Spotlight7573 @ Spotlight7573 @lemmy.world

Posts

10

Comments

270

Joined

2 yr. ago

It basically performs the same function as an SSH key (providing public key authentication), yes.

Your issue with logging in on your phone vs laptop can be solved by either syncing them (like the OS/Browser platforms of Google/Apple/Microsoft or a password manager like Proton Pass/Bitwarden do) or by setting up each device separately (like most people should do with SSH keys). Each method comes with trade-offs: syncing means they aren't device bound and can potentially be stolen, setting it up on each device can be a pain, etc.

The important thing to remember is that passkeys don't need to be the only authentication methods attached to an account. You can use the convenience of a passkey most of the time when it's possible and then fall back to another method (like a password/TOTP pair) when that's not available (such as when setting up a new device). There's also always the standard account recovery options if all else fails, those don't necessarily go away.

The other thing to remember is that it's not trying to be a perfectly secure solution to all authentication everywhere but to replace passwords with something better. Not having to generate and store random passwords with arbitrary complexity requirements, being able to log in with just a tap or a click, and not having anything that needs to be kept secret on the website's side can be enough of an improvement over passwords to make the change worthwhile.

Votes are public to not just to the original instance admins though but to any instance admin, right? If you setup your own instance and federate with another, then you should be able to view the votes for any communities on the one you federate with. The only privacy is that the default UI doesn't display it, but a different UI could:

e.g. the one for this post on kbin.social that shows Lemmy upvotes as favorites.

I feel like this should be more prominently disclosed to Lemmy users.

Seems like it was mostly Mastodon people irritated The main issue is that it was opt-out and not opt-in:

https://github.com/snarfed/bridgy-fed/issues/835

https://github.com/snarfed/bridgy-fed/issues?q=opt-out

I don't think the bridge provides the moderation features of Bluesky though.

The author definitely is on the fediverse: @mmasnick@mastodon.social

The article may be fairly positive about Bluesky but how Bluesky separates out various functions like feeds, moderation/labeling, and data storage/portability is a definite advantage that I think should be discussed.

More specifically:

The each state gets two seats in the senate, no matter how many people in it. In the house of representatives, each state gets a proportional number based on population, with a minimum of one, and those districts should have a roughly equal population within each state. Due to the cap on representatives and the minimum of one though, it can end up with an uneven number of people represented by each elected official when you compare between states.

If they control the legislature of the state though, they can also control the redistricting process that decides where the boundaries are for the federal house of representative districts and thus can gerrymander things. See this for an explanation of how one can produce districts that don't resemble the underlying population: https://en.wikipedia.org/wiki/Gerrymandering

Nope, you still need a phone number. You just don't need to give the phone number out to contacts you want to talk with and can instead use the username.

Or things that are already made disappear and are replaced with reality TV, like what's happening with HBO/Discovery/Max/whatever.

I'm not saying NewPipe doesn't use their bandwidth, just that taking YouTube's app/UI code too just feels worse to me for some reason. It's less about the logic of it and more about the feeling.

I think there's a difference between a third-party app/frontend and a modded app like these. One is at least trying to provide their own value, and stuff like NewPipe for example can support multiple services in the same UI, a feature I wish was better supported in streaming as I dislike trying to navigate all the individual apps. Modifying a service's app to remove the ads while still consuming their bandwidth and not putting in the effort to make your own app feels worse for me for some reason. At least pirates generally tend to use their own bandwidth and servers to distribute things instead of leeching directly off the original.

Hope that helps explain it for at least one person.

The fact that that needs to have disambiguation parentheses is even worse: it means there's more than one statue.

As for what these were, they are modified versions of the official YouTube app. What has been taken down is the full modified app files (.ipa) ready to install on an iPhone, not the source code to the tweaks that are in the repos.

These modifications do things like replicate the paid YouTube Premium features, from the uYou features list for example:

• Ad-Free Browsing: Bid farewell to interruptions and enjoy seamless video playback without annoying advertisements.
• Background Playback: Keep your favorite videos running in the background while you multitask or lock your device.
• Video and Audio Downloads: Download videos, shorts, and audio tracks in various formats, including MP4 and WebM, for offline viewing and listening pleasure.
• [...]

You can see why Google would want to have them taken down. They aren't even a re-implementation with their own code/UI like NewPipe.

You also know that all votes are technically public and can be viewed by any instance admin that's federated with the server a community is on, right? There's no way to see that in the Lemmy UI at the moment but the data is there on the server.

It's not even about selling it on to others in this case:

https://www.datatilsynet.dk/presse-og-nyheder/nyhedsarkiv/2024/jan/datatilsynet-giver-paabud-i-chromebook-sag

Auto Translated:

The conclusion of the Danish Data Protection Authority's decision is that there is authority to pass on the students' information for the purpose of providing the services, improving the security and reliability of the services, communication with e.g. the municipalities and compliance with legal obligations.

At the same time, however, the assessment is that the Folkeskole Act does not sufficiently clearly authorize the municipalities to pass on the students' information for the maintenance and improvement of the Google Workspace for Education service, ChromeOS and the Chrome browser, or for measuring the performance and development of new functions and services in ChromeOS and the Chrome browser.

Therefore, the Danish Data Protection Authority gives an order to the municipalities to bring the processing in line with the rules by ensuring that there is authorization for all the processing that takes place. This can happen, for example, by:

• That the municipalities no longer pass on personal data to Google for these purposes. This will likely require Google to develop a technical option for the data streams in question to be intercepted.
• That Google itself refrains from processing the information for these purposes.
• That the Danish Parliament provides a sufficiently clear legal basis for disclosure for these purposes.

It was just for the EU, because they didn't want to add a whole framework and support for third-party browser engines to act as home screen web apps. Now they'll continue to offer those based on WebKit everywhere.

Ah yes, MacRumors falsely reporting... Apple's own statements, right...:

Previously: https://web.archive.org/web/20240216001557/https://developer.apple.com/support/dma-and-apps-in-the-eu/

Why don’t users in the EU have access to Home Screen web apps?

To comply with the Digital Markets Act, Apple has done an enormous amount of engineering work to add new functionality and capabilities for developers and users in the European Union — including more than 600 new APIs and a wide range of developer tools.

The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.

Now: https://developer.apple.com/support/dma-and-apps-in-the-eu/

Why don’t users in the EU have access to Home Screen web apps?

UPDATE: Previously, Apple announced plans to remove the Home Screen web apps capability in the EU as part of our efforts to comply with the DMA. The need to remove the capability was informed by the complex security and privacy concerns associated with web apps to support alternative browser engines that would require building a new integration architecture that does not currently exist in iOS.

We have received requests to continue to offer support for Home Screen web apps in iOS, therefore we will continue to offer the existing Home Screen web apps capability in the EU. This support means Home Screen web apps continue to be built directly on WebKit and its security architecture, and align with the security and privacy model for native apps on iOS.

Developers and users who may have been impacted by the removal of Home Screen web apps in the beta release of iOS in the EU can expect the return of the existing functionality for Home Screen web apps with the availability of iOS 17.4 in early March.

The way I see it, Google knows that changes are coming to the advertising industry, either through regulations or just public opinion. By doing this now, they can try to get ahead of those changes/criticisms while controlling what systems their advertising competitors will have to operate under. I don't doubt that Google will still have enough data to do relevant advertising, either with the data from these new systems in the browser or the first-party data they have on people through their sites.

It's part of the open source chromium engine.

Here's how it implements some of the privacy sandbox stuff for example: https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/components/privacy_sandbox/

and here's some of the Topics API stuff: https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/components/browsing_topics/

Theoretically they could still inject malicious code even if the stuff in the chromium source code looks fine. Given they got sued for their servers still tracking you while Chrome was in Incognito mode (even with the warning every time you open Incognito mode), I'd imagine any injection of code like that would result in another lawsuit (or several). At some point you either have to trust that Google is implementing things how they say they are in the code that they put out or just use a different browser.

I'm not sure how moving stuff like topics of interest into the browser where it can be modified/turned off by the user in a single, local location isn't an improvement over the current situation?

I believe Mozilla said it best here:

https://blog.mozilla.org/data/2018/01/26/improving-privacy-without-breaking-the-web/

Firefox’s privacy protections must be usable on the web, or people will simply stop using Firefox altogether.

The web is not at the stage yet where third-party cookies can be disabled entirely. Chrome's phase out of them this year should push all those sites still clinging to them to fix their sites. This should mean less problems when using Firefox's privacy features. Firefox won't necessarily need to remove the feature soon anyways since it already isolates them per site.

Strictly speaking, it's an improvement over the current situation where you are tracked across the web to come up with a profile of your interests which is then used to deliver targeted advertising. The interest-based advertising is the end goal, it's where Google makes its money. Google doesn't necessarily need your data or to track you across the web to do that. I think people are unhappy that it doesn't go far enough and just want either no targeted advertising or no advertising at all. Removing the ability to target ads would result in more ads being needed to make up for lower quality placements, which I believe would lead to increased ad blocker usage and an advertising death spiral. News sites are already almost practically unusable on mobile without blocking ads for example. Having no advertising means getting revenue another way such as paywalls and subscriptions.

With the Topics API, your browser will keep track of your history and provide sites with a limited number of topics (1 per week). Instead of being an opaque system on an ad provider's server, you can examine and modify the topics being used in your browser or even look at the source code of the feature in the browser itself. With the Protected Audience API, the ad bidding process can occur in the browser as well instead of on a remote server. These features can be turned off.

There is definitely some concern that they're screwing over third-party advertisers which is why their pages come with stuff like:

subject to addressing any remaining competition concerns of the UK's Competition and Markets Authority (CMA)

Regardless, Chrome ditching third-party cookies means that websites can no longer rely on them and must adapt their sites to function without them. This will mean that Firefox's Total Cookie Protection should work better and they can remove third-party cookies in the future instead of having to create workarounds.