172 Matching Annotations
  1. May 2021
  2. Mar 2021
    1. Democrat Chicago to allow the economy to open up less than a week after Biden's inauguration...it's all planned to make Biden appear successful! Democrats allowed millions of people to suffer and lose businesses all for their own greed and power!
  3. Feb 2021
  4. Jan 2021
    1. Group Rules from the Admins1NO POSTING LINKS INSIDE OF POST - FOR ANY REASONWe've seen way too many groups become a glorified classified ad & members don't like that. We don't want the quality of our group negatively impacted because of endless links everywhere. NO LINKS2NO POST FROM FAN PAGES / ARTICLES / VIDEO LINKSOur mission is to cultivate the highest quality content inside the group. If we allowed videos, fan page shares, & outside websites, our group would turn into spam fest. Original written content only3NO SELF PROMOTION, RECRUITING, OR DM SPAMMINGMembers love our group because it's SAFE. We are very strict on banning members who blatantly self promote their product or services in the group OR secretly private message members to recruit them.4NO POSTING OR UPLOADING VIDEOS OF ANY KINDTo protect the quality of our group & prevent members from being solicited products & services - we don't allow any videos because we can't monitor what's being said word for word. Written post only.

      Wow, that's strict.

  5. Dec 2020
    1. Ek said that many artists are happier in private about the money they receive than they are in public. He also said that musicians not doing well from streaming are the ones who want to release music “the way it used to be released”.

      This is hogwash. Artists want to make a living, while Ek and his cohorts maximise their profits while actively lobbying against songwriter royalties and pushing transphobic people like Joe Rogan. More here: https://niklasblog.com/?p=25501

    2. Last week Radiohead’s Ed O’Brien, Elbow’s Guy Garvey and Gomez’s Tom Gray gave evidence alongside Shah. Gray’s Broken Record campaign aims to fight for fairer terms for artists.
    3. many musicians are “scared to speak out” because they don’t want to “lose favour” with all-powerful streaming services and record labels.

      This is horrifying. Just what Shell has done, and other major and uncaring companies, naturally.

  6. Nov 2020
    1. Jeff Bezos has so much money he doesn’t know what to do with it all, so he figures he’d might as well spend it on spaceships. That’s what the Amazon.com Inc. AMZN, -1.04%   founder and chief executive told Mathias Döpfner, the CEO of Business Insider parent Axel Springer, in an interview published over the weekend.
  7. Oct 2020
    1. Use the same value that was submitted, which ensures that a 'change' is triggered even though the value itself doesn't change. Therefore, the same value gets validated again.

      Calling it "change" even though it didn't change is kind of cheating/abuse ... but I guess it's okay...??

        mutateValue([name], state, { changeValue }) {
          // change the value to the same value, thus
          // triggering a revalidation of the same value
          changeValue(state, name, value => value);
        }
      
    1. In agent-oriented programming the antonym is depender, though in general usage the common term dependent is used instead. There is no common language equivalent for dependee', however – other metaphors are used instead, such as parent/child. The circumlocutions “A depends on B” and “B is depended on by A” are much more common in general use than “A is the depender, B is the ' dependee ”.
    1. In the software industry we use "dependency" to refer to the relationship between two objects. We say "looking for dependents" for relationships to dependent things and "looking for dependencies" for relationships to prerequisite things, so it gets that connotation, but the literal meaning is the relationship itself, not the object. Finding a better word is exactly the point of the question
    1. It was dark in the hall. It had been a rule for years never to disturb father in the morning, whatever happened. And now they were going to open the door without knocking even... Constantia’s eyes were enormous at the idea; Josephine felt weak in the knees.

      Both this story and the Garden Party have themes of psychological abuse perpetrated on the young. Laura seems fated by those around her to be nothing more than a doll at a garden party, and Jug and Con. seem to live in persistent fear of their own father.

    1. A while ago we put a system in place to monitor our servers for abusive request patterns and send 503 Service Unavailable responses with custom text depending on the nature of the abuse. Our hope was that the authors of misbehaving software and the administrators of sites who deployed it would notice these errors and make the necessary fixes to the software responsible.
    2. Take responsibility for your outgoing network traffic If you install software that interacts with other sites over the network, you should be aware how it works and what kind of traffic it generates. If it has the potential to make thousands of requests to other sites, make sure it uses an HTTP cache to prevent inflicting abuse on other sites.
    1. Another thing you can do is to add pain to the second part of it. Attackers want the list of valid usernames, so they can then try to guess or brute force the password. You can put protections in place with that as well, whether they are lockouts or multi-factor authentication, so even if they have a valid username, it's much harder to gain access.
    1. Customizable mitigation policies provide multiple response options including block, rate limit, geo fence, or deception. Using deception allows you to send a custom response to the attacker, effectively putting guardrails around their activities.
    1. So that’s already a huge advantage over other platforms due the basic design. And in my opinion it’s got advantages over the other extreme, too, a pure peer-to-peer design, where everyone would have to fend for themselves, without the pooled resources.

      Definitely something the IndieWeb may have to solve for.

    2. Mastodon deliberately does not support arbitrary search. If someone wants their message to be discovered, they can use a hashtag, which can be browsed. What does arbitrary search accomplish? People and brands search for their own name to self-insert into conversations they were not invited to. What you can do, however, is search messages you posted, received or favourited. That way you can find that one message on the tip of your tongue.
  8. Sep 2020
    1. For my point of view, and I've been annoyingly consistent in this for as long as people have been asking for this feature or something like it, style encapsulation is one of the core principles of Svelte's component model and this feature fundamentally breaks that. It would be too easy for people to use this feature and it would definitely get abused removing the style safety that Svelte previously provided.
    1. “With no oversight whatsoever, I was left in a situation where I was trusted with immense influence in my spare time,” she wrote. “A manager on Strategic Response mused to myself that most of the world outside the West was effectively the Wild West with myself as the part-time dictator – he meant the statement as a compliment, but it illustrated the immense pressures upon me.”
    2. Facebook ignored or was slow to act on evidence that fake accounts on its platform have been undermining elections and political affairs around the world, according to an explosive memo sent by a recently fired Facebook employee and obtained by BuzzFeed News.The 6,600-word memo, written by former Facebook data scientist Sophie Zhang, is filled with concrete examples of heads of government and political parties in Azerbaijan and Honduras using fake accounts or misrepresenting themselves to sway public opinion. In countries including India, Ukraine, Spain, Brazil, Bolivia, and Ecuador, she found evidence of coordinated campaigns of varying sizes to boost or hinder political candidates or outcomes, though she did not always conclude who was behind them.
  9. Aug 2020
    1. Facebook has apologized to its users and advertisers for being forced to respect people’s privacy in an upcoming update to Apple’s mobile operating system – and promised it will do its best to invade their privacy on other platforms.

      Sometimes I forget how funny The Register can be. This is terrific.

  10. Jul 2020
    1. Besides, this will just end up being reported as a security bug to the security list if left as is, cause docker will eat up all your disk space due to a single call site flooding STDERR forcing logs to grow forever.
    1. Creating and calling a default proc is a waste of time, and Cramming everything into one line using tortured constructs doesn't make the code more efficient--it just makes the code harder to understand.

      The nature of this "answer" is a comment in response to another answer. But because of the limitations SO puts on comments (very short length, no multi-line code snippets), comment feature could not actually be used, so this user resorted to "abusing" answer feature to post their comment instead.

      See

    1. Arrays are not sets. Trying to treat them as if they are is an error, and will create subtle problems. What should be the result of the following operations? [1, 1] | [1] [1] | [1, 1] Of course, there are more interesting examples. These two are to get you started. I don't care what the results currently are. I don't care what you think they should be. I can present extremely strong arguments for various answers. For this reason, I believe that #| is an ill-defined concept. Generalizing an ill-defined concept is a world of pain. If you insist on treating objects of one class as if they were members of a different class, there should be bumps in the road to at least warn you that maybe this is a bad idea. I'm not going to argue that we should remove or deprecate #|. I don't think of myself as a fanatic. But encouraging this sort of abuse of the type system just creates problems.
  11. Jun 2020
    1. “The alarming truth,” warned the researcher, “is that the average number of permissions requested by a flashlight app is 25.”
    2. “Asking for too many permissions is dangerous,” ESET malware researcher Lukas Stefanko explains. “These permissions can be misused as an exploit to access more device components, such as call logs, phone numbers, and browsing history.”
    3. At the heart of Google’s challenge has been so-called permission abuse—millions of apps requesting the rights to access device data and functions beyond those needed to deliver their own functionality.
    4. The security feature in Android 11 is a long overdue crackdown on this permission abuse.
    1. Google’s novel response has been to compare each app to its peers, identifying those that seem to be asking for more than they should, and alerting developers when that’s the case. In its update today, Google says “we aim to help developers boost the trust of their users—we surface a message to developers when we think their app is asking for a permission that is likely unnecessary.”
    1. One of the new tools debuted by Facebook allows administrators to remove and block certain trending topics among employees. The presentation discussed the “benefits” of “content control.” And it offered one example of a topic employers might find it useful to blacklist: the word “unionize.”

      Imagine your employer looking over your shoulder constantly.

      Imagine that you're surveilled not only in regard to what you produce, but to what you—if you're an office worker—tap our in chats to colleagues.

      This is what Facebook does and it's not very different to what China has created with their Social Credit System.

      This is Orwellian.

    1. Zoom didn't do this to comply with local law.

      They did this because they don't want to lose customers in China.

      This is just capitalistic greed.

      Shutting down activists over a dictatorship is wrong, and it is actually as simple as that.

  12. May 2020
    1. The high number of extremist groups was concerning, the presentation says. Worse was Facebook’s realization that its algorithms were responsible for their growth. The 2016 presentation states that “64% of all extremist group joins are due to our recommendation tools” and that most of the activity came from the platform’s “Groups You Should Join” and “Discover” algorithms: “Our recommendation systems grow the problem.”
    1. Website administrators then get access to their visitors’ risk scores and can decide how to handle them: For instance, if a user with a high risk score attempts to log in, the website can set rules to ask them to enter additional verification information through two-factor authentication. As Khormaee put it, the “worst case is we have a little inconvenience for legitimate users, but if there is an adversary, we prevent your account from being stolen.”
    1. If any Firefox engineers are reading this, please don't try to subvert the above workaround, it requires multiple steps and administrator rights to set up, and we must all agree that it is of little sense for Firefox to try defending against unwanted programs or malware that has root access on the device.
  13. Apr 2020
    1. Browser fingerprinting is quite a powerful method of tracking users around the Internet. There are some defensive measures that can be taken with existing browsers, but none of them are ideal. In practice, the most realistic protection is using the Tor Browser, which has put a lot of effort into reducing browser fingerprintability. For day-to-day use, the best options are to run tools like Privacy Badger or Disconnect that will block some (but unfortunately not all) of the domains that try to perform fingerprinting, and/or to use a tool like NoScript for Firefox, which greatly reduces the amount of data available to fingerprinters.
    1. Basically, the attackers don't actually have video of you or access to your contacts, and they haven't been able to install malicious code on your computer. In reality, they're taking a password from a database that's available online, sending it to you, and hoping you're scared enough to believe their story and send them bitcoin.
    1. Abuse There's not much point; if you want to build up a treasure trove of pwned email addresses or usernames, go and download the dumps (they're usually just a Google search away) and save yourself the hassle and time of trying to enumerate an API one account at a time.

      And yet there was a lot of abuse of this API: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/ Why?

    1. Anti-automation on the form where a key can be requested is one thing, stopping someone from manually registering, say, 20 of them with different email addresses and massively amplifying their request rate is quite another.
    2. I got way too many emails from people about API requests being blocked to respond to. Often this was due to simply not meeting the API requirements, for example providing a descriptive UA string. Other times it was because they were on the same network as abusive users. There were also those who simply smashed through the rate limit too quickly and got themselves banned for a day. Other times, there were genuine API users in that West African country who found themselves unable to use the service. I was constantly balancing the desire to make the API easily accessible whilst simultaneously trying to ensure it wasn't taken advantage of.
    3. Another approach I toyed with (very transiently) was blocking entire countries from accessing the API. I was always really hesitant to do this, but when 90% of the API traffic was suddenly coming from a country in West Africa, for example, that was a pretty quick win.
    4. And, of course, the user agent requirement was easily circumvented as I expected it would be and I simply started seeing randomised strings in the UA.
    5. Combating Abuse with Firewall Rules
    6. Identifying Abusive API Usage
    7. Make more than 40 requests in a minute and you're in the naughty corner for a day. Only thing is, that's IP-based and per the earlier section on abusive patterns, actors with large numbers of IP addresses can largely circumvent this approach. It's still a fantastic turn-key solution that seriously raises the bar for anyone wanting to get around it, but someone determined enough will find a way.
    1. Well, as a home user, I also belong to an investment club with 10 members. I also have a medium size family who I like to send photo's to, and my son is on a soccer team. all those have greater than 5 people on the list. sooooooooo..... once again, the people with valid use of the internet have to 'deal' with those that abuse it.
    1. School for many people is a place to get fed, a place to feel safe, a place to get encouraged. It’s a place to be around people who share your desire to learn. Now they are cut off from that, and some of that can’t be duplicated easily online.

      Yes, this is a problem. However... Schools weren't designed to be a safegaurd against poor parenting, but they're treated that way, as if they're a place to escape the idiots they live with.

      Schools shouldn't tolerate this. Instead, they should intervene. They should bring in a third party, someone/an organization specifically designed to help kids who come from broken homes, to help heal how they live when school's not in session. Any measure less than this signals, to me, a school system that's not paying attention to their student's emotional needs, which are, I believe, key to ensuring the child thrives throughout their school years.

    1. Thousands of enterprises around the world have done exhaustive security reviews of our user, network, and data center layers and confidently selected Zoom for complete deployment. 

      This doesn't really account for the fact that Zoom have committed some atrociously heinous acts, such as (and not limited to):

    2. Transparency has always been a core part of our culture.

      If this were true, why does this exist?

  14. Mar 2020
    1. This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company.
    2. But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below
    1. The author and production team are to be commended for releasing the article, without a hint of irony, on the Verizon/TechCrunch platform, which perfectly exemplifies the extreme abuses of privacy consent implementation described in the story.
    1. The system has been criticised due to its method of scraping the internet to gather images and storing them in a database. Privacy activists say the people in those images never gave consent. “Common law has never recognised a right to privacy for your face,” Clearview AI lawyer Tor Ekeland said in a recent interview with CoinDesk. “It’s kind of a bizarre argument to make because [your face is the] most public thing out there.”
    1. Enligt Polismyndighetens riktlinjer ska en konsekvensbedömning göras innan nya polisiära verktyg införs, om de innebär en känslig personuppgiftbehandling. Någon sådan har inte gjorts för det aktuella verktyget.

      Swedish police have used Clearview AI without any 'consequence judgement' having been performed.

      In other words, Swedish police have used a facial-recognition system without being allowed to do so.

      This is a clear breach of human rights.

      Swedish police has lied about this, as reported by Dagens Nyheter.

  15. Feb 2020
  16. Jan 2020
    1. received a message telling me that my account had been locked because I was incarcerated and as such, disallowed from using Facebook
    1. Pay for each job is still set through a black-box algorithm
    2. Under the pay model the company employed from 2017 until the fall of 2019, each dollar of customer tip did not raise workers’ earnings by a dollar
  17. Nov 2019
    1. Loading this iframe allows Facebook to know that this specific user is currently on your website. Facebook therefore knows about user browsing behaviour without user’s explicit consent. If more and more websites adopt Facebook SDK then Facebook would potentially have user’s full browsing history! And as with “With great power comes great responsibility”, it’s part of our job as developers to protect users privacy even when they don’t ask for.
    1. Tea cites Chavisa Woods’s recent memoir of sexism 100 Times, Andrea Lawlor’s Paul Takes the Form of a Mortal Girl and Brontez Purnell’s Since I Laid My Burden Down as examples of books that have fearlessly and artfully tackled themes of power and gender relations, misogyny and sexual violence. “Right now, I think the [publishing] industry is responding to what is happening and saying: ‘Yes we really need these voices, we need these ideas out in the world.’

      So true!

      My review of Chavisa Woods's book is here.

    1. Google has confirmed that it partnered with health heavyweight Ascension, a Catholic health care system based in St. Louis that operates across 21 states and the District of Columbia.

      What happened to 'thou shalt not steal'?

    1. Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed.

      So, Facebook uses your camera even while not active.

    1. Speaking with MIT Technology Review, Rohit Prasad, Alexa’s head scientist, has now revealed further details about where Alexa is headed next. The crux of the plan is for the voice assistant to move from passive to proactive interactions. Rather than wait for and respond to requests, Alexa will anticipate what the user might want. The idea is to turn Alexa into an omnipresent companion that actively shapes and orchestrates your life. This will require Alexa to get to know you better than ever before.

      This is some next-level onslaught.

    1. Somewhere in a cavernous, evaporative cooled datacenter, one of millions of blinking Facebook servers took our credentials, used them to authenticate to our private email account, and tried to pull information about all of our contacts. After clicking Continue, we were dumped into the Facebook home page, email successfully “confirmed,” and our privacy thoroughly violated.
    1. If the apparatus of total surveillance that we have described here were deliberate, centralized, and explicit, a Big Brother machine toggling between cameras, it would demand revolt, and we could conceive of a life outside the totalitarian microscope.
    1. The FBI is currently collecting data about our faces, irises, walking patterns, and voices, permitting the government to pervasively identify, track, and monitor us. The agency can match or request a match of our faces against at least 640 million images of adults living in the U.S. And it is reportedly piloting Amazon’s flawed face recognition surveillance technology.

      FBI and Amazon are being sued because of surveillance of people living in the USA.

    1. Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc’s (FB.O) WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.
  18. Oct 2019
    1. Per Bloomberg, which cited an memo from an anonymous Google staffer, employees discovered that the company was creating the new tool as a Chrome browser extension that would be installed on all employees’ systems and used to monitor their activities.

      From the Bloomberg article:

      Earlier this month, employees said they discovered that a team within the company was creating the new tool for the custom Google Chrome browser installed on all workers’ computers and used to search internal systems. The concerns were outlined in a memo written by a Google employee and reviewed by Bloomberg News and by three Google employees who requested anonymity because they aren’t authorized to talk to the press.

    1. A highly interesting article where a well-known company prefers blood money to allowing employees to talk about politics. This is capitalism at its core: all profit, no empathy.

    2. GitLab, a San Francisco-based provider of hosted git software, recently changed its company handbook to declare it won't ban potential customers on "moral/value grounds," and that employees should not discuss politics at work.
    3. Meanwhile at Microsoft's GitHub, employees at both companies have objected to GitHub's business with ICE, not to mention Microsoft's government contracts. Employees at Amazon have also urged the company not to sell its facial recognition technology to police and the military.
    1. This system will apply to foreign owned companies in China on the same basis as to all Chinese persons, entities or individuals. No information contained on any server located within China will be exempted from this full coverage program. No communication from or to China will be exempted. There will be no secrets. No VPNs. No private or encrypted messages. No anonymous online accounts. No trade secrets. No confidential data. Any and all data will be available and open to the Chinese government. Since the Chinese government is the shareholder in all SOEs and is now exercising de facto control over China’s major private companies as well, all of this information will then be available to those SOEs and Chinese companies. See e.g. China to place government officials inside 100 private companies, including Alibaba. All this information will be available to the Chinese military and military research institutes. The Chinese are being very clear that this is their plan.

      At least the current Chinese government are clear about how all-intrusive they will be, so that people can avoid them. IF people can avoid them.

    1. "I know that this is happening all the time. There have been strange faxes containing all sorts of terms of abuse," court spokeswoman Nina Eldh told the newspaper.
    1. Amazon doesn’t tell customers much about its troubleshooting process for Cloud Cam. In its terms and conditions, the company reserves the right to process images, audio and video captured by devices to improve its products and services.
    2. Nowhere in the Cloud Cam user terms and conditions does Amazon explicitly tell customers that human beings are training the algorithms behind their motion detection software.
    3. An Amazon team also transcribes and annotates commands recorded in customers’ homes by the company’s Alexa digital assistant
    4. Dozens of Amazon workers based in India and Romania review select clips captured by Cloud Cam, according to five people who have worked on the program or have direct knowledge of it.
    1. We recently discovered that when you provided an email address or phone number for safety or security purposes (for example, two-factor authentication) this data may have inadvertently been used for advertising purposes, specifically in our Tailored Audiences and Partner Audiences advertising system. 

      Twitter may have sold your e-mail address to people.

      Twitter has only done this with people who have added their e-mail address for security purposes.

      Security purposes for Twitter = sell your e-mail address to a third-party company.

      Spam for you = security purposes for Twitter.

  19. Sep 2019
    1. There is already a lot of information Facebook can assume from that simple notification: that you are probably a woman, probably menstruating, possibly trying to have (or trying to avoid having) a baby. Moreover, even though you are asked to agree to their privacy policy, Maya starts sharing data with Facebook before you get to agree to anything. This raises some serious transparency concerns.

      Privacy International are highlighting how period-tracking apps are violating users' privacy.

  20. Aug 2019
    1. Debate about online annotation technologies and practices will continue.

      I've added a few examples of abuse and conversation here in the past: https://indieweb.org/annotation#Annotation_Sites_Enable_Abuse

    1. Last March, ProPublica published an extensive investigation that found IBM had fired an estimated 20,000 U.S. employees ages 40 or older in the past five years.
    2. The company started firing older workers and replacing them with millennials, who IBM’s consulting department said “are generally much more innovative and receptive to technology than baby boomers.”
    3. International Business Machines Corp. has fired as many as 100,000 employees in the last few years in an effort to boost its appeal to millennials and make it appear to be as “cool” and “trendy” as Amazon and Google, according to a deposition from a former vice president in an ongoing age discrimination lawsuit.

      IBM has a long history of working against humanity, e.g. when colluding with the Nazis.