HackerLangs
TopNewTrendsCommentsPastAskShowJobs

hogwasher

53 karmajoined 5 miesięcy temu

comments

hogwasher
·3 dni temu·discuss
I've seen that a lot more often lately because of AI botnets. Supposedly the bots come (or appear to) from some countries more than others, and sometimes websites are just banning a whole country because the load from bots is so bad they it outweighs a small number of real human visits.

Could also be an "instead of implementing legally mandated ID verification, we will simply block all traffic from any country that requires it" thing.
hogwasher
·13 dni temu·discuss
[flagged]
hogwasher
·13 dni temu·discuss
Neither Anthropic nor anyone in the Trump administration can hold a candle to kabuki theatre.

(I know that's not what you meant, but still! Art, the LLM and the Trump admin cannot.)

Anyway yeah this is beyond absurd of them to fuss about this. Oh no, the thieves that stole from checks notes basically everbody have been robbed of the stolen goods and nooow they care about copyright, huh, how shocking. I'm sure they'll settle all their court cases with artists and admit fault now, right? ...right?

Yeah no, fuck 'em.
hogwasher
·17 dni temu·discuss
The rest of it sure does read like "content", yep. There's no substance. It's short. And then there's another book ad.

It reads like someone used an LLM to cough up an article as an excuse to show the book ads. Though I don't actually think it's LLM-generated, mostly just because of the unnecessary ALL-CAPS in the middle, and the overuse of bold, italics, and underlining throughout.
hogwasher
·24 dni temu·discuss
You can copy a shared link and use the browser url bar to open it in a private window, or delete the extra crap at the end of the url (anything after the ? in a lot of cases).

Granted, that doesn't help for the service you're using to communicate with people (phone provider, real time chat service, email provider, whatever) and/or store your contacts. Especially if you're talking to someone who, say, hasn't turned all the creepy Gemini stuff off in their Google account and it's scanning all their emails and learning the names and emails of everyone they talk to.

Or any app that has location permission and can detect that you're in the same place as someone else.

I'd think they can probably figure it out by time too, after enough shared videos. Like, see that when x account opens a video, then y account also opens that same video within such-and-such an amount of time, or vice versa.
hogwasher
·24 dni temu·discuss
I think they want discount codes from "sign up to our mailing list!" emails. If it's in the promotions tab, they probably never have to look at it otherwise or get bugged with notifications, but they could still have it there to check when they happen to be making a purchase anyway.

Depending on the email program, you have to open them to unsubscribe, too. But maybe your stats tool would discount opens immediately followed by unsubscribes?
hogwasher
·w zeszłym miesiącu·discuss
Ok, but I can't possibly be the only one who has no idea who that is, let alone what misconceptions they have.
hogwasher
·w zeszłym miesiącu·discuss
That is definitely a difficult battle to fight, but why do you think kids can't bypass these government-level restrictions just as easily as they can your own? Especially since governments are usually slow to respond to whatever method of bypassing it is used, if they respond at all (especially once it's no longer the topic of the minute).

People can bypass these restrictions with video game character creation tools, with generative AI, with a VPN (something that's very hard to ban in practice because corporations rely on them, and of which some are free), with copy-pasting random ID photos from the internet, with borrowing a parent's or teacher's or other adult's ID, with using a website scraping alternative (some of which can be self-hosted, or hosted by one child for many others) instead of the website itself, and so on. Heck, they can use websites hosted in Russia (or other countries), like a lot of pirates do.

And whatever the easy bypass method ends up being, they'll all end up knowing it, because they go to school and talk to each other, and because they'll always have at least some access to some parts of the internet no matter what.

Meanwhile, these age verifications laws are labeling all the children (who don't bypass it) as children, and that information WILL be leaked, inevitably, as it already has been (from Discord, for example - a service that shamelessly retains and processes every message it hosts, even after the user 'deletes' it).

When ID info is leaked, it leaks the child's age, their real name, and (often) their real address, their phone number, and their appearance. A surprising amount of information might be deducible from any selfie or video that was required. And in combination with an app's other data (or other data about them that has been included in databases and/or leaked and/or shared on the internet previously and which can be matched to them based on email or phone number or username or browser cookies or IP address or etc), it can leak their interests, hobbies, hopes and fears (discussed with friends), favorite hangout spots, the name and location of the school they go to, their regular routines or travel schedules, etc - anything at all that they might have discussed via the app, or whatever might be concluded just by their proximity to their friends (e.g. maybe they don't directly know that a kid lives in X location or plays Y video game, but if every day they talk to a bunch of other kids who definitely live in X location and play Y video game, then they probably live in X location and play Y video game too).

When all that data is leaked, all that data is now available to predators. And it's very, very hard to remove it from the internet after it's out there.

That data, even just from a single leak, could make it so easy for someone to target a specific child, contact them, tailor their lies to seem as trustworthy and likable to the child as possible, anonymously harass them online, threaten them, stalk them, or attempt to persuade them that yes, he does know their parents, and they definitely sent him to pick them up from school.

To me, all these laws seem realistically likely to do is unintentionally but significantly endanger the children they claim to protect. I don't see how it can be anything but a devil's bargain, even if we only "think of the children" and disregard other concerns.

At the least, it should have been proven to be more effective than regular parental controls before even being considered as an option, but so far, it doesn't seem to be so at all. And if there's little to no additional benefit, or we're not sure if there's a benefit or not, or if it's shown to be less effective, then why ever choose it over the regular parental controls that don't carry this huge additional risk?

As to enforcing age limits otherwise, well. I confess I don't think there is any way children won't just find a way around. I think the best defense is just educating children about how to navigate the internet and its potential threats, making sure the children don't see their parents as distrusting of them or oppositional (so that they feel comfortable enough to go to their parents for help or reassurance if there's a problem, instead of hiding the problem because they don't want to be yelled at for being on the internet or such-and-such website at all), and - an element I think a lot of parents miss - making sure they have a lot of appealing options for things to do or ways to socialize outside of the internet. If you occupy their time by indulging their non-internet-focused hobbies and interests (and maybe engaging in them with them, to spend time with them), or letting them visit friends in person, then that's time they're not on the internet and likely don't even want to be. I think that this is the option that best sets up the kid to continue having a healthy relationship with the internet after they turn 18 and are even more out of your control.

That said, as far as device parental controls go: instead of focusing on phone-level controls, I recommend using your router's network-level parental controls, as well as the phone line controls for whatever company you get your data form (if they have a regular smartphone, as opposed to a more limited one, which do exist as an option). For your own wifi network, you can even set it up to use a whitelist of devices so that your kid can't even connect to it from a non-approved device. That doesn't stop them from potentially still sometimes accessing the internet using a friend's phone, but it'd cut down on how the amount time they have that access, and do so more effectively than government age restrictions. And in any case, you also can't always stop them from looking at a dirty magazine that they find at a friend's house, or from reading a hateful tract that someone hands them on the sidewalk, or from watching a terrible channel broadcast on a TV in a diner. But you can potentially influence how they handle it when they encounter these kinds of things.
hogwasher
·w zeszłym miesiącu·discuss
YES. Not just the Google class action notices - though those, which Google was court-ordered to send and deliver, are the most egregious - but ALL class action or settlement related emails get automatically chucked into to my gmail spam folder no matter what.

And they don't ever forward spam, even if you've set up mailbox forwarding to an external address. There's no option for it. So to ever see those messages, I have to use a complicated custom rule to force it to forward all the spam to me, too.

I think it's too consistent and longlasting a problem to be accidental. I think they're spam-holing all class action notices, instead of just Google ones, so that they can claim it's just a general error in their automatic spam filter.
hogwasher
·2 miesiące temu·discuss
Have you not encountered the eleventy billion subscription services and merch stores? Those make a loooooot more money for creators than ads these days. Even the dirt cheap ones. Similarly, there's a reason so many youtube channels get their own sponsors instead of relying on youtube's ads pittance.

If you successfully block adblock (tall order is tall), a lot of people really do just go do something else, instead of resigning to the ads firehose. And adblock users are still (somehow) in the minority, I think.

Also, this loops right back around too Google's ad monopoly. They have a stranglehold on both sides of the market, able to maximize spend from marketers and minimize payouts for those showing the ads, to maximize Google's profit at cost to everyone else.

Before theft-by-Gemini-Summary, there was Google News, with Google just wholesale copying articles into Google's feed reader so they could collect the ad revenue instead of the writers and publishers.

They've abdicated any right to complain about copyright violations of their own IP, at this point. Either copyright law is the law, or it isn't: can't be both ways. In practice, lawyers cost money and Google has much more than Random Adblock User 6, but morally speaking, they have no high ground to speak of.

Anyway... If Google doesn't any longer drive traffic to websites, then the operators of said websites will no longer have a reason to allow Google to index them in the first place. You can't have a very effective search engine if too many major sites block its crawlers.

I don't think the AI bubble is going to last, but if it did, I expect this all would end up compounding the "LLMs training on LLM generated content and churning up other LLM content" spiral into ever more useless drivel.
hogwasher
·2 miesiące temu·discuss
This is because of the Google I/O (developer conference) announcements this week. They're about to overhaul their regular search and make it even more garbage, to the point - so it sounds - of it being more just a Gemini chatbot interface and less an actual search engine, ergo: not Google anymore.
hogwasher
·2 miesiące temu·discuss
If you don't use their sync service, all your vault files are local only, and there isn't any mysterious telemetry happening in the background.

If you do use their sync service, it's end to end encrypted with your own local-only password, so Obsidian doesn't have a backdoor to your encrypted remote files either.

If you don't trust Obsidian's sync service, but want to sync files, you can sync your files in any other way you choose, like with git or webdav. You can keep it all self-hosted if you want to.

You could encryt your entire local vault too if you want to.

Obsidian's business model is just selling the sync subscription service. There's no ads component to incentivize data collection/tracking and pissing off their entire customer base.

So I can't find it in me to be worried about this one.

And if Obsidian did go rogue one day, the files are basically exported already, so whatever, it'd be easy to switch to something else.

I think the open-source obsidian plugins that aren't yet popular enough to have a lot of eyes actually checking over the source code yet are more suspect than Obsidian itself. Open-source on its own doesn't always actually prevent malicious actions or privacy violation, since most people just treat "open-source" as "this app is automatically trustworthy because surely someone else is keeping on eye on it" and either don't know how or don't bother to look at the source code themselves. But I'm not actually worried about that, either.
hogwasher
·4 miesiące temu·discuss
When I started using them, they did this by checking against Paypal, with whom (admittedly to my regret) I had already verified myself. I wasn't asked to provide a copy of my ID to them directly, at least, or to provide it anew to one of those random ID verification companies that are popping up out of the woodwork.

It also just bothers me less in this case than in most because, no matter who you buy from, if you ever need to verify ownership of your account/domains, you may eventually be asked to show ID/verify your identity anyway, and if you can't prove you're the person who bought the domain then you risk losing it (say, by not being able to regain control of it after it is stolen). And if it's a domain you've tied your email or business to, and you've pre-payed 10 years, that would suck majorly.

So I feel about it more or less how I feel about my bank needing ID, personally. But I definitely get why others may not agree/may have a different use case to begin with.

I think also there is a big problem with scammers using stolen credit cards to buy domains, which they use to send phishing email or operate malicious websites. Preventing this at least makes way more sense as a motive than "protect the children by identifying all of them".

If you buy from elsewhere, you can find a way to avoid the ID verification, but most places will only take digital payment, so they still probably end up with your card number and name.

I'm not a fan at all of age verification laws and websites requiring ID, but this one I tolerate, personally. But I won't blame anyone for not doing the same.
hogwasher
·4 miesiące temu·discuss
Some electronics insurance providers will do that in the U.S. I'd say that kind of refund isn't typical otherwise.

But if the RAM was sold with Umart's promise to replace it (or the local laws' requirement that they replace it) if it prooved faulty within such and such a time period, then they owe the buyer a replacement.

If they don't want to provide an actual replacement, anything less than giving the buyer a full present-day replacement's worth of money, or a genuinely equivalent or better product, is breaking their own guarantee and/or the local law (I don't know Australian law).

They can't just say "actually it's more expensive now and we don't want to honor our replacement guarantee anymore, so we'll only give you a quarter of a replacement's worth of money instead". That's absurd.

They just want to shove their own bad luck/the consequences of the RAM shortage off on their customers in any way they can, whenever they think they can get away with it.
hogwasher
·4 miesiące temu·discuss
Are you suggesting all messaged photos should be scanned, and potentially viewed by humans, in case it depicts a nude minor? Because no matter how you do that, that would result in false positives, and either unfair auto-bans and erroneous reports to law enforcement (so no human views the images), or human employees viewing other adults' consensual nudes that were meant to be private. Or it would result in adult employees viewing nudes sent from one minor to another minor, which would also be a major breach of those minors' privacy.

There is a program whereby police can generate hashes based on CSAM images, and then those hashes can be automatically compared against the hashes of uploaded photos on websites, so as to identify known CSAM images without any investigator having to actually view the CSAM and further infringe on the victim's privacy. But that only works vs. already known images, and can be done automatically whenever an image is uploaded, prior to encryption. The encryption doesn't prevent it.

Point being, disallowing encryption sacrifices a lot, while potentially not even being that useful for catching child abusers in practice.

I'm sure some offenders could be caught this way, but it would also cause so many problems itself.
hogwasher
·4 miesiące temu·discuss
I think it was clear what they meant.
hogwasher
·4 miesiące temu·discuss
Sure, but then everyone moved to Facebook. The monopolist changed, but not the monopolistic market and the lack of consumer choice.

And nobody gained privacy in the process (I rather think everyone lost even more of it).

The situation currently permits only a tiny number of winning companies at a time, and the userbase is locked in even as the site becomes wildly unpopular, until some threshold of discontent is reached, and then everyone moves, and then that new site also enshittifies and the cycle repeats.

Federation is a mechanism whereby people would be able to actually choose providers as individuals and at any time, instead of having to wait years for a critical mass of upset people to build up and leave [current most popular social media site], and instead of being forced to go to [new most popular social media site].
hogwasher
·4 miesiące temu·discuss
Most people couldn't tell you how their car works, at least not enough to fix it. Is that handholding, too?

People can't be knowledgable about everything. There's just too much information in the world, and too many different skills that could be learned, and not enough time.

A carpenter can rely on power tools without understanding fully how the tools work, and it's fine, as long as the tools are made to safe standards and the user understands basic safety instructions (e.g. wear protective eyewear).

To me, making sure that apps don't screw with people, even if they don't understand how the apps work, is roughly the equivalent of making sure power drills are made safely so they don't explode in peoples' hands.
hogwasher
·4 miesiące temu·discuss
It definitely ignores that many people don't have time. If someone is working over 40 hours per week, plus maybe doing unpaid labor taking care of kids or elders, where are people supposed to find the time and energy to brush up on a million different topics they don't even know they might not know enough about? Especially if they might also have medical issues, or hobbies, or want to have any time at all to relax.

Obviously, one way to improve the situation would be to make sure people are paid fairly and not overworked and have access to good and affordable or free childcare and elder-care and medical care, but corporations don't want that either. If anything, they're incentivised to disempower workers and keep them uninformed, and to get as much time out of them as they can for as little money as possible.
hogwasher
·4 miesiące temu·discuss
Whether Facebook/Meta can read the plain text of the messages or not depends on whether that encryption is "zero knowledge" or not, aka: does Facebook generate and retain the private encryption key, or does it stay on the users' devices only, never visible to Facebook or stored on Facebook servers?

In the former case, Facebook can decrypt the messages at will, and the e2ee only protects against hackers, not Facebook itself, nor against law enforcement, since if Facebook has the decryption key they can be legally compelled to hand it over (and probably would voluntarily, going by their history).