Isn’t the main problem that most people don’t use the E2E encrypted chat feature on Telegram, so most of what’s going on is not actually private and Telegram does have the ability to moderate but refuses to (and also refuses to cooperate)?
Something like Signal gets around this by not having the technical ability to moderate (or any substantial data to hand over).
Before people can be persuaded to use them, we have to persuade or force the companies and sites to support them.
A multi-billion dollar social media company sued an ad industry group that was trying to have help companies have some kind of brand safety standards to prevent a company’s ads from appearing next to objectionable content. They reportedly had two full-time staff members. This isn’t some big win, it’s bullying itself.
Basically with passkeys you have a public/private key pair that is generated for each account/each site and stored somewhere on your end somehow (on a hardware device, in a password manager, etc). When setting it up with the site you give your public key to the site so that they can recognize you in the future. When you want to prove that it’s you, the website sends you a unique challenge message and asks you to sign it (a unique message to prevent replay attacks). There’s some extra stuff in the spec regarding how the keys are stored or how the user is verified on the client side (such as having both access to the key and some kind of presence test or knowledge/biometric factor) but for the most part it’s like certificates but easier.
Don’t most DoH resolversl settings have you enter the IP (for the actual lookup connection) along with the hostname of the DoH server (for cert validation for HTTPS)? Wouldn’t this avoid the first lookup problem because there would be a certificate mismatch if they tried to intercept it?
With a breach of this size, I think we’re officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.
The plan was only to kill off third-party cookies, not first-party so being able to log into stuff (and stay logged in) was not going to be affected. Most other browsers have already blocked or limited third-party cookies but most other browsers aren’t owned by a company that runs a dominant ad-tech business, so they can just make those changes without consulting anyone.
Also, it looks like there might be some kind of standard for federated login being worked on but I haven’t really investigated it: https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
They definitely knew it would impact their ad business but I think what did it was the competition authorities saying they couldn’t do it to their competitors either, even if they were willing to take the hit on their own services.
Impact on their business (bold added): https://support.google.com/admanager/answer/15189422
- Programmatic revenue impact without Privacy Sandbox: By comparing the control 2 arm to the control 1 arm, we observed that removing third-party cookies without enabling Privacy Sandbox led to -34% programmatic revenue for publishers on Google Ad Manager and -21% programmatic revenue for publishers on Google AdSense.
- Programmatic revenue impact with Privacy Sandbox: By comparing the treatment arm to control 1 arm, we observed that removing third-party cookies while enabling the Privacy Sandbox APIs led to -20% and -18% programmatic revenue for Google Ad Manager and Google AdSense publishers, respectively.
Doesn’t necessarily need to be anyone with a lot of money, just a lot of people mass reporting things combined with automated systems.
It’s like an automated tipofmytongue but for everything you do on your computer.
I’m not sure I’m surprised at this point any more, just disappointed. All they have to do is just make a stable and secure platform to run apps on. They’re going to run out of foot to shoot themselves in sooner or later if they keep this kind of thing up. Too many unforced errors.
It should never have gotten to the external feedback stage because internal feedback should have been sufficient to kill the idea before it even got a name due to it being such a security and privacy risk. The fact that it didn’t is worrying from a management perspective.
To be fair to Microsoft, this was a local model too and encrypted (through Bitlocker). I just feel like the only way you could possibly even try to secure it would be to lock the user out of the data with some kind of separate storage and processing because anything the user can do can be done by malware run by the user. Even then, DRM and how it gets cracked has shown us that nothing like that is truly secure against motivated attackers. Since restricting a user’s access like that won’t happen and might not even be sufficient, it’s just way too risky.
Whoops, I mixed them up. It was definitely opt-out before.
Yeah, it sounds like it might actually be a useful feature if it wasn’t impossible to do it securely and in a privacy respecting way.
The Microsoft accounts are already required (without resorting to increasingly convoluted methods) and I think the hardware for Hello might be too now for OEM built computers, I’m not sure.
I’m pretty sure the main picture on the article is what the revised opt in/out message looks like. Previously it was opt-out with just a message describing the feature with a check box to have it open Settings when you were finished with the out of box experience so that you can look at the options later.
Edit: Fixed mention of opt-in to opt-out, thanks tal.
https://support.google.com/maps/answer/14169818
Update Google Maps to use Timeline on your device
Important: These changes are gradually rolling out to all users of the Google Maps app. You’ll get a notification when an update is available for your account.
Location History is now called Timeline, and you now have new choices for your data. To continue using Timeline, you must have an up-to-date version of the Google Maps app. Otherwise, you may lose data and access to your Timeline on Google Maps.
Timeline is created on your devices.
Basically they’re getting rid of the web version because they’re moving the data to being stored on local devices only. Part of this might be because they got a lot of flak for stuff like recording location data for people who went near reproductive health clinics and other sensitive things. They can’t be forced to respond to subpoenas for data if they don’t have the data and can thus stay out of it, so I wouldn’t necessarily say it’s all that altruistic on their part.
Looks like you can use Ctrl+Spacebar to open the “MenuComplete” function that should show you the different available options. I don’t think you can get a direct list of the parameters that have explanations without using something like Get-Help though.
More info here:
Composable moderation/custom labeling and custom algorithmic feeds are two things that Mastodon doesn’t have that Bluesky does.