The kind of “privacy” you get by using a VPN or avoiding Facebook tracking your web browsing is absolutely not appropriate for using against a threat model that includes three-letter agencies or even, frankly, the local cops. They can just, like, come to your house when you aren’t there and bug it. Point a camera at your screen, station a dude in the closet, replace the computer with a cunningly painted cardboard replica of the computer which is a spy, etc. Or from the other end, they simply exploit a zero-day in every one of your seven proxies, because they care enough about catching you to burn them.

Sometimes the threat model says you just lose and you can’t actually get what you want by using computers, because you have an information technology hammer and a fundamentally legal or political problem.

If you think the police are actually on to your crimes, stop doing those crimes! If the crimes needed doing for some reason, someone else less likely to be known to the police will probably do them instead, and you can surely find less-crimey ways to further whatever they were meant to accomplish. If you’re in it for yourself for some sort of personal gain, quit while you’re ahead.

If you think you’re drastically overestimating the likelihood that the police are after you for your crimes, and it is affecting your ability to function, that’s definitely a problem for your therapist. Presumably one who doesn’t insist you explain your various crimes to them in detail, a thing which your lawyer (which you also maybe need?) might have concerns about.

Touching the system partition isn’t the only thing one would do with root. And if the ROM ships su in the ROM, there’s no problem of being out of sync with upstream or even not passing boot verification.

It does open up an attack surface against the app that provides the UI to gate root access. But that has to be considered against the “availability” arm of the security triad.

That should just be the title bar now

I think we can trust that most phone camera apps do in fact obey the toggle they provide for whether or not to embed the GPS location data in the image.

There oughta be a law

I don’t think that’s true. For one thing, it’s easy to buy a car from a random person, without granting any permission to any car company to download stuff from your car and sell it. If a car company were to access your car without permission, you could sue for damages (see OP).

High-level polyamory.

Instead of an MS account, join a domain and use the domain account to log in. You can set up a domain with Samba.

Soon, they will automate the process of buying weird t-shirts, rendering us redundant.

“baby i can read letters through walls”

the letters

Every piece of software has vulnerabilities lurking within.

Remind me why we put up with this again? Formal verification does exist.

Sorry, I had to quit Instagram. How about just a normal group text?

Make sure you trust iHeartRadio! If you didn’t before, start now!

Why doesn’t the new UDP torrent protocol use STUN or any of the server- or peer-assisted ways of punching a UDP hole between two NAT-ed endpoints?

There’s plenty of reasons not to try and keep things private! It is a lot easier for comments on Lemmy, for example, to be public, rather than trying to make the discussion threads private among some set of authorized participants.

And if I am rating movies on Netflix, I really do want them to take my ratings and put them in a big machine learning pile to try and find me better movies. That’s the point of rating the things.

But there’s a big difference between me actually sharing information with people so they can do good, and people trying to collect information about me without my permission so that they can make money, or, worse, try to manipulate me later.

And even if the data is not in itself all that worthy of secrecy, and I might be willing to share it, someone else deciding for me that they get to follow me around and see what I am up to or what I like, without actually asking or without genuinely expecting that I might say no, is… not how consent works.

Also, some of the point of this is that one cannot in fact genuinely ignore advertisements. At the very least they constitute a cognitive load, where it is harder to do or see things because the advertisements are in the way. They can also hammer brand names and desired associations into people’s heads, to ensure that most people know that e.g. X Brand Soda is the “luxury” soda. And of course in aggregate they cause people to buy things. Each person might choose to buy the thing of their own apparently free will, but running the ad will cause more people to make that decision than would otherwise.

Where they are most dangerous is when advertisements try and create problems, rather than just offering products. A sign that says “We sell Coke” is fine. Three commercials a day asking if you are guilty of “old-shoeing”, the social faux pas of having old shoes, look at this man being laughed at for it, etc. are dangerous, even if they never try to sell a product.

These kinds of marketing campaigns are that much more effective if they can be targeted at the people who are the easiest to convince that made up problems are real. And while one’s general personality is not exactly a secret, we also don’t want scammers like this going around making lists of the particularly gullible.

I feel like the management engine card is sneakily changing the threat model in the middle of the conversation.

Is it bad? Yes. Is it a big source of security holes? Absolutely.

Is it a way that Facebook is going to profile you to try and sell you to advertisers? Or a reason why you can’t ditch Windows? No.

So if we already took down Twitter, and Reddit, how do we kill Chrome?