While I personally think a removal of encryption tends be on the other side of this conflict, I have been called a nonce several times by otherwise leftist folks because of my support for strong encryption(ie the only people who want encryption have something to hide ergo you’re a nonce). This is all anecdote so YMMV.
Jokes aside this is fucking rad and a continuation of great things from them. I really dread the day iFixit enshittifies.
As a hiring manager, I don’t give a shit about certs. AWS certs, for example, serve primarily as marketing material and free money. Soft skill certs like agile methodology (of which I have several) are equally bullshit in that everything is a pattern not a prescription yet many people miss that and shoot their teams in the foot. There are some security certs I do value, such as CISSP, because they can be required for certain industries and actually do carry some gravitas. Even those, though, aren’t necessarily valuable for the things I actually need my security folks to do.
I’d say the market is maybe 30/70 split with folks like me and ATS or idiot hiring managers thinking your ability to memorize the specific GCP settings no one uses will actually make you understand why prod blew up. I refuse to get any; I actively support my team getting them as long as they know what they’re getting into.
I use uBlock Origin to remove tracking. I also manually remove tracking. Privacy Badger is a tool that works to explicitly do this kind of tidying.
Your analogy doesn’t work at all.
If one of the core harms is the removal of income and tracking, ad blockers fall into this category. Ad blockers very explicitly remove these things. The harm is not “Honey stole my income” it’s “Honey removed my tracking and Honey added their tracking.” Read the Legal Eagle case.
I am genuinely concerned about this because Legal Eagle’s suit is directly tied to manipulating URLs and cookies. The suit, even with its focus on last click attribution, doesn’t make an incredibly specific argument. If Legal Eagle wins, this sets a very dangerous precedent for ad blockers being illegal because ad blockers directly manipulate cookies and URLs. I haven’t read the Gamer’s Nexus one yet.
Please note that I’m not trying to defend Honey at all. They’re actively misleading folks.
The study talks to 16 Mastodon admins who got to say what they thought Mastodon did. It’s not really a study, it’s just a survey. Being posted here is just confirmation bias. For Mastodon to increase citizen empowerment, there has to be something measured and a control group that isn’t on Mastodon.
From the abstract
In this paper, following a pre-study survey, we conducted semi-structured interviews with 16 Mastodon instance administrators, including those who host instances to support marginalised and stigmatised communities
You really have to read beyond the headline. This isn’t Reddit.
I have more important things to do than to lobby the government to send a tax bill.
Why would the CEO be dumb enough to say this in an interview? If your business model is fucking people, your CEO has to have a cool head when asked if he’s fucking people!
Did we read the same article? DNS-01 challenges require updates to DNS. This means you need an API for your DNS. This means you now have to worry about DNS permissions in your application cert workflow. We’ve just massively increased blast radius! Or you could do it manually but that’s already failed.
All of this is straightforward with infrastructure-as-code. While I don’t struggle with that, I’ve watched devs and sysadmins both stare blankly at this kind of thing for days at a time.
If you’re using any work-related anything to post “anonymously” or talk to journalists, don’t. That Blind redirection is chilling yet it’s well within the capabilities of employers. The right way to talk to journalists like 404 is to find their anonymous contact details eg Signal using your own internet connection and your own device. Work computers can be monitored. Traffic on work computers or work VPNs can be monitored. Company email usage can be monitored. Company phone usage can be monitored. You don’t need to be incredibly private with a VPN over tor and anonymous services; you just need to not use company resources. Whether or not this should be legal is a different story; you just gotta know you have fuck all for privacy on company resources.
I’ve only heard of Blind in passing; that corp email makes it too close to Glassdoor for comfort and it’s very clearly not private with that requirement.
Mullenweg is an original WP dev along with Mike Little. He’s fucking batshit and completely in the wrong but he did create the FOSS.
AWS makes this impossible in a few places such as a fair number of ACM use-cases.
I think your cert-per-session idea is interesting. We’d need significant throughput and processing boosts to make that happen, probably at least on the order of 10X computing speeds and 10X transmission speeds across the board minimum. These operations are computationally intense and add data to the wire so, for example, a simple Lemmy server with hundreds of users slows to a crawl and a larger site eg Mastodon goes to dialup speeds or worse. You can test at home by trying to generate an x509 self-signed cert before connecting to a website every time.
I read the Wires article for the first time just now to try and understand this article. I don’t really think it attacks SimpleX at all. I think it states the fact that nazis have moved to the platform, the fact that SimpleX is a very private platform, the fact that SimpleX claims to prevent extremist content and growth, the fact that extremist content is being spread and growing, and the fact that SimpleX is unaware of claims. As someone who has been following this discourse for decades, this is the kind of thing that gets published. There is a balance between privacy and extremism. Privacy-focused individuals like myself will always focus on the privacy provided there are tools to combat the extremism (where applicable).
I feel like SimpleX is being defensive because their claims are not panning out. Their response calls out all of the things I feel were said in support of them while ignoring the actual critiques of their system. Not adding a backdoor? Great! That’s law and smart! Supporting groups of over a thousand posting extremist content?
We never designed groups to be usable for more than 50 users and we’ve been really surprised to see them growing to the current sizes despite limited usability and performance
SimpleX will remove such content if it is discovered. Much of the content that these terrorist groups have shared on Telegram—and are already resharing on SimpleX—has been deemed illegal in the UK, Canada, and Europe.
This is the stuff that needs response, not the privacy stuff Gilbert is arguably a fan of.
Anyone in tech who knowingly works for Google supports these things in the same way that anyone that works in tech who knowingly works for Meta support genocide and the erosion of the democratic process. I give the caveat “in tech” because there are some roles like content moderation or executive assistant where you really don’t have the luxury of a huge market working almost anywhere else that doesn’t support genocide and I don’t fault those faults for taking a job that has better benefits. My engineering peers? I judge them for it.
The Security Online article only cites Margitelli’s post on the matter. My assumption has been the article used the post as its single source. On one hand, watching MS fuck shit up for years, I want to believe Margitelli. On the other hand, researchers using weird tools and uninterested in reality are why curl is now a CNA.
I’m personally frustrated with Margitelli’s post because it’s all about abandoning responsible disclosure globally rather than naming and shaming (Canonical? Red Hat? Both? Others? If it affects all GNU/Linux I’d expect every single distro maintainer to be named and shamed). Responsible disclosure is our best solution to make sure innocent bystanders don’t get caught in the crossfire. When specific entities don’t abide by responsible disclosure we lambast those specific entities not the entire process built to keep users safe.
I have not actually been able to use any Reddit results for awhile. It might be that I force old[.]reddit[.]com and Reddit has finally cracked down on that?
As soon as I read about the shoe cell modem, I thought Eudaemons. It’s rad Ars called that out too!
I’d argue it was taken from us several years ago when Raspberry made the decision to prioritize business customers over education and hobby during the chip shortages.
I’ve seen some misinformation that doesn’t address the question and no answers.
First the misinformation: if you live in the US and work in an at-will state, your employee handbook will dictate what company can or cannot do. In most cases, especially for larger companies, there will be explicit language allowing the company to do whatever they on anything that uses their software or tech they’ve provided (eg your phone you use for company email). Two-party consent doesn’t apply in these cases because you signed the employee handbook or were informed it was a condition of your employment. Since it’s at-will too bad. However, even with these power, most companies aren’t doing shit unless you’re fucking up. Give someone a reason to throw IT or security at you and it could happen. Chances of this are higher at either larger companies or small companies with power-hungry idiots running the show. I have worked at all kinds and see all sides. If you are not in the US or live in a state with employment contracts (not at-will), this might not apply unless you signed away those rights and there is nothing getting them back. It’s always a good idea to be friendly with IT and security to learn what they do and do not do.
As to your question, do companies fingerprint employee voices, most likely not. In the US I’m at-will states you don’t need to go through all the trouble of tracking voices for termination or legal action. In the private world, this is a very secrecy-oriented problem (eg Apple trying to keep the lid on surprise and delight) so it wouldn’t happen except for very large scale. In the public sector, you genuinely should be afraid of this because government agencies are sucking down all the data they can. This is true around the world. More importantly, they’re all incompetent as fuck and being sold shitty software that doesn’t work so they’re misusing data like this for incorrect identifications.
In general, if you want to be anonymous, practice good operational security. Changing your voice never hurts. It’s not a bad idea to be safer (unless you’ve chosen a tool that can be easily reversed). You should also use phone numbers and hardware that can’t be traced back, which is a bit harder.
Advanced tech? What advanced tech? People watching you on cameras? The highest rate of wake word false positives? Something else I’m too dumb to understand?