> Why are your reasons for believing something more plausible. But that is not the mindset of an emotionally charged person.
Unfortunately, that is so. But usually, that person's motivation is to feel understood, valued, respected, and safe within the reality / status quo they've come to understand is their best guess. When you realize their specific fears, it makes it easier to empathize and work with them on seeing from other perspectives, and that those perspectives don't threaten them, even though they are not innately familiar or intuitive initially... But that can be quite challenging.
I'm not sure what Giuliani's motivations are, but if they aren't emotional on a personal level, they aren't his own fears, which doesn't work the same way...
Exactly. It's definitely cognitively dissonant to say to someone, "You're wrong, let me see your facts... but I don't have facts about why you're wrong."
I think something to reiterate is that it never goes well when you tell the other person that you disagree with them. A person is not just one idea, they're made from thousands... You're merely disagreeing with one idea, and that should be made clear when you're speaking with them. Regarding the parent comment's terminology of "calling bs", that's a bit of a harsh way to put it, or approach it, if you're trying to reconcile a difference of opinion over a single idea, and not fundamentally pointing at another person and saying, "You are your one bad idea and I don't like either."
Definitely agree. It's difficult to convey that level of charm / diplomacy via text, for me at least. Body language and other props being available also play a big role in making someone switch focus, and at least feel positively about the overall interaction, even if I ultimately agree to disagree (and state that, or not).
If I feel as though the online recipient of my messaging isn't receptive, there's really no need to contend in the first place. I don't have to change everyone's mind, nor is it really my place to do so ...
Absolutely a clear signal that their belief is emotional. If you step on that toe just make it clear that you aren't questioning them at all, in fact, "you agree with them... you just wanted to know some sources to point to when those other nosey people who question our beliefs do so"... and diffuse the situation.
You really just want to make the other person feel "heard" and respected for their opinion, if that's the level at which they communicate.
Most people just want to feel some control over their lives, so telling them they're wrong and trying to reframe their reality might not ultimately be a positive, as long as their beliefs allow them to remain predictable and act within reason in their society.
What's their motivation? If it is to knowingly start and propagate lies, then you're obviously not going to get them to change. If it's to parrot falsities to feel control or look smart (what I believe PG is referring to as "conventional-minded"), figure out ways to subtly shift that without making it clear you're undermining them, if that's your motivation. It doesn't have to be all or nothing unless you're a cult leader or protecting a loved one from a con.
But then, hey, why is your reality the correct version of reality?
"The skimmer injects a loader into the page source as an inline script."
"Given the obfuscated nature and supply chain origination of in-browser attacks, traditional CSP-reliant approaches miss most of these types of attacks."
"Also, a lot of CSP policies don't limit WebSockets usage."
...But CSP is very aggressive with denying inline scripts.
Could be a browser plugin, or maybe an infected common JS package?
I believe I (+ the paper) addressed counterarguments 1-3, so agree to disagree. But...
> Also from a theoritical point of view: it's a completely different communication channel, so if someone has somehow taken over the first channel (via some malware running on the email client/computer), then they still need to take over second channel.
...is a very good point. Although, (without any data to back up this claim), I would think most users with a compromised device have a fully compromised device.
Edit:
> Hoping for security by obscurity (i.e. the 2nd email is now a "secret") isn't great.
To clarify, that's not exactly the point. If the attacker discovers the value for the phone number or 2nd email (through a data breach), then it becomes targeted, which brings us back to the security of SMS vs email (the parent article).
Beyond marketing, I've never understood SMS as the default 2FA over just using a second email as the 2nd factor.
Everyone has a 2nd email, personal + work or school.
You could argue that both emails are probably accessible from an email app on the phone, but if the phone is stolen, then that's no worse than SMS or ToTP apps also on the phone.
You could argue password reuse, but if the address used for 2FA is never exposed to the end user after being set+verified, then the attacker would have no way of knowing the victim's 2nd email address.
Unless the attack is targeted... But if the attack is targeted, then we're back to SMS being vulnerable.
So, what it comes down to is 2nd email as 2FA is more secure and more efficient than SMS out of the gate... (and much cheaper)...
And, if I use a very obscure and otherwise not used email (with its own security + strong password), even a targeted attack has no better chance than a ToTP app on an offline device, like an iPod touch.
So:
- 1st.) ToTP on offline device (most secure, most expensive, most difficult to learn, hard to use),
- 2nd.) 2nd email (can be most secure, cheapest, easiest to learn, easiest to use), and
Why didn't we all default to 2nd email then, instead of SMS as a paradigm? Actually, was used, and still used by Gmail from the beginning (even in conjunction with ToTP now)...
Elastic Search developed a custom license to prevent strip-mining by AWS. Other companies soon followed, including Timescale, which produced different licenses in 2018, then 2020, for different purposes to address needs at appropriate stages. Their write-up on the process addresses other licenses that might be of interest to you:
"Twitter on steroids" [0]
[0] https://en.m.wikipedia.org/wiki/Pownce