Google Pulls the Plug: The End of Third-Party Cookies and What it Means | TWiT.TV
Spotlight7573 @ Spotlight7573 @lemmy.world Posts 10Comments 270Joined 2 yr. ago
Spotlight7573 @ Spotlight7573 @lemmy.world
Posts
10
Comments
270
Joined
2 yr. ago
The ISP would have the records to identify the repeat infringers. Or should at least. That was the problem the film industry is going after: the ISPs not doing even the bare minimum required by law to terminate infringers, even when they had been notified many times by rightsholders.
From a previous article about this case:
https://lemmy.world/post/10751737
Last year, a Reddit user wrote that they received 44 emails from Frontier threatening to cut off their service due to torrent downloads, but “if they didn’t do it after 44 emails ... they won’t."
Either the ISP has the records to identify the users and the film industry can get their information to use them as witnesses that way or the ISP doesn't have their information and shows how not-seriously they are taking the issue. Either way, it's bad for the ISP.
Also, do IP addresses really change that often anymore, even if you aren't paying for a static one?
The film industry in this case wasn't after the data to go after the individuals who made the posts but to use them as witnesses against their ISPs who did nothing in response to piracy complaints. The DMCA has a requirement for a repeat infringer policy and evidence that the ISPs knew about the piracy and that their users chose them or stayed with them because the ISP wouldn't kick them off goes a long way to winning the case against the ISP. They were going after the deep pockets.
There's still a lot of labor costs to reconfigure the Chromebooks into something else. Or to just set up a computer with Linux, even with imaging. ChromeOS is fast to wipe back to a usable state.
True, but it's another system to setup and manage instead of the one that's integrated into the ChromeOS tooling.
I'm not sure you can BIOS lock a Chromebook that has been reflashed with one of those alternate firmwares that allow it to boot another OS. I believe they tend to be all about freedom and not restricting the user.
Governments, especially education, can be quite underfunded. I am doubtful they will be able to set up the same level of monitoring and management at a similar cost, even if that cost is high initially and lower over time.
The firmware is locked down with typically either a screw (older devices) or a CR50 security chip (newer devices): https://wiki.mrchromebox.tech/Firmware_Write_Protect#How_Does_Firmware_Write_Protect_Work.3F
The problems with loading a different distro on them would be:
- Cost to go through the process of installing alternate firmware and a new distro on hundreds of devices
- Cost to setup an alternate system to manage/track the devices
- Cost to deal with students who can now more easily re-flash the devices to run other things
- Loss of the fairly extensive management capabilities that ChromeOS provides that allows a school/government to lock the devices down, monitor them, etc
They're downplaying their responsibility and the problem while taking a negative tone about the white hat (bold added):
CUSG was notified of this vulnerability by Jeremiah Fowler, a self-acclaimed “researcher” who appears to access corporate systems to expose vulnerabilities, then notifies the organizations regarding their exposure. At least in the case of this incident, he also requested a “bounty” to help fund his research, and then published the information in his blog which was later picked up by a specialized publication called, “HACK READ.” These posts can then be google-searched by other parties including media outlets. CUSG did not agree to pay the requested “bounty.”
CUSG was in the process of gathering information and preparing a client communication when news of this publication broke. Nowhere in the article is an actual breach alleged. In fact, after exaggerating the incident to readers in an effort to sell their products, even the HACK READ article and Mr. Fowler’s personal blog post point out that the identified vulnerability was secured and rectified “on the same day.” [...] In his Website Planet blog, Mr. Fowler has done similar “research/publication” work regarding scores of companies including Software Projects, Australian travel agency Inspiring Vacations, the America Family Law Center, Redcliffe Labs, Deutsche Bank, retailer Hendel Hogar, and numerous others. Again, the motivation seems to be to raise awareness, but also to benefit Mr. Fowler personally in his career as a researcher, writer, and speaker.
CUSG CEO Dave Adams, summarized this incident this way: “While researchers like Mr. Fowler can help remind us of the importance of good data security, the publication of his findings in ways that potentially disparage corporate brands, create a customer “call to action”, and exaggerate the facts is clearly irresponsible and could place him and others at legal risk if their hacked data ends up being mishandled.”
And of course, the obligatory 'we have an excellent security team, everyone faces threats, you can't blame us':
Continuing, Adams expressed confidence in CUSG’s Internal Technology security: “For over 30 years, CUSG has operated with the same experienced technology team and leadership that has a stellar reputation for managing IT security on behalf of its stakeholders. While all companies are exposed to the ever-growing threats of cyber-security, and ransomware, CUSG’s team constantly monitors vulnerabilities and makes corrections immediately as needed and then reports to stakeholders with transparency.”
Basically the standard "we take security seriously":
https://www.troyhunt.com/we-take-security-seriously-otherwise/
“We take security seriously”, otherwise known as “We didn’t take it seriously enough”
I'm curious what about the software is hell as a technician? I was under the impression that the ChromeOS part being normally unmodifiable by the user would lead to fewer problems. Is there something about it that makes it worse than a comparable Windows or Mac computer?
The Verge article got it wrong and used "Datatilsysnet". The original BleepingComputer article used "Datatilsynet". Please don't blame the TLDR bot for The Verge's mistake when copying someone else's article.
Looks like it's not focused on the student's schoolwork/personal data but how they use the devices/services.
From the original BleepingComputer article that The Verge article is based on:
The agency clarified that permissible uses of student data include providing the educational services offered by Google Workspace, enhancing the security and reliability of these services, facilitating communication, and fulfilling legal obligations.
Non-permissible cases are purposes related to maintaining and improving Google Workspace for Education, ChromeOS, and the Chrome browser, including measuring performance or developing new features and services for these platforms.
Removing the software wouldn't make it cheaper considering where TV manufacturers are making their money nowadays. The choice would be between a cheap smart TV and a more expensive dumb TV. This has been going on for years.
From 2021:
https://www.theverge.com/2021/11/10/22773073/vizio-acr-advertising-inscape-data-privacy-q3-2021
It’s been less than a year since Vizio became a publicly traded company, and one consequence of that is we know more about its business than ever before. The TV maker released its latest earnings report on Tuesday and revealed that over the last three months, its Platform Plus segment that includes advertising and viewer data had a gross profit of $57.3 million. That’s more than twice the amount of profit it made selling devices like TVs, which was $25.6 million, despite those device sales pulling in considerably more revenue.
Then there's this taken to the extreme:
https://www.theverge.com/2023/5/15/23721674/telly-free-tv-streaming-ilya-pozin-ads
There’s a new type of TV coming [...], and it’s completely free if you don’t count the price of your attention — or data. Telly [...] offers up a TV that makes up for its nonexistent price tag by showing constant advertisements in a second, smaller display.
Something like Amazon Sidewalk could be used by a device to send back telemetry theoretically but I haven't heard of it actually being used for that. Connecting to an open Wi-Fi network or through some partnership with an ISPs (like Xfinity) seems like the easiest thing a device could do though.
Seriously, Microsoft needs to get out of their own way with the marketing and just make a good product instead of trying to force all these things on people. They'd get a lot less negative attention if they just focused on the browser. The times I've tried it, it wasn't bad but I now refuse to use it out of spite for their forcing it on you.
This is also a problem with them overall. They've improved so many things in modern Windows under the hood (e.g. we've gone from installing drivers for every component to needing practically nothing installed manually due to it doing it for you, it rarely bluescreens anymore in my experience, winget is nice) but then they ruin it with stuff like going backwards on the default apps screen (in 10 it was easy to set for common apps like browser/email/media/etc, in 11 its per protocol/file). Making it difficult to switch browsers or using Edge anyways for some things and ignoring the default just pisses people off for no good reason.
Genuine question: What's stopping them from using these same powers on FOSS software providers that may be located in the UK?
That's how the UK is framing it, "oh, it doesn't give us the power to block anything, Apple is just over reacting".
They already have the power to block things from the Investigatory Powers Act 2016: https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016
From the OP's article:
The Investigatory Powers Act 2016 (IPA) actually implemented many of the proposed powers, including granting the government the power to issue orders to tech companies to break encryption by building backdoors into their products. Apple strongly objected to this at the time.
So with this, they would now have the advance notice needed to actually block updates where before Apple could just release an update and by then it was too late for the UK to do anything about.
You mean a lawsuit like the one about the "Great 78 Project" by the music companies or maybe the one about the "National Emergency Library" by the book publishers?
I think you're right that we need to start working on alternatives, hopefully something decentralized. The Wayback Machine would be an irreplaceable loss though if the data isn't preserved somehow.
Especially when Backpage was notably much more cooperative than most other sites, even proactive in some cases.
It's because of that https effort. Everything should be assumed to be https and only http or misconfigured/bad https gets a warning. No need to show a lock when it can be assumed and it was getting misinterpreted. Now they can use that spot to show something indicating controls and someone might actually click on it and see they can set site specific permissions and settings there.
Not quite, in 2018 they did add tracking protection to their list of goals for their Private browsing mode and have implemented features to reduce tracking/fingerprinting/etc while in it. The main focuses though were still the same at the start though: protecting against local data being saved.
https://wiki.mozilla.org/Private_Browsing
We target Private Browsing to 3 privacy goals; in a Private Browsing session, Firefox:
- Doesn’t save the browsing history or display it in the Firefox UI
- Prevents the session's data from writing to persistent storage
- Protects the session's data from online tracking
And it's been that way since the beginning basically and is a lot more upfront about what it does and doesn't protect against than other browsers like Safari.
The new language just makes it even clearer it applies to Google's online services and I don't see that as a bad change though.
Guest sessions already exist in the profile menu and is a separate feature. Guest doesn't save history/cookies/etc locally but also doesn't use your existing history, extensions, bookmarks, settings, etc. It's intended more for an actual guest user to sign into temporarily.
Chromium at least is still looking into it:
https://groups.google.com/a/chromium.org/g/blink-dev/c/4Rqw4SbjO88/m/j7x8sTyzAAAJ
based on this spec:
https://webmonetization.org/specification/