208 Matching Annotations
  1. Jan 2024
    1. Agree. I have 3 seconds of silence as my ringtone. Been using that since I had a clamshell phone. Everyone in my contacts list has a custom ringtone so they will ring. Anyone I don't know won't ring and if it is important they'll leave a message. Spammers usually don't leave messages.

  2. Dec 2023
    1. This is similar to gdonato's answer, but scopes in doorkeeper are better used for managing which permissions are being given to the authenticated app (i.e. "Give this app permission to read X and write Y on your behalf").
  3. Nov 2023
    1. One such way that social media accounts are exploited is when users are enticed to download malicious browser extensions that request read and write permissions on all websites. These users are not aware that later on, typically a week or so after being installed, the extensions will then download some background Javascript malware from its command and control site to run on the user's browser.
  4. Apr 2023
  5. Mar 2023
    1. Theconcept of consumption corridors combines notions of human needs,individual preferences, and freedom as the basis for a good life for all.
      • Comment
      • When
        • human needs
        • individual preferences
        • individual freedom
      • are combined, it provides the individual with agency, creativity and freedom to choose a lifetsyle within ecological limits
      • Especially when we are collectively in overshoot, we must adhere to such limits
      • Limits always exist within any society. There is no such thing as absolute freedom
      • However, we have been abusing our ecological freedom and have thereby threatened our own existence by doing so
  6. Dec 2022
  7. Oct 2022
    1. The FBI declined several requests to comment for this article.  Among the documents obtained by Rolling Stone —some of which are newly declassified— is a 1968 document discussing funeral plans for Martin Luther King Jr., calling it a “racial situation.” It further notes “Sammy Davis Jr., Aretha Franklin…of this group, some have supported militant Black power concept…[performance at MLK memorial by these prominent entertainers] would provide emotional spark which could ignite racial disturbance in this area.” The agency also tried and failed to connect Franklin to the Black Liberation Army and other so-called “radical” movements. In one case, the FBI detailed her 1971 contract with Atlantic Records “just in case” agents could link Franklin’s business dealings to the Black Panther Party.  Another document titled “Possible Racial Violence” describes an incident in August 1968 when Franklin canceled a show at the Red Rocks Amphitheater near Denver, Colorado. According to local news reports at the time, fans engaged in a “20-minute melee” and  “broke chairs and music stands, damaged a grand piano, and even set fire to trees, bushes and trash piles.”
  8. Aug 2022
  9. Jun 2022
    1. We will continue to listen and work to make Hypothesis a safe and welcoming place for expression and conversation on the web

      What has been done to improve this situation since this post six years ago?

    1. 22. We may note in passing the archaic nature of the US Supreme Court, whosejudges are named for life like the pope of the Catholic Church and the apostles of theMormon church. However, a pontifical bull of 1970 denied cardinals over eighty yearsold the right to vote in papal elections, which proves that all institutions can be re-formed, even the most venerable ones.
  10. May 2022
  11. Feb 2022
  12. Jan 2022
  13. Nov 2021
    1. “(T)he 2020 election revealed that, at least with respect to an administration’s senior most officials, the Hatch Act is only as effective as the White House decides it will be. Where, as happened here, the White House chooses to ignore the Hatch Act’s requirements, then the American public is left with no protection against senior administration officials using their official authority for partisan political gain in violation of the law,” it reads.
  14. Oct 2021
    1. So if I just forward the cookie header (which contains the access-token), wouldn't that be just what I am not supposed to do. I mean what's the point of using 'HttpOnly' flag if I return the token to the client-side js on every request.
  15. Aug 2021
  16. Jul 2021
    1. Abuse, security, spam●Let services moderate?

      To me, this is very interesting, along with protection against bots/AI/regimes/etc. that could try to steer opinion.

    1. Rodolfo: I'm a victim of sexual abuse in the United States and there was a police report made and everything. And I've also been a victim of gang violence. I was never, you can check my background and everything. I was never into gangs or anything, but around the area I lived in there was a bunch of gangs and... I was beat up two or three times bad just by walking home. And it was all documented, I had police reports and everything. And because of that I was in therapy for while. My mother sought out a help from a psychiatrist because of the sexual abuse I had as a child in California, as a matter of fact.Rodolfo: I took Risperdal and a Ritalin, Risperdal for the anxiety and the Ritalin and for the ADHD. So, we tried everything. The mental health side, the mental health asylum, everything. But it was just going to take longer and longer and longer and I was tired of it. I didn't want to be locked up anymore. So, finally I just told my mom, “You know what man, that's it, I'm done. I don't want to do this anymore.” She asked me, “Is this what you want to do?” And I told her, “Yeah.”Rodolfo: She told me, “You know what? I'd much rather see you over there and be free then not being able to see you here at all.” Because there was a lot of people that went to go visit their loved ones and they used to get picked up. Sometimes they wouldn't even let you see your loved ones and right away ask you for your identification, your social security card, your nationality and everything and they would get picked up.Rodolfo: And I always told my mom, “Don't ever come visit me. Don't ever come visit me because if you do, chances are they're going to take you too.” And you know, that would always break my heart because I would want to see my mom. I'd want to see my dad and everything, but I wasn't able to. So, that experience was just horrible.Sergio: When you were in the detention center what were the conditions? Did you have access the medicine you needed? Did you have access to food and water?Rodolfo: The company that made the jail was called GEO Corp and they were actually, I'm not going to lie to you, they actually were pretty good, health-wise, not so much security-wise. A lot of things would happen in there that definitely shouldn't have ever happened. But with the food and everything, it was good. In my opinion it was because of the company. I feel as though if it was up to the government... Thank God it was an independent company that was hired by DHS as opposed to if DHS were to make their own jail, I feel they would be completely different.Rodolfo: It was [Pause] a pleasantly... there's no way to describe it, it was bad. It was bad, but for what it was I guess it was okay. I don't see there being an in-between or any pretty way to paint that picture as to how good or bad it was in there. Because at the end of the day you're deprived of your freedom. You can't just pick up the phone whenever you want and call your loved ones because you've got to pay for that too. You got pay for that. And if you want to take a shower, you have to buy your soap, right? You've got to buy it yourself, you've got to buy everything. And now you're becoming a liability for your family, you're becoming another bill.Rodolfo: You're becoming another bill and that's what I didn't want. So, that's why I started working. And now, older, I'm becoming another bill. So, I don't get it. You're taking us away from the jobs that we have and everything. You know? So, take us back to our country. And I'm not sure if it this is a fact or not, but I was reading when I first got in here, there was a time where there wasn't enough field workers for, I think, avocado—or, not avocado, I think it was oranges or something like that.Rodolfo: And I remember me saying, “Well, there goes all the deportees. There goes all the people you guys deported. Where are the people that were so outraged because we took your jobs? Go ahead, there you go. There are a lot of vacancies, making these open for those jobs, go ahead, man. All yours buddy, knock yourself out.”Rodolfo: But nobody wants to work those jobs, right? You see what I'm saying though, right?

      Leaving the US, Reason for Return, Deportation, Voluntary departure, Family decision, No hope for a future in the US, Detention, Treatment by; Time in the US, Violence, Sexual Abuse, Gangs, Bullying, Fear of, Jobs/employment/work

    1. Assuming that people trust your site, abusing redirections like this can help avoid spam filters or other automated filtering on forums/comment forms/etc. by appearing to link to pages on your site. Very few people will click on a link to https://evilphishingsite.example.com, but they might click on https://catphotos.example.com?redirect=https://evilphishingsite.example.com, especially if it was formatted as https://catphotos.example.com to hide the redirection from casual inspection - even if you look in the status bar while hovering over that, it starts with a reasonable looking string.
  17. Jun 2021
    1. He took us to Texas for two years. We were actually on the news as missing children. If you look me up, I have all our photos. We were gone for two years, and the reason that they found us was because my dad was actually trying to rob a wheel store—rim store.

      Time in the US - homelife - domestic abuse - kidnapping

    2. My dad was already in the States. But a couple of years passed after we crossed the border, my mom and my dad didn't get along, and my dad was really controlling and abusive.

      Time in the US - homelife - domestic abuse - seperation

    3. Mike: My dad was already in the States. But a couple of years passed after we crossed the border, my mom and my dad didn't get along, and my dad was really controlling and abusive. So my mom ran away and took us to Los Angeles to live with my uncle. And, at that time, my dad didn't know where we were, because my mom was really scared.

      Time in the US- Homelife- Parents/ Step Parents- Violence (domestic)

    4. And it took a whole month for the cops to come to my house. So I was with my two little brothers and my little sister was born by that time. She was like three, four. We stayed a whole month with nobody just by ourselves in the house. And I remember this—

      fear from the violence inflicted on them by father caring for younger siblings escaping the violence and being alone

    1. With my parents? My mother, yes. She doesn't like to talk about it. The older I get, the more she opens up, but it's not something that she likes to talk about. It was never in front of us, it was behind closed doors. I thank my father. He's a piece of shit, but I thank him for at least having the thought of not wanting to traumatize us. So yes, it was behind closed doors, but the more I get out of my mom, it was a lot of emotional abuse as well, a lot. I think there was some physical abuse. My mom's never touched upon it, but that's what happened. And then we got to Chicago.

      Life in Mexico - Domestic abuse Migration from Mexico - Domestic abuse and divorce

    2. Was there any domestic abuse in your family?Luisa: With my parents? My mother, yes. She doesn't like to talk about it. The older I get, the more she opens up, but it's not something that she likes to talk about. It was never in front of us, it was behind closed doors. I thank my father. He's a piece of shit, but I thank him for at least having the thought of not wanting to traumatize us. So yes, it was behind closed doors, but the more I get out of my mom, it was a lot of emotional abuse as well, a lot. I think there was some physical abuse. My mom's never touched upon it, but that's what happened.

      Time in the US, Migration from Mexico, Reasons, Domestic Violence

    1. Everyone has soul connections. Everyone has a person they can build and grow with. Everyone also has what is called "toxic soulmates". These are connections you are drawn to for all the wrong reasons. They fulfill every dark shadow you unconsciously deny. They represent everything in you that has turned black and cold. As much as you know it is toxic, you cant turn away cause this connection is the only one that makes you feel "like this". It is the only way you can currently feel love, through your toxic soulmate. But sometimes through will, determination and lots of gentle reflection you will begin to notice your toxic soulmate is the opposite of what you need in every way. Your toxic soulmate is intoxicating, but also drains you of all your love and light. This person was meant to come into your life to test the worst parts of you. And at the end of this toxic relationship it will feel like you are dying. You will feel there is nothing good left cause your toxic soulmate has taken everything you built around them. But what is left? An empty shell. You dont even know who you are without this toxicity to tell you how to feel. And then the magic happens. You realize you are not an empty shell, but you are LIKE an empty shell. With so much room for love and light. You begin to realize your toxic soulmate never respected you or your boundaries. They never treated you with care and gentle compassion. They didnt actually give you any of the things you needed to grow. You realize this toxicity was a blessing in disguise. And there, broken and confused, you see them. Your person. Your real soulmate. And it's so terrifying and you never want to try again but you do, and when you do the most beautiful thing happens. You laugh. Your soulmate can feel your warmth through your smile. You feel safe for the first time in so long, protected. You begin to notice every day this person does little things to make your day. And even though you are starting to use your own light, your healthy soulmate connection is there as a backup in case your light goes dark. There is no judgement, there is no keeping track of wattage consumption, and they won't throw it back in your face later on. Cause they know. Cause they had time with their own toxic soulmates. And in this beautiful new dynamic you will start to dance. You will step over your own feet cause you're not used to having a partner in sync with you. As you learn the moves together, you look into this person's eyes and all you see if pure love and light. You feel connected through energy. You know now that you can grow with this person, safely, at your own pace. You know now you can be your best self with this person, not because they inspire you at your best but cause they can inspire you at your worst, and without judgement. To find this person, this healthy soulmate connection, is not rare, we are simply caught up in our toxic soulmates to notice that a flower cannot grow in the darkness. You can't see what a rose looks like unless it has been nourished with sunlight and water. It is an amazing gift to meet your soulmate connections. To learn from them. Just know, if you love someone "to death" but you cannot grow in yourself or the relationship, it's either the wrong time or it could be a toxic soulmate teaching you what you DON'T want in a partner. These relationships have its course and they're very powerful, but they aren't meant to be lifelong relationships. They aren't meant to keep you in the same suffering position you're entire life. You are meant to take all the time you need to learn, and then take those lessons and build a beautiful life around yourself and make sure to cultivate a space for a healthy partner and the boundaries and qualities you seek. It is not too much to ask to be spoken to with kindness, it is not too much to ask for help around the house. It's not too much to want to be held. Your healthy soulmate already knows what you need, and your toxic soulmate will keep pushing you towards your continued path until you accept the lessons and be open to the healing side. - I wrote this on my page and thought it might be a good read for others. Hope you're all staying safe and healthy

      Soul ties

  18. May 2021
    1. Charlotte Jee recently wrote a lovely fictional intro to a piece on a “feminist Internet” that crystallized something I can’t quite believe I never saw before; if girls, women and non-binary people really got to choose where they spent their time online, we would never choose to be corralled into the hostile, dangerous spaces that endanger us and make us feel so, so bad. It’s obvious when you think about it. The current platforms are perfectly designed for misogyny and drive literally countless women from public life, or dissuade them from entering it. Online abuse, doxing, blue-tick dogpiling, pro-stalking and rape-enabling ‘features’ (like Strava broadcasting runners’ names and routes, or Slack’s recent direct-messaging fiasco) only happen because we are herded into a quasi-public sphere where we don’t make the rules and have literally nowhere else to go.

      A strong list of toxic behaviors that are meant to keep people from having a voice in the online commons. We definitely need to design these features out of our social software.

  19. Mar 2021
    1. Democrat Chicago to allow the economy to open up less than a week after Biden's inauguration...it's all planned to make Biden appear successful! Democrats allowed millions of people to suffer and lose businesses all for their own greed and power!
  20. Feb 2021
  21. Jan 2021
    1. Group Rules from the Admins1NO POSTING LINKS INSIDE OF POST - FOR ANY REASONWe've seen way too many groups become a glorified classified ad & members don't like that. We don't want the quality of our group negatively impacted because of endless links everywhere. NO LINKS2NO POST FROM FAN PAGES / ARTICLES / VIDEO LINKSOur mission is to cultivate the highest quality content inside the group. If we allowed videos, fan page shares, & outside websites, our group would turn into spam fest. Original written content only3NO SELF PROMOTION, RECRUITING, OR DM SPAMMINGMembers love our group because it's SAFE. We are very strict on banning members who blatantly self promote their product or services in the group OR secretly private message members to recruit them.4NO POSTING OR UPLOADING VIDEOS OF ANY KINDTo protect the quality of our group & prevent members from being solicited products & services - we don't allow any videos because we can't monitor what's being said word for word. Written post only.

      Wow, that's strict.

  22. Dec 2020
    1. Ek said that many artists are happier in private about the money they receive than they are in public. He also said that musicians not doing well from streaming are the ones who want to release music “the way it used to be released”.

      This is hogwash. Artists want to make a living, while Ek and his cohorts maximise their profits while actively lobbying against songwriter royalties and pushing transphobic people like Joe Rogan. More here: https://niklasblog.com/?p=25501

    2. Last week Radiohead’s Ed O’Brien, Elbow’s Guy Garvey and Gomez’s Tom Gray gave evidence alongside Shah. Gray’s Broken Record campaign aims to fight for fairer terms for artists.
    3. many musicians are “scared to speak out” because they don’t want to “lose favour” with all-powerful streaming services and record labels.

      This is horrifying. Just what Shell has done, and other major and uncaring companies, naturally.

  23. Nov 2020
    1. Jeff Bezos has so much money he doesn’t know what to do with it all, so he figures he’d might as well spend it on spaceships. That’s what the Amazon.com Inc. AMZN, -1.04%   founder and chief executive told Mathias Döpfner, the CEO of Business Insider parent Axel Springer, in an interview published over the weekend.
  24. Oct 2020
    1. Use the same value that was submitted, which ensures that a 'change' is triggered even though the value itself doesn't change. Therefore, the same value gets validated again.

      Calling it "change" even though it didn't change is kind of cheating/abuse ... but I guess it's okay...??

        mutateValue([name], state, { changeValue }) {
          // change the value to the same value, thus
          // triggering a revalidation of the same value
          changeValue(state, name, value => value);
        }
      
    1. In agent-oriented programming the antonym is depender, though in general usage the common term dependent is used instead. There is no common language equivalent for dependee', however – other metaphors are used instead, such as parent/child. The circumlocutions “A depends on B” and “B is depended on by A” are much more common in general use than “A is the depender, B is the ' dependee ”.
    1. In the software industry we use "dependency" to refer to the relationship between two objects. We say "looking for dependents" for relationships to dependent things and "looking for dependencies" for relationships to prerequisite things, so it gets that connotation, but the literal meaning is the relationship itself, not the object. Finding a better word is exactly the point of the question
    1. It was dark in the hall. It had been a rule for years never to disturb father in the morning, whatever happened. And now they were going to open the door without knocking even... Constantia’s eyes were enormous at the idea; Josephine felt weak in the knees.

      Both this story and the Garden Party have themes of psychological abuse perpetrated on the young. Laura seems fated by those around her to be nothing more than a doll at a garden party, and Jug and Con. seem to live in persistent fear of their own father.

    1. A while ago we put a system in place to monitor our servers for abusive request patterns and send 503 Service Unavailable responses with custom text depending on the nature of the abuse. Our hope was that the authors of misbehaving software and the administrators of sites who deployed it would notice these errors and make the necessary fixes to the software responsible.
    2. Take responsibility for your outgoing network traffic If you install software that interacts with other sites over the network, you should be aware how it works and what kind of traffic it generates. If it has the potential to make thousands of requests to other sites, make sure it uses an HTTP cache to prevent inflicting abuse on other sites.
    1. Another thing you can do is to add pain to the second part of it. Attackers want the list of valid usernames, so they can then try to guess or brute force the password. You can put protections in place with that as well, whether they are lockouts or multi-factor authentication, so even if they have a valid username, it's much harder to gain access.
    1. Customizable mitigation policies provide multiple response options including block, rate limit, geo fence, or deception. Using deception allows you to send a custom response to the attacker, effectively putting guardrails around their activities.
    1. So that’s already a huge advantage over other platforms due the basic design. And in my opinion it’s got advantages over the other extreme, too, a pure peer-to-peer design, where everyone would have to fend for themselves, without the pooled resources.

      Definitely something the IndieWeb may have to solve for.

    2. Mastodon deliberately does not support arbitrary search. If someone wants their message to be discovered, they can use a hashtag, which can be browsed. What does arbitrary search accomplish? People and brands search for their own name to self-insert into conversations they were not invited to. What you can do, however, is search messages you posted, received or favourited. That way you can find that one message on the tip of your tongue.
  25. Sep 2020
    1. For my point of view, and I've been annoyingly consistent in this for as long as people have been asking for this feature or something like it, style encapsulation is one of the core principles of Svelte's component model and this feature fundamentally breaks that. It would be too easy for people to use this feature and it would definitely get abused removing the style safety that Svelte previously provided.
    1. “With no oversight whatsoever, I was left in a situation where I was trusted with immense influence in my spare time,” she wrote. “A manager on Strategic Response mused to myself that most of the world outside the West was effectively the Wild West with myself as the part-time dictator – he meant the statement as a compliment, but it illustrated the immense pressures upon me.”
    2. Facebook ignored or was slow to act on evidence that fake accounts on its platform have been undermining elections and political affairs around the world, according to an explosive memo sent by a recently fired Facebook employee and obtained by BuzzFeed News.The 6,600-word memo, written by former Facebook data scientist Sophie Zhang, is filled with concrete examples of heads of government and political parties in Azerbaijan and Honduras using fake accounts or misrepresenting themselves to sway public opinion. In countries including India, Ukraine, Spain, Brazil, Bolivia, and Ecuador, she found evidence of coordinated campaigns of varying sizes to boost or hinder political candidates or outcomes, though she did not always conclude who was behind them.
  26. Aug 2020
    1. Facebook has apologized to its users and advertisers for being forced to respect people’s privacy in an upcoming update to Apple’s mobile operating system – and promised it will do its best to invade their privacy on other platforms.

      Sometimes I forget how funny The Register can be. This is terrific.

  27. Jul 2020
    1. Besides, this will just end up being reported as a security bug to the security list if left as is, cause docker will eat up all your disk space due to a single call site flooding STDERR forcing logs to grow forever.
    1. Creating and calling a default proc is a waste of time, and Cramming everything into one line using tortured constructs doesn't make the code more efficient--it just makes the code harder to understand.

      The nature of this "answer" is a comment in response to another answer. But because of the limitations SO puts on comments (very short length, no multi-line code snippets), comment feature could not actually be used, so this user resorted to "abusing" answer feature to post their comment instead.

      See

    1. Arrays are not sets. Trying to treat them as if they are is an error, and will create subtle problems. What should be the result of the following operations? [1, 1] | [1] [1] | [1, 1] Of course, there are more interesting examples. These two are to get you started. I don't care what the results currently are. I don't care what you think they should be. I can present extremely strong arguments for various answers. For this reason, I believe that #| is an ill-defined concept. Generalizing an ill-defined concept is a world of pain. If you insist on treating objects of one class as if they were members of a different class, there should be bumps in the road to at least warn you that maybe this is a bad idea. I'm not going to argue that we should remove or deprecate #|. I don't think of myself as a fanatic. But encouraging this sort of abuse of the type system just creates problems.
  28. Jun 2020
    1. “The alarming truth,” warned the researcher, “is that the average number of permissions requested by a flashlight app is 25.”
    2. “Asking for too many permissions is dangerous,” ESET malware researcher Lukas Stefanko explains. “These permissions can be misused as an exploit to access more device components, such as call logs, phone numbers, and browsing history.”
    3. At the heart of Google’s challenge has been so-called permission abuse—millions of apps requesting the rights to access device data and functions beyond those needed to deliver their own functionality.
    4. The security feature in Android 11 is a long overdue crackdown on this permission abuse.
    1. Google’s novel response has been to compare each app to its peers, identifying those that seem to be asking for more than they should, and alerting developers when that’s the case. In its update today, Google says “we aim to help developers boost the trust of their users—we surface a message to developers when we think their app is asking for a permission that is likely unnecessary.”
    1. One of the new tools debuted by Facebook allows administrators to remove and block certain trending topics among employees. The presentation discussed the “benefits” of “content control.” And it offered one example of a topic employers might find it useful to blacklist: the word “unionize.”

      Imagine your employer looking over your shoulder constantly.

      Imagine that you're surveilled not only in regard to what you produce, but to what you—if you're an office worker—tap our in chats to colleagues.

      This is what Facebook does and it's not very different to what China has created with their Social Credit System.

      This is Orwellian.

    1. Zoom didn't do this to comply with local law.

      They did this because they don't want to lose customers in China.

      This is just capitalistic greed.

      Shutting down activists over a dictatorship is wrong, and it is actually as simple as that.

  29. May 2020
    1. The high number of extremist groups was concerning, the presentation says. Worse was Facebook’s realization that its algorithms were responsible for their growth. The 2016 presentation states that “64% of all extremist group joins are due to our recommendation tools” and that most of the activity came from the platform’s “Groups You Should Join” and “Discover” algorithms: “Our recommendation systems grow the problem.”
    1. Website administrators then get access to their visitors’ risk scores and can decide how to handle them: For instance, if a user with a high risk score attempts to log in, the website can set rules to ask them to enter additional verification information through two-factor authentication. As Khormaee put it, the “worst case is we have a little inconvenience for legitimate users, but if there is an adversary, we prevent your account from being stolen.”
    1. If any Firefox engineers are reading this, please don't try to subvert the above workaround, it requires multiple steps and administrator rights to set up, and we must all agree that it is of little sense for Firefox to try defending against unwanted programs or malware that has root access on the device.
  30. Apr 2020
    1. Browser fingerprinting is quite a powerful method of tracking users around the Internet. There are some defensive measures that can be taken with existing browsers, but none of them are ideal. In practice, the most realistic protection is using the Tor Browser, which has put a lot of effort into reducing browser fingerprintability. For day-to-day use, the best options are to run tools like Privacy Badger or Disconnect that will block some (but unfortunately not all) of the domains that try to perform fingerprinting, and/or to use a tool like NoScript for Firefox, which greatly reduces the amount of data available to fingerprinters.
    1. Basically, the attackers don't actually have video of you or access to your contacts, and they haven't been able to install malicious code on your computer. In reality, they're taking a password from a database that's available online, sending it to you, and hoping you're scared enough to believe their story and send them bitcoin.
    1. Abuse There's not much point; if you want to build up a treasure trove of pwned email addresses or usernames, go and download the dumps (they're usually just a Google search away) and save yourself the hassle and time of trying to enumerate an API one account at a time.

      And yet there was a lot of abuse of this API: https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/ Why?

    1. Anti-automation on the form where a key can be requested is one thing, stopping someone from manually registering, say, 20 of them with different email addresses and massively amplifying their request rate is quite another.
    2. I got way too many emails from people about API requests being blocked to respond to. Often this was due to simply not meeting the API requirements, for example providing a descriptive UA string. Other times it was because they were on the same network as abusive users. There were also those who simply smashed through the rate limit too quickly and got themselves banned for a day. Other times, there were genuine API users in that West African country who found themselves unable to use the service. I was constantly balancing the desire to make the API easily accessible whilst simultaneously trying to ensure it wasn't taken advantage of.
    3. Another approach I toyed with (very transiently) was blocking entire countries from accessing the API. I was always really hesitant to do this, but when 90% of the API traffic was suddenly coming from a country in West Africa, for example, that was a pretty quick win.
    4. And, of course, the user agent requirement was easily circumvented as I expected it would be and I simply started seeing randomised strings in the UA.
    5. Combating Abuse with Firewall Rules
    6. Identifying Abusive API Usage
    7. Make more than 40 requests in a minute and you're in the naughty corner for a day. Only thing is, that's IP-based and per the earlier section on abusive patterns, actors with large numbers of IP addresses can largely circumvent this approach. It's still a fantastic turn-key solution that seriously raises the bar for anyone wanting to get around it, but someone determined enough will find a way.
    1. Well, as a home user, I also belong to an investment club with 10 members. I also have a medium size family who I like to send photo's to, and my son is on a soccer team. all those have greater than 5 people on the list. sooooooooo..... once again, the people with valid use of the internet have to 'deal' with those that abuse it.