don't want their cheese jokes and tryhackme data to be used to train AI

i.e what rooms shadow does on tryhackme and if they liked them or not should not be submitted into an AI to optimise some sort of thingy

nor should shadows cheese ctf room with vain be used for ai training

Protect shadow cheese jokes at all cost

CLANKERS WILL NOT WIN

May i ask you something?

for real

No joking this time

sure

Can you define me what do you consider is your data?

username
user description text
link to github
liked and disliked rooms
made rooms
streak
events on the event counter
badges earned

in the relation to tryhackme that is

Okay.

And you think that your data will be used to train Echo , am i right?

yes fear so

May i ask you what do you think what general purpose of that ai would be and how do you think your data will impact that AI?

to build an AI hacking tool and to teach people by mangling everyones data together as a teaching aid

Doesn't matter how it's used for the AI, what's matters is that it's collected

Define that data ? Bcs i really cannot simply understand how data you mentioned above would improve ai hacking tool or even be rellevant to it?

So far you have the best questions. 😄

by taking the data from all the rooms created to explain exploits to people ontop of which seem to be commonly used and useful to train the ai

also echo for sure keeps all the data from the questions the users give it already

which is definitely used to train it

Is it really your data?

What makes you think it is yours?

the data for cheese ctf is definitely shadows and vains

the questions shadow has submitted to echo is also definitely written in a way unique to shadow

No way 💀

You're kidding right?

You’re joking 😂

What?

How far does that nose wanna be up there Neo?

So the questions about GDPR, children, the law and the plenty moral issues are below that?

What a joke

Where is the proof?

I’m absolutely buckled man this is ridiculous 😂

Show it to me please

Bcs i dont see it

Lovely shade of brown lipstick big man

What brand is it? THM?

Let's all calm down and post your question you have for Skidy, which will be answered this weekend. All constructive questions are truly appreciated, including your concerns you have.

Pls is elite book 840 G8 core i7 16gb ram 512 SSD windows 11. Is it good for coding? And this cyber work

Yes

#general

Perfectly calm here Tim, I don't see anyone else panicking

yeah GDPR concerns are valid

as after you input data into an AI there is 0 way to make it not use said data

Where is proof?

The proof damn you!!

proof of what???
that shadow will remove cheese ctf from tryhackme if it gets used for training an AI????

Where is it!?

THE PROOF

THE GAWD DAMN PROOF

THE NUMBERS MASON

https://tenor.com/view/phineas-roast-phineas-delusional-phineas-and-ferb-gif-25314953

that shadow wants to have the ability to delete their account and all the data that tryhackme has on them

The irony

hahahahahhahahahahahahhaaaaa

shadow is a paranoid schizophrenic

Ok

of course they have complete delusions

it is part of their mental life for most of their life

Ok

Can you be rational?

...

I keep trying but I can't provide any context to echo due to character limit, so it's not useful at all

Can you remove everything after UTF-8?

I can do that, but I am trying to show it that the info is not in the packet, so I could remove everything before UTF-8 but then it will get confused.

It's just difficult to be able to provide context into what im looking at. I can do this with ChatGPT, Claude and Gemini and there is no limit

so those AI's provide beter insight and response. Echo tells me to look somewhere so I try to pate the whole packet, but I have to cut it down making more work to try and fit the context it needs into the system.

yes... so next point... can you point to what parts of the terms of service agreement says that they won't train echo on their user data

Good point, I'll forward it to the team.

Thanks tim

alternatively the privacy policy stating what data they collect and how they use it

"You are solely responsible for all data that you transmit or that relates to any activity you have undertaken using the Website. You agree that we shall have no liability to you for any loss or corruption of any such data and you hereby waive any right of action against us arising from any such loss or corruption of such data."

It won't override mandatory rights under GDPR 👍

and you think that is fair??

They aren't breaking the law.

We will see this weekend, won't we? 🙂

Yes

Absolutely

Hey bud, that's a liability waiver not a grant of rights to collect data to train a startup pentest AI unrelated to THM

^

Echo is unrelated to THM?

"Dataset of Hacker's behaviour"

Key words

Yes, from THM

behavioural analysis is stupid easy

which can easily deanonamyise data and cause problems

also sometimes known as infered data

They aren't allowed to use your personal information and data and you are right about that. CTF's you do aren't your data to be honest.

sigh

They are just analyzing your behaviour and aren't breaking any law

groan

Could you please read the concerns that have been stated above, you are arguing while not understanding the full picture

This also isn't just about breaking any laws, it's about the moral and ethical issues

I read this

If that is what you mean

No, potato is referencing the magnitude of complaints and queries in this channel

@gilded delta

. I'd say start from here and read the comments with a large amount of red up arrows @radiant remnant

I jusy wanted to ask you sth?

Wait a sec

Until i read what potatoe asked.

Yeah feel free but just ask the question, no need to tag

I mean it is immoral

In some way

But

But thats not our data they are using it to train AI

Like she said this is the data that's ours

And rooms and ctf's we do simply isn't .

It is immoral i get it what they did.

I saw that somebody said that they are selling your data.

And it's not true bcs it wasn't your data to begin with.

They didn't break the law and thats a fact.

But it is immoral what they did.

not breaking the law
vs
not breaking the spirit of the law

Can you explain further what you mean by this , thanks

don't feel like explaining that is needed espically when you will just shoot down shadows concerns

shadow has legit concerns but should wait till after the weekend to know more 🙂

Shadow?

Where is your proof?

Lets just wait for skidy

I believe he ll answer all these

It's fine if you troll in general chat, but I don't think this is the place for this

And you know that why?

Or how

Exactly

I am going to sleep rn

Ill answey you tommorow

K

How they aren't breaking law

Gn

https://tenor.com/view/good-night-gn-tired-bed-time-sleep-gif-1925895972071207767

If they gather all data as echo clearly has access to yes they're

If not, feel free to prove it

Oh Jesus Christ, We're not mining data from children are we?, where is the opt out?

Will there be one?

I'm interested in answers for all the of the above questions.

How sure are you of that?

How are you not sure of that?

I believe there is no opt-out rn, but skidy says there will be one

He says there isn’t, and if you want to opt out then you need to delete your account…

if the minecraft getting sued video taught shadow anything it is that doing it that way could technically be breach of contract

also excersise your rights and do GDPR data requests

Bit extreme, specally if you've paid for access to content, then you need to remove your account to opt out?

^

it truly is, and i find it extremely difficult to believe that a company rooted in a cyber security community did not think about this

Because donut is a literal child and I'm sure as shit he's done rooms for the echo-feedback and they collected his data

https://tenor.com/view/brad-pitt-fight-club-smiles-are-you-serious-gif-12969465

now i get it

🤔

HAHAHAHA good one

https://tenor.com/view/nileseyy-niles-peace-out-disappear-meme-disappearing-guy-checking-out-gif-25558985

Guys, can someone tell me how I can buy a subscription to TryHackMe because it's throwing various errors. What is the solution? Anyone can guide

From when I did it, it was fairly straightforward. If it's the site that's throwing you errors (I suggest you recheck to make sure), you could post this on #site-support

So let me get this straight, you're providing a pointless argument for the sake of arguing?

It's only pointless if you can't see the point...but then again, I'm very interested to see what skidy has to say about collecting the data of minors and how they're going to be filtering that out

I'd like to see that too 😄

You should read what you originally replied to...

https://tenor.com/view/huh-what-confused-gif-24490283

I did...you called my argument that THM collected donut's data pointless, donut is literally a minor

We're not mining data from children are we?

Not very well it seems.

I'm aware how old Donut is, it's literally the reason I don't want them on my friend list.

understandable 🙂

Language barrier, vain didn't realize it was a rhetorical question

I'd be surprised if that's the case, as his grasp on the English language has been pretty spot on for the last few years. 🤷‍♂️

it is a weekend so i think Skidy is supposed to answer all questions today or tomorrow

It's not even rhetorical, it's a genuine question.

Yeah like he can answer 1000 bs questions in only a day

Bs how

https://tenor.com/view/dungeong-gif-3654754744145897317

Identity Theft GDPR isn't a Joke Jim

Where can we expect an update on this? Discord, website, LinkedIn?

...Email?

Unknown

Hi all,

There’s been a lot of discussion recently about the data we collect for Echo and the AI Pentesting Agent project. Some of the concerns are around legality, others around morals. Let me address both.

On the legal side (morals address later!):
We’ve had this reviewed multiple times, and everything we’re doing is fully compliant with regulations. Protecting your data and the integrity of the platform is very important. I’ve even sent your Discord questions directly to our legal team for review, and one of them have joined the server and been reviewing this channel so they can see concerns firsthand and ensure everything we do stays above board. We have used this as an opportunity to improve our privacy policy, but it was not off the back of THM not being previously compliant.

On Echo:
The entire purpose of Echo is more efficient learning - we want you to learn faster and smarter. We want to be able to tell you when you’re wasting your time, and give you feedback on your actions so you develop quicker. To make this possible, we look at your actions on machines and compare them (always anonymously) with other learners.

This is just the start as we believe we’re able to use this information to dramatically make TryHackMe a significantly better platform; better at identifying cheaters, personalised room completion time estimates, better support when you’re stuck, removing flags & more.

Just to be really clear;

• No ML models are being trained/fine-tune on your data for Echo.
• No ML models are currently being trained on your data for the AI agent either.

On the AI Pentesting Agent:
This is a new project, still part of TryHackMe, but structured separately for operational reasons due to how THM is currently set up. The aim is to build a tool that helps pentesters - not replaces them. The reality is that AI is already reshaping security roles, and we want to keep TryHackMe aligned with those changes so learners are prepared for the future. We want our platform, and anything we build, to match what the industry does, so we can best prepare aspiring practitioners for those changes.

I don’t believe junior analysts or pentesters are going away, but I do think their work will shift “upwards.” For example, instead of jr analysts spending hours on triage, they’ll spend more time on investigations and higher value tasks. The agent is meant to support that shift.

I know that legal compliance alone here isn’t enough. Just because something is legal doesn’t automatically make it right. Our commitment is that if data is ever used for this project, it will be in a way that is both legally compliant and morally right (nothing is started yet - no building, training etc..).

Not that it matters too much, but another detail I wanted to share to be transparent is that we know this might fail. There are so many products out there developing pentesting AI agents. Like any new product, it may succeed, it may fail, and the direction may evolve. The goal is not to monetise your data - the goal is to explore whether we can create something of real value for pentesters and, by extension, for learners preparing to enter that field.

The project hasn’t started using any data yet. If we ever do, it will only be done with transparency and with your choice.

Opt-out:
You are of course able to opt-out, but this means (at this point in time) deleting your account - you can do this under your account settings profile. In the future we intend to have more granular opt-out options. The reason is that much of our functionality, such as removing flags and automatically answering questions based on your actions, will only be possible if we can collect those actions, which is why it’s hard to offer selective opt-outs. We haven’t built an opt-out for the AI Pentesting Agent project because it hasn’t started yet - but when we do, we’ll be upfront about how actions are used. We don’t have to do that legally, but we absolutely will.

You’ve raised some really valuable questions, and I want to be transparent in how we’re using this information. The end goal is to improve your learning on TryHackMe, and ensure anything new we build keeps you ahead of the curve as the industry evolves.

To conclude:
I’m flat out during the week, but I wanted to take the time to properly respond to this. That’s why I’ve shared this over the weekend - I didn’t want to rush it like I did with my first quick reply (r.e legal without addressing morals). You’ve raised some really valuable questions, and I want to be upfront about how we’re approaching this. Your data on TryHackMe is being used to make the platform better for you - faster learning, less wasted time, and smarter support. Echo is about helping you improve, and the AI agent is an experiment that may or may not work out, but if we ever use data for it, it’ll be done openly and with your choice. We want to make TryHackMe the best place to learn, while keeping you prepared for where the industry is heading.

I will collect your questions based off this response, and answer in one go again (rather than one by one).

Thanks all.

I'm going to lock this channel - so people can see my response without it getting lost with responses. You can ask questions here #tmp-echo-feedback-questions (UPDATE: Now closed)