[…] introduces OCR capabilities to the Spectacle screenshot tool

That‘s such a useful feature, glad its implemented.

This is a clickbait headline. The headline implies that the German State is using AI to censor. It is not! While there might be a lot to criticize the German State/Goverment for, this is not it.

It is a different actor developing a model, not the state. One can rightly criticize that, but that is definitely protected under scientific freedom.

[…] the Decoding Antisemitism project at the Center for Research on Antisemitism at the Technical University Berlin […]. With the help of a large language computing model, the project aims to create “an [AI] algorithm that will automatically recognize antisemitic statements in web comments . . . so that antisemitic posts can be removed more efficiently and accurately” by online platforms.

Most people don’t know that it wasn’t just VW. Sadly I don‘t think you will find any moral acting car manufacturer out there.

Automakers who have been caught using a defeat device within a diesel vehicle, in a similar manner to Volkswagen include: Jeep and Ram under FCA[391] (now a part of Stellantis), Opel[392] (when under GM), and Mercedes-Benz.[393]

While not all using defeat devices, diesel vehicles built by a wide range of carmakers, including Volvo, Renault, Mercedes, Jeep, Hyundai, Citroen, BMW, Mazda, Fiat, Ford and Peugeot[48][49] had independent tests carried out by ADAC that proved that, under normal driving conditions, many diesel vehicles exceeded legal European emission limits for nitrogen oxide (NOx), some by more than 10 times, and one by 14 times.[49]

Beyond exclusively diesel or passenger vehicles, automakers such as: Hino[414] (subsidiary of Toyota), Hyundai and Kia,[415] Nissan,[416] Mazda, Yamaha Motors, Suzuki,[417] Subaru,[418] and others have been proven to be falsifying fuel economy or emissions on non-diesel powered and/or commercial vehicles.

Soure (Wikipedia)

The Republican vice presidential nominee and Ohio senator claimed in an interview with YouTuber Shawn Ryan that a top EU official had threatened to arrest the billionaire [Musk] if he allowed former President Trump back on X.

“So what America should be saying is, if NATO wants us to continue supporting them and NATO wants us to continue to be a good participant in this military alliance, why don’t you respect American values and respect free speech?” Vance asked. “It’s insane that we would support a military alliance if that military alliance isn’t going to be pro-free speech. […]

“I’m not going to go to some backwoods country and tell them how to live their lives,” Vance added. “But European countries should theoretically share American values, especially about some very basic things like free speech.”

The US ranked 26th in the world when it comes to free speech, with several members of the European Union higher up the list, according to the 2024 Global Expression Report.

If anyone is interested these countries are ahead of the USA from 1-25: Denmark Switzerland Sweden Belgium Estonia Norway Finland Ireland Germany Iceland Portugal Austria New Zealand Canada Argentina Spain Czech Republic Italy Latvia Costa Rica Uruguay France Dominican Republic Netherlands Vanuatu

Great to see progress! Why is it behind their official github releases though? Latest version is 2024.10.2 and not 2024.09.0. It is four releases meaning more than a month behind.

This is an important issue IMO that needs to be addressed and the official response by Bitwardens CTO fails to do so.

There is not even a reason provided why such a proprietary license is deemed necessary for the SDK. Furthermore this wasn’t proactively communicated but noticed by users. The locking of the Github Issue indicates that discussion isn’t desired and further communication is not to be expected.

It is a step in the wrong direction after having accepted Venture Capital funding, which already put Bitwardens opensource future in doubt for many users.

This is another step in the wrong direction for a company that proudly uses the opensource slogan.

The problem with passkeys is that they're essentially a halfway house to a password manager, but tied to a specific platform in ways that aren't obvious to a user at all, and liable to easily leave them unable to access of their accounts.

Agreed, in its current state I wouldn‘t teach someone less technically inclined to solely rely on passkeys saved by the default platform if you plan on using different devices, it just leads to trouble.

If you're going to teach someone how to deal with all of this, and all the potential pitfalls that might lock them out of your service, you almost might as well teach them how to use a cross-platform password manager

Using a password manager is still the solution. Pick one where your passkeys can be safed and most of the authors problems are solved.

The only thing that remains is how to log in if you are not on a device you own (and don’t have the password manager). The author mentions it: the QR code approach for cross device sign in. I don’t think it’s cumbersome, i think it’s actually a great and foolproof way to sign in. I have yet to find a website which implements it though (Edit: Might be my specific setup‘s fault).

The lock-in effect of passkeys is something that this protocol aims to solve though. The “only managed by your device” is what keeps us locked in, if there is no solution to export and import it on another device.

The protocol aims to make it easy to import and export passkeys so you can switch to a different provider. This way you won’t be stuck if you create passkeys e.g. on an Apple device and want to switch to e.g. Bitwarden or an offline password manager like KeyPassXC

The specifications are significant for a few reasons. CXP was created for passkeys and is meant to address a longstanding criticism that passkeys could contribute to user lock-in by making it prohibitively difficult for people to move between operating system vendors and types of devices. […] CXP aims to standardize the technical process for securely transferring them between platforms so users are free […].

Seems like people in the comments are misunderstaning the announcement entirely. This protocol is about import and export from password managers and not about having them synced between devices. It would prevent a lock in effect. This is a great development!

FIDO Alliance’s draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager including passwords, passkeys and more to another provider in a manner that ensures transfer are not made in the clear and are secure by default.

You are just spreading misinformation! Cite your sources!

There is a strategy used, which allows the government to find out who an account belongs to. They ask the push providers (Apple/Google) for data on the push token from e.g. a messaging app. This way they associate the account from an app with an identity.

Nothing there about message content. It is still safely E2EE.

~~I don’t know how it works in your country, but in mine, phone numbers are already associated with identities, so nothing gained as the gov can just ask signal for the phone number of an account, instead of having to ask signal and the push provider to get the identity.~~ (Edit: apparently it’s hashed, so there seems to be a use for this.) Signal isn’t about Anonymity but Privacy. There is a difference.

If you have another vulnerability cite it!

The dual root partitions we described in Deepin 20.5 are gone, but version 23 still sets up a moderately complex partitioning scheme, including an EFI system partition, a 1.5 GB /boot partition, a swap partition, and a 15 GB root partition, and the rest of the disk given to a partition labeled _dde_data. All are in plain old ext4 format, but there's some magic being done with the data partition that we didn't have time to trace. It appears to be mounted at multiple places, including /home, /var, /opt, and a mount point called /persistent beneath them all. We're not sure exactly how it's been done, but the distro has some kind of atomic installation facility with rollback.

Lack of proper documentation by Deepins Devs is enough of a red flag for me to never consider trying it.

I haven’t looked into the technicals much further than the support page.

The way i read it, it sounds like the companies will get some general data if their ads work without a profile about you being created. I would be fine with that. What I don’t like is the lack of communication to users about it being enabled.

PPA does not involve websites tracking you. Instead, your browser is in control. This means strong privacy safeguards, including the option to not participate.

Privacy-preserving attribution works as follows:

1. Websites that show you ads can ask Firefox to remember these ads. When this happens, Firefox stores an “impression” which contains a little bit of information about the ad, including a destination website.
2. If you visit the destination website and do something that the website considers to be important enough to count (a “conversion”), that website can ask Firefox to generate a report. The destination website specifies what ads it is interested in.
3. Firefox creates a report based on what the website asks, but does not give the result to the website. Instead, Firefox encrypts the report and anonymously submits it using the Distributed Aggregation Protocol (DAP) to an “aggregation service”.
4. Your results are combined with many similar reports by the aggregation service. The destination website periodically receives a summary of the reports. The summary includes noise that provides differential privacy.

This approach has a lot of advantages over legacy attribution methods, which involve many companies learning a lot about what you do online.

PPA does not involve sending information about your browsing activities to anyone. This includes Mozilla and our DAP partner (ISRG). Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising.

This all gets very technical, but we have additional reading for anyone interested in the details about how this works, like our announcement from February 2022 and this technical explainer.