In Shenzhen, they told me that I can take the full test on any visa if my permitted length of stay is 90 days or more. Supposedly the US embassies now issue 90 day visas for Americans, so I am hoping to try that route soon as I have already been through two temporary licenses...
Surprised to see this here but happy to answer any questions! Driving across China and getting to use the latest EVs has been quite fun and I hope to do it even more in the future.
Most apps (on desktop or mobile) open third party auth flows inside the user's default browser, which makes this a non-issue. For one, if you embed the Google login flow into your app then I can't reuse my existing session in my browser. But it also exposes my full credentials to your app for no reason, which is a good thing to avoid.
My Cloudflare enterprise order form has costs for overages for Workers and the following language about everything else:
> If Customer exceeds any of the Total Quantity for the Services below, Cloudflare will invoice Customer in arrears at a rate that corresponds to the rate set forth in the table after this
one labeled “Excess Usage Pricing.” If no such Excess Usage Pricing table has been added by the Parties to this order form or if such table does not include the Service(s) for which
Customer has exceeded the Total Quantity, then the Parties will negotiate in good faith an increase in the Fees for such Service(s). Should the Parties fail to reach an agreement on
an increase within thirty (30) days of Customer’s receipt of notice from Cloudflare that Customer has exceeded its usage cap for the Service(s), Cloudflare will have the right to
immediately terminate such Service for its convenience, and without liability to Customer or any third party.
Your whole account is undisclosed marketing for this service. Fingerprinting in this manner is highly unlikely to be viable - there are too many middleboxes at the TCP layer to try and fingerprint on it.
0.5% is a pretty incredibly low interchange rate in any case. But if you are saying that half of it is going to scheme fees, I doubt it is funding rewards programs for consumers.
I know plenty of security researchers who exclusively use Claude Code and other tools for blackbox testing against sites they don’t have the source code for. It seems like shutting down the entire product is the only safe decision here!
It’s pretty interesting to me that Cloudflare is collecting additional client-side data for individual customers. This is not widely done by most anti-bot solutions.
A bit skeptical of how this article is written as it seems to be mostly written by AI. Out of curiosity, I downloaded the app and it doesn't request location permissions anywhere, despite the claims in the article.
I've noticed Claude Code is happy to decompile APKs for you but isn't very good at doing reachability analysis or figuring out complex control flows. It will treat completely dead code as important as a commonly invoked function.
Verizon did manage to convince the FCC that this was enough a problem to change their settlement agreement[0] requiring more frequent unlocks. If you believe their numbers, they lost 700,000 phones to fraud in 2023, although a lot of those were probably any unlocked phone that defaulted on its payments.
Although I don’t like Flock, I’m a bit skeptical of the claims in the article. Most screenshots appear to be client-side JavaScript snippets, not API responses from this key.
In the bug bounty community, Google Maps API key leaks are a common false positive, because they are only used for billing purposes and don’t actually control access to any data. The article doesn’t really prove ArcGIS is any different.
I don't think there is any reason to assume they would allow forced code execution just because they allow data residency for mainland accounts. And unfortunately, China is likely a much larger and more profitable consumer market than India - presumably they can still export phones produced inside India without this.
Even in mainland China, where iOS does have a large amount of changes to comply with local regulations, Apple does not pre-install any apps from anyone.
It’s great that you have coverage across multiple countries. I’ve noticed most budget apps cannot handle multiple currencies at all, much less automated sync across multiple countries.