• 0 Posts
  • 21 Comments
Joined 4 years ago
cake
Cake day: February 15th, 2021

help-circle
  • You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that’s the whole point of making them portable).

    I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker’s store. The point is that portability shouldn’t be so user-friendly / transparent that it becomes exploitable.

    That said, I don’t know if this new protocol makes things THAT easy to port (probably not?).



  • My worry is that the other 20% might actually come from other forms of partnerships and integrations not unlike what they probably had in mind with this, and that dropping Google might actually make them more dependent on seeking this kind of initiatives, not less.

    I don’t know how many people you actually need to maintain a browser. But if it’s actually possible to do it without any kind of money from any of those sources in a way that can be sustained, then it would make more sense to make a fork (or alternative, like Ladybird) and just use that.

    Like I said, I think it’s too late for Mozilla to shift course, I don’t expect they’ll ever do that. At least not until they are forced by a competing project if it happens to become successful (or a similar huge wake up call that leaves them no alternative).




  • In that counter argument they are essentially admitting that 99% of their content was distributed without the copyright holder’s consent.

    In the CDL lawsuit, they have admitted that of the millions of books we have digitized, they themselves have only made about 33,000 available to libraries; only about 1% of what we have done, and only under restrictive and expensive license agreements. This is, they claim, the essence of their copyright rights: the ability to restrict access to information as they see fit, to further their theoretical economic interests, without regard to libraries traditional functions and the greater public good.

    Was it fair use in the past to redistribute reprints/format-conversions of works without the copyright holders consent?

    I agree that copyright law sucks… but that’s why it needs to change so it actually serves “the greater public good”. The judiciary system is not the right place to advocate for that (they don’t make the law, just interpret it), so I don’t really think there’s much hope in them winning this. Sadly.


  • Ferk@lemmy.mltoComics@lemmy.mlThe exchange.
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    6 months ago

    The thing is that we do have “Morning!”, “Hello”, “Hey”, “Yo!”, “Hi!”… and many other greetings that are not in the form of a question that actually leaves it open for the other person to respond with honesty and that is often also used as a conversation starter. If you really aren’t open to a conversation, use one of the shorter friendly greetings.

    If I say “how’s it going?” and they answer with something I don’t have time to hear… at most I would excuse myself and politelly say that I don’t have too much time to talk… but complaining about the other person actually answering truthfully makes no sense.

    Of course it’s just a comic, but still… I don’t think the one answering is in the wrong here.


  • If they really think there’s no reason to hide anything, why are they prosecuting Snowden for exposing something that was hidden?

    Before having surveillance on people, they should have it on themselves.

    Imagine how many corruption cases could have been prevented if the government was publicly monitored, with live streams from all offices, like a “big brother” show set up in the white house with live recordings of all calls and communications, so the voters can judge by themselves and monitor if the person they employed as the servant for the country is doing its job.


  • It can be formatted “nicely” with no issue. But that doesn’t necessarily make it easy to understand.

    What that person posted was in a function named smb() that only gets called by rmb() under certain conditions, and rmb() gets called by AdB() under other conditions after being called from eeB() used in BaP()… it’s a long list of hard to read minified functions and variables in a mess of chained calls, declared in an order that doesn’t necessarily match up with what you’d expect would be the flow.

    In the same file you can also easily find references to the user agent being read at multiple points, sometimes storing it in variables with equally esoteric short names that might sneak past the reader if they aren’t pedantic enough.

    Like, for example, there’s this function:

    function vc() {
        var a = za.navigator;
        return a && (a = a.userAgent) ? a : ""
    }
    

    Searching for vc() gives you 56 instances in that file, often compared to some strings to check what browser the user is using. And that’s just one of the methods where the userAgent is obtained, there’s also a yc=Yba?Yba.userAgentData||null:null; later on too… and several direct uses of both userAgent and userAgentData.

    And I’m not saying that the particular instance that was pointed out was the cause of the problem… it’s entirely possible that the issue is somewhere else… but my point is that you cannot point to a snippet of “nicely formated” messed up transpiler output without really understanding fully when does it get called and expect to draw accurate conclusions from it.


  • It doesn’t really matter whether it was “targeted” at Firefox specifically or not, what matters is whether the website has logic that discriminates against Firefox users. Those are 2 different things. “End” vs “means”.

    I wouldn’t be surprised if the logic was written by some AI, without specifically targeting any browser, and from the training data the AI concluded that there’s a high enough chance of adblocking to deserve handicapping the UX when the browser happens to be Firefox’s. Given that all it’s doing is slowing the website down (instead of straight out blocking them) it might be that this is just a lower level of protection they added for cases where there’s some indicators even if there’s not a 100% confidence an adblock is used.


  • That’s out of context. That snippet of code existing is not sufficient to understand when does that part of the code gets actually executed, right?

    For all we know, that might have been taken from a piece of logic like this that adds the delay only for specific cases:

    if ( complex_obfuscated_logic_to_discriminate_users ) {
    
        setTimeout(function() {
            c();
            a.resolve(1)
        }, 5E3);
    
    } else {
    
        c();
        a.resolve(1)
    
    }
    

    It’s possible that complex_obfuscated_logic_to_discriminate_users has some logic that changes based on user agent.

    And I expect it’s likely more complex than just one if-else. I haven’t had the time to check it myself, but there’s probably a mess of extremely hard to read obfuscated code as result of some compilation steps purposefully designed to make it very hard to properly understand when are some paths actually being executed, as a way to make tampering more difficult.


  • I expect it would be technically possible to have lemmy-like or peertube-like services built on top of the AT protocol Bluesky uses, like with ActivityPub. And I expect if/when that happens the communication across services would probably work too.

    In fact, accounts being “portable” in the AT protocol can potentially make the integration more seamless across different services, not only might the posts be seen from different services, but you might be able to directly access those different services with the same account. Imagine if you could login in lemmy with a mastodon account or vice-versa.

    Bluesky is just one of the possible services. But as long as the invites are private and you can’t host your own instance, I wouldn’t even consider it an alternative. I think it’s a bit early to judge, both its positives and its negatives.



  • Wouldn’t it be easier and more direct to simply impose a tax to those external big tech services?

    I don’t understand why using protection against “bad actors” as an excuse is necessary at all if getting money from big tech were the ultimate goal. A lot of people within the EU would happily support such a tax targeting big US companies, it’s the privacy problems what we are pushing against, not the fees. So I’d expect a more direct and honest fee for external companies making business within the EU would be easier to pass if that were what they actually wanted, wouldn’t it?


  • I don’t think EVERYONE needs to understand / know about it. I mean, I remember when I was young most people had no idea how to use the internet (hell, they didn’t even know how to program a VHS), yet I was perfectly happy using that technology.

    I only need a specific set of people and specific communities to be there for it to be worth it. Like I said: I no longer use reddit, even though the fediverse has only a small fraction of the content existing in reddit… I would have expected people in the fediverse would be more receptive to unpopular but technologically/ethically superior alternatives.


  • Yes, but the question is: what does matrix need to establish itself as a solid alternative?

    You can’t answer that by saying “people don’t use it, change that” because that’s something only people can change, not matrix, that’d lead to a cyclic problem.

    Specially when that’s given as a counterpoint to justify not wanting to do the change for “this community”. It’s contradictory to want its popularity to be changed but accept the lack of change alone as a valid reason to justify your communities not changing.


  • like how not being able to sign up for something with tor and monero is a privacy violation, it’s not.

    Note that “secrecy” and “privacy” are often understood in Security lingo as different things. One protects confidentiality, the other one protects anonymity.

    It’s possible to have one and not the other…

    You can have a very private system through onion routing but have the contents of the messages exchanged be in plaintext, open to the public. Nobody will be able to know the one who wrote the message was you. But they can see the message. (then there is privacy, but not secrecy).

    Or you can have very strongly encrypted communications (say HTTPS) but have the DNS exchanges (or the TLS handshake, or the IP addresses) be in the clear, so people in the middle (eg. your ISP… or your workplace tech guys) can know exactly that the packages are sent by you and where you sent them, even if their content is encrypted. They can know which service you tried to access to, for how long and how many times (so you have secrecy, but not privacy).


  • But that’s cyclic reasoning. Nothing that you need/want will be on matrix if you (and everyone else) does not think it’s worth to make what you need/want be in matrix…

    I don’t need EVERYTHING to be in Matrix, just the things I’m interested in. So I’m happy when I see a push to have those specific things there. This is the same argument as to why I don’t use Reddit anymore, despite Lemmy/Kbin having only a fraction of the content.

    It also helps the fact that Matrix is very flexible when it comes to mirroring/proxying other protocols. I can easily access IRC communities from Matrix, for example. The integration in that direction is nicer than requiring discord channels to add bots that parrot an IRC chat.


  • In fact, it’s not unlikely that the behavioural data of people who pay to opt out of being spammed with ads will be more valuable to data brokers.

    True. This is why the AdNauseam extension doesn't simply "hide" ads, but it goes out of its way to actually simulate clicks for ALL ads, causing algorithms to be unable to more accurately profile you and making the pay-per-click model fall on its face. If everyone did that, advertisers would have to pay for completely meaningless clicks making it no longer worth it to advertise this way.

    Though it's still not a solution to privacy, since it still gives some insight on your tastes by allowing them to know what websites do you frequently visit.