[-] Spotlight7573@lemmy.world 40 points 1 month ago

There was the one case with the scammers in the UK using a homemade cell tower to essentially send out phishing texts directly to cell phones in an area, completely bypassing the phone company. It seems like this scare texts scenario would fit that kind of tech even better, as you only need to send out a message once to a large amount of people and you don't need to collect information in response like in a phishing scenario.

[-] Spotlight7573@lemmy.world 108 points 3 months ago

With a breach of this size, I think we're officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.

105
submitted 3 months ago by Spotlight7573@lemmy.world to c/news@lemmy.world

The Pro Codes Act has been submitted as an amendment to the "must pass" National Defense Authorization Act (NDAA). It allows copyrighted standards to be incorporated by reference into the law, preventing people from accessing or sharing these standards except through the systems the standards development organizations have that "makes all portions of the standard so incorporated publicly accessible online at no monetary cost and in a format that includes a searchable table of contents and index, or equivalent aids to facilitate the location of specific content. " Note that that does not include searchable text, the ability to access it without a login, or any ability to host it elsewhere (such as alongside the laws that incorporate it).

The NDAA bill:

https://rules.house.gov/bill/118/hr-8070

The amendment:

https://amendments-rules.house.gov/amendments/ISSA_180_xml240531155108634.pdf

[-] Spotlight7573@lemmy.world 38 points 5 months ago

Doesn't necessarily need to be anyone with a lot of money, just a lot of people mass reporting things combined with automated systems.

507

the company says that Recall will be opt-in by default, so users will need to decide to turn it on

125
submitted 5 months ago* (last edited 5 months ago) by Spotlight7573@lemmy.world to c/technology@lemmy.world

From the article:

Google must face a £13.6bn lawsuit alleging it has too much power over the online advertising market, a court has ruled.

The case, brought by a group called Ad Tech Collective Action LLP, alleges the search giant behaved in an anti-competitive way which caused online publishers in the UK to lose money.

And the actual case at the UK's Competition Appeal Tribunal:

https://www.catribunal.org.uk/cases/15727722-15827723-ad-tech-collective-action-llp

The claims by Ad Tech Collective Action LLP are for loss and damage allegedly caused by the Proposed Defendants’ breach of statutory duty by their infringement of section 18 of the Competition Act 1998 and Article 102 of the Treaty on the Functioning of the European Union. The PCR seeks to recover damages to compensate UK-domiciled publishers and publisher partners, for alleged harm in the form of lower revenues caused by the Proposed Defendants' conduct in the ad tech sector.

[-] Spotlight7573@lemmy.world 40 points 6 months ago

For me it's not boot licking but recognizing that IA made a huge unforced error that may cost us all not just that digital lending program but stuff like the Wayback Machine and all the other good projects the IA runs.

[-] Spotlight7573@lemmy.world 40 points 7 months ago

That's likely what they want. If you're not viewing their ads and your third-party app is even blocking all the tracking, then you are not providing any value to them to keep you as a 'customer'. All it does is reduce their hosting and serving costs when you're blocked or when you eventually stop using it.

[-] Spotlight7573@lemmy.world 36 points 8 months ago

As for what these were, they are modified versions of the official YouTube app. What has been taken down is the full modified app files (.ipa) ready to install on an iPhone, not the source code to the tweaks that are in the repos.

These modifications do things like replicate the paid YouTube Premium features, from the uYou features list for example:

  • Ad-Free Browsing: Bid farewell to interruptions and enjoy seamless video playback without annoying advertisements.
  • Background Playback: Keep your favorite videos running in the background while you multitask or lock your device.
  • Video and Audio Downloads: Download videos, shorts, and audio tracks in various formats, including MP4 and WebM, for offline viewing and listening pleasure.
  • [...]

You can see why Google would want to have them taken down. They aren't even a re-implementation with their own code/UI like NewPipe.

[-] Spotlight7573@lemmy.world 62 points 8 months ago* (last edited 8 months ago)

You also know that all votes are technically public and can be viewed by any instance admin that's federated with the server a community is on, right? There's no way to see that in the Lemmy UI at the moment but the data is there on the server.

[-] Spotlight7573@lemmy.world 64 points 8 months ago* (last edited 8 months ago)

Ah yes, MacRumors falsely reporting... Apple's own statements, right...:

Previously: https://web.archive.org/web/20240216001557/https://developer.apple.com/support/dma-and-apps-in-the-eu/

Why don’t users in the EU have access to Home Screen web apps?

To comply with the Digital Markets Act, Apple has done an enormous amount of engineering work to add new functionality and capabilities for developers and users in the European Union — including more than 600 new APIs and a wide range of developer tools.

The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.

Now: https://developer.apple.com/support/dma-and-apps-in-the-eu/

Why don’t users in the EU have access to Home Screen web apps?

UPDATE: Previously, Apple announced plans to remove the Home Screen web apps capability in the EU as part of our efforts to comply with the DMA. The need to remove the capability was informed by the complex security and privacy concerns associated with web apps to support alternative browser engines that would require building a new integration architecture that does not currently exist in iOS.

We have received requests to continue to offer support for Home Screen web apps in iOS, therefore we will continue to offer the existing Home Screen web apps capability in the EU. This support means Home Screen web apps continue to be built directly on WebKit and its security architecture, and align with the security and privacy model for native apps on iOS.

Developers and users who may have been impacted by the removal of Home Screen web apps in the beta release of iOS in the EU can expect the return of the existing functionality for Home Screen web apps with the availability of iOS 17.4 in early March.

[-] Spotlight7573@lemmy.world 35 points 9 months ago

You mean a lawsuit like the one about the "Great 78 Project" by the music companies or maybe the one about the "National Emergency Library" by the book publishers?

I think you're right that we need to start working on alternatives, hopefully something decentralized. The Wayback Machine would be an irreplaceable loss though if the data isn't preserved somehow.

[-] Spotlight7573@lemmy.world 407 points 10 months ago

The best response that I've seen to this so far is this video of a former student speaking to the school board:

Bridget, our first ever interaction was when you retweeted a hate article about me from The Nationalist while I was a Sarasota County school student. You are a reminder that some people view politics as a service to others while some view it as an opportunity for themselves. On this board you have spent public funds that could have been used to increase teacher pay to change our district lines for political gain, remove books from schools, target trans and queer children, erase black history, and elevate your political career, all while sending your children to private schools because you do not believe in the public school system that you've been leading. My question is why doesn't an elected official using our money to harm our students and our teachers for her gain seem to matter as much for us as her having a threesome does? Bridget Ziegler, you do not deserve to be on the Sarasota County School Board but you do not deserve to be removed from it for having a threesome. That defeats the lesson we've been trying to teach you which is that a politician's job is to serve their community, not to police personal lives. So, to be extra clear: Bridget, you deserve to be fired from your job because you are terrible at your job, not because you had sex with a woman.

Closest to the original source I can find (referenced in numerous news articles): https://www.tiktok.com/@queenofhives/video/7313654227564383530

27

Upcoming Policy Changes

One of the major focal points of Version 1.5 requires that applicants seeking inclusion in the Chrome Root Store must support automated certificate issuance and management. [...] It’s important to note that these new requirements do not prohibit Chrome Root Store applicants from supporting “non-automated” methods of certificate issuance and renewal, nor require website operators to only rely on the automated solution(s) for certificate issuance and renewal. The intent behind this policy update is to make automated certificate issuance an option for a CA owner’s customers.

15

Google is looking to change the policy of the Chrome Root Store (used by Chrome to verify TLS certificates that protect websites and other services) to require "that applicants seeking inclusion in the Chrome Root Store must support automated certificate issuance and management". They can still provide a manual method for sites that want to get certificates the old way but they will need to have some kind of automated method available.

[-] Spotlight7573@lemmy.world 45 points 1 year ago

Currently being investigated by browser makers but not something they can just do on their own like Signal.

Here's Chromium's current proposal that they're testing:

https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html

56

[...]

To provide better security, Google introduced an Enhanced Safe Browsing feature in 2020 that offers real-time protection from malicious sites you are visiting. It does this by checking in real-time against Google's cloud database to see if a site is malicious and should be blocked.

[...]

Google announced today that it is rolling out the Enhanced Safe Browsing feature to all Chrome users over the coming weeks without any way to go back to the legacy version.

The browser developer says it's doing this as the locally hosted Safe Browsing list is only updated every 30 to 60 minutes, but 60% of all phishing domains last only 10 minutes. This creates a significant time gap that leaves people are unprotected from new malicious URLs.

[...]

[-] Spotlight7573@lemmy.world 40 points 1 year ago

The names are public. Per Georgia Code Title 17. Criminal Procedure § 17-7-54 it looks like they're spelled out as part of the standard form that indictments take. Addresses aren't that hard to get once you know the name.

77

cross-posted from: https://lemmy.world/post/3301227

Chrome will be experimenting with defaulting to https:// if the site supports it, even when an http:// link is used and will warn about downloads from insecure sources for "high-risk files" (example given is an exe). They're also planning on enabling it by default for Incognito Mode and "sites that Chrome knows you typically access over HTTPS".

3

Chrome will be experimenting with defaulting to https:// if the site supports it, even when an http:// link is used and will warn about downloads from insecure sources for "high-risk files" (example given is an exe). They're also planning on enabling it by default for Incognito Mode and "sites that Chrome knows you typically access over HTTPS".

7

A hybrid quantum-resistant Key Encapsulation Method combined with a regular elliptic curve backup will be available in Chrome 116 for securing connections.

2

Google Chrome will soon be supporting a hybrid elliptic curve + quantum-resistant Kyber-768 system for key exchange in Chrome 116. This should provide some protection in case the quantum-resistant part has flaws, like some other proposed solutions have had. They're looking into this now to give time for it to get implemented by browsers, servers, and middleboxes, and hopefully prevent Harvest Now, Decrypt Later attacks.

view more: next ›

Spotlight7573

joined 1 year ago