Well it’s not very good, it’s just pretty good.
Thank you. I’m going to restate your explanation to be sure I’ve got it:
- authorities want platforms to comply with legal requests
- when Signal gets a subpoena, they open the key locker and show that it’s empty. They provide the metadata they can (sign up date and last seen date, full stop) and tell authorities they can’t do better.
- when Telegram gets a subpoena, they open the key locker and show all the keys, then slam it shut in the face of the investigator, telling them to get bent.
- conclusion: it’s easier to never have the keys in the first place than to tease the government with them
I like this analogy; it’s provocative and it made me think about the issue for longer than I would have otherwise.
However, after some thought, I don’t think it aligns perfectly since the user can simply choose not to read the article, so there’s an option where they don’t get fucked.
In the same vein, I think we could make a better analogy to sexting. You meet someone, seem to hit it off, and when the texts and pictures get a little spicy, they hit you with a, “you can pay me now and I will keep all of this in my private spank-bank, otherwise I’m going to share our entire relationship with a group chat I’m in with 1200+ people”
I think this is a bit stronger because it hits on a few notes where the hook-up analogy falls short: sharing of sensitive information, extortion in exchange for gratification, and the potential for an ongoing relationship.
Idk, what do you think?
Probably because at the end of the day:
- Most people don’t have the tools or desire to figure out how to run an LLM locally.
- What if I run a local LLM on my PC and I leave my home? Do I now need to learn how to deploy a VPN at home so I always have access? I could do this, but I don’t want to. Oh, you know a model that runs on Android? What if I have an iPhone?
- Proton is a for-profit business that surveyed their customers and got feedback that customers wanted a writing assistant. This one seems the most important.
They’re arresting tourists from other countries for being pregnant? On the basis that they might… go home and get an abortion? I don’t completely follow.
You know this thread is about US federal immigration, right?
I’m not super in tune with everything that happens in the backwards US states but this doesn’t sound like something that is happening. Yes, I’ve heard that some states are or have inquired about getting data from health apps about period tracking, and I’ve read the articles about the nefarious ways that they could use that data, but I’ve seen nothing about the impact that could have on tourists.
It sounds like someone got ahold of a 6 year old copy of Google’s risk register. Based on my reading of the article it sounds like Google has a robust process for identifying, prioritizing, and resolving risks that are identified internally. This is not only necessary for an organization their size, but is also indicative of a risk culture that incentivizes self reporting risks.
In contrast, I’d point to an organization like Boeing, which has recently been shown to have provided incentives to the opposite effect - prioritizing throughput over safety.
If the author had found a number of issues that were identified 6+ years ago and were still shown to be persistent within the environment, that might be some cause for alarm. But, per the reporting, it seems that when a bug, misconfiguration, or other type of risk is identified internally, Google takes steps to resolve the issue, and does so at a pace commensurate with the level of risk that the issue creates for the business.
Bottom line, while I have no doubt that the author of this article was well-intentioned, their lack of experience in information security / risk management seems obvious, and ultimately this article poses a number of questions that are shown to have innocuous answers.
Everything is transient and eventually becomes shitty, sure, but I generally trust them because they’re able to make money just from people using the service. I don’t know how profitable they are, but I am reasonably certain that as the card issuer they get a cut of every transaction. Given that they aren’t issuing physical cards and have no obvious costs other than maintaining their platform, I don’t see a reason not to trust them in the medium term.
I’ve generally had good experiences with Privacy.com. It seems like a decent solution when I want something from a semi-reputable website.
I particularly enjoy the bit where cards are vendor-locked, which has been interesting to observe in a couple of instances where a site seems to have had their credit card db breached and the attackers turn around and try to use the card on another site, where it is inevitably denied, but I still get an email that shows which site got hacked and where the attackers were trying to use the information.
If I showed up at a restaurant and was presented with a menu that didn’t describe anything about the dishes on offer, I’d be pretty disappointed.
Point being that we have limited time and a nearly limitless amount of options for how to spend it. Text summaries are a tool we can use to decide whether something is worth our time (and money) investment if we’re on the fence about it.