Thank you, not sure why OP didn’t cross-post the original post here?

In addition to letting the website owner know about the issue, I would reach out to Troy Hunt with your evidence, so the data can be loaded into Have I Been Pwned and the affected people notified.

It’s a sauna on a boat. She’s out in the middle of nowhere with some dude she barely knows. You know, she looks around and what does she see? Nothin’ but open ocean.

Wasn’t this the plot of South Park episode where Kyle’s dad was exposed to be a shitposter on an alt account. Life imitates art.

huh, really?? this post and the original is showing in !privacy@lemmy.ml for me, and going there, I see two posts with the same link:

Original: https://lemmy.ml/post/41458701

Repost (this post): https://lemmy.ml/post/41482621

I don’t see this post in !privacy@lemmy.world at all, even when checking on lemmy.world directly. I don’t think this is a federation issue.

I’ve never seen any interview as invasive as this, but i think simple take home assignments are useful to weed out people who don’t have basic skills for the role, can’t read instructions clearly, and/or don’t care enough for the role. It avoids me spending 30 minutes to an hour interviewing them to just reject them.

The roles i interview for are mid level devops based, and we’ve found that the best way to do this is to provide the candidate a simple git repo with 2 branches, which can’t be merged due to a merge conflict of two text files; no coding required. Just asking the candidate to resolve the merge conflict and write a README with the steps taken is enough to have more than half of the candidates unable to complete the task. If we interviewed all those candidates first, and then had to reject them, it would probably be 1 full working day per month in aggregate that would be utterly wasted.

Am I missing something but this isn’t cross posted from another community, right? the original post was in this community, !privacy@lemmy.ml, so why repost if it’s less than 12 hours later in the same community?

Removed by mod

deleted by creator

The standard is called TOTP and Google became synonymous with it because they pushed it in the late 2000s for Gmail and have a large user base. Other sites did have systems beforehand, like Paypay which had a dedicated fob, but that was not widely used. Gmail was likely most people’s first experience with MFA and Google pushed their own Authenticator app (and didn’t really advertise that others could be used). As other sites got on board, it was easier to tell people to use the app they use for google to get their code, since you could assume people had the app.

Basically that made a situation where people who had a different TOTP app knew their app would work with “Google Authenticator” but for those without an app or using Google Authenticator, they were likely unaware of the interoperability and standards behind the mechanisms.

123 Fake Street, got it!

Plus google doesn’t really care if the obscure LucasArt codec is actually fixed, they’re raising the bugs publicly to sell their AI. This is marketing, not security. The more bugs it finds the better, since sales doesn’t care about the quality of the bugs found.

Non-paywall link: https://archive.is/20251105220347/https://www.wired.com/story/welcome-to-mamdanis-surveillance-state/

Still not sure what you’re talking about. What was the sensitive information stored on servers that got sold?

What is the context for the sensitive information being sold?

because you don’t know what the last person using that IP did

See also: why you don’t wear a condom someone else came in

MAC address is in the data link layer of the networking stack, and would only be seen by other devices on the same network as you. This isn’t visible to websites you visit (unless you’re on the same subnet), and as TCP packets go through network hops, the MAC address is replaced with with the routers MAC address for each hop.

The reason for MAC address randomization (standard on iPhone and Android) is not for anonymity to the websites you visit, but is there to anonymize the wifi broadcasts in your general vicinity, like a 30 meter radius. The MAC address is randomized so that broadcasts to check wifi networks while you’re out and about can’t be used to track your physical location.

It just takes one time logging in without having VPN enabled for your account to be associated with a location. Their ad network probably filters out known VPN IPs, or IPs from countries where there are no ads to serve up, which might leave the only valid IP address associated with their account to be used.

I’d like to believe, but the source for the article is a random Medium article which claims there were leaked document, but the headline is clearly click bait. The medium post doesn’t go into any details about this, it just outlines some open source tools with “ai” to do basic tasks to run your infrastructure in AWS, not what any engineer working for AWS would actually be doing.

If messages aren’t end to end encrypted, then their contents of the messages can be intercepted by Telegram or any adversary who has access to Telegram’s systems. This is what the US Government was doing with Prism to suck in unencrypted data from ISPs without their knowledge. By not having end to end encryption, you have to trust that Telegram administrators are being truthful when they say they’re not looking at your messages, and that their systems are never compromised by crimegroups or nation states without Telegram’s knowledge.