• 1 Post
  • 16 Comments
Joined 5 months ago
cake
Cake day: June 29th, 2024

help-circle
  • The Republican vice presidential nominee and Ohio senator claimed in an interview with YouTuber Shawn Ryan that a top EU official had threatened to arrest the billionaire [Musk] if he allowed former President Trump back on X.

    “So what America should be saying is, if NATO wants us to continue supporting them and NATO wants us to continue to be a good participant in this military alliance, why don’t you respect American values and respect free speech?” Vance asked. “It’s insane that we would support a military alliance if that military alliance isn’t going to be pro-free speech. […]

    “I’m not going to go to some backwoods country and tell them how to live their lives,” Vance added. “But European countries should theoretically share American values, especially about some very basic things like free speech.”

    The US ranked 26th in the world when it comes to free speech, with several members of the European Union higher up the list, according to the 2024 Global Expression Report.

    If anyone is interested these countries are ahead of the USA from 1-25: Denmark Switzerland Sweden Belgium Estonia Norway Finland Ireland Germany Iceland Portugal Austria New Zealand Canada Argentina Spain Czech Republic Italy Latvia Costa Rica Uruguay France Dominican Republic Netherlands Vanuatu


  • This is an important issue IMO that needs to be addressed and the official response by Bitwardens CTO fails to do so.

    There is not even a reason provided why such a proprietary license is deemed necessary for the SDK. Furthermore this wasn’t proactively communicated but noticed by users. The locking of the Github Issue indicates that discussion isn’t desired and further communication is not to be expected.

    It is a step in the wrong direction after having accepted Venture Capital funding, which already put Bitwardens opensource future in doubt for many users.

    This is another step in the wrong direction for a company that proudly uses the opensource slogan.


  • I think it‘s fair to remain skeptical but the big organizations were part of the development, so there seems to be some interest. And it‘s not always in their interest to lock users in, when it also prevents users from switching to their platform.

    Development of technical standards can often be a fraught bureaucratic process, but the creation of CXP seems to have been positive and collaborative. Researchers from the password managers 1Password, Bitwarden, Dashlane, NordPass, and Enpass all worked on CXP, as did those from the identity providers Okta as well as Apple, Google, Microsoft, Samsung, and SK Telecom.


  • The author of your blog post comes to this conclusion:

    So do yourself a favour. Get something like bitwarden or if you like self hosting get vaultwarden. Let it generate your passwords and manage them. If you really want passkeys, put them in a password manager you control. But don’t use a platform controlled passkey store, and be very careful with security keys.

    The protocol (CXP) which the article is about, would allow you to export the passkeys from the “platform controlled passkey store” and import them into e.g. Bitwarden. So i would imagine the author being in favor of the protocol.


  • The lock-in effect of passkeys is something that this protocol aims to solve though. The “only managed by your device” is what keeps us locked in, if there is no solution to export and import it on another device.

    The protocol aims to make it easy to import and export passkeys so you can switch to a different provider. This way you won’t be stuck if you create passkeys e.g. on an Apple device and want to switch to e.g. Bitwarden or an offline password manager like KeyPassXC

    The specifications are significant for a few reasons. CXP was created for passkeys and is meant to address a longstanding criticism that passkeys could contribute to user lock-in by making it prohibitively difficult for people to move between operating system vendors and types of devices. […] CXP aims to standardize the technical process for securely transferring them between platforms so users are free […].


  • I had the same idea a while back and was wondering why no one has implemented something like this yet. This seems like an actual useful application for LLMs.

    I am using Zotero (Citation Management Software) to collect scientific Articles I have read. Sometimes I forget in which Article I read about something specific. A search, where you could describe what you are looking for in a sentence, which then returns the Article with the relevant part, would be a gamechanger.


  • What does Ente mean?

    In Malayalam, Vishnu’s native language, “ente” means “mine”. Thus “Ente Photos” has the literal meaning “my photos”.

    This was a good name, but still Vishnu looked around for better ones. But one day, he discovered that “ente” means “duck” in German. This unexpected connection sealed the deal. We should ask him why he likes ducks so much, but apparently he does, so this dual meaning (“mine” / “duck”) led him to finalize the name, and also led to the adoption of “Ducky”, Ente’s mascot Source



  • I will copypaste, because this feature has been discussed a lot already.

    The companies will get some general data if their ads work, without a profile about you being created. I am fine with that. Just imagine what a boon it would be for the “normal“ less tech savvy, if advertisers switched to a more privacy respecting technology like this. If more privacy focused people don’t like it, they can simply disable it by ticking one box, without negative consequences (unlike content blockers and similar techniques where a website can penalize you, turned off PPA is not detectable). It has no downsides as far as I am concerned. It doesn’t give advertisers additional data that they wouldn’t already be able to get, it just creates the option of measuring their ads in a privacy respecting way.

    Discussion about PPA from some time ago





  • why would any corporation choose to sideline their current advertisement model by creating an extra solution that doesn’t even tap 3% of the market

    In its current form, I concur, you might be correct. But:

    The current implementation of PPA in Firefox is a prototype, designed to validate the concept and inform ongoing standards work at the World Wide Web Consortium (W3C).Source

    So the point is to create a system that other browsers could adopt. The other thing that could drive this, is the GDPR compliance. PPA is compliant, while a lot of the other technologies aren’t, and businesses are feeling more pressure. There is a reason that Meta participated in parts of the development.

    All I can say is: Dont let perfect be the enemy of good. This is so far only a test.

    Edit: I found the time to look at your source article, I had actually read it before when it was posted a month back. I will comment on their views, some right, others which can be debated, and on other details were they are just wrong. In general privacyguides is a great resource but I find this particular opinion piece to be lacking.

    Spoiler, because I it's a long comment already

    First off, for a healthy debate I will define two things for me. Tracking = creating a profile, ad measurement = measuring the ads effectiveness. If an Ad can be measured without a profile about me being created, I don’t consider it tracking.

    This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

    They assume that everyone uses a content blocker everywhere. Privacyguides and Mozilla have different target audiences. Privacyguides caters to people who are interested and have enough technical knowledge to try to prevent tracking. Mozilla is trying to cater to “normal”(in the sense of the majority) people who are not interested/ not knowledgable enough to do so. So there are two starting points. The “normal” who are already tracked by current advertising systems and privacy-focussed-people who try their best to prevent tracking. Privacy-focussed-people can just turn off PPA -> no more data gathered than before. But it is the “normal” people who have something to gain. If PPA replaces traditional ad tracking, less data and only anonymized data is gathered. The ads are measured, but users are not tracked. So it’s not a tool added but a tool improved to provide greater privacy.

    Mozilla constantly fails to understand the basic concept of consent. Firefox developers seem to see their position as shepherds, herding the uninformed masses towards choices they interpret to be “good for them.” […] One Mozilla developer claimed that explaining PPA would be too challenging, so they had to opt users in by default.

    While I agree, that the communications could have been handled better, Mozilla has a point. Firefox isn’t only meant for tech-enthusiast, but also for people who won’t take the time or aren’t able to grasp the concept of PPA without doing a lot of reading, and that’s the majority. So Firefox developers are absolutely right to make choices, that they deem right for users. And that PPA is a challenging concept is proven by the author not fully grasping it themselves, as I will point out later.

    The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser’s server. The “advertising network” only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers! This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can’t infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser. […]In this particular case, Mozilla and their partner behind this technology, the ISRG (responsible for Let’s Encrypt), could trivially collude to compromise your privacy.

    The aggregation server is actually two different servers by two different parties (Mozilla and ISRG). Yes in theory they could collude and combine the data (they are transparent about that). But why would they, they are trying to create a system that’s better than before. I concur that trust has to be placed in them but you still have the option to turn it off and the alternatives is other ad tracking networks collecting the data with a profile about you being created.

    Finally, there is no reason for this technology to exist in the first place, because tracking aggregate ad conversions like this can already be done by websites without cookies and without invading privacy, using basic web technology.

    All an advertisement has to do is link to a unique URL

    This is, were they are just plain wrong/dishonest. A Url would just be able to measure something if the add was clicked. PPA can measure ads that were seen but a purchase happened at a later time. This is what current tracking technology does but PPA can do it, without a profile about you being created, so a privacy gain.

    Some people might say that Mozilla should just block ads outright to prevent any tracking. The problem is that the Internet is funded by ads. Mozilla themselves through their connection to Google is. Privacyguides is right to point out that there is a conflict of interest. But what Mozilla is trying to achieve is to prevent tracking (profile creation about you) and not ads. I am in favor of that. I like services to exist, because they fund themselves through ads, I just don’t want to be tracked.


  • Advertisement is not free. It’s a trick that looks free if you ignore the entire way it functions.

    It doesn’t take an expert understanding of economics to see that any belief that advertisement allows for a free Internet is smoke and mirrors. The money comes from somewhere, notably from you.

    I think thats kind of obvious that the money has to be coming from somewhere. The ads are what funds large parts of the internet. Someone is paying for it, either the people buying stuff because of the ads or the businesses buying the ads.

    Whichever way it is, maybe both, it has the side effect of distributing the cost of the Internet. The alternative without ads would be everyone paying for every little thing on the internet, does anyone think, that that scenario is realistic? That would also mean the cost is solely on the people and nothing coming from corporations.



  • I will say it again: The way i read it, it sounds like the companies will get some general data if their ads work, without a profile about you being created. I am fine with that.

    Just imagine what a boon it would be for the “normal“ less tech savvy, if advertisers switched to a more privacy respecting technology like this.

    If more privacy focused people don’t like it, they can simply disable it by ticking one box, without negative consequences (unlike content blockers and similar techniques where a website can penalize you, turned off PPA is not detectable).

    It has no downsides as far as I am concerned. It doesn’t give advertisers additional data that they wouldn’t already be able to get, it just creates the option of measuring their ads in a privacy respecting way.


  • Some SATA and NVMe devices support hardware encryption (TCG OPAL2 standard) and with the latest cryptsetup LUKS devices can be configured to use hardware encryption to encrypt the data either by itself or together with the existing dm-crypt software encryption. Support for this feature was added in the latest cryptsetup upstream release and we’d like to provide an option for users to use this feature when installing Fedora with disk encryption.

    As this is an expert option, it will be available only through the kickstart interface. […] There will be two new options to select either hardware encryption only or hardware encryption in combination with software encryption (analogous to the --hw-opal-only and --hw-opal options used when configuring hardware encryption with cryptsetup).