In the absence of an adequacy decision pursuant to Article 45(3), or of appropriate safeguards pursuant to Article 46, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions:

it has been inferred by many that the validity of consent could degrade over time

Where a processing activity is necessary for the performance of a contract.

“Is consent really the most appropriate legal basis for this processing activity?” It should be taken into account that consent may not be the best choice in the following situations:

statutory rights of withdrawal from your purchase contract

It’s always best practice to either simply follow the most robust legislations or to check the local anti-spam requirements specific to where your recipients are based.

EU law prohibits the personal data of EU citizens from being transferred outside the EU to countries which do not ensure an adequate level of protection for that data.

This framework serves the purpose of protecting Europeans’ personal data after the transfer to the US and correlates with GDPR requirements for Cross Boarder Data Transfers.

Though not always legally required, terms & conditions (also called ToS – terms of service, terms of use, or EULA – end user license agreement) are pragmatically required

It’s useful to remember that under GDPR regulations consent is not the ONLY reason that an organization can process user data; it is only one of the “Lawful Bases”, therefore companies can apply other lawful (within the scope of GDPR) bases for data processing activity. However, there will always be data processing activities where consent is the only or best option.

If you’re a controller based outside of the EU, you’re transferring personal data outside of the EU each time you collect data of users based within the EU. Please make sure you do so according to one of the legal bases for transfer.

Though not always legally required, a Terms & Conditions (T&C) document (also known as a Terms of Service, End-user license agreement or a Terms of Use agreement) is often necessary for the sake of practicality and safety. It allows you to regulate the contractual relationship between you and your users and is therefore essential for, among other things, setting the terms of use and protecting you from potential liabilities.

For this reason, it’s always advisable that you approach your data processing activities with the strictest applicable regulations in mind.

Meet specific requirements if transferring data outside of the EAA. The GDPR permits data transfers of EU resident data outside of the European Economic Area (EEA) only when in compliance with set conditions.

they’ve contested its accuracy

Territorial point of view

the GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way

Neither encryption nor pseudonymisation require technical knowledge to implement.

it buys, receives, sells, or shares the personal information of 50,000 or more consumers annually for the business’ commercial purposes. Since IP addresses fall under what is considered personal data — and “commercial purposes” simply means to advance commercial or economic interests — it is likely that any website with at least 50k unique visits per year from California falls within this scope.

That’s because the Google Translate extension uses some internal Google-only APIs (Mozilla also does the same thing).

What I don't like is how they've killed so many useful extensions without any sane method of overriding their decisions.

I know, you don't trust Mozilla but do you also not trust the developer? I absolutely do! That is the whole point of this discussion. Mozilla doesn't trust S3.Translator or jeremiahlee but I do. They blocked page-translator for pedantic reasons. Which is why I want the option to override their decision to specifically install few extensions that I'm okay with.

The only reason why your workaround isn't blocked as well is because it has additional steps that don't explicitly breach Mozilla's policies. But it certainly defeats the spirit of it.

What's terrible and dangerous is a faceless organization deciding to arbitrarily and silently control what I can and can not do with my browser on my computer. Orwell is screaming in his grave right now. This is no different than Mozilla deciding I don't get to visit Tulsi Gabbard's webpage because they don't like her politics, or I don't get to order car parts off amazon because they don't like hyundai, or I don't get to download mods for minecraft, or talk to certain people on facebook.

They don't have to host the extension on their website, but it's absolutely and utterly unacceptable for them to interfere with me choosing to come to github and install it.

I appreciate the vigilance, but it would be even better to actually publish a technical reasoning for why do you folks believe Firefox is above the device owner, and the root user, and why there should be no possibility through any means and configuration protections to enable users to run their own code in the release version of Firefox.

I will need to find a workaround for one of my private extensions that controls devices in my home network, and its source code cannot be uploaded to Mozilla because of my and my family's privacy.

potentially dangerous APIs may only be used in ways that are demonstrably safe, and code within add-ons that cannot be verified as behaving safely and correctly may need to be refactored

If the add-on is a fork of another add-on, the name must clearly distinguish it from the original and provide a significant difference in functionality and/or code.

Apparently Firefox does have translation built-in, it's just not enabled due to lack of usage agreement / API keys. https://hg.mozilla.org/mozilla-central/rev/a3eb8e502006

Thank you for letting me know about this move by Google. Definitely something to watch. While I agree with Google's position from an end user experience perspective, it unfortunately puts Firefox at a further disadvantage since Mozilla does not have its own language translation initiatives.

Mozilla does not permit extensions distributed through https://addons.mozilla.org/ to load external scripts. Mozilla does allow extensions to be externally distributed, but https://addons.mozilla.org/ is how most people discover extensions. The are still concerns: Google and Microsoft do not grant permission for others to distribute their "widget" scripts. Google's and Microsoft's "widget" scripts are minified. This prevents Mozilla's reviewers from being able to easily evaluate the code that is being distributed. Mozilla can reject an extension for this. Even if an extension author self-distributes, Mozilla can request the source code for the extension and halt its distribution for the same reason.

100MB storage

500Kb max file size

We believe that being open source is one of the most important features of Bitwarden. Source code transparency is an absolute requirement for security solutions like Bitwarden.

The common law—so named because it was "common" to all the king's courts across England—originated in the practices of the courts of the English kings in the centuries following the Norman Conquest in 1066.[10] The British Empire spread the English legal system to its colonies, many of which retain the common law system today. These "common law systems" are legal systems that give great weight to judicial precedent, and to the style of reasoning inherited from the English legal system.

The data protection officer’s duty is to protect customers’ data, even if that protection goes against other business objectives, meaning there are often different rules on how the executive can be disciplined or dismissed, she said.

the cost of reading consent formats or privacy notices is still too high.

Third, the focus should be centered on improving transparency rather than requesting systematic consents. Lack of transparency and clarity doesn’t allow informed and unambiguous consent (in particular, where privacy policies are lengthy, complex, vague and difficult to navigate). This ambiguity creates a risk of invalidating the consent.

U.K. Information Commissioner Elizabeth Denham clearly states that consent is not the "silver bullet" for GDPR compliance. In many instances, consent will not be the most appropriate ground — for example, when the processing is based on a legal obligation or when the organization has a legitimate interest in processing personal data.

data processing limited to purposes deemed reasonable and appropriate such as commercial interests, individual interests or societal benefits with minimal privacy impact could be exempt from formal consent. The individual will always retain the right to object to the processing of any personal data at any time, subject to legal or contractual restrictions.

organizations may require consent from individuals where the processing of personal data is likely to result in a risk or high risk to the rights and freedoms of individuals or in the case of automated individual decision-making and profiling. Formal consent could as well be justified where the processing requires sharing of personal data with third parties, international data transfers, or where the organization processes special categories of personal data or personal data from minors.

First, organizations must identify the lawful basis for processing prior to the collection of personal data. Under the GDPR, consent is one basis for processing; there are other alternatives. They may be more appropriate options.

Furthermore, the consent-based regime creates an obligation to document that consent was lawfully given.

the authority found that each digital platform’s privacy policies, which include the consent format, were between 2,500 and 4,500 words and would take an average reader between 10 and 20 minutes to read.

be sure to read the complete iubenda privacy policy, part of these terms of service.

While Web site is still doing well in the U.S., it is all but dead in the U.K. Current Google News searches limited to U.K. publications find only about one instance of Web site (or web site) for every thousand instances of website. The ratio is similar in Australian and New Zealand publications. In Canada, the ratio is somewhere in the middle—about 20 to one in favor of the one-word form.

Exceptions are easily found, however, especially in American sources, where Web site (or web site, without the capital w) appears about once for every six instances of website. This is likely due to the influence of the New York Times, which is notoriously conservative with tech terms. The Times still uses Web site, and many American publications follow suit. Yet even those that often use Web site in their more closely edited sections tend to allow website in their blogs and other web-only sections.

Languages evolve to suit the needs of the people who use them

English tends to build new compound nouns by simply writing them as separate words with a blank. Once the compound is established (and the original parts somewhat "forgotten"), it's often written as one word or hyphenated. (Examples: shoelaces, aircraft...)

Web site / website seems to be somewhat in a transitional stage, being seen as an "entity" that web page hasn't reached yet. Depending on which dictionary you check you will find web site and website, but only web page, not webpage.

Other languages, German for example, are notorious for very long compunds like this and this, that are made up and written as one word directly. Perhaps the way your native language deals with compounds explains your (or other authors') personal preference and sense of "right"?

A left navigation is faster and more efficient for users to scan. In just three visual fixations, users scan six items in the left navigation compared to the three items scanned in the top navigation. The left navigation also facilitates a vertical scanning direction that is natural for people

Because users read items from left to right, the priority direction for reading items is stronger horizontally than vertically.

Items in a top navigation do not have equal weight. The leftmost items carry more visual weight than other items because of its placement in the primary optical area (top left). Items in the top left area get more exposure and are often seen as more important than other items.

you will have certain items with higher priority than others. Because the user’s topic of interest is more limited in this context, placing items in a top navigation allows users to find what they want faster and easier.

"When does an astronaut eat?" "At launchtime"

Marginalize provides a striking case of how thoroughly the figurative use of a word can take over the literal one.

In informal contexts, mathematicians often use the word modulo (or simply "mod") for similar purposes, as in "modulo isomorphism".

It’s true that there are two hard problems in computer science and one of them is naming things. Why? Because good names are important. A good name teaches about purpose and responsibility, so you have to spend some time thinking about it.

Competition exists when there is comparison, and comparison does not bring about excellence.

You don't "sanitize your output" you encode it for proper context within the application it is being presented. You encode the output for HTML, HTML Attribute, URL, JavaScript

I would call this output encoding instead of sanitization

This has a usability impact. From a purely "secure all the things" standpoint, you should absolutely take the above approach but there will inevitably be organisations that are reluctant to potentially lose the registration as a result of pushing back

I'm providing this data in a way that will not disadvantage those who used the passwords I'm providing.

As such, they're not in clear text and whilst I appreciate that will mean some use cases aren't feasible, protecting the individuals still using these passwords is the first priority.

Before we get to passwords, surely you already have in mind that Google knows everything about you. It knows what websites you’ve visited, it knows where you’ve been in the real world thanks to Android and Google Maps, it knows who your friends are thanks to Google Photos. All of that information is readily available if you log in to your Google account. You already have good reason to treat the password for your Google account as if it’s a state secret.

You already have good reason to treat the password for your Google account as if it’s a state secret. But now the stakes are higher. You’re trusting Google with the passwords that protect the rest of your life – your bank, your shopping, your travel, your private life. If someone learns or guesses your Google account password, you are completely compromised. The password has to be complex and unique. You have to treat your Google account password with the same care as a LastPass user. Perhaps more so, because it’s easier to reset a Google account password. If your passwords are saved in Chrome, you should strongly consider using two-factor authentication to log into your Google account. I’ll talk about that in the next article.

Computer security[edit] A mistake in just one component can compromise the entire system.

Less than 1% of users in the world have Javascript turned off. So honestly, it's not worth anyones time accommodating for such a small audience when a large majority of websites rely on Javascript. Been developing websites for a very long time now, and 100% of my sites use Javascript and rely on it heavily. If users have Javascript turned off, that's their own problem and choice, not mine. They'll be unable to visit or use at least 90% of websites online with it turned off.

One of the drawbacks of waiting until someone signs in again to check their password is that a user may simply stay signed in for a long time without signing out. I suppose that could be an argument in favor of limiting the maximum duration of a session or remember-me token, but as far as user experience, I always find it annoying when I was signed in and a website arbitrarily signs me out without telling me why.

Q. I would like a copy of my data from a breach, can you please send it to me? A. No, I cannot Q. I have a breach I would like to give you in exchange for “your” breach, can you please send it to me? A. No, I cannot Q. I’m a security researcher who wants to do some analysis on the breach, can you please send it to me? A. No, I cannot Q. I’m making a searchable database of breaches; can you please send it to me? A. No, I cannot Q. I have another reason for wanting the data not already covered above, can you please send it to me? A. No, I cannot

The aim of this list is to document all Markdown syntax variations (rather than implementations).

The tyranny of the majority (or tyranny of the masses) is an inherent weakness to majority rule in which the majority of an electorate pursues exclusively its own interests at the expense of those in the minority. This results in oppression of minority groups comparable to that of a tyrant or despot

Direct democracy was not what the framers of the United States Constitution envisioned for the nation. They saw a danger in tyranny of the majority. As a result, they advocated a representative democracy in the form of a constitutional republic over a direct democracy. For example, James Madison, in Federalist No. 10, advocates a constitutional republic over direct democracy precisely to protect the individual from the will of the majority

Those who hold and those who are without property have ever formed distinct interests in society. Those who are creditors, and those who are debtors, fall under a like discrimination. A landed interest, a manufacturing interest, a mercantile interest, a moneyed interest, with many lesser interests, grow up of necessity in civilized nations, and divide them into different classes, actuated by different sentiments and views. The regulation of these various and interfering interests forms the principal task of modern legislation, and involves the spirit of party and faction in the necessary and ordinary operations of the government.

The gem provides a command line utility for checking passwords.

But recent events have made me question the prudence of releasing this information, even for research purposes. The arrest and aggressive prosecution of Barrett Brown had a marked chilling effect on both journalists and security researchers.

At Brown’s sentencing, Judge Lindsay was quoted as saying “What took place is not going to chill any 1st Amendment expression by Journalists.” But he was so wrong. Brown’s arrest and prosecution had a substantial chilling effect on journalism. Some journalists have simply stopped reporting on hacks from fear of retribution and others who still do are forced to employ extraordinary measures to protect themselves from prosecution.

Having said all that, I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment. I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me.

I could have released this data anonymously like everyone else does but why should I have to? I clearly have no criminal intent here. It is beyond all reason that any researcher, student, or journalist have to be afraid of law enforcement agencies that are supposed to be protecting us instead of trying to find ways to use the laws against us.

As serious leaks become more common, surely we can expect tougher laws. But these laws are also making it difficult for those of us who wish to improve security by studying actual data. For years we have fought increasingly restrictive laws but the government’s argument has always been that it would only affect criminals.

This principle equally applies to the laws of our country; we should never violate basic rights even if the consequences aren’t immediately evident.

Google figures that since it has a big (encrypted) database of all your passwords, it might as well compare them against a 4-billion-strong public list of compromised usernames and passwords that have been exposed in innumerable security breaches over the years. Any time Google hits a match, it notifies you that a specific set of credentials is public and unsafe and that you should probably change the password.

If you force people to frequently change their passwords, they will use bad passwords.

Stop forcing users to change their passwords every 30, 60, or 90 days, and stop forcing users to include a mixture of uppercase, lowercase, and special charactersForcing users to change their passwords should only happen if there is reason to believe an organization has been breached, or if a new third-party data breach affects employees or users.

The terms open and standard have a wide range of meanings associated with their usage.

And most important: No proprietary encryption software can be fully trusted

If you are concerned about privacy and looking for a bullet-proof solution then the only way to go is open-source software. For example, there was another incident with a proprietary file "encrypter" for Android/iOS which used the simplest possible "encryption" on earth: XORing of data that is as easy to crack a monkey could do that. Would not happen to an open-source software. If you're worried about the mobile app not being as reliable (backdoors etc.) as the desktop app: compile it yourself from sources. https/github.com/MiniKeePass/MiniKeePass You can also compile the desktop version yourself. Honestly, I doubt most people, including you and me, will bother.

Open Source prevents backdoors. You can have a look at its source code and compile it yourself.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this the IP address of the user must remain stored for the duration of the session.

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interests lie in the above-mentioned purposes.

Anything Pwned Passwords related is free because I want maximum adoption and the cost is borne by @cloudflare. Anything related to querying email addresses requires a key to be purchased because I want to limit abuse and it costs me directly to run.

Devise-Two-Factor only worries about the backend, leaving the details of the integration up to you. This means that you're responsible for building the UI that drives the gem. While there is an example Rails application included in the gem, it is important to remember that this gem is intentionally very open-ended, and you should build a user experience which fits your individual application.

In mainstream press, the word "hacker" is often used to refer to a malicious security cracker. There is a classic definition of the term "hacker", arising from its first documented uses related to information technologies at MIT, that is at odds with the way the term is usually used by journalists. The inheritors of the technical tradition of the word "hacker" as it was used at MIT sometimes take offense at the sloppy use of the term by journalists and others who are influenced by journalistic inaccuracy.

there's no reasonable way to communicate effectively with the less technically minded without acquiescing to the nontechnical misuse of the term "hacker"

terms like "malicious security cracker" are sufficiently evocative and clear that their use actually helps make communication more effective than the common journalistic misuse of "hacker".

Now, if we think of the tasks that we perform throughout the day as consuming separate "bands" of time, then the term makes perfect sense. Being "out of bandwidth" would indicate that you do not have enough unallocated "bands of time" in your day to complete the task. Using the term bandwidth to describe time maps more closely (in my opinion) to the original definition, than the current definition describing data capacity does.

I may be living in a bubble, but my impression is that don't understand that figurative use of bandwidth are way out of the loop.

Another approach I toyed with (very transiently) was blocking entire countries from accessing the API. I was always really hesitant to do this, but when 90% of the API traffic was suddenly coming from a country in West Africa, for example, that was a pretty quick win.

Well, as a home user, I also belong to an investment club with 10 members. I also have a medium size family who I like to send photo's to, and my son is on a soccer team. all those have greater than 5 people on the list. sooooooooo..... once again, the people with valid use of the internet have to 'deal' with those that abuse it.

I had never considered it that in nearly a decade of using GNU find! Thank you for that! It will definitely change the way I think about -prune from now on.

I think this structure is much easier and correlates to the right approach

that “it is quite clear thatNietzsche wrote [this work] not as a dialectician.”3

The point is that users should be in control of their data, which means they need an easy way of accessing it. Providing an API or the ability to download 5,000 photos one at a time doesn't exactly make it easy for your average user to move data in or out of a product.

It's typically a lot easier for software engineers to pull data out of a service that they use than it is for regular users. If APIs are available, we engineers can cobble together a program to pull our data out. Without APIs, we can even whip up a screen scraper to get a copy of the data. Unfortunately, for most users this is not an option, and they're often left wondering if they can get their data out at all.

1Password wasn’t built in a vacuum. It was developed on top of open standards that anyone with the right skills can investigate, implement, and improve. Open tools are trusted, proven, and constantly getting better. Here’s how 1Password respects the principles behind the open tools on which it relies:

Steroids used after the first 3 to 4 days after injury do not affect wound healing as severely as when they are used in the immediate postoperative period.

The major effect of steroids is to inhibit the inflammatory phase of wound healing (angiogenesis, neutrophil and macrophage migration, and fibroblast proliferation) and the release of lysosomal enzymes

Large doses or chronic usage of glucocorticoids reduce collagen synthesis and wound strength

HBOT was found to improve graft survival, complete healing of grafts, and lessen infection in patients with a graft