And beyond a certain point, the strength of the vehicle -- or lack thereof -- does compromise safety. You can only make a steel or aluminum chassis so light before further reductions compromise its ability to protect occupants in a crash.
I couldn't agree more. Also it is important for everyone to understand that it is only possible to reduce the mass of a vehicle so much before the vehicle itself ceases to exist.
That you refuse to acknowledge this basic fact of physics speaks volumes on your understanding of the issue the OP brought up.
The most basic physical fact is that power = energy / time
Too much power causes injury and death.
Your only options to prevent injury and death is reducing energy or increasing time. Cars are intentionally designed to fall apart in order to increase time during a collision.
Which lays bare the real reason these MPG standards were imposed in the first place: to make it impossible to produce or sell anything except electric vehicles. And since the government lacks the power to ban internal-combustion vehicles, government decided to get around that pesky "we don't have the power to do this" issue by making MPG standards that become nearly impossible to meet with a conventional vehicle. It's the same tactic they've used to attack the 2nd Amendment, trying to ban ammunition since they can't ban guns.
Problem with your conclusions and analogy:
No gun manufacturer would sign off on ammunition bans.
All of the major vehicle manufacturers AGREED to the current efficiency standards.
What I don't understand the industry itself (Chrysler, Ford, GM, Honda and Hyundai) were at the table from the beginning on this. They agreed to and signed off on efficiency changes. What has changed since then other than oil prices currently being somewhat lower than originally expected?
Is there specific objective evidence to support assertions current standards are unreasonable or would even raise rather than lower total ownership cost for consumers?
Not that it much matters at this point... ICE vehicles will eventually be forced out of the market as trend line of energy storage costs continues to reinforce the inevitable.
I'm tired of articles and statistics with speeds that make no logical sense.
From the governments own legal mumbo jumbo (47 USC 1302)
"The term âoeadvanced telecommunications capabilityâ is defined, without regard to any transmission media or technology, as high-speed, switched, broadband telecommunications capability that enables users to originate and receive high-quality voice, data, graphics, and video telecommunications using any technology."
Notice in the description there is no preference of any kind expressed as to directionality. The phrase used is "originate and receive"... not receive only or primarily receive. If 3mbit up is able to do ALL of these things then why the asymmetry? Why is 3mbit good enough for upstream but 25mbit required for down?
Definitions seem awfully specific to the properties of Cable Internet with high downstream and crappy upstream just high enough down to discount much DSL and fixed wireless yet still remain crappy enough to excuse Cable Internet failure to provide acceptable upstream rates.
Personally I would gladly trade in my 150/5 service for 10/10 any day. I don't consider 3mbit up good enough. Others may be happy with 1000/1. Everyone has different needs and value judgments and people can argue all day about what baseline should be. Yet whatever that is should be determined based on objective metrics that fit the characteristics of underlying definition not picking winners and losers by deliberately selecting whatever intentionally fits profile of cable based broadband.
Willing to entertain a specific replacement for cash on the merits so long as it provides similar levels of availability, privacy and freedom as cash does today.
One thing is for sure if there is not going to be cash then governments have to step up and fulfill basic role of providing electronic equivalent of currency same as tax payer funds currently going into managing circulation of physical currency.
Corporations who can set whatever conditions they want, charge ridiculous transaction fees and don't answer to the public/voters must not be allowed to become defacto middle-man controlling all transactions.
We need to adopt instant banking payments similar to SWIFTs solution to have a credible alternative to centralized CC systems. Hand waving think decentralized pay pal without pay pal's transaction fees. It should cost me the same to exchange 10 cents as it does 10 million dollars and I should have the freedom to pick a bank with the most favorable terms. Retailers should feel comfortable passing transaction fees associated with a specific pay method on to the customer rather than absorbing it and allowing it to be externalized. Everyone's feet needs to be held to the fire rather than current system of Visa setting the rules and demanding everyone fall in line or die.
Absolutely not. There are crucial differences between U2F security keys and client side certs:
Comments were about practical differences not physical differences.
All physical differences cited vanish when client certs are stored in TPM.
1. U2F keys only sign an auth request when touched. This means that purely remote attacks can't work; the attacker has to arrange for the user to prove that they're physically present.
Anyone can set a client certs to prompt prior to use.
Attackers probably have many sheep to attend to. Waiting for you to press a button before they can hijack your session is probably not top of mind / significant hurdle.
2. U2F keys do not allow a remote attacker to obtain a copy of the private key material. At most the attacker can convince the user to touch the key to activate each authentication operation. With client side certificates, if the attacker can remotely exploit the machine, he can steal a copy of the private key material and have unlimited use of it and most likely the user will have no idea.
You seem to have made a fairly rational case for this being mostly irrelevant in practice when YOU stated the following: "(a) you can revoke the key, (b) the most important risks are from remote attackers and (c) if a sophisticated attacker gets your laptop you're probably SoL anyway."
The key can always be revoked and it's game over regardless if your system is compromised so what effective differences does it make if someone is able to obtain private key by compromising your system?
Regardless of the above nothing prevents client certs from simply being stored in the systems TPM with the same properties as U2F key.
3. U2F keys are highly resistant to extraction of the key material even with physical access. An attacker with physical access can steal the key, but when the user notices it, it will be revoked.
In this scenario does the "noticing" and revocation happen before or after you insert attacker provided replacement key that totally compromises your system?
Again this is exactly what TPM is for except without ridiculous requirement of USB.
That is a risk, but in most environments USB ports are essential and cannot be entirely disabled anyway.
This doesn't mean you make the problem worse by requiring users plug in USB keys in order to access secure resources.
Plus, the primary goal is defense against remote attacks, not physical attacks.
Which is why client certs are sufficient.
If the attacker has physical access to your machine, you're screwed, even if your machine has no USB ports. The one thing that USB blocking/disabling does do is to mitigate the "Thumb drive dropped in the parking lot" attack, and similar.
USB keys hurt rather than helps the cause. If you carried around a smart card and it were stolen and replaced the chance of it being leveraged as a proxy for physical access is much less even if the smart card reader itself is simply plugged into a USB port.
I disagree. I think the security key is the most usable solution, especially if you get the nano-sized keys that fit almost entirely into the USB port so you can just leave them plugged in all the time. This does mean that if you lose your laptop you lose the security key as well, but (a) you can revoke the key, (b) the most important risks are from remote attackers and (c) if a sophisticated attacker gets your laptop you're probably SoL anyway.
In other words client certificates are sufficient and always plugged in hardware tokens unnecessary.
The only real argument against U2F, IMO, is cost. You have to buy the security keys.
Or being stupid enough to allow let alone require use of USB ports in the first place.
Smart cards are 1/4 the cost of YubiKey, readily available from multiple vendors, standards based and have been in production use for well over a decade. Nice to see companies like Google rediscovering and adopting poor implementations of old existing technology.
Direct USB interface is far inferior from a security POV for smart card application because an unguarded USB dongle can exploit the attack surface of an elephant standing on a giant turtle standing on a 747.
Covert replacement of USB devices is a massive and very much unnecessary attack vector for total system compromise vs smart card. Exposing USB ports to end users in a secure environment is a completely idiotic idea.
Everyone in our shop has used client certs for years and we are only a little shit operation with a few dozen people. It costs nothing to implement and offers substantially the same "phishing" protections.
Personally I don't buy or understand the threat modeling behind Google PR statements.
If Google lacks a trustworthy internal means of communications and employees were previously being suckered into giving an attacker their credentials then certainly an attacker would also be able to get a substantially similar number of users to install malware that could be leveraged to effectively defeat benefits of hardware keys.
Would very much love to see statistics on Google employees being subject of social engineering prior to deployment of 2FA.
Problems can also be avoided by using secure authentication protocols and training users only to enter password into system provided dialogues protecting end users from having their credentials stolen even if they mistakenly attempt to login to an attackers system.
Entering clear text into adhoc web forms is a good example of insecure authentication.
TLS level PAKE such as TLS-SRP is an example of a secure authentication which does not place user credentials at risk of compromise even if the user is being stupid.
I mean, you can use a hammer for a lot of things. One of them is smashing yourself in the head for a couple hours.
I don't consider that the hammer's fault.
This isn't about individuals. It's about the aggregate impact of a specific technology on the world and taking responsibility/ownership of the outcome.
Assume half the people who used a hammer ended up smashing themselves in the head.
Assume all of the people using nail guns retain all of their marbles free of brain damage and live longer more productive lives while accomplishing the same tasks as hammer users.
In this case hammers are still shit in the aggregate even if outliers are able to use one without smashing themselves in the head.
What if everyone replaced fuses with nails and installed Asbestos insulation? So your house burns down due to a short caused by something else. That's not the nails fault. If you were more careful the short could have been avoided and your house wouldn't be a pile of smoldering rubble.
So you get some aspestos fibers lodged in your lungs during a renovating. That's not the insulations fault. If you were more careful this could have been avoided.
The fact that it is physically possible to use a tool in a certain way and get a certain outcome does not excuse the aggregate effect of the existence of that tool.
An absolute expert will have twenty tools in their toolbox for solving whatever problems they encounter, and each tool will have a different application. Just because there are programmers who range in skill level from, "Master of all things hammer," to "Barely able to hammer in nail without breaking thumb," to "Will use hammer to drive in screws and bolts, because they are an absolute master of the hammer," to, "Master of all things hammer AND SCREWDRIVER," doesn't mean the hammer is a bad tool.
Lets stipulate one of the twenty tools in the toolbox is in fact a bad tool. How would you determine that given the above? How is this concept falsified?
Don't blame tools for the things that people do with them.
Why not? Isn't this the ultimate judge of usefulness of a given technology? If it isn't fair or a useful objective measure to judge end result of leveraging a technology then by what metric should judgment be passed?
They wouldn't be so easily confused if the DuckDuckGo landing page didn't look nearly identical to Google's landing page. Contrast to Bing, Yahoo, Ask, Startpage, Qwant, Yandex (#1 in Russia), Naver (#1 in South Korea). The only other major search engine which makes the same mistake of copying Google too closely is Baidu (#1 in China).
People like the free services that are paid for by ads, that's the benefit they provide.
Paid for by industrial scale cyber stalking is more accurate.
what they don't accept is Facebook leaking their personal data to other companies
Or stealing / collecting it in the first place. I don't recall ever signing up for Facebook or asking them to keep a record of every website I visit. They do these things on their own initiative by leveraging their monopoly position just like Google does. Good luck finding anyone who believes this constitutes acceptable behavior.
being a source of fake news
The day "I heard it on the Internet" (tm) ever becomes a phrase that is not mocked mercilessly is the day the Internet has died or is no longer worth using.
What's sad is that Google is actually one of the best. They have a massive amount of personal data to protect, and they haven't had a major breech.
To say they've never been breached when Snowden leaks demonstrated total compromise of high bandwidth data links between Google datacenters is rather lazy and disingenuous.
They don't sell that data to anyone else,
The problem is possession in the first place. It's like having your home robbed and being told to relax as thieves who stole yer shit will likely be donating it to charity.
You most certainly CAN legislate morality. The American War on (some) Drugs is a perfect example of this.
Hundreds of thousands of people are being killed in South America with some governments flirting with becoming failed states thanks in large part to America's war on drugs.
Soliciting in a public place, kerb crawling, having or managing a brothel, pimping and pandering, are crimes. They should just outlaw whores anyway, they spread disease and bring other crime
The consequences of resulting loss of legitimacy is usually worse than the "problem" you are trying to fix.
Governments monopoly on violence can only be used to beat down outliers. It's not a magic wand. If you want a magic wand move to North Korea.
If it can suggest to me some shows that I will enjoy and would otherwise have missed, and it doesn't cost me any money, then I'm all for it. And conversely it keeps a lot of garbage off the air by letting them know what I don't watch.
The objective function is NOT making you happy. It's maximizing profit.
I feel this is information that really can't hurt me.
When they are able to determine the limits of your tolerances to "garbage" good luck believing it won't be maximally leveraged against YOU.
I don't see them querying my TV to see what I was watching on the evening my mother in law was suspiciously murdered or anything.
I don't either. This would be pointless and redundant as all of the data would have already been transmitted and stored by a third party subject to the third party doctrine.
Well, if a company doesn't tell you they're going to cooperate with a court order you can still take it for granted that they will. Look at it this way: suppose they
The point here is they are making unqualified statements that are obviously false.
explicitly said they won't ever share your position information with law enforcement. Would you really expect that a court would enforce that promise when it contradicted a court order?
I would expect companies not to be able to provide misleading information to their customers and not pay a price for it. Court enforcing or not is not the issue. The issue is misleading assertions offered about product on the front end.
Nothing in the latter quoted section conflict with the former quoted section.
It ALL does.
They don't share your information, they will market on behalf of partners (that to me sounds like this company screens their partners and contains all interaction with their data to themselves, not the partners).
WRONG. Privacy policy says they can share it for ANY PURPOSE so long as it is not personally identifying. "Personally identifying" is a meaningless restriction that conveys no useful information.
This is like NSA arguing with a straight face in front of congress they only collect phone numbers not names and addresses. Even IP addresses in the US are not considered personally identifying neither is a list of everywhere you go with your name removed from it. The qualifier is absolutely meaningless in the United States.
Obviously trip logging for the GPS aspect of the application. If they tout a feature to find your vehicle and see driving history, then wouldn't they *need* to log trips?
Of course they would not. The thing has a cell phone built in they could provide you with an E2E tunnel to the data only you have encryption key to access.
Lastly please point out an American company that would not be guilty of obstruction of justice if they did not comply with a legal obligation (e.g. subpoena and warrant)
IRRELEVANT. They say without qualification they NEVER share data with law enforcement. It simply doesn't matter what their legal obligations are. It's not the point. Saying one thing and doing another IS the point.
Bay area startup high on crystal meth going out of business in 3...2...1.
Rplate Pro users can rest assured that their data â" especially usage/telematics information â" is never shared with the DMV, law enforcement, or any other third party.
Telematics data is not uploaded to Reviver Autoâ(TM)s US-based cloud infrastructure and is not available when the user turns off the functionality from their app or our Rconnect website. The telematics data belongs to the user and is never sold to third parties.
ZOMG Finally a company who respects their customers!!1!!!!!!
Now lets go see what their real privacy policy has to say about this:
We may collect a variety of information from the products that are deployed on your vehicle, via remote access, during our delivery or receipt of content or information to your products, or during in-person service, including:
Data regarding the performance, usage, operation, and condition of the products, including product serial number, geographical location.
Trip logs, including start / end times for trips
We may use information that we collect through the product and services for a variety of purposes, including
To send you promotional material or special offers on our behalf or on behalf of our marketing partners
We may use or share information that does not personally identify you, including, as examples, de-identified or anonymized data, for any purpose
We may disclose your information to third parties in order to comply with a legal obligation (including, but not limited to, subpoenas and warrants);
Shocked disbelief... what... a surprise... didn't see THAT coming...
Slashdot Mirror
And beyond a certain point, the strength of the vehicle -- or lack thereof -- does compromise safety. You can only make a steel or aluminum chassis so light before further reductions compromise its ability to protect occupants in a crash.
I couldn't agree more. Also it is important for everyone to understand that it is only possible to reduce the mass of a vehicle so much before the vehicle itself ceases to exist.
That you refuse to acknowledge this basic fact of physics speaks volumes on your understanding of the issue the OP brought up.
The most basic physical fact is that power = energy / time
Too much power causes injury and death.
Your only options to prevent injury and death is reducing energy or increasing time. Cars are intentionally designed to fall apart in order to increase time during a collision.
Which lays bare the real reason these MPG standards were imposed in the first place: to make it impossible to produce or sell anything except electric vehicles. And since the government lacks the power to ban internal-combustion vehicles, government decided to get around that pesky "we don't have the power to do this" issue by making MPG standards that become nearly impossible to meet with a conventional vehicle. It's the same tactic they've used to attack the 2nd Amendment, trying to ban ammunition since they can't ban guns.
Problem with your conclusions and analogy:
No gun manufacturer would sign off on ammunition bans.
All of the major vehicle manufacturers AGREED to the current efficiency standards.
What I don't understand the industry itself (Chrysler, Ford, GM, Honda and Hyundai) were at the table from the beginning on this. They agreed to and signed off on efficiency changes. What has changed since then other than oil prices currently being somewhat lower than originally expected?
Is there specific objective evidence to support assertions current standards are unreasonable or would even raise rather than lower total ownership cost for consumers?
Not that it much matters at this point... ICE vehicles will eventually be forced out of the market as trend line of energy storage costs continues to reinforce the inevitable.
I'm tired of articles and statistics with speeds that make no logical sense.
From the governments own legal mumbo jumbo (47 USC 1302)
"The term âoeadvanced telecommunications capabilityâ is defined, without regard to any transmission media or technology, as high-speed, switched, broadband telecommunications capability that enables users to originate and receive high-quality voice, data, graphics, and video telecommunications using any technology."
Notice in the description there is no preference of any kind expressed as to directionality. The phrase used is "originate and receive"... not receive only or primarily receive. If 3mbit up is able to do ALL of these things then why the asymmetry? Why is 3mbit good enough for upstream but 25mbit required for down?
Definitions seem awfully specific to the properties of Cable Internet with high downstream and crappy upstream just high enough down to discount much DSL and fixed wireless yet still remain crappy enough to excuse Cable Internet failure to provide acceptable upstream rates.
Personally I would gladly trade in my 150/5 service for 10/10 any day. I don't consider 3mbit up good enough. Others may be happy with 1000/1. Everyone has different needs and value judgments and people can argue all day about what baseline should be. Yet whatever that is should be determined based on objective metrics that fit the characteristics of underlying definition not picking winners and losers by deliberately selecting whatever intentionally fits profile of cable based broadband.
Willing to entertain a specific replacement for cash on the merits so long as it provides similar levels of availability, privacy and freedom as cash does today.
One thing is for sure if there is not going to be cash then governments have to step up and fulfill basic role of providing electronic equivalent of currency same as tax payer funds currently going into managing circulation of physical currency.
Corporations who can set whatever conditions they want, charge ridiculous transaction fees and don't answer to the public/voters must not be allowed to become defacto middle-man controlling all transactions.
We need to adopt instant banking payments similar to SWIFTs solution to have a credible alternative to centralized CC systems. Hand waving think decentralized pay pal without pay pal's transaction fees. It should cost me the same to exchange 10 cents as it does 10 million dollars and I should have the freedom to pick a bank with the most favorable terms. Retailers should feel comfortable passing transaction fees associated with a specific pay method on to the customer rather than absorbing it and allowing it to be externalized. Everyone's feet needs to be held to the fire rather than current system of Visa setting the rules and demanding everyone fall in line or die.
Aren't most smart-card readers themselves USB devices?
Plugging a smart card you find on the floor into a USB smart card reader will not compromise your system.
Plugging a USB stick you find on the floor into a USB port can easily compromise your system.
Certs can be copied to another machine. USB dongles cannot. DoesnÃ(TM)t that make a huge difference and invalidate your argument?
Not if you take steps to avoid it.
This is similar to taking steps from avoiding keys distributed to USB dongles from being duplicated during the process.
Absolutely not. There are crucial differences between U2F security keys and client side certs:
Comments were about practical differences not physical differences.
All physical differences cited vanish when client certs are stored in TPM.
1. U2F keys only sign an auth request when touched. This means that purely remote attacks can't work; the attacker has to arrange for the user to prove that they're physically present.
Anyone can set a client certs to prompt prior to use.
Attackers probably have many sheep to attend to. Waiting for you to press a button before they can hijack your session is probably not top of mind / significant hurdle.
2. U2F keys do not allow a remote attacker to obtain a copy of the private key material. At most the attacker can convince the user to touch the key to activate each authentication operation. With client side certificates, if the attacker can remotely exploit the machine, he can steal a copy of the private key material and have unlimited use of it and most likely the user will have no idea.
You seem to have made a fairly rational case for this being mostly irrelevant in practice when YOU stated the following: "(a) you can revoke the key, (b) the most important risks are from remote attackers and (c) if a sophisticated attacker gets your laptop you're probably SoL anyway."
The key can always be revoked and it's game over regardless if your system is compromised so what effective differences does it make if someone is able to obtain private key by compromising your system?
Regardless of the above nothing prevents client certs from simply being stored in the systems TPM with the same properties as U2F key.
3. U2F keys are highly resistant to extraction of the key material even with physical access. An attacker with physical access can steal the key, but when the user notices it, it will be revoked.
In this scenario does the "noticing" and revocation happen before or after you insert attacker provided replacement key that totally compromises your system?
Again this is exactly what TPM is for except without ridiculous requirement of USB.
That is a risk, but in most environments USB ports are essential and cannot be entirely disabled anyway.
This doesn't mean you make the problem worse by requiring users plug in USB keys in order to access secure resources.
Plus, the primary goal is defense against remote attacks, not physical attacks.
Which is why client certs are sufficient.
If the attacker has physical access to your machine, you're screwed, even if your machine has no USB ports. The one thing that USB blocking/disabling does do is to mitigate the "Thumb drive dropped in the parking lot" attack, and similar.
USB keys hurt rather than helps the cause. If you carried around a smart card and it were stolen and replaced the chance of it being leveraged as a proxy for physical access is much less even if the smart card reader itself is simply plugged into a USB port.
I disagree. I think the security key is the most usable solution, especially if you get the nano-sized keys that fit almost entirely into the USB port so you can just leave them plugged in all the time. This does mean that if you lose your laptop you lose the security key as well, but (a) you can revoke the key, (b) the most important risks are from remote attackers and (c) if a sophisticated attacker gets your laptop you're probably SoL anyway.
In other words client certificates are sufficient and always plugged in hardware tokens unnecessary.
The only real argument against U2F, IMO, is cost. You have to buy the security keys.
Or being stupid enough to allow let alone require use of USB ports in the first place.
Smart cards are 1/4 the cost of YubiKey, readily available from multiple vendors, standards based and have been in production use for well over a decade. Nice to see companies like Google rediscovering and adopting poor implementations of old existing technology.
Direct USB interface is far inferior from a security POV for smart card application because an unguarded USB dongle can exploit the attack surface of an elephant standing on a giant turtle standing on a 747.
Covert replacement of USB devices is a massive and very much unnecessary attack vector for total system compromise vs smart card. Exposing USB ports to end users in a secure environment is a completely idiotic idea.
Everyone in our shop has used client certs for years and we are only a little shit operation with a few dozen people. It costs nothing to implement and offers substantially the same "phishing" protections.
Personally I don't buy or understand the threat modeling behind Google PR statements.
If Google lacks a trustworthy internal means of communications and employees were previously being suckered into giving an attacker their credentials then certainly an attacker would also be able to get a substantially similar number of users to install malware that could be leveraged to effectively defeat benefits of hardware keys.
Would very much love to see statistics on Google employees being subject of social engineering prior to deployment of 2FA.
Problems can also be avoided by using secure authentication protocols and training users only to enter password into system provided dialogues protecting end users from having their credentials stolen even if they mistakenly attempt to login to an attackers system.
Entering clear text into adhoc web forms is a good example of insecure authentication.
TLS level PAKE such as TLS-SRP is an example of a secure authentication which does not place user credentials at risk of compromise even if the user is being stupid.
I mean, you can use a hammer for a lot of things. One of them is smashing yourself in the head for a couple hours.
I don't consider that the hammer's fault.
This isn't about individuals. It's about the aggregate impact of a specific technology on the world and taking responsibility/ownership of the outcome.
Assume half the people who used a hammer ended up smashing themselves in the head.
Assume all of the people using nail guns retain all of their marbles free of brain damage and live longer more productive lives while accomplishing the same tasks as hammer users.
In this case hammers are still shit in the aggregate even if outliers are able to use one without smashing themselves in the head.
What if everyone replaced fuses with nails and installed Asbestos insulation? So your house burns down due to a short caused by something else. That's not the nails fault. If you were more careful the short could have been avoided and your house wouldn't be a pile of smoldering rubble.
So you get some aspestos fibers lodged in your lungs during a renovating. That's not the insulations fault. If you were more careful this could have been avoided.
The fact that it is physically possible to use a tool in a certain way and get a certain outcome does not excuse the aggregate effect of the existence of that tool.
An absolute expert will have twenty tools in their toolbox for solving whatever problems they encounter, and each tool will have a different application. Just because there are programmers who range in skill level from, "Master of all things hammer," to "Barely able to hammer in nail without breaking thumb," to "Will use hammer to drive in screws and bolts, because they are an absolute master of the hammer," to, "Master of all things hammer AND SCREWDRIVER," doesn't mean the hammer is a bad tool.
Lets stipulate one of the twenty tools in the toolbox is in fact a bad tool. How would you determine that given the above? How is this concept falsified?
Nope, raises cost and is pointless on 99.99% of the macbooks sold.
Nope, 99.99% of MacBook users replace hard disks themselves.
Engineering for the outliers and rare cases is wrong.
This is what engineering is all about.
Don't blame tools for the things that people do with them.
Why not? Isn't this the ultimate judge of usefulness of a given technology? If it isn't fair or a useful objective measure to judge end result of leveraging a technology then by what metric should judgment be passed?
They wouldn't be so easily confused if the DuckDuckGo landing page didn't look nearly identical to Google's landing page. Contrast to Bing, Yahoo, Ask, Startpage, Qwant, Yandex (#1 in Russia), Naver (#1 in South Korea). The only other major search engine which makes the same mistake of copying Google too closely is Baidu (#1 in China).
They don't look "nearly identical" to me.
Android (the OS) sends your location data to Google. That's worth something. You're paying for Android.
No it doesn't. Google play services do.
First, Android is not free.
Yes it is, source code and all. Free to everyone who wants it or wants to modify it to suite their needs. It's mostly Apache and GPL license.
You pay for it with your personal information.
You pay for Google play with your immortal soul not Android.
Sure fire way light fires necessary to get more alternatives to Google play's malware developed.
As for charging for Android... this is without a doubt the most hilarious idea I've heard all day.
https://restoreprivacy.com/goo...
What a bunch of hypocrites. Restore privacy site uses third party tracking bugs with data sent to innocraft.cloud
Reminiscent of all those GDPR sites containing Google and Facebook trackers with no warning or consent.
People like the free services that are paid for by ads, that's the benefit they provide.
Paid for by industrial scale cyber stalking is more accurate.
what they don't accept is Facebook leaking their personal data to other companies
Or stealing / collecting it in the first place. I don't recall ever signing up for Facebook or asking them to keep a record of every website I visit. They do these things on their own initiative by leveraging their monopoly position just like Google does. Good luck finding anyone who believes this constitutes acceptable behavior.
being a source of fake news
The day "I heard it on the Internet" (tm) ever becomes a phrase that is not mocked mercilessly is the day the Internet has died or is no longer worth using.
What's sad is that Google is actually one of the best. They have a massive amount of personal data to protect, and they haven't had a major breech.
To say they've never been breached when Snowden leaks demonstrated total compromise of high bandwidth data links between Google datacenters is rather lazy and disingenuous.
They don't sell that data to anyone else,
The problem is possession in the first place. It's like having your home robbed and being told to relax as thieves who stole yer shit will likely be donating it to charity.
You most certainly CAN legislate morality. The American War on (some) Drugs is a perfect example of this.
Hundreds of thousands of people are being killed in South America with some governments flirting with becoming failed states thanks in large part to America's war on drugs.
Soliciting in a public place, kerb crawling, having or managing a brothel, pimping and pandering, are crimes. They should just outlaw whores anyway, they spread disease and bring other crime
The consequences of resulting loss of legitimacy is usually worse than the "problem" you are trying to fix.
Governments monopoly on violence can only be used to beat down outliers. It's not a magic wand. If you want a magic wand move to North Korea.
If it can suggest to me some shows that I will enjoy and would otherwise have missed, and it doesn't cost me any money, then I'm all for it. And conversely it keeps a lot of garbage off the air by letting them know what I don't watch.
The objective function is NOT making you happy. It's maximizing profit.
I feel this is information that really can't hurt me.
When they are able to determine the limits of your tolerances to "garbage" good luck believing it won't be maximally leveraged against YOU.
I don't see them querying my TV to see what I was watching on the evening my mother in law was suspiciously murdered or anything.
I don't either. This would be pointless and redundant as all of the data would have already been transmitted and stored by a third party subject to the third party doctrine.
Well, if a company doesn't tell you they're going to cooperate with a court order you can still take it for granted that they will. Look at it this way: suppose they
The point here is they are making unqualified statements that are obviously false.
explicitly said they won't ever share your position information with law enforcement. Would you really expect that a court would enforce that promise when it contradicted a court order?
I would expect companies not to be able to provide misleading information to their customers and not pay a price for it. Court enforcing or not is not the issue. The issue is misleading assertions offered about product on the front end.
Nothing in the latter quoted section conflict with the former quoted section.
It ALL does.
They don't share your information, they will market on behalf of partners (that to me sounds like this company screens their partners and contains all interaction with their data to themselves, not the partners).
WRONG. Privacy policy says they can share it for ANY PURPOSE so long as it is not personally identifying. "Personally identifying" is a meaningless restriction that conveys no useful information.
This is like NSA arguing with a straight face in front of congress they only collect phone numbers not names and addresses. Even IP addresses in the US are not considered personally identifying neither is a list of everywhere you go with your name removed from it. The qualifier is absolutely meaningless in the United States.
Obviously trip logging for the GPS aspect of the application. If they tout a feature to find your vehicle and see driving history, then wouldn't they *need* to log trips?
Of course they would not. The thing has a cell phone built in they could provide you with an E2E tunnel to the data only you have encryption key to access.
Lastly please point out an American company that would not be guilty of obstruction of justice if they did not comply with a legal obligation (e.g. subpoena and warrant)
IRRELEVANT. They say without qualification they NEVER share data with law enforcement. It simply doesn't matter what their legal obligations are. It's not the point. Saying one thing and doing another IS the point.
Bay area startup high on crystal meth going out of business in 3...2...1.
Rplate Pro users can rest assured that their data â" especially usage/telematics information â" is never shared with the DMV, law enforcement, or any other third party.
Telematics data is not uploaded to Reviver Autoâ(TM)s US-based cloud infrastructure and is not available when the user turns off the functionality from their app or our Rconnect website. The telematics data belongs to the user and is never sold to third parties.
ZOMG Finally a company who respects their customers!!1!!!!!!
Now lets go see what their real privacy policy has to say about this:
We may collect a variety of information from the products that are deployed on your vehicle, via remote access, during our delivery or receipt of content or information to your products, or during in-person service, including:
Data regarding the performance, usage, operation, and condition of the products, including product serial number, geographical location.
Trip logs, including start / end times for trips
We may use information that we collect through the product and services for a variety of purposes, including
To send you promotional material or special offers on our behalf or on behalf of our marketing partners
We may use or share information that does not personally identify you, including, as examples, de-identified or anonymized data, for any purpose
We may disclose your information to third parties in order to comply with a legal obligation (including, but not limited to, subpoenas and warrants);
Shocked disbelief... what ... a surprise... didn't see THAT coming...