HackerTrans
热门最新趋势评论往期问答秀出招聘

TechBro8615

no profile record

评论

TechBro8615
·去年·讨论
Safari content blockers are not enabled in embedded Web Views.
TechBro8615
·去年·讨论
No, usually this is done behind closed doors and away from the press.
TechBro8615
·3年前·讨论
Ideally you'd use the most common name, in order to maximize the size of your anonymity set. So you could go with "John Appleseed" to get a "john" home directory and a "John's MacBook Pro" hostname. But in a small community, to local observers seeing your device on bluetooth screens, you might get weird looks ("there is no John here, why is this sus?") whereas "iPhone" looks like a default. And for non-local observers, your choice of a name like "John" suggests you're a westerner named John. So by just going with "iPhone" or "MacBook" you're in a smaller anonymity set but also not drawing attention to yourself in your local area, and not externally leaking information like your locale (although of course you could always leave a false trail by using a cyrillic hostname).

Some other leaky, seemingly private identifiers are SSH pubkeys (I always delete the comment trailer), which are sent to every server you SSH to and also published to places like GitHub, and WiFi SSIDs (which are visible to any application with access to the network stack, and unfortunately aren't entirely within your control - often a list of nearby SSIDs, combined with a mapping of SSID to geolocation, is enough to triangulate your location to within a meter, which is one of many reasons I disable WiFi in favor of ethernet whenever possible).
TechBro8615
·3年前·讨论
I do the same, mostly because I don't like my full name showing up in every subpath of the home directory. Sometimes this leaks far beyond your local computer, too, since many build tools include some path info in the compiled binaries. You can download apps from the app store, run `strings` on them, and find the username of the developer who built the binary.
TechBro8615
·3年前·讨论
Brave recently added a feature requiring permission to access the local network:

https://brave.com/privacy-updates/27-localhost-permission/

On HN: https://news.ycombinator.com/item?id=36574775
TechBro8615
·3年前·讨论
When you want to add a sandboxed scripting language to any system, you might implement something like this. For example, a multi-tenant web proxy that lets users script functions for transforming requests, or a game that lets users script the user interface elements, would be two valid use cases.
TechBro8615
·3年前·讨论
Maybe, but smart TVs - and dumb TVs too - have pretty bad speakers. It seems like having a "soundbar" or equivalent is more common than not.
TechBro8615
·3年前·讨论
What do you use your TV remote for? At my parents' house we have a TV and a cable box, each with its own remote. The only reason to use the TV remote is to turn the power on and off. All the other functionality is in the cable box remote.
TechBro8615
·3年前·讨论
Why not just buy a monitor? It's got an HDMI port.
TechBro8615
·4年前·讨论
Pretty much every "file" you create on your iphone is uploaded to iCloud by default. For example if you take a screenshot, it saves to your photos library which defaults to uploading new photos to iCloud immediately.
TechBro8615
·4年前·讨论
If you delete TikTok does the illness dissipate?
TechBro8615
·4年前·讨论
I would think it would be fairly obvious that a candidate could be “bought or bribed,” simply from the fact they’re asking for a job in the first place. They’re willing to exchange their time for money, i.e. “be bought.”

So why do people not commit corporate espionage? Well, it might have more to do with character traits than financial stability. In fact, most spies probably have their life fairly well together, and will have perfect credit. As for any asset they might compromise, what’s the difference between someone with poor credit applying to a job because they need the money, vs. applying to a job because they need more money from your enemy bribing them? I’d argue the difference comes down to character.

So for that reason, I’m skeptical of the effectiveness of a credit report as a proxy for likelihood to commit corporate espionage. A good credit report doesn’t seem to offer meaningful signal in either case of a malicious attacker or a desperate contributor. A bad credit report produces as many false positives as a good one.
TechBro8615
·4年前·讨论
It’s not an interesting thought experiment. The finger on the button is no different than the toe on the gas pedal.
TechBro8615
·4年前·讨论
Maybe Stripe is using the adapter pattern — once fiat is deprecated, they can remove the technical debt around business restrictions. ;)
TechBro8615
·4年前·讨论
This sounds like a great way to encourage the development of a parallel economy and criminal network.

Anyway, this should surely be good for Bitcoin, right?
TechBro8615
·5年前·讨论
The proximity of that number to the cost of the recent infrastructure package has me thinking. Normally we consider printing money to be deflationary to the US economy. But in a global situation like this, if the US prints a dollar for every one that China owns, does that devalue China’s dollar holdings? How does that impact their leverage in negotiating with the US for payback of its (dollar-denominated) debt?
TechBro8615
·5年前·讨论
How about "login" vs. "log in?" :)
TechBro8615
·5年前·讨论
Yeah, good point. Can't trust those damn yankees.

It's probably something where the government wanted to stop this deal for a number of reasons, and "national security" was the easiest justification where they already had a legal apparatus in place for doing so.
TechBro8615
·5年前·讨论
It's in line with recent behavior toward e.g. Huawei and 5G. What's interesting here is that Softbank is a Japanese company, but reading the government announcement you'd think it may as well be Chinese. It would be interesting to see the UK explain to Japan, somewhat of an ally, why its company is a national security threat.
TechBro8615
·6年前·讨论
I’m glad to see Schneier come out with an opinion against these apps. Up until now, it’s seemed like the privacy community has been almost excited about the idea of these tracking apps. Maybe because it’s a cool academic problem? I don’t know.

Take this DP-3T project for example. It’s really interesting tech, and a great group of people behind it. But the government doesn’t care for this nuance of what is privacy preserving tech and what is not. For now, maybe at the beginning, privacy will be emphasized. But the important part is conditioning citizens to be okay with the underlying idea of technology assisted self-surveillance, and compliance with notifications on their phone telling them to stay inside.

Schneier raises the point of false positives, which is important with regards to this idea of conditioning. What do you do when you get a notification that someone “nearby” tested positive? Do you take time off work and isolate yourself in your house for two weeks, just because some beacon passed within two meters of you within the past two weeks? Even if you have no symptoms at all? Just because you got a notification on your phone? This just seems unrealistic to me.

My other worry is the classic “slippery slope.” Maybe people are okay with these apps in their current form, if they’re privacy-preserving. (Personally, I doubt anyone outside tech can recognize the difference anyway, but let’s assume the wider populace takes its lead from us). Isn’t there a risk that eventually people will forget about the underlying details and privacy will be deemphasized?

“You were okay with TrackingApp 1.0, why wouldn’t you be okay with TrackingApp 2.0?”

If we give an inch now, will the government take a mile later? Who’s to say the emphasis on privacy will remain in place? Heck, it’s not even clear whether it will be in place from the beginning. The NHS is already saying they don’t want to use it, choosing instead to build their own centralized solution.

Again — it’s extremely concerning to me to see the general vibe of excitement coming out of the tech community around these apps. I’m really disappointed and would expect to see more skepticism. So, kudos to Schneier for going against the grain here.