Thank you. I’m going to restate your explanation to be sure I’ve got it:

• authorities want platforms to comply with legal requests
• when Signal gets a subpoena, they open the key locker and show that it’s empty. They provide the metadata they can (sign up date and last seen date, full stop) and tell authorities they can’t do better.
• when Telegram gets a subpoena, they open the key locker and show all the keys, then slam it shut in the face of the investigator, telling them to get bent.
• conclusion: it’s easier to never have the keys in the first place than to tease the government with them

I’m no authority on it but from what I’ve read it seems to have more to do with the social features of telegram where lots of content is being shared, both legal and illegal. Signal doesn’t have channels that support hundreds of thousands of people at once, nor media hosting to match.

Let’s assume that hashing passwords falls into the “good security” bucket, and wouldn’t be part of the “bad security” scenario.

Lmfao the proverbial tip. OK you got me there 😂

I like this analogy; it’s provocative and it made me think about the issue for longer than I would have otherwise.

However, after some thought, I don’t think it aligns perfectly since the user can simply choose not to read the article, so there’s an option where they don’t get fucked.

In the same vein, I think we could make a better analogy to sexting. You meet someone, seem to hit it off, and when the texts and pictures get a little spicy, they hit you with a, “you can pay me now and I will keep all of this in my private spank-bank, otherwise I’m going to share our entire relationship with a group chat I’m in with 1200+ people”

I think this is a bit stronger because it hits on a few notes where the hook-up analogy falls short: sharing of sensitive information, extortion in exchange for gratification, and the potential for an ongoing relationship.

Idk, what do you think?

Probably because at the end of the day:

1. Most people don’t have the tools or desire to figure out how to run an LLM locally.
2. What if I run a local LLM on my PC and I leave my home? Do I now need to learn how to deploy a VPN at home so I always have access? I could do this, but I don’t want to. Oh, you know a model that runs on Android? What if I have an iPhone?
3. Proton is a for-profit business that surveyed their customers and got feedback that customers wanted a writing assistant. This one seems the most important.

They’re arresting tourists from other countries for being pregnant? On the basis that they might… go home and get an abortion? I don’t completely follow.

You know this thread is about US federal immigration, right?

I’m not super in tune with everything that happens in the backwards US states but this doesn’t sound like something that is happening. Yes, I’ve heard that some states are or have inquired about getting data from health apps about period tracking, and I’ve read the articles about the nefarious ways that they could use that data, but I’ve seen nothing about the impact that could have on tourists.

Okay, yes, but what does this have to do with my period tracking apps?

Linux ISOs are my all-time favorite thing to torrent so this does seem like it requires further research.

Thank you?

It sounds like someone got ahold of a 6 year old copy of Google’s risk register. Based on my reading of the article it sounds like Google has a robust process for identifying, prioritizing, and resolving risks that are identified internally. This is not only necessary for an organization their size, but is also indicative of a risk culture that incentivizes self reporting risks.

In contrast, I’d point to an organization like Boeing, which has recently been shown to have provided incentives to the opposite effect - prioritizing throughput over safety.

If the author had found a number of issues that were identified 6+ years ago and were still shown to be persistent within the environment, that might be some cause for alarm. But, per the reporting, it seems that when a bug, misconfiguration, or other type of risk is identified internally, Google takes steps to resolve the issue, and does so at a pace commensurate with the level of risk that the issue creates for the business.

Bottom line, while I have no doubt that the author of this article was well-intentioned, their lack of experience in information security / risk management seems obvious, and ultimately this article poses a number of questions that are shown to have innocuous answers.

Everything is transient and eventually becomes shitty, sure, but I generally trust them because they’re able to make money just from people using the service. I don’t know how profitable they are, but I am reasonably certain that as the card issuer they get a cut of every transaction. Given that they aren’t issuing physical cards and have no obvious costs other than maintaining their platform, I don’t see a reason not to trust them in the medium term.

I’ve generally had good experiences with Privacy.com. It seems like a decent solution when I want something from a semi-reputable website.

I particularly enjoy the bit where cards are vendor-locked, which has been interesting to observe in a couple of instances where a site seems to have had their credit card db breached and the attackers turn around and try to use the card on another site, where it is inevitably denied, but I still get an email that shows which site got hacked and where the attackers were trying to use the information.

You lucky bastard. 😁

How many wrong guesses were you allowed before the system would lock your account?

Earlier this month, junior minister Stephen Parkinson appeared to concede ground, saying in parliament’s upper chamber that Ofcom would only require them to scan content where “technically feasible”.

Big if true.