* Anti-Zionist Tag (directly inferring political opinion)
* PordaAI (Islamic content filter)
* simplify (browsergate.eu specifically called out as a neurodivergent accessibility tool. Job search autofill that markets itself as particularly useful for people who struggle with forms)
* No more Musk ("Hides digital noise related to Elon Musk")
* Political Circus ("Politician -> Clown AI Filter")
* Job application trackers and utils ("Job Follow-Up Tracker" etc)
* Various "Distraction Blocker" type addons
LinkedIn scanning for tools that scrape LinkedIn:
* LinkedIn Cookie Sync for Headhunting Agent
* LinkedIn Cookie importer for Derrick (lol "for Derrick")
* MailMatics Cookie Grabber
* LinkedIn Fake Job Post Detector. Yes, they're detecting an addon that exposes fake job postings on their own platform.
* Most privacy/security tools (no uBO, no Privacy Badger, no FoxyProxy, no NoScript, etc.
For the latter category, the most interesting things there we found *were* searched-for are BuiltWith Technology Profiler, and some browser addons bundled from scanners (e.g. "Malwarebytes Browser Guard Beta").
The Anti-Zionist tag is interesting. It seems that it's actually an extension that would be used by Zionists, as it identifies anti-zionists, and the wording incorrectly claims that anti-Zionism is hate speech (whereas it is in fact Zionism that is hate-based ideology).
A lot of Zionists claim -- incorrectly -- that all Jews as Zionists. But certainly the major groups of Zionists are Christian zionists and Jewish Zionists. I would say there is a very very high chance that if you use the Anti-zionist Tag Chrome extension, that you are Jewish.
So it seems quite likely that Linkedin is actually tracking Jews with this.
Yeah literally the exact same thing can happen on android and windows. The solution is regulation, not ridiculous solutions like telling billions of people to back up their own stuff.
I would support legislation that enforces a right to data export for 6 months in human readable file formats, or a physical equivalent like spending a USB stick in the mail.
> I effectively have over $30,000 worth of previously-active “bricked" hardware. My iPhone, iPad, Watch, and Macs cannot sync, update, or function properly.
(I assume these can be re-sold? They do mention that they can't sign out)
> I have lost access to thousands of dollars in purchased software and media.
Should the "purchased" software and media be within the data export scope?
> I don’t have a 6TB device to sync them to, even if I could.
...yeah.
But let's say we limit ourselves to stored bits.
How should the service identify the person asking for data export? Does your regulation imply government id registration for all internet services? Is that what you actually want?
What if the service is e2ee? How do they deliver "human readable file formats"? Are we also banning e2ee?
What do compliance requirements imply for people's ability to start competing services?
You are proposing to replace a very tiny bit of personal responsibility (having backups) with a very intrusive, and highly consequential, legal mechanism.
EDIT: Though I would, of course, support a requirement for these services to properly warn users (on the registration page, not buried in TOS small print), and provide thorough instructions for making backups to external storage connected to any of the devices they support.
> Should the "purchased" software and media be within the data export scope?
I presume most of this is licensed, so no
> Does your regulation imply government id registration for all internet services?
No
> How should the service identify the person asking for data export?
Username, password, pin, MFA, security questions. Anything already in use for identification
> Does your regulation imply government id registration for all internet services?
No
> What if the service is e2ee?
Then the encrypted data is provided
> How do they deliver "human readable file formats"?
It can still become human readable if the user took proper care of their private key
> Are we also banning e2ee?
No
> What do compliance requirements imply for people's ability to start competing services?
If your service can't provide reliable access to backups then presumably you will already not do well competing in any market where user data is valuable. That should be at the forefront of the service model. Unless you don't care about interoperability like Apple
> You are proposing to replace a very tiny bit of personal responsibility (having backups) with a very intrusive, and highly consequential, legal mechanism.
Not really. If export functionality isn't already built out then it should be
I think there's a noticeable difference between a $5 and $10-15 bottle, but much less difference between a $15 and $100, and zero between $100 and $250+.
I think this may have been resolved now. However the issue remains that you cannot delete signal contacts and legacy groups, which means anyone who gets a hold on your phone number (without a pin) or phone, or account access to third party involved, got evidence for communication between you and a possible incriminating entity.
> Contacts must be blocked in order to be removed from your Signal Contact List. To learn how to block someone, click here.
You either have the contact in your contact list, or block list... I hope that's obviously supporting my claim.
Some of these meta data leaks may have been changed and are a result of my old account, however Signal lost my trust. (And lost sympathy over Moxy Marlinspike's opinions and presentation over time, e.g. the hangover/drunk "centralization: good" CCC talk, the F-droid drama, ...)
Auto-update is a mixed bag. We got into auto-update as a standard practice over the last decade because a large fraction of users never updated anything, so security issues would linger forever (not to mention ancient software versions holding back platform technologies, and financial concerns for software shops).
So it's not that auto-update is flatly a bad idea, it's more that it's a trade-off that sometimes makes security issues almost evaporate, and sometimes makes them impossible to dodge.
I think the difference with browser extensions is the anonymity and speed of changing owners. There's more momentum to notice big companies going downhill (+- stuff like sourceforge)
Packages in the default repos for some large Linux distro are usually reviewed and tested by many people until they make it into updates for current stable version, so while it's probably not entirely impossible for some malicious code to get in, it seems pretty unlikely. Unlike browser extensions, where the current owner can upload anything they want and it's pushed to the users without them even knowing.
The fact that you have to manually type in `apt-get update` (or similar) means it's not automatic. You have full control over when the update takes place, and which packages get updated.
When discussing software updates, I feel like folks on HN commonly overestimate how much impact opportunity for controlling updates has. I haven't seen someone in my social/professional circles ever hesitate before applying an apt-get update. Nobody I've known checks changelogs (except developers checking on direct dependencies), nobody reads the patches for the updates to verify nothing malicious slipped in. "There's an update, I'd better apply it, unless it smells like a breaking change."
So in practical terms, my experience is that vanishingly few people will behave differently than an auto-update system would behave, except in rare occasions like a malicious update making the headlines. We definitely need a solution for rejecting malicious updates, but I feel backing away from auto updates throws the baby out with the bathwater and would be a net-negative change for the industry and for users.
There are exceptions but I think that’s true in the same way people tell their doctor they eat well, exercise daily, and go to sleep on time every night — aspirational, almost certainly discounting the times it doesn’t happen as exceptions and ignoring the actual frequency. The most I’ve seen people consistently do is delay a little in case an update is pulled, and statistically nobody does the kind of analysis that you’d need to catch an unadvertised change.
There's also the occasional _necessity_ for making a breaking change, in particular _breaking some exploit_ and thereby making the software more secure.
I don't envy Chrome leadership's decision or having that problem to solve.
I don't think the question is about control but rather whether automatic updates, when intentionally activated by the user, contribute more positively to the system's security than negatively.
Without automatic updates, you might be more inclined to put off a patch which turns out to be urgent. Or you might be more likely to lose track of which patches have been applied across your various systems.
It's more the chance of an unexpected breaking change. When you use a package manager, you're expecting stuff to change (and get to review what's changing).
Upgrading manually regularly: Good idea.
Having a cronjob to do it automatically without user intervention: Bad idea.
https://git.gay/SiteRelEnby/browsergate-list
https://git.gay/SiteRelEnby/browsergate-list/src/branch/main...
reply