"The Federal Trade Commission unanimously voted Wednesday to pursue policies that will make it easier for people to repair their own things." https://www.vice.com/en/article/k78xbn/ftc-formally-adopts-right-to-repair-platform
The Nightmare of Our Snooping Phones
https://www.nytimes.com/2021/07/21/technology/phones-location-data.html #privacy #security #purism #librem5
@karmanyaahm My favorite is the classic "what metadata can tell you" example of: woman gets call from her doctor, then immediately calls her mother, then calls an abortion clinic.
@ajmartinez Yeah, "It turns out this anonymized phone identifier at your home all night every night and during the work week it's at your place of work all day. I wonder if it's you."
@tfb One problem is that even if you explicitly disable location services, iPhones and Android still phone home. When the OS is built around data collection, it's hard to turn it off. https://puri.sm/posts/snitching-on-phones-that-snitch-on-you/
"Anonymized" location data, isn't. Catholic priest resigns after legally-obtained Grindr app data from a broker correlated location data with his and relatives' homes, his place of work, and gay bars. #privacy https://arstechnica.com/tech-policy/2021/07/catholic-priest-quits-after-anonymized-data-revealed-alleged-use-of-grindr/
I dislike when companies capitalize on incidents, so I usually publish my thoughts months later to avoid even the appearance. But folks asked us how @purism products fare against a Pegasus-like attack so I wrote about our overall spyware defense. https://puri.sm/posts/defending-against-spyware-like-pegasus/
If you want to support an musician, buy their album and go to their shows. If you want to support a writer, buy their book. Speaking from personal experience, subscription services that let you use content w/o buying it (like streaming), rips off creators. https://entertainment.slashdot.org/story/21/07/18/1922249/music-streaming-inquiry-finds-pitiful-returns-for-performers
@jfred For instance, my initial knee-jerk response years ago was to be against biometric auth as a sole unlock factor for phones, but I realized that for many folks PIN or pattern unlock wasn't something they'd actually use. Without biometrics they would opt for no unlock auth at all.
@jfred Thanks for elaborating on how it's used in this particular case. In person attacks do seem plausible when you are talking about auth for a local login service. But just like you mention, a *lot* depends on individuals and their particular threats. That's why all the nuance and particulars can't be distilled on social media down to "don't do this" or "always do this."
I should make clear that "something you are" factors have a place in authentication and an even bigger place in identification, and over time my opinions on where to use it has gotten more nuanced than can fit well on social media.
@Sirofthenorthernterritories Yeah the free choice in both razors and blades is what keeps bringing me back to safety razors, and since blades aren't proprietary, I buy in bulk every few years and they cost me a few dollars a year.
@Sirofthenorthernterritories Yes, it uses the standard Gilette-style double-edged razor blades. It's not just the vibration but also the design of the head itself that I think lends to the quality of the shave.
It's strange that we are solving the problem that people use the same passwords everywhere, by replacing passwords with unrevokable biometrics, that *have* to be the same everywhere to work.
Biometrics aren't secrets. It seems like "a good quality infrared image of the target's face" is hard to get right now only because the tech isn't ubiquitous yet. Wait until every website the user logs into has a copy. https://arstechnica.com/information-technology/2021/07/hackers-got-past-windows-hello-by-tricking-a-webcam/
Technical author, FOSS advocate, public speaker, Linux security & infrastructure geek, author of The Best of Hack and /: Linux Admin Crash Course, Linux Hardening in Hostile Networks and many other books, ex-Linux Journal columnist.