That’s interesting. Always good to be able to make informed choices

You might not have read the other comments, but I do QA for a living. Devs fucking up commits is why I continue to have a job. Also, companies/maintainers aren’t required to capitulate to every bug report. It’s possible that whoever made the original comments didn’t understand why it was such a big deal and/or didn’t know of an alternative way to structure their software; public pressure made them look a little harder.

Like I said in my first comment: you do you. Bring out the pitchforks. The fact that there’s reasonable candidate explanations other than malicious intent says to me that the internet is overreacting—again.

Though, when has the internet ever done that, amirite? /s

Their inability to do the right PR things is just a signal that they can’t be bothered with the facade…

…or they’re just bad at PR. It’s not a skill everyone has.

Re: ethics, they are no longer on F-Droid because they tried to get this in under the radar…

…or they made an honest mistake and don’t care to put it back on F-droid for reasons to which we are not privy. I bring up these counter-examples not as a way to point out where I’m right and you’re wrong, but to point out that there are other candidate explanations, and it’s not justified to infer that malfeasance is the only likely possibility.

I also understand why you would cynically think that Bitwarden might succumb to Capitalism—I too live in a late-stage-capitalism country—but that’s not a forgone conclusion, and I say again that we don’t need to be imagining villains when there’s plenty of objectively real ones at which to point a finger already.

Also, Mozilla never said they don’t use actual fox skins to warm their devs during development, so one can only wonder why they’ve been so silent on that glaring issue…

/s

I hate to say this, but there’s no real assurances of permanently open clients from anyone. Also, their client is still open, and if they do drop the OSS model, people can just fork it and still have a working client (or fork an old version that meets whatever standards they have).

But unless we can prove that they have actually done something ethically wrong, I don’t see why the internet feels the need to waste energy creating villains from conjecture.

Who knows for how long though because, if you read carefully, they didn’t promise that it will not be used in the future.

This is conspiratorial thinking, and it’s a fallacy called the Argument from Silence (i.e. asserting intent based on what they didn’t say). If I say I’m going to give you a handshake, but you say, “But you didn’t promise you won’t punch me in the face,” most people would recognize that as a ridiculous line of reasoning.

Bitwarden has now landed itself in the category of software that I would rather move away from and cannot wholeheartedly recommend anymore. That’s pretty sad.

You do you. This doesn’t seem all that problematic to me, as I don’t need Secrets Manager, and I’ll still recommend it to anyone looking for a password manager.

Seems to me that it makes more sense to vilify them when they become villains, not before based on paranoid reasoning that they might.

Not something I’m personally into, because I can see this turning into a hotbed for bigotry, but I respect the craft behind it.

That depends on your threat model. For most people, the attack is probably unlikely to affect them, but I would recommend reading about the flaw yourself. It’s not hard to understand.

Also, this was not the fault of Yubico but a supplier, and instead of waiting for the supplier, Yubico patched the flaw themselves by providing a custom library.

Whether you should replace your current Yubikey 5 is up to you.

They’re not entirely un-auditable, either. A security flaw was discovered in the Yubikey 5 in one of the IC modules from a supplier, and they patched all of their keys from that point forward.

Unfortunately, all the 5’s from before May 2024 are unpatchable (by design to prevent thieves from having an easy way into the key), but any key purchased now should be fine.

YouTube doesn’t like VPNs. Harder to track you (and sell/monetize your data) if they can’t tell who you are.

I think Google uses certain fingerprints, like location data, IPs you tend to connect from, etc. In my experience, they’re good at figuring out who and where you are.

I dunno why yours was weird. Maybe Apple is doing something odd behind the scenes.

I found multiple gifs, including ones from Firefly and Soul Reaver as the top results. Further down the page, there’s “reverse” gifs, too.

Anyway, this is just lazy searching. Adding the word “Firefly” brings up all the relevant Firefly results you could want.

Works for me.

I just did it on DDG, Firefox Mobile, moderate safe search level.

I got tons of Soul Reaver gifs, so it’s just you. Google probably got relevant results, because it likely has a sprawling profile of your interests. No idea why your DDG is so fucked up.

I hope these get litigated to death or else people feel peer pressure at being an asshole for buying them.

The fun thing is that with novel cases, the law can change. There’s currently no precedent for AI Camera Glasses, and the law(s) I cited were created before anything like this was even a real possibility for the average person.

And re: phones—you can see that’s a camera. Also, they have a bright LED that indicates recording. These glasses do not.

I get your cynicism, but we do not yet live in the dystopian plutocracy where companies get to do whatever they want with impunity (just a lot of it). Unless you’re a lawyer, I’m not inclined towards your opinion.

https://www.dmlp.org/legal-guide/recording-phone-calls-and-conversations

The info on that page is a little dated but mostly accurate (there’s still 11 states that require two-party consent for recording a conversation, for example). There’s other sources you can find.

I’m not saying it’s a slam dunk case against devices like this, but it’s not like it’s especially common for people to walk around with what are essentially covert cameras on their faces. It’s something for future courts to decide, and I could see an argument against them on these grounds.

Again, I’m NAL.

Several states have anti-spying laws that require disclosure that you’re recording them. I expect we’ll see an uptick in lawsuits about this issue, which will force Meta to revise their device or will cause a chilling effect on their sales.