> We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API. We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.
However, I think a fundamental issue arises if you are going to pay people to see ads: What if someone forks Brave, and creates a browser which blocks all Brave ads, while pretending to click on them?
Neither of the two solutions I can think of are pleasant ones: you either need to somehow verify that that ads are viewed by a human (i.e. CAPTCHAs), or use DRM-like mechanisms to hide a token in Brave’s brinary, so that only “honest” browsers can get paid.
> It added it had received the microphone data only as code rather than audio, and that it could match that code with audio data from a match.
That sounds funnily absurd to me. By that line of argument, even sound is not really audio. After all, it's being encoded as air pressure waves :-)
EDIT: Pardon my ignorance. Based on Google Translate's translation of their statement [1], it seems that they are using some kind of perceptual hashing which is quite interesting.
HSTS is trying to protect against a specific kind of Man-in-the-Middle (MITM) attack: when the man in the middle pretends that the website you are trying to access does not support HTTPS.
I believe trying HTTPS first wouldn't help: the MITM would refuse your connection, and your browser will try HTTP after that.
With HSTS, the server tells your browser that it is going to support HTTPS for a while. Now, if your first connection to server is secure (no MITM), from now on your browser will know that this particular domain supports HTTPS. So, it will know something fishy is going on if a MITM tries to pretend otherwise.
Around that time my cousin, who was three years older, was in high school. He was having considerable difficulty with his algebra, so a tutor would come. I was allowed to sit in a corner while the tutor would try to teach my cousin algebra. I'd hear him talking about x. I said to my cousin, “What are you trying to do?” He says, “I'm trying to find out what x is, like in 2x + 7 = 15,” I say, “you mean 4.” He says, “Yeah, but you did it with arithmetic. You have to do it by algebra.”
I learned algebra, fortunately, not by going to school, but by finding my aunt's old schoolbook in the attic, and understanding the whole idea was to find out what x is – it didn’t make any difference how you do it
For me, there was no such thing as doing it “by arithmetic,” or doing it “by algebra.” “Doing it by algebra” was a set of rules which, if you followed them blindly, could produce the answer: “subtract 7 from both sides; if you have a multiplier, divide both sides by the multiplier,” and so on – a series of steps by which you could get the answer if you didn't understand what you where trying to do. The rules had been invented so that the children who have to study algebra can all pass it. And that’s why my cousin was never able to do algebra.”
If whoever develops and hosts the service gets to limit what is allowed, then why Google shouldn’t censor its search results?