When I read the T&Cs some years ago, you are right that the data remained owned by you; however, you did grant Facebook a perpetual, sublicenseable, transferrable, commercial license to anything you uploaded. You also agreed to indemnify Facebook in case you didn't own the rights, so if you uploaded something to Facebook that you didn't own, they sold it to someone else to use in an ad campaign (as they did with photos taken in Starbucks, for example) and the copyright holder sued then you agreed to pay Facebook's costs.
If Mozilla cares about Facebook's data mining, why do they have a Facebook page and links to their Facebook page on the Firefox page (and presumably other pages, I couldn't be bothered to check)? If they care about data mining in general, then why are they making it difficult to get the Android version of Firefox via any mechanism other than the Google Play store, why don't they just provide an F-Droid repository that users can subscribe to?
It's human nature to be nostalgic. And "everything" was better 30 years ago if you ask people on any topic, from TV, to news, to elections and politicians to every other topic under the sun.
I don't think that's the issue with technology. Everything sucked 30 years ago, but a year later it sucked a lot less. I'm typing this on a computer that's 4 years old and a new one is only marginally better. 20 years ago, a 4-year-old computer was practically an antique. In my lifetime, the home computer, mobile phone, Internet, and smartphone have all become ubiquitous, most from being niche products, smartphones from not existing at all.
Each one of these had some transformative effect on society. I'm not sure if the Internet or the home computer had a larger impact, but they definitely had a larger effect than mobile or smart phones. I can't think of anything in the last 20 years that's had anywhere near as transformative an effect as the combination of home computers and ubiquitous Internet access.
The exciting time for a technology is when it transitions from being a novelty that demonstrates some potential to being good enough for widespread use. This transition took quite a long time for home computers - from about the mid '80s to the late '90s. It took a similar amount of time for smartphones, but there was a much sharper inflection point around the time of the original iPhone when large displays became cheap and there was a big jump in usability. Few people used the earlier smartphones and the rest reached 'good enough' status a few years later.
Most of the technology in the exciting phase at the moment is comparatively esoteric. The thing that made the '80s / '90s exciting was the amount of consumer technology going through this transition.
Think about supply-chain trojans: Someone who has access to your computer before you unpack it can (fairly easily) install malware that is not detectable and is not erased when you re-image the machine. That's probably not a concern for individuals, but for anyone worried about corporate espionage or nation state adversaries, it's a problem.
WhatsApp wasn't before Facebook bought them. They provided end-to-end encryption and a sane business plan (free for a year to get people hooked and then $1/year). Facebook made it free and then had to monetise it by trying to data mine it (in spite of not doing so being a condition of the EU competition regulator approving the purchase).
76% isn't really unexpected, given that the main opposition candidate was barred from running. What percentage of the vote in the US do you think that Trump or Clinton would have received if the other had been removed from the ballot?
This might be a translation problem. In English, minibuses are a subset of buses and are considerably lighter. They are quite common in cities in England, but became less common when the cost of the driver started to be a dominant part of the operating cost.
In the UK, it's because we privatised them and expect them to run at a profit. This means that the fairs go up and so fewer people ride them. Then they become less frequent, and so fewer people ride them. Eventually they reach an equilibrium where only people that can't afford any of the alternatives take them. Then people complain that they would take the bus, if only they run more frequently and weren't so expensive.
Every time someone takes a bus instead of driving, that's less traffic, less air pollution, and so on. If people can more easily get to shops and places of work, then that benefits the entire economy and everyone benefits, but as soon as you start subsidising busses people start complaining.
That said, the bus drivers here are some of the most dangerous on the roads and so I'm not really in favour of giving them any more money. Self-driving busses, on the other hand...
Last time I looked at the Firefox password storage, it was entirely in process, so a compromise of one tab could dump your entire password store. In contrast, the macOS keychain daemon is a separate process and the browser must request each password individually. In Safari (and, I think, Chrome), this is done by the parent process of the renderer processes, which also checks the domain associated with the renderer. If you compromise a tab, you can request all credentials associated with that domain. If you navigate to another domain, you will (usually) get a new renderer process, which should not inherit the compromise.
Rolling your own security when the OS provides the required functionality is almost always the wrong choice, unless you're employing better security engineers than the OS vendor. In Mozilla's case, this isn't true. Apple, Google, and Microsoft all shipped browsers that were split into multiple sandboxed processes before Mozilla, which managed to take almost 10 years between the first mainstream web browser adopting this model and Firefox doing the same.
What's the Linux one? Android has secure credentials storage, but I've not seen anything standard on other *NIX systems. The Mac / iOS one is built on Mach IPC and so can implement very fine-grained access control (e.g. set per-application access to each item and require you to re-authorise an application if its binary or shared library dependencies change). Windows provides primitives for this (and has for the entire NT series) but I don't know if anyone has used them to build a sensible credentials manager (MS appears to have added one in 8.1, but I didn't look in any detail).
If the roads are used for large volumes of traffic, the cost of these roads will go up a lot (more than the cost of the same traffic on highways, because of the different road surfaces). Does 'the public' want to pay that increased cost, or do they just want to use the roads and not pay for them?
Assuming the schedule is posted, it's often illegible due to age or the scratches on the cheap plexiglass the stations use for posting it.
The busses here all have digital displays at the bus stops telling you when the next three buses will arrive, as well as timetables posted online. They still suck for other reasons, but that's largely due to the fact that most people here cycle and a bus is only faster than a bicycle over relatively long distances.
They are for public use, but the road surfaces are often cheaper because they are intended for less traffic. If you increase traffic significantly, you will damage the road surfaces. This, in turn, will increase the wear on the cars travelling over it. When the municipality eventually repairs the road, they will either spend more on a tougher road surface or they will add measures to discourage through traffic (chicanes, speed bumps, one way systems, barriers, and so on).
If stuff is coming in a library, and assuming that it's still maintained, you have certain assurances. There will be new releases, which fix bugs. There will be security fixes and often back ports. There will be other eyes looking for security holes (and hopefully most of these will do responsible disclosure). In contrast, stuff on Stack Overflow is never intended to be shipped, and certainly not to be supported. It may omit error handling for clarity and this, in turn, may introduce security vulnerabilities. If there are security vulnerabilities, then someone may eventually spot them and post a response, but you don't have a mechanism for updating to the fixed version automatically.
It doesn't have to be a better network. What happens to Google if governments start regulating data collection more aggressively (as the EU seems to be doing)? What happens if Microsoft sells off their advertising division and, in collaboration with Apple, pushes aggressive anti-tracking standards through W3C and into Edge and Safari?
You're then leaving a physical device behind, which someone might notice. With this kind of attack, you need a few seconds / minutes of access and then the only thing you leave behind is untraceable software. That said, my favourite attack along these lines involved a vulnerability in some of the early Apple USB keyboards, combined with their overengineering, which meant that you could replace the firmware with something that included a keylogger and you had a few tens of KBs of spare flash to write the keys into, so you could record a day's worth of typical use in a buffer in the keyboard's flash and dump it via the USB ports each night.
You can do it with root, but it doesn't need to be root on the OS the has access to the sensitive data. The entire point of these features is to protect you from an attacker with either physical access or the ability to insert malware into your OS. That they can be bypassed by someone with either physical access or the ability to insert malware into your OS means that they are useless.
eBay no longer forces you to use PayPal. They did back when they owned PayPal, but that doesn't really count because any data that PayPal had, eBay also had.
It's something of an oversight for the GDPR not to require that you list all endpoints. I can imagine PayPal 'fixing' this problem by sharing data only with PayPal US Incorporated, a company based in the USA that has no dealings with any EU company other than PayPal, and then sells on all of the data that PayPal sells to them.
Not true. They can patch the vulnerability that allows this, so unless you are preemptively replacing the secure firmware with something that you've audited then you're vulnerable and don't have a way of removing their persistent malware.
Slashdot Mirror
When I read the T&Cs some years ago, you are right that the data remained owned by you; however, you did grant Facebook a perpetual, sublicenseable, transferrable, commercial license to anything you uploaded. You also agreed to indemnify Facebook in case you didn't own the rights, so if you uploaded something to Facebook that you didn't own, they sold it to someone else to use in an ad campaign (as they did with photos taken in Starbucks, for example) and the copyright holder sued then you agreed to pay Facebook's costs.
If Mozilla cares about Facebook's data mining, why do they have a Facebook page and links to their Facebook page on the Firefox page (and presumably other pages, I couldn't be bothered to check)? If they care about data mining in general, then why are they making it difficult to get the Android version of Firefox via any mechanism other than the Google Play store, why don't they just provide an F-Droid repository that users can subscribe to?
It's human nature to be nostalgic. And "everything" was better 30 years ago if you ask people on any topic, from TV, to news, to elections and politicians to every other topic under the sun.
I don't think that's the issue with technology. Everything sucked 30 years ago, but a year later it sucked a lot less. I'm typing this on a computer that's 4 years old and a new one is only marginally better. 20 years ago, a 4-year-old computer was practically an antique. In my lifetime, the home computer, mobile phone, Internet, and smartphone have all become ubiquitous, most from being niche products, smartphones from not existing at all.
Each one of these had some transformative effect on society. I'm not sure if the Internet or the home computer had a larger impact, but they definitely had a larger effect than mobile or smart phones. I can't think of anything in the last 20 years that's had anywhere near as transformative an effect as the combination of home computers and ubiquitous Internet access.
He's probably also sorry that Cambridge Analytica was able to monetise data that Facebook has harvested, without paying Facebook a cut.
The exciting time for a technology is when it transitions from being a novelty that demonstrates some potential to being good enough for widespread use. This transition took quite a long time for home computers - from about the mid '80s to the late '90s. It took a similar amount of time for smartphones, but there was a much sharper inflection point around the time of the original iPhone when large displays became cheap and there was a big jump in usability. Few people used the earlier smartphones and the rest reached 'good enough' status a few years later.
Most of the technology in the exciting phase at the moment is comparatively esoteric. The thing that made the '80s / '90s exciting was the amount of consumer technology going through this transition.
Think about supply-chain trojans: Someone who has access to your computer before you unpack it can (fairly easily) install malware that is not detectable and is not erased when you re-image the machine. That's probably not a concern for individuals, but for anyone worried about corporate espionage or nation state adversaries, it's a problem.
WhatsApp wasn't before Facebook bought them. They provided end-to-end encryption and a sane business plan (free for a year to get people hooked and then $1/year). Facebook made it free and then had to monetise it by trying to data mine it (in spite of not doing so being a condition of the EU competition regulator approving the purchase).
Lorien.
76% isn't really unexpected, given that the main opposition candidate was barred from running. What percentage of the vote in the US do you think that Trump or Clinton would have received if the other had been removed from the ballot?
So you trust a private for profit corporation
Who? Telegram is a non-profit company.
Heavy vehicles cause more damage, but all vehicles cause some damage (though the amount caused by bicycles is effectively a rounding error).
This might be a translation problem. In English, minibuses are a subset of buses and are considerably lighter. They are quite common in cities in England, but became less common when the cost of the driver started to be a dominant part of the operating cost.
In the UK, it's because we privatised them and expect them to run at a profit. This means that the fairs go up and so fewer people ride them. Then they become less frequent, and so fewer people ride them. Eventually they reach an equilibrium where only people that can't afford any of the alternatives take them. Then people complain that they would take the bus, if only they run more frequently and weren't so expensive.
Every time someone takes a bus instead of driving, that's less traffic, less air pollution, and so on. If people can more easily get to shops and places of work, then that benefits the entire economy and everyone benefits, but as soon as you start subsidising busses people start complaining.
That said, the bus drivers here are some of the most dangerous on the roads and so I'm not really in favour of giving them any more money. Self-driving busses, on the other hand...
Last time I looked at the Firefox password storage, it was entirely in process, so a compromise of one tab could dump your entire password store. In contrast, the macOS keychain daemon is a separate process and the browser must request each password individually. In Safari (and, I think, Chrome), this is done by the parent process of the renderer processes, which also checks the domain associated with the renderer. If you compromise a tab, you can request all credentials associated with that domain. If you navigate to another domain, you will (usually) get a new renderer process, which should not inherit the compromise.
Rolling your own security when the OS provides the required functionality is almost always the wrong choice, unless you're employing better security engineers than the OS vendor. In Mozilla's case, this isn't true. Apple, Google, and Microsoft all shipped browsers that were split into multiple sandboxed processes before Mozilla, which managed to take almost 10 years between the first mainstream web browser adopting this model and Firefox doing the same.
What's the Linux one? Android has secure credentials storage, but I've not seen anything standard on other *NIX systems. The Mac / iOS one is built on Mach IPC and so can implement very fine-grained access control (e.g. set per-application access to each item and require you to re-authorise an application if its binary or shared library dependencies change). Windows provides primitives for this (and has for the entire NT series) but I don't know if anyone has used them to build a sensible credentials manager (MS appears to have added one in 8.1, but I didn't look in any detail).
If the roads are used for large volumes of traffic, the cost of these roads will go up a lot (more than the cost of the same traffic on highways, because of the different road surfaces). Does 'the public' want to pay that increased cost, or do they just want to use the roads and not pay for them?
Assuming the schedule is posted, it's often illegible due to age or the scratches on the cheap plexiglass the stations use for posting it.
The busses here all have digital displays at the bus stops telling you when the next three buses will arrive, as well as timetables posted online. They still suck for other reasons, but that's largely due to the fact that most people here cycle and a bus is only faster than a bicycle over relatively long distances.
They are for public use, but the road surfaces are often cheaper because they are intended for less traffic. If you increase traffic significantly, you will damage the road surfaces. This, in turn, will increase the wear on the cars travelling over it. When the municipality eventually repairs the road, they will either spend more on a tougher road surface or they will add measures to discourage through traffic (chicanes, speed bumps, one way systems, barriers, and so on).
If stuff is coming in a library, and assuming that it's still maintained, you have certain assurances. There will be new releases, which fix bugs. There will be security fixes and often back ports. There will be other eyes looking for security holes (and hopefully most of these will do responsible disclosure). In contrast, stuff on Stack Overflow is never intended to be shipped, and certainly not to be supported. It may omit error handling for clarity and this, in turn, may introduce security vulnerabilities. If there are security vulnerabilities, then someone may eventually spot them and post a response, but you don't have a mechanism for updating to the fixed version automatically.
It doesn't have to be a better network. What happens to Google if governments start regulating data collection more aggressively (as the EU seems to be doing)? What happens if Microsoft sells off their advertising division and, in collaboration with Apple, pushes aggressive anti-tracking standards through W3C and into Edge and Safari?
You're then leaving a physical device behind, which someone might notice. With this kind of attack, you need a few seconds / minutes of access and then the only thing you leave behind is untraceable software. That said, my favourite attack along these lines involved a vulnerability in some of the early Apple USB keyboards, combined with their overengineering, which meant that you could replace the firmware with something that included a keylogger and you had a few tens of KBs of spare flash to write the keys into, so you could record a day's worth of typical use in a buffer in the keyboard's flash and dump it via the USB ports each night.
You can do it with root, but it doesn't need to be root on the OS the has access to the sensitive data. The entire point of these features is to protect you from an attacker with either physical access or the ability to insert malware into your OS. That they can be bypassed by someone with either physical access or the ability to insert malware into your OS means that they are useless.
eBay no longer forces you to use PayPal. They did back when they owned PayPal, but that doesn't really count because any data that PayPal had, eBay also had.
It's something of an oversight for the GDPR not to require that you list all endpoints. I can imagine PayPal 'fixing' this problem by sharing data only with PayPal US Incorporated, a company based in the USA that has no dealings with any EU company other than PayPal, and then sells on all of the data that PayPal sells to them.
Not true. They can patch the vulnerability that allows this, so unless you are preemptively replacing the secure firmware with something that you've audited then you're vulnerable and don't have a way of removing their persistent malware.