Zagorath
Formerly /u/Zagorath on the alien site.
- 0 Posts
- 16 Comments
I have no idea what the law is in India, but if he got a “hacking” charge for this it would be a gross miscarriage of justice, considering he never once did anything resembling social engineering, brute forcing passwords, any sort of injection attack, or anything else that might actually be involved in hacking.
However, assuming he never tried to reach out to the company themselves first (and I saw no indication in the article that he had), this is really quite a horrible irresponsible disclosure. It’s pretty obviously a significant leak of sensitive data—both customer and business data—and giving them 90 days to fix it before alerting the public to what you found is pretty basic security ethics.
They’re not designed with privacy in mind, but I think one of the best things for video is supporting smaller more independent platforms. Things like Nebula, which is made up of a curated selection of high quality YouTubers who upload their YouTube videos sans advertising, as well as some small amount of unique bonus content. Nebula is owned by its creators, as an added bonus.
Or Dropout, made from the former CollegeHumor YouTube channel, it’s mostly sketch and improv comedy, as well as some D&D play videos.
Neither are privacy focused explicitly, but because of their direct relationship to their customers and lack of interest in advertising, they’re not incentivised to be bad for privacy like the bigger free platforms are.
I had one of these with a new account recently. I forget what platform it was, but it wasn’t anything from Meta. Didn’t need to move your face in any specific way, but it was obviously doing some checks for signs of life so a simple photo wouldn’t work. I found a video of some random dude on YouTube just staring at the camera, and I pointed my camera my computer screen while that played. Difficult, considering they only allowed the front-facing camera to work.
Gonna be honest, there’s no price I’d be willing to pay for YouTube Premium.
I used to pay for YouTube Red. I didn’t cancel it because it was too expensive, I cancelled it in retaliation for all the other shitty things YouTube has been doing. If YouTube wants me to return as a paying member, they need to reinstate the ability for small accounts to monetise their YouTube accounts; they need to stop demonetising/restricting educational content that might be related to war, weapons, sex, or sexuality; and they need to change their copyright policy to make it much, much harder to abuse false claims.
then quickly just dropping the pictures
Could even poke a camera-sized hole in the picture. And disguise it by putting that hole over something similarly-coloured.
But anyway, but of it is really that you can be held in contempt for refusing to unlock with biometrics, if they’ve got an appropriate warrant.
I believe the reason the 5th is usually referenced is that this usually comes up in situations where the 4th is already not relevant. Either because there already is a warrant, or because you’re crossing a border (which IMO seems like an incredibly sketchy excuse and would likely not have been accepted by those who originally penned the 4th amendment, but is at least well-established law at this point).
With the court order, you must give the passcode and/or unlock the phone
The thing is, case law has determined that this is not the case. Passcodes are fairly well protected, from what I’ve heard. You cannot be made to divulge them anywhere in the US, because of the 5th amendment, even with a warrant. Case law is more split on whether biometrics should be offered the same protection.
Though again, this is all my understanding of it having heard it third hand from Americans. Mostly from Americans who themselves are not legal experts, though I think I’ve at least a couple of times heard it directly from lawyers.
Most traffic these days goes over secure channels. Any time the website you’re accessing is HTTPS, they can see that you’re accessing that website, but they can’t see which pages you’re on our read what they say, or what you submit.
The exception is if they get you to install their own certificate to allow them to man-in-the-middle you. Laws in some authoritarian countries already require devices have root certificates that allow the government to spy on everything. And the EU is currently considering the same. Which should be a major concern for any European residents.
Also not a lawyer or a US person, but from listening to American tech media, this has been an issue of some debate for a decade or more now.
The trick lies in their 5th amendment right against self-incrimination. Police cannot require you to give your PIN because that would violate 5th amendment rights. It has been ruled in some parts of America (but the ruling in other parts has been the opposite, IIRC) that you can be forced to give biometric unlocks. In my opinion this is kinda silly and inconsistent. It might be in line with the letter of the law, but it’s certainly not in keeping with its spirit.
Honestly, Mozilla doesn’t even have the resources to maintain a proper WebKit-based version of Firefox on iPadOS, when a large amount of the work is handled for them by Apple. (See, for example, the fact that it still does not support multiple windows, a feature that has been available since 2019.) It would seem a mistake for them to try taking on a much larger load of work when they can’t handle what they’ve already taken on.
I think you’d have a hard time legally saying that they have to provide a service to users when that service is paid for by selling access to users via advertising, even if the user refuses to allow that access. It would probably qualify as “necessary for such performance”.
Having the extra option to pay to remove ads (while I think this price is ridiculously excessive) is a pretty reasonable compromise. Although it also feels kinda icky in the sense that it means you’re essentially turning privacy into a privilege for the wealthy. So I dunno, it’s a tricky issue.
I would feel a lot better about it if the price was anything close to how much they actually make from people’s data. Something like $30 per year according to Facebook themselves, in 2019.
But yeah, the notion that people should be entitled to all these online services completely free of charge while also not allowing it to be paid for through advertising is ludicrous.
If it’s one of these QR codes at a restaurant for ordering, the parameters could possibly be necessary to properly connect your order to your table, depending on how they’re set up.