The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: github.com/eu-digital-identity….
Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: github.com/eu-digital-identity…. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:
The operating system was licensed by Google
The app was downloaded from the Play Store (thus requiring a Google account)
Device security checks have passed
While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.
This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it.
So is there a way to apply pressure on the EU to think this through first? Surely they could have different ways that doesn't lock them in to google services.
According to the users in that issue, the mere application of the API is illegal, as is the dependency. Sooo I dunno what kind of PACs there are in the EU but I would be leaning on and contributing to those.
I do feel like that’s a precarious state to leave this in, especially if they’re developing the backend for it.
Is there even enough momentum for a SKG-style wave of coverage? It would need to be justified properly by citing things like the Tea app data leak, to make a strong case (to political pencil pushers) for the danger of tying personal information to profiles or even to platforms. Otherwise the only thing they’ll see is “gamers want to make porn accessible to children”.
I don’t know. This whole situation boils my blood because I really care about online anonymity, and this is kind of nightmare scenario shit for me. I’m not even in the UK or EU.
To avoid people from simply copying the "age proof" and having others reuse it, a nonce/private key combo is needed. To protect that key a DRM style locked down device is necessary. Conveniently removing your ability to know what your device is doing, just a "trust us".
Seeing the EU doesn't make any popular hardware, their plan will always rely on either Asian or US manufacturers implementing the black-box "safety" chip.
It's that "whatever way" that is difficult. This proposal merely shifts the problem: now the login to that 3rd party can be shared, and age verification subverted.
1) the user 2) the age-gated site 3) the age verification service
The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.
Strictly speaking, neither needs to know the actual identity. However, the point is that both are supposed to receive information about the user's age. I'm not really sure what your point is.
both are supposed to receive information about the user's age
Yes, that's the point. They should be receiving information about age, and age only. Therefore they lack the information to detect reuse.
If they are able to detect reuse, they receive more (and personal identifying) information. Which shouldn't be the case.
The only known way to include a nonce, without releasing identifying information to the 3rd parties, is using a DRM like chip. This results in the sovereignty and trust issues I referred to earlier.
The site would only know that the user's age is being vouched for by some government-approved service. It would not be able to use this to track the user across different devices/IPs, and so on.
The service would only know that the user is requesting that their age be vouched for. It would not know for what. Of course, they would have to know your age somehow. EG they could be selling access in shops, like alcohol is sold in shops. The shop checks the ID. The service then only knows that you have login credentials bought in some shop. Presumably these credentials would not remain valid for long.
They could use any other scheme, as well. Maybe you do have to upload an ID, but they have to delete it immediately afterward. And because the service has to be in the EU, government-certified with regular inspections, that's safe enough.
In any case, the user would have to have access to some sort of account on the service. Activity related to that account would be tracked.
If that is not good enough, then your worries are not about data protection. My worries are not. I reject this for different reasons.
is being vouched for by some government-approved service.
The reverse is also a necessity: the government approved service should not be allowed to know who and for what a proof of age is requested.
And because the service has to be in the EU, government-certified with regular inspections, that's safe enough
Of course not: both intentional and unintentional leaking of this information already happens, regularly. That information should simply not be captured, at all!
Additionally, what happens to, for example, the people in Hungary(*)? If the middle man government service knows when and who is requesting proof-of-age, it's easy to de-anonymise for example users of gay porn sites.
The 3rd party solution, as you present it, sounds terribly dangerous!
(*) Hungary as a contemporary example of a near despot leader, but more will pop up in EU over the coming years.
The reverse is also a necessity: the government approved service should not be allowed to know who and for what a proof of age is requested.
It would send the proof to you. It would not know what you do with it. I gave an example in the previous post how the identity of the user could be hidden from the service.
If the middle man government service knows when and who is requesting proof-of-age, it’s easy to de-anonymise for example users of gay porn sites.
It would be a lot easier to get that information from the ISP.
If it is about hiding some data handled by the app, that will be instantly extracted. There are plenty of people with full integrity on rooted phones. It's really annoying to set up and keep going, and requiring that would fuck over most rooted phone/custom os users, but someone to fully inspect and leak everything about the app will always be popping up.
If it is about hiding some data handled by the app, that will be instantly extracted.
Look at the design of DRM chips. They bake the key into hardware. Some keys have been leaked, I think playstation 2 is an example, but typically by a source inside the company.
That applies to play integrity, and a lot of getting that working is juggling various signatures and keys. The suggestion above which I replied to was instead about software-managed keys, something handed to the app which it then stores, where the google drm is polled to get that sacred piece of data. Since this is present in the software, it can be plainly read by the user on rooted devices, which hardware-based keys cannot.
Play integrity is hardware based, but the eu app is software based, merely polling googles hardware based stuff somewhere in the process.
I understand. In the context of digital sovereignty, even if the linked shitty implementation is discarded (as it should be), every correct implementation will require magic DRM-like chip. This chip will be made by a US or Asian manufacturer, as the EU has no manufacturing.
Is it tied to my real identity? If not it seems to me that it should be sufficient as to serve as a security this phone is legit and not emulated/compromised.
In the eu, phone numbers by law are tied to state identities. And the phone provider can naturally resolve their sim IDs down to the phone number they are assigned to. Anything related to celltower interactions is PII.
Yeah no. Requiring anything Google for something as basic as this violates the GDPR. If they go through with this, it's one legal case until they have to revise it.
Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification
EID and equivalents are great for a lot of things, but do you want your porn site to know who you are? The new app is supposed to verify your age but not give out your PII. Not sure eID can do that?
Der Personalausweis verfügt seit 2010 über eine elektronische Identitätsfunktion (eID). Welche Daten sind auf dem Ausweis hinterlegt und was ist bei der Nutzung zu beachten?
That Flathub app is unofficial afaik, which is why I don't use it. Normally I wouldn't care, but this seems important enough to not use a repackaged version
I wouldn't be too sure. Data protection mainly binds private actors. Any data processing demanded by law is legal. You'd really have to know the finer points of the law to judge if this is ok.
The GDPR also applies to public institutions as far as I'm aware - but most importantly the concern here is Google and data collected by Google. This data collection is in no way necessary to provide the age verification service. Most of it is not even related to it. The state legally cannot force you to agree to some corporations (i.e. Google's) terms, even if we completely ignore the GDPR.
Data processing mandated by law is legal. Governments can pass laws, unlike private actors. Public institutions are bound by GDPR, but can also rely on provisions that give them greater leeway.
I don't see how that this is in any way necessary, either. But a judge may be convinced by the claim that this is industry standard best practice to keep the app safe. In any case, there may be some finer points to the law.
The state legally cannot force you to agree to some corporations (i.e. Google’s) terms,
I'm not too sure about that, either. For example, when you are out of work, the state will cause you trouble if you do not find offered jobs acceptable.
It's another question, if not having access to age-gated content is so bad as to force you to do anything. Minors nominally have the same rights as full citizens, and they are to be denied access, too.
Apparently this is illegal to implement as of right now, but it’s not helping the feeling of technological doomerism I get whenever I think about this whole identity verification situation.
Someone jumped at me for comparing EU and MAGA to Stalin's and Hitler's regimes, quote, "arguing in newspapers whose worker class has been liberated more". Like they are not equal at all and all such.
What is it with everyone being obsessed with porn censorship suddenly? Why is this a trend?
At first I thought it's about control and data gathering, but this seems like too much of a genuine attempt at such a system. Why is the government so obsessed with parenting and nannying the citizens?
This has been discussed a while back, at least here in NL as far as I know it started because of legalising online gambling for which you need to be identified. Also, due to GDPR, businesses aren't allowed to make copies of ID's/passports/driving licences any more which is required for certain businesses (notaries, accountants, etc). In my office we currently use some kind of identification software, but it isn't anonyms because well we wouldn't be able to do our job.
There is a bit of a conflict between the laws requiring certain companies to identify their clients and GDPR in basis, but there is something in GDPR that allows these companies to still collect the relevant data and use it or to verify the data and not store it depending on the use case.
The whole use case thing is even the reason why companies are allowed to collect data from you. You couldn't get anything delivered if this exception wasn't there, because they wouldn't be allowed to progress your address.
At least that's what I gathered from the Dutch implementation the AVG, when I last read it a couple years ago.
This is just my speculation, so take it as you will. The EU has been pushing for digital ID cards for quite a while, and this is just another attempt. The last serious attempt was the Covid vaccination passport, but so many people still opted for paper certs, and the rest deleted the app when vaccination was no longer mandatory, that it failed again. So, now the authorities are becoming smart and trying to go through the vector that has a proven record of driving technological change: porn.
Too many bots online 😁 I'd like to know if I'm talking to a real sockpuppet when I'm online 😁...but just for that and only share data from my "wallet id" on a strict need to know basis.
Why is the government so obsessed with parenting and nannying the citizens?
I think it's because people from outside the traditional political families are getting popular votes.
For the established politicians, blaming "the internet" and building a supressing censorship machine is easier than looking in the mirror and seeing where the discontent comes from.
Been wondering myself. It's certainly part of the general right-ward trend. Societies are becoming more illiberal. It's not just the right that is moving to the right.
Obscenity laws have always been about enforcing the "correct" sexuality. Protecting minors meant preventing them from becoming "confused"; ie becoming LGBTQ.
You also have growing nationalism. In Europe, people are saying we should enforce "our laws" and "our values" against meddling foreigners (ie Big Tech). It often sounds a lot like the rants against the "globalists" that have been a staple among the US far right for decades. Age verification is part of that.
For example, Germany has long enforced age verification within its borders. It's part of the whole over-regulation thing that makes competitive tech companies almost impossible in Europe. For some reason, Europeans have trouble accepting that. You can see it here on Lemmy. The solution must be to enshittify everything to level the playing field.
The legal precedent for gaining the ability to ban content under the guise of preventing the dissemination of "obscenity" allows the future banning of "obscene" political opinions and "obscene" dissent.
Once the "obscene" political content is banned, the language will change to "offensive".
After "offensive" content is banned, then the language will change to "inappropriate".
After "inappropriate", the language will change to "oppositional".
If you believe this is a "slippery slope" fallacy, then as a counterpoint, I would refer to the actual history of the term "politically correct":
In the early-to-mid 20th century, the phrase politically correct was used to describe strict adherence to a range of ideological orthodoxies within politics. In 1934, The New York Times reported that Nazi Germany was granting reporting permits "only to pure 'Aryans' whose opinions are politically correct".
[5]The term political correctness first appeared in Marxist–Leninist vocabulary following the Russian Revolution of 1917. At that time, it was used to describe strict adherence to the policies and principles of the Communist Party of the Soviet Union, that is, the party line.[24] Later in the United States, the phrase came to be associated with accusations of dogmatism in debates between communists and socialists. According to American educator Herbert Kohl, writing about debates in New York in the late 1940s and early 1950s.
The term "politically correct" was used disparagingly, to refer to someone whose loyalty to the CP line overrode compassion, and led to bad politics. It was used by Socialists against Communists, and was meant to separate out Socialists who believed in egalitarian moral ideas from dogmatic Communists who would advocate and defend party positions regardless of their moral substance.
— "Uncommon Differences", The Lion and the Unicorn[4]
You're right but the example you gave seems to illustrate a different effect that's almost opposite — let me explain.
The phrase "politically correct" is language which meant something very specific, that was then hijacked by the far-right into the culture war where its meaning could be hollowed out/watered down to just mean basically "polite", then used interchangeably in a motte-and-bailey style between the two meanings whenever useful, basically a weaponized fallacy designed to scare and confuse people — and you know that's exactly what it's doing by because no right-winger can define what this boogeyman really means. This has been done before with things like: Critical Race Theory, DEI, cancel culture, woke, cultural Marxism, cultural bolshevism/judeo bolshevism (if you go back far enough), "Great Replacement", "illegals", the list goes on.
I see your point. I should've limited my citation to the phrase's authoritarian origins from the early 20th century.
To clarify, the slippery slope towards "political correctness" I wanted to describe is a sort of corporate techno-feudalist language bereft of any real political philosophy or moral epistemology. It is the language of LinkedIn, the "angel investor class", financiers, cavalier buzzwords, sweeping overgeneralizations, and hyperbole. Yet, fundamentally, it will aim to erase any class awareness, empiricism, or contempt for arbitrary authority. The idea is to impose an avaricious financial-might-makes-right for whatever-we-believe-right-now way of thinking in every human being.
What I want to convey is that there is an unspoken effort by authoritarians of the so-called "left" and "right" who unapologetically yearn for the hybridization of both Huxley's A Brave New World and Orwell's 1984 dystopian models, sometimes loudly proclaimed and other times subconsciously suggested.
I get what you mean. You're saying we're sliding towards something that brings back political correctness in its original definition, and I agree with you.
The idea is to impose an avaricious financial-might-makes-right
This resonates a lot. I'd argue we're already there. All this talk of "meritocracy" (fallaciously opposed to "DEI"), the prosperity gospel (that one's even older), it's all been promoting this idea of worthiness determined by net worth. Totalitarianism needs a socially accepted might-makes-right narrative wherever it can find it, then that can be the foundation for the fascist dogma/cult that will justify the regime's existence and legitimize its disregard for human life. Bonus points if you can make that might-makes-right narrative sound righteous (e.g. "merit" determines that you "deserve" your wealth, when really it's a circular argument: merit is never questioned for those who have the wealth, it's always assumed because how else could they have made that much money!).
In addition to the other answers, I want to add that the anti-porn stuff gives them the reason they need to force you into a more monitored environment. In which, everything you do is tracked. Your instinct is right imo. They want Google monitoring your mobile device as the primary piece. It's legislative market capture and fascism at the same time. No one company has to have all the info on you, but in forcing you to confirm yourself they make it so half a dozen can report on you if your habits trigger something. Half the technology is already in place as it's been built under the guise of better ad targeting.
Govt. say "to protect children, you have to install this app, under these conditions"
You want to protect childrens, so you do so
Govt. say "to protect this or that, we have to impose approved gates on many websites, based on the app you installed before"
You want to protect this or that, so you accept it
Govt. say "fuck you, you whatever is not in line with the fucking biggot at the helm of your country/federation/whatever, now we know what you do, we control what's allowed, and anything to get around the blocks is illegal and will land you in jail. Fuck you again, fucker."
You're a happy little plant in a pot.
Basically, it's not about porn. It's not about protecting kids. It's not about helping "victims of abuse". If anything, it's putting all these in more danger, along with everyone else.
Most western governments look at the ability of some of the more authoritarian places ability to just snap there fingers and make the entire internet go away with great envy.
Excuse me, censorship is not good in any way. The people should have the power to decide what they want to see, and what they want to say. Not government officials nor private platform owners.
What's going on with Europe lately? You all really want GOOGLE of all mega corps in control of your identity?
You're going the opposite way, it should be your right to install an alternate OS on your phone. If anything they should be banning Google licensed Android.
Its not the populace, our politicians just like in the US have gone rogue. People are voting for the nutters due to anti immigration propaganda and so increasingly getting far right. Its happening across the entire western world and its bad news for everyone.
Except this isn't even the right wing nutters doing it. These are mainstream politicians executing their power grabbing neolib agenda, with very little democratic oversight or public debate.
No one is laughing... We're horrified how the people who have been screaming "freedom" and being obnoxious about how much more free they are than anyone else in the entire universe, seem to love getting enslaved while being obnoxious about how cool it is to be enslaved.
Europe has its problems. We've had them for generations, and right now they're getting worse. But at least we have a culture of fighting back, something americans don't.
But at least we have a culture of fighting back, something americans don’t.
Talk is cheap. Prove it in the coming years. I really hope you're right, because I want SOMEWHERE to not be either a coporate fascist hellholle or a collapsed country in the future..
In Hungary, we still have people who think fascism is when "evil people do evil things for the sake of evil", so when fascists want to hurt Roma, LGBTQIA+, etc. people, no one dares to call them fascists as long as said people have "receipts" in the form of cobbled together statistics, and have a not too cruel solution.
Dude, I keep telling my possibly AfD voting cousin we're just a few years behind the US if things continue as they do. Our politicians aren't better people, they're just sneakier for now.
How long before that extends to PCs and non-Windows OSes are blocked? Also, add non-Chrome browsers to that as well (that includes Edge, Chromium, Brave, etc. as well as Firefox and its forks).
Pretty much the same set of circumstances as in Europe. Slow economic growth + dissatisfaction about young voters + inflation + establishment party lacking any plan beyond muddling along => populist revolt => governing gets even harder and things get worse.
I've got access to the beta of the Surf app. Some thoughts:
some stuff I really liked:
rss works (though no custom URLs yet, just what they already scraped)
you get lemmy, mastodon, bluesky, threads all together
you can make your own feeds and check what other people made (like a custom timeline, or topic-specific like “NBA”, “woodworking”, “retro gaming stuff”)
has different modes: you can switch between videos, articles, podcasts depending on the feed
but also...
can’t add your own RSS feeds (huge miss)
some feeds break and show no posts even when they’re active (ok, it's still a beta)
YouTube videos have ads (not into that—I support creators through patreon, affiliate links, whatever. not ads)
feeds you create are public by default unless you manually change it
not open source. built on open protocols, sure. but the app is locked up. (HUGE MISS)
all that said, I really believe: better feeds = better experience = better shot at the fediverse going mainstream.
anyone else tried it?
do you know anyone building an open source version of this? is that even realistic?
Beautiful and futuristic iOS third party client for Mastodon, Misskey, Bluesky, and Nostr. Gallery mode, video reel, local ML powered For You feed keeps your timeline interesting!
China News: China has commenced construction of a major dam on the Brahmaputra River in Tibet, near the Indian border, with Premier Li Qiang present at the ground
Hm, I'm going to need some software engineers to critique an idea I have that could at least partially solve the fears people have about their personal details being tied to their porn habits.
The system will be called the Adult Content Verification System (or Wank Card if you want to be funny). It's a physical card, printed by the government with a unique key printed on it. Those cards are then sold by any shop that has an alcohol license (premises or personal). You go in, show your ID to the clerk, buy the card. That card is proof that you're over 18, but it is not directly tied to you, you just have to be over 18 to buy it. The punishment for selling a Wank Card to someone under the age of 18 is the same as if you sold alcohol to someone under 18.
When you go to the porn site, they check if you're from the UK, they check if you have a key associated with your account. If not, they ask for one, you provide the key to the site, the site does an API call to https://wankcard.gov.uk/api/verify with the site's API key (freely generated, but you could even make the api public if you want) and the key on the card, gets a response saying "Yep! This is a valid key!" and hey presto, free to wank and nobody knows it's you! If you don't have an account, the verification would have to be tied to a cookie or something that disappears after a while for all you anonymous people.
As a result, you can both prove that you're over 18 (because you have the card) and some company over in San Francisco doesn't get your personal data, because you never actually record it anywhere. All you have is keys, and while yes, the government could record "Oh this key was used to verify on this site", they'd have to know which shop the key was bought from, who sold it, and who bought it, which is a lot more difficult to do unless the shopkeeper keeps records of everyone he's ever sold to.
So... Good idea? Bad idea? Better than the current approach anyway, I think.
“Reddit has stressed that this system is only to verify users' age, and it has no interest in your identity. Lee further stated that Persona won't know what subreddits you visit, and has promised it won't keep users' uploaded images more than seven days.”
I'll never forget how he changed users' text without them knowing it before the 2016 election. Reddit was going downhill before, but that was a turning point.
I don't care that those original commenters were (likely) pieces of shit, and the people who he made the comments insult were definitely pieces of shit, putting words into people's mouths to make them fight each other is unforgivable. Even if you put out a shitty apology.
Not only was the apology horrible, but for any user on that platform for YEARS: obviously puts the thought in their head that spez could be changing their words by directly editing the db, and getting them put on a list for wrong-speak. Sure, that's possible with any DB, but he proved it was actually something being done on that site. Given his role, a major red flag, as this type of action would normally result in someone being fired.
Reddit has since IPOd and is going to probably do well as a stock because of all the information it harvests from users.
A VPN future? Haha. Not if they don't want to. There are many ways to prevent VPN from operating when you're a government.
You can just plain ban encryption, which sounds really crazy, but yeah, they're trying to.
You can just say "it's illegal to use a VPN". It'll technically still work, but if there's a trace of trafic from your house to a known VPN endpoint, you're it! Great!
They can force custom proprietary spying software on your devices. Sounds equally crazy as the thing above, right? But rest assured they're ALSO trying to do that. Multiple times, even. And in some places… they did. Of course, nothing forces you to have such software on your device. Especially if your devices are not supported; it also turns into a "you have to buy this or that big name device, everything else's de-facto illegal! Fuck you, we're the government!". And if you get caught for whatever, and your phone, PC, or anything isn't "compliant"? Bam. Guilty.
Plenty of option. All of them completely stupid and would weaken both privacy, individuals, and governments at large. It never stopped legislation from being pushed forward.
They can force custom proprietary spying software on your devices. - That would block Linux from their borders, which means goodbye Steam Deck in the UK among other things.
Seems to be a way of making Bluesky style feeds with Mastodon-style services, well that's what I gather from reading the FAQ. They don't actually explain what this is anywhere.
Channel is basically a white label instance of PatchWork, which is a Mastodon fork with custom feeds and community curation tools.
The main intent behind the project is to help existing communities and organizations get onto the Fediverse, and have some curation capabilities. Ideally, it can be used to get a large amount of people and accounts onto the network with minimal friction.
I've seen their videos. I feel bad for the kids. Not the wife. She's there with him for the same stupid reasons. The kids are obviously suffering, especially the oldest.
I always liked the concept of Matrix, and still actively use it, but there's some serious jank. Synapse is generally bloated and not fun to run an instance, Dendrite is perpetually in Beta, and the clients themselves range from adequate to awful. The default Element client on Android is so broken for me that I'm forced to use Element X, because I can't even log in with Element.
It's disappointing, but there's a ton of issues that aren't so easy to resolve. New Vector and the Element Foundation are basically two separate entities that have some kind of hard split between them, neither of which seems to have the money necessary to support comprehensive development. The protocol is said to be bloated and overtly complex, and trying to develop a client or a server implementation is something of a nightmare.
I want to see Matrix succeed, I think a lot of people see the potential of what it could be. I'm not sure it'll ever get there.
I always liked the concept of Matrix, and still actively use it, but there’s some serious jank.
I use Element as well as Beeper, which is at its core an Element client based on network bridging. I'm a big fan of Matrix, but it isn't as approachable as other messaging services and requires some technical know-how to use effectively.
The thing is... What alternatives are there? Signal can't be trusted (on the very same website there is an article about it). I'm not using closed source alternatives, Simplex is kinda shady too tbh and I'm not even sure I could get anyone to use it.
I don't like Matrix/Element either but sadly its the best open source chat solution we have.
XMPP is significantly less decentralized, allowing them to """cut corners""" compared to Matrix protocol implementation, and scale significantly better. (In heavy quotes, as XMPP isn't really cutting corners, but true decentralization requires more work to achieve seemingly "the same result")
An XMPP or IRC channel with a few thousand users is no problem, wheras Matrix can have problems with that. On the other hand, any one Matrix homeserver going down does not impact users that aren't specifically on that homeserver, whereas XMPP is centralized enough that it can take down a whole channel.
Meanwhile IRC is a 90s protocol that doesn't make any sense in the modern world of mainly mobile devices.
XMPP also doesn't change much, the last proper addition to the protocol (from what I can tell, on the website) was 2024-08-30 xmpp.org/extensions/xep-0004.h…
This specification defines an XMPP protocol extension for data forms that can be used in workflows such as service configuration as well as for application-specific data description and reporting.
XMPP doesn't change very very often, but there's actually tons of XEPs that are in common use and are considered functionally essential for a modern client, and with much higher numbers than XEP-0004
The good news, though, is that mostly you as the user don't need to care about those! Most of the modern clients agree on the core set and thus interoperate fine for most normal things. And most XEPs have a fallback in case the receiver doesn't support the same XEPs.
I'm general XMPP as a protocol is a lightweight core that supports an interesting soup of modules (in the form of XEPs) to make it a real messenger in the modern sense. And I think that's neat! But you can't really judge the core to say how often things change.
Most of the modern clients agree on the core set and thus interoperate fine for most normal things.
So you think it is a sane solution to mark essential features as optional extensions and then have a wink-wink, nudge-nudge agreement of which of these "optional" extensions are actually mandatory? Instead of having essential features be part of the core protocol?
But more importantly, XMPP sucks because it does not have one back-end implementation like Vodozemac for Matrix. So let alone being unable to have security audits, you are forcing client developers to roll their own implementation of the e2ee, with likely little to no experience with cyber-security, and just hoping they will make no mistakes. You know, implementing encryption that even experts have hard time getting right.
Honestly, I struggle with this myself. On the one hand I like the diversity of clients; it feels like a sign of strength of the community and protocol that there are many options that have different values. But the cost of this diversity is that it makes things more complicated to coordinate, and different people with different values have different opinions on what a chat client should even want for features.
Something like Slack or Discord can roll out a server feature and client feature to all their clients all at the same time and have a unified experience. But the whole benefit of FLOSS is that anyone can fork the client to make changes, and the whole point of an open protocol is that multiple independent clients can interoperate, and so there's a kind of irony in me wanting those things, but those things producing a fractured output.
So I think XMPP, as a protocol, does the best compromise. These differences between clients and servers aren't just random changes in behaviour or undocumented features, they're named, numbered, alterations that live somewhere and are advertised in the built-in "discovery" protocols. The protocol format itself is extensible, so unexpected content can be passed alongside known content in a message or a server response and the clients all know to ignore anything they don't understand, and virtually all of the XEPs are designed with some kind of backwards compatibility in mind for how this feature might degrade when sent to a non-supported client.
It isn't perfect, but I think perfection is impossible here. A single server and client that everyone uses and keeps up to date religiously with forced upgrades is best for cohesiveness, but worst for "freedom", and a free-for-all where people just make random individual changes and everything is always broken isn't really a community, and XMPP sits in the middle and has a menu of documented deviations for clients to advertise and choose.
As for security, that can be mostly solved with libraries, independent of the rest of the client or server implementation. Like, most clients used libsignal for their crypto, so that could in theory be audited and bug-fixed and all clients would benefit. Again, not perfect, there's always room at the interface between the client code and the library code that's unique, but it's not as bad as rolling your own crypto.
I am yet to see a universal tool that is good at everything. Trying to cram all use-cases into one network results in mediocre results at best and usually even worse.
There is no reason to combine a person to person messenger like signal and community based one like discord into one network. That is why I like the Matrix approach of 1 backend library and many frontends so you can have your pick of clients without messing up the protocol.
Even having the fallbacks for missing features does not solve the issue. The experience for the average person will still be bad. While you and I may enjoy doing research on which client is best for us, most users will see the sub-par experience and leave for a corporate solution that "just works".
i feel like it shouldnt be this hard, but I'm not the one developing matrix, nor XMPP, nor the 3rd smaller option you the reader is wanting me to list that I am unaware of
For me Matrix is fine, I can use IRC, Whatsapp and Discord with it. But Element is not my cup of tea, especially with Firefox as it doesn't play any videos other users are sharing. The same videos work fine with Cinny.
The fact that many Discord and IRC channels (servers?) block Matrix connections has drastically reduced its usefulness for me. When I was running my own Matrix server, I could have gotten around it by using a puppet, but Synapse is such a hog I had to shut it down, and most of the IRC rooms I want to use don't allow Matrix proxies.
We really need to stop abandoning existing foss projects and thinking a whole new thing needs to be invented. Free and open-source software is not a product, it doesn't abide by the same rules and relationships that proprietary tech does.
It's more organic. It's also a commons that we can continue to draw on, and reshape. If I recall correctly, there were something like three different vector graphic editors from the same codebase before Inkscape managed to be the one that gained traction.
Matrix isn't perfect, but abandoning it just to reinvent it all over again just because some people really need a thing that works like Discord, even though Discord is absolute hot garbage; is just going to re-create all the same problems. Matrix today is better than it was two years ago. And Matrix in a year will be better from now.
Honestly, setting up things using Docker Compose is generally a question of copying and pasting and editing the file locations.
The moment you need SSL and/or a reverse proxy it becomes a bit more complex, but once you set up a reverse proxy once you can generally expand that to your other applications.
Something like a Synology nas makes it very easy and to some extend even the Truenas apps are kinda easy.
They may look like travel shampoo bottles and smell like bubblegum, but after a few hundred puffs, some disposable, electronic cigarettes and vape pods release higher amounts of toxic metals than older e-cigarettes and traditional cigarettes, according to a study from the University of California, Davis. For example, one of the disposable e-cigarettes studied released more lead during a day’s use than nearly 20 packs of traditional cigarettes.
They may look like travel shampoo bottles and smell like bubblegum, but after a few hundred puffs, some disposable, electronic cigarettes and vape pods release higher amounts of toxic metals than older e-cigarettes and traditional cigarettes, accordi…
The three "brands" they tested are all from the same outfit, who most certainly sources them all from the same sweatshop in China. This does not apply to all disposables by any stretch. There's plenty of better reasons to dunk on disposables.
I saw this same exact comment under another thread that talked about a study, but it was clearly wrong as they were from different parent companies. In this case, the brands aren't even named in the study. Again, I must ask for source for your claim, but again I don't expect you to provide it.
Like I said, the three companies named there are not the same companies, but you claim they are, and are sourcing it from the same Chinese sweatshop, even tho they don't even seem Chinese.
EscobarVape and Elfbar are created by two separate Chinese companies, Shenzhen Innokin Technology Co. Ltd and Shenzhen iMiracle Technology respectively. Mi-Bar is created by an American company but has partnered with Elfbar to distribute Elfbar products in the US
Really wish more people would just provide the facts that speak for themselves, rather than point fingers about who is and isn't doing their research
Guess I'm gonna be ultra fucked. I'm not going back to cigarettes. And I already quit nicotine once for seven and a half years. Starting again was the biggest mistake of my life cause I don't wanna go through that again. Oh well, it's not like we have much chance at a future anyway.
Just have a cocktail and smoke a cig, it’s better than weed and ecigs! How dare you switch because of rat poison found in our cigs and how the RICH banded hemp due to lobbying by the paper people… not due to anything else! Cool!
Xinjiang’s official organ donation rate is shockingly low. So why is China planning to open six new organ transplant facilities in the region
"The expansion suggests that the Chinese authorities are expecting to increase the numbers of transplants performed in Xinjiang. However, this is puzzling as there is no reason why the demand for transplants should suddenly go up in Xinjiang,” Rogers explained. “From what we know about alleged voluntary donations, the rates are quite low in Xinjiang. So the question is, why are these facilities planned?”
Rogers noted one chilling possibility: that “murdered prisoners of conscience (i.e., Uyghurs held in detention camps)” could be a source of transplanted organs.
This suggestion becomes even more concerning when considering the extensive surveillance and repression that Uyghurs face in the region. Detainees in the many internment camps in Xinjiang have reported being subjected to forced blood tests, ultrasounds, and organ-focused medical scans. These procedures align with organ compatibility testing, raising fears that Uyghurs are being prepped for organ harvesting while in detention.
David Matas, an international human rights lawyer who has investigated forced organ harvesting in China, questioned the very possibility of voluntary organ donation in Xinjiang. “The concept of informed, voluntary consent is meaningless in Xinjiang’s carceral environment,” Matas said. “Given the systemic repression, any claim that donations are voluntary should be treated with the utmost skepticism.”
The new transplant facilities will be distributed across Urumqi and other regions of northern, southern, and eastern Xinjiang. Experts argue that the sheer scale of this expansion is disproportionate to Xinjiang’s voluntary donation rate and overall capacity, suggesting that the Chinese authorities may be relying on unethical methods to source organs.
Nobody is defending the Moonies, especially not this current affairs publication owned by a Japanese media corporation. Here's plenty of examples of them calling out the Unification Church: thediplomat.com/tag/unificatio…
Launched in 2001, Ambassadors for Peace is the largest and most diverse network of peace leaders. As of 2020, there are more than 100,000 Ambassadors for Peace from 160 countries who come from all walks of life representing many races, religions, nationalities, and cultures
Literally she has no other ties to the Moonies/unification church, and how about the human right lawyer she directly quotes.
Results 445 included studies reported on outcomes of 85 477 transplants. 412 (92.5%) failed to report whether or not organs were sourced from executed prisoners; and 439 (99%) failed to report that organ sources gave consent for transplantation. In contrast, 324 (73%) reported approval from an IRB. Of the papers claiming that no prisoners’ organs were involved in the transplants, 19 of them involved 2688 transplants that took place prior to 2010, when there was no volunteer donor programme in China.
Anyway, keep spreading that there is no genocide propaganda.
Two months after the Trump administration all but shut down its foreign news services in Asia, China is gaining significant ground in the information war, building toward a regional propaganda monopoly, including in areas where U.S.-backed outlets once reported on Beijing’s harsh treatment of ethnic minorities.
The U.S. decision to shut down much of RFA’s shortwave broadcasting in Asia is one of several cases where the Trump administration — which views China as America’s biggest rival — has yielded the adversary a strategic advantage.
The Eighth Amendment to the United States Constitution states: “Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.”
Unconstitutional actions ordered by the POTUS. Are we ready to impeach yet?
The man was granted asylum! He’s 82 god damn years old!
I would love to see a popular uprising where we string up the thugs that are snatching people off the streets. They don’t need unnecessary things like “lawyers” or “trials”. A can of gas and a match are pretty cheap. So is rope.
Seems like slrpnk.net hasn't been working for most of the day today. Hasn't worked for me on mobile or desktop. Says 502 bad gateway when trying to access the website. Anybody else expierencing this issue?
Laŭ la kongresa regularo de UEA, la komitato estu regule informata kaj konsultata pri la elekto de kongresurboj. Laŭ la nova prezidanto de UEA, Fernando Maia, tio tamen ne eblas, ĉar la kandidata urbo ne sciu, ĉu ĝi estas la sola kandidato. Tial la regularo laŭ li devas esti ŝanĝita.
Large publicly traded tech companies seem to no longer consider their
customers – that is, people and organizations who actually buy their
products or pay for access to their services – their core foc
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
The more safeguards are added in LLMs, the dumber they get, and the more resource intensive they get to offset this. If you get convinced to kill yourself by an AI, I'm pretty sure your decision was already taken, or you're a statistical blip
“Safeguards and regulations make business less efficient” has always been true. They still avoid death and suffering.
In this case, if they can’t figure out how to control LLMs without crippling them, that’s pretty absolute proof that LLMs should not be used. What good is a tool you can’t control?
“I cannot regulate this nuclear plant without the power dropping, so I’ll just run it unregulated”.
Some food additives are responsible for cancer yet are still allowed, because they are generally more useful than have negative effects. Where you draw the line is up to you, but if you’re strict, you should still let people choose for themselves
LLMs are incredibly useful for a lot of things, and really bad at others. Why can’t people use the tool as intended, rather than stretching it to other unapproved usages, putting themselves at risk?
You talk like you have never been down in the well, treading water and looking up at the sky, barely keeping your head up. You're screaming for help, to the God you don't believe in, or for something, anything, please just let the pain stop, please.
Maybe you use, drink, fuck, cut, who fucking knows.
When you find a friendly voice who doesn't ghost your ass when you have a bad day or two, or ten, or a month, or two, or ten... Maybe you feel a bit of a connection, a small tether that you want to help lighten your load, even a little.
You tell that voice you are hurting every day, that nothing makes sense, that you just want two fucking minutes of peace from everything, from yourself. And then you say maybe you are thinking of ending it... And the voice agrees with you.
There are more than a few moments in my life where I was close enough to the abyss that this is all it would have taken.
Search your soul for some empathy. If you don't know what that is, maybe Chatgpt can tell you.
While I haven't experienced it, I believe I kind of know what it can be like. Just a little something can trigger a reaction
But I maintain that LLMs can't be changed without huge tradeoffs. They're not really intelligent, just predicting text based on weights and statistical data
It should not be used for personal decisions as it will often try to agree with you, because that's how the system works. Making looong discussions will also trick the system into ignoring it's system prompts and safeguards. Those are issues all LLMs safe, just like prompt injection, due to their nature
I do agree though that more prevention should be done, display more warnings
I made this car with a random number generator that occasionally blows it up. Its cheap so lots of people buy it. Totally not my fault that it blows up though. I mean yes, I designed it, and I know it occasionally explodes. But I can't be sure when it will blow up so it's not my fault.
"Ugrh guys, we dont know how this machine works so we should definetly install it in every corporation, home and device. If it kills someone we shouldnt be held liable for our product."
Not seeing the irony in this is beyond me. Is this a troll account?
If you cant guarantee the safety of a product, limit or restrict its use cases or provide safety guidelines or regulations you should not sell the product. It is completely fair to blame the product and the ones who sell/manifacture it.
If people purchase a knife and behave badly with it, it’s on them
Something writing things isn’t comparable to a machine that could kill you. In the end, it’s always up to the person doing the things
I still wonder how ~~Closed~~OpenAI forcefully installed ChatGPT in this person's home. Or how it is installed because they don’t have software… Quit your bullshit
Are you deadass saying we should let ChatGPT itself and the companies that ship it form its own safety guidelines? Because that went really well with the Church Rock incident...
What do you even mean. You are contradicting yourself. "We shouldnt blame AI or the companies because they cant be controlled" but the companies and AI itself is supposed to handle the safety regulations? What type of regulations do you seriously expect them to restrict themselves with if they know there is no way they cant guarantee safety? The legislation must come outside of the business and restrict the industry from releasing half-baked ass-garbage that is potentially harmful to the public.
Ah, I was hoping this meant chatgpt would give canned responses, ie. "Seek help", whenever it detected it was being used for mental health issues, which it should. But no it's just open air flipping off anyone who asks why there chatbot pushed a person to suicide.
Reminds me of the time that Twitter, when it was still Twitter and freshly taken over by Musk, replied to all slightly critical questions with a poop emoji.
This feels like a great time to recommend a song by a parody-hate band, S.O.D.:
Please understand that this band was formed by Scott Ian, of Anthrax, in the 80s. This was a time when you could mock hateful racists and people understood that it was a joke. I wouldn't support a band saying that now, because I'd consider the excuse that it was a joke to be a front for their actual beliefs, as we've seen with people who are "just asking questions."
Anthrax and Public Enemy teamed up on Bring Tha Noise because Anthrax liked rap. Aerosmith teamed up with Run DMC because their manager / producer / someone convinced them to. Anthrax was genuinely not about hate.
Bonus trivia: Scott Ian now plays with Mr Bungle. Just as S.O.D's titular song was called Speak English or Die, Mr Bungle now plays a song called Habla Español O Muere (Speak Spanish or Die). If you can't judge that the former was a parody by the evolution of the theme, I don't know what to tell you.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
ah, dear old copy/paste.... It's funny that even OpenAI doesn't trust ChatGPT enough to give more personalized LLM-generated answers.
And this sounds exactly like the type of use case AI agents are supposedly so great at that they will replace all human workers (according to Altman at least). Any time now!
Nvidia is actively seeking land to build a massive multibillion-dollar tech campus in Israel’s north, which is expected to provide thousands of jobs in what promises to be a major expansion of the US chip giant’s operations in the country.
The computing juggernaut announced on Sunday that it had issued a so-called request for information (RFI) tender to locate a plot of land spanning 70 to 120 dunams (30 acres) with construction rights to build a campus of 80,000–180,000 square meters. Nvidia is interested in buying land with “high accessibility to main traffic arteries and public transportation” around Zichron Yaakov, Haifa, and the Jezreel Valley areas. The tech titan has hired real estate consulting firm Colliers for the search and has set July 23 as the deadline for submissions.
Well, the MSRP is fake because they don't make nearly as many of them to keep the price at $250. This is because it's a loss leader, Intel just wants people to buy them and establish a foothold in the industry.
Of course, MSRPs are now fake by every manufacturer because reviewers review against it and gave AMD bad reviews when they released cards at real MSRP
MSRP $700, card sells at $700
Bad value!
MSRP $550, card sells at $750
Amazing value! Too bad they are selling out so quick you can't get it at MSRP!
Silicon Valley person here. There is a relatively developed tech sector there, with a growing startup scene in Tel-Aviv. So not a horrible place to have an office (from purely talent reasons, setting ethics aside). But not necessarily fantastic either. There are bigger and more developed tech scenes in other countries. The Netherlands, Germany and Austria in particular have a lot of high tech semiconductor manufacturing companies which would be logical for a company like NVIDIA. As well as the added benefit of not currently waging a war against civilians.
That's using a 3 slot cooler just to hit the performance of a GPU that was already underpowered on release. China doesn't exactly have a clean record either.
We don't know how big AMD is in Israel because they keep it secret.
Edit: Hey Downvoter, could you link the number of AMD employees in Israel? Because I searched and only found that "AMD doesn't list employees by region in their public disclosures."
I haven't done enough research to say for sure, unfortunately. I know AMD is far better than Nvidia in terms of not being as entrenched in AI development (which by extension, is weaponized for generating target information), and they're also better in terms of not being as proprietary (hiding everything behind closed doors), although that's not directly related.
So currently? I think they're morally better than Nvidia, yeah. But it's not a high bar to clear, and as their market share progresses, they may fall to the same practices that Nvidia was encouraged to embrace.
Yeah that's not going to happen. Gamers don't give a shit. AI bros don't give a shit. Crypto cucks don't give a shit. And most importantly.... the US doesn't give a shit.
Yes. I personally haven't bought Intel since they've shown themselves, or MS. And now I won't buy NVidia (I have a good cheap GPU from them, though ; and they make FreeBSD drivers ; it's unfortunate).
Linux users do though. If people keep moving from Windows to Linux they're going to run up against the trash Nvidia driver support pretty quick.
This is a problem that Nvidia is capable of solving but they haven't been interested in it for over a decade so I don't see them starting now.
Expecting a major flood of new Linux users might be a bit of a pipe dream though. But the momentum is building. If we do manage to swing the market noticeably in that way, AMD is going to get a big boost over Nvidia in the gaming GPU market.
I doubt that will really move the needle for crypto bros or AI farms, but it is something.
Il 25 luglio Piazza Gramsci tornerà a riempirsi di musica, Aulla è pronta ad ospitare una delle tappe della 30ª edizione del Premio Lunezia, con due nomi che
Oxfam has said the airdrops into #Gaza are wholly inadequate for the population’s needs and has called for the immediate opening of all crossings for full humanitarian access into the territory devastated by relentless #Israeli bombardments and a partial aid blockade.
Bushra Khalidi, Oxfam policy lead for the Occupied #Palestinian territory, said:
Deadly airdrops and a trickle of trucks won’t undo months of engineered starvation in Gaza.
What’s needed is the immediate opening of all crossings for full, unhindered, and safe aid delivery across all of Gaza and a permanent ceasefire. Anything less risks being little more than a tactical gesture.
Oxfam has said the airdrops into #Gaza are wholly inadequate for the population’s needs and has called for the immediate opening of all crossings for full humanitarian access into the territory devastated by relentless #Israeli bombardments and a partial aid blockade.
Bushra Khalidi, Oxfam policy lead for the Occupied #Palestinian territory, said:
Deadly airdrops and a trickle of trucks won’t undo months of engineered starvation in Gaza.
What’s needed is the immediate opening of all crossings for full, unhindered, and safe aid delivery across all of Gaza and a permanent ceasefire. Anything less risks being little more than a tactical gesture.
Deadly airdrops and a trickle of trucks won't undo months of 'engineered starvation' in Gaza, Oxfam says
July 27, 2025 09:28 EDT
Oxfam has said the airdrops into #Gaza are wholly inadequate for the population’s needs and has called for the immediate opening of all crossings for full humanitarian access into the territory devastated by relentless #Israeli bombardments and a partial aid blockade.
Bushra Khalidi, Oxfam policy lead for the Occupied #Palestinian territory, said:
Deadly airdrops and a trickle of trucks won’t undo months of engineered starvation in Gaza.
What’s needed is the immediate opening of all crossings for full, unhindered, and safe aid delivery across all of Gaza and a permanent ceasefire. Anything less risks being little more than a tactical gesture.
Hello all! I've got a controlled mechanical ventilation system (system D) at home from Zehnder (ComfoAir Q600). I've even got their controller box (the LAN-C) so I can use smart home stuff with it. It works perfect on home assistant, even when blocking the controller on the router level from the outside world. Maintenance wise, they try to force a contract on you, but it is easy peasy to maintain and repair so I'm not having no maintenance contract.
Comes the issue of software and updates. Some updates come with features. Sometimes, they are even mandatory so addons can work on them (ex: small heat pump for the intake needs a recent version for setup). For this, you have to use their app on your phone/tablet. The whole idea is that the install goes trough your phone (with checksum check through the app) to the EEROM on the local network to prevent bricking of the unit. Updates bring usually nice settings, and are sometimes mandatory for some add-ons (ex: heatpump for pre-heating or pre-cooling needs a recent update to be set up).
Here comes the really annoying part that makes me grump a lot: to update, of even for some diagnose option, you need to access a special level. Not the beginner mode. Not the expert mode. Not the installer mode that is unlocked with a simple pin code available in the owner's manual. No sweet child, you need to be a registered installer with Zehnder to access to get updates and real diagnostics. Officially, it is to prevent bricking the controller with an update by an user. But it is possible to give access to a licensed installer so they can update remotely and run diagnostics. So an issue with your internet, and there is no more safeguard to protect you from bricking stuff. Really, it is just to force a maintenance visit (200€ to exchange filters and clean a bit the exchanger and the inside with some soapy water). I don't like to bend over while I'm getting fucked without my consent, so you guess while this pisses me off. I called once to get an update (some companies ask you a hefty sum for that), but instead of getting an account they just updated it once exceptionally.
There is tho in the official documents for Germany, a test code publicly accessible, that allows you to access diagnostics and updates. But the updates there are only for German units. Pretty sure it is the same unit for the whole damn continent, but hey, let's pretend the units are different.
Comes my question: how do I trick the system into believing their update is not for the germans, but for somewhere else? Or even better, to give me access for updates for other areas? I know part is server side (account), but I'm willing to bet they don't really care about securing access to the updates once you have authenticated yourself (with the german test code). Tried lucky patcher, but didn't get lucky.
Any idea what I could try (even Lucky Patcher wise)?
Ventilation systems are named a bit weird like that:
-System A is natural convection (like holes in the walls)
-system B is holes in the walls, and a motor brings fresh air in the building
-System C is only a centralised extraction (needs rosters in your windows so you have an air intake, so basically an energy-label-certified-hole in your brand new windows)
-System C+ is centralised extraction with a variable debit depending on CO2 and humidity detected (so it is less energy wasteful than the previous one)
-System D is a double flux system: one centralised unit with a heat exchanger built in. There are 2 circuits, one is fresh air and the other one is air extraction. the house is basically always a bit over-pressurised. It is possible to obtain also humidity regulation for the winter if needed (ex build-in humidifier or enthalpy exchange units). When testing for build quality in passive houses, they check that almost all air exchange goes only through the unit
-System E: System C+ with a heat exchanger connected to a centralised heat pump for the building. Never seen one outside of an expo room.
I wish ! But architects and building engineers you know. The building sector is filled with mysteries beyond logic. For example, I still don't know why it's such a hassle to have real HVAC in centralised ventilation systems in Europe. Or integrated solutions to move energy to other systems (like my water heat pump releases cold. Why am I out of warranty if I place a heat exchanger that cools my fridge heat exhaust on the air rejection?). Without floor heating air-water heat pumps aren't super efficient, and retrofitting baseboards with water-heated ones for baseboards in a bitch to do.
If there's a German code that would work as you intended (if I got you right) but it doesn't for you, since you don't live in Germany, would it work to make the machine believe it is located in Germany?
They might have hardcoded a location into it, then you are out of luck. But maybe they determine it via the internet connection you use to update? So you could potentially have it connected to a VPN through your router, which fakes a German location? Probably too simple a solution.
If I understand it correctly, the numbers only change because when they do the energy and house energy rating certifications in each country (because the details in the energy ratings are different in each country). Managed to trick it tho, but it changes the unit to a german id but with the same serial. So certification wise, it is the paper that comes with the unit that counts, not what the unit says
[Update]So used my old rooted tablet to tweak around a bit with the app. Through lucky patcher (when logged in with the test account) I noticed that the downloads are done trough the root user of android. After that I used MiXplorer to get the data files on my pc. Quickly found the structure of the files. Couldn't trick the system to access my local files, but I managed to trick the system into updating as if it were a german system.
So if someone else happens to look and stumble upon this, this is how I got it to work. It works only from a rooted android device for now:
Login with the german test account to access server downloads
Connect to the cloud delivery system and download the update that you want
Close the app, with a root file explorer (like MiXplorer + Shizuku) go into the root folder (use their FTP server with a root allowed user or whatever to transfer it more easily to the PC).
Go to /data/data/com.zehndergroup.comfocontrol/files/products/1/R1.12.0-DE -Open the meta.json file and change the german id of your unit to your unit. Ex: 471502013 to 471502023 for the UK id. Save it and send it back to where it came from. You could just update your unit, and it would keep the same serial number, same everything but would be under german ID. Easy for new updates but annoying to explain if you need to have a technician over and he is wondering why your unit has that ID. But then again, that is a minor detail and I'm not even sure the technician will be paid enough to care. Reverting to your national number should be the same process but with the update for your country.
What didn't work: *Open the config bin file of your unit (so again, for the Q600 : config_R1.12.0_471502013_v1.bin ) with a hex editor. Look for the unit number that needs to be replaced (so here 471502013 needs to become 471502023). I only needed to replace 1 number (a 1 into 2) , so 31 became 32 in the hex file. Replace the country code with your local one in hex (So DE into UK). Save it and send it back from where it came from. This provokes an error after the 3rd block. Probably a checksum that isn't cooperating in another file *Seperate API connection: the naming pattern o their website is obvious, but connection without their app is something else
Firmware updates for the ventilation units are in folder "1", maybe that will change in the future
The downloaded firmware update will be there under it's own folder (like R1.12.0) and sometimes there will be it's own ZIP
National ID for your unit is on Zehnder's website but also under "basic mode" > "unit status" > "Article unit"
The installers pin code changes from your countries to the German one, so it becomes 4210
PS: there are ati-bricking measures in place in the system. If an update fails, you can Erase the firmware and reupload it but you'll have to redo the post-install setup
This is really just a way to save money on human moderators. I'm pretty sure Thingiverse has always forbidden functional weapons. Now they don't have to examine each one, they'll just let the machine deal with it.
My guess, and confirmed by another comment, is that the ai only flags posts for review. Then the moderators have to manually check the post.
Honestly, it's not a terrible use of AI in my opinion. Considering posts practically never change, they really only have to scan each post once. The mod can either flag it as safe or remove it. They are probably just running image and text pattern recognition on previously banned posts to flag newly submitted posts.
image recognition AI is notoriously bad at context, so it'll probably flag half the nerf blasters as "potential weapons" and require human review anyway lol
And yet, America is still the only country with regular mass shootings.
Everyone acts like people are going to be able to start 3d printing guns and ammunition en masse, and yet it doesn't happen anywhere at any significant scale. It's just defeatist nonsense pushed by gun lovers to convince people not to act.
The gun violence is a symptom of a dysfunctional society, not the cause. If the US was more equitable for everyone in terms of money and healthcare, it would go down.
Nothing against sensible gun regulations, but even if you magically disappeared every gun in the country, the problems that mess people up so bad they get violent would remain.
The US is not the least functional nor least equal country in the world, and yet it is the only one with regular mass homicides.
It's because of wide spread access to point and click murder machines that lower the bar for massacres.
Other issues exacerbate and lead to violence, but the primary difference between the US and everywhere else is everyone carrying a pistol to Walmart like idiots.
Neither of you are talking nonsense. The US clearly has a combination of problems that combine to cause their massive problem with mass shootings.
Their limited gun control is a contributing factor, but not the only factor. Other countries have weak gun laws and don’t have nearly the same problems, the US didn’t have the same problems in the past, they’ve grown worse over time, and at this point the very concept of mass shootings in media is a major cause of them.
Removing guns (magically removing all existing guns) would certainly reduce the problem and probably would eventually fix things, but at this point the US has been broiling itself in this idea for too long and it would probably continue with knives or homemade bombs or something instead, at least for a while.
it would probably continue with knives or homemade bombs or something instead, at least for a while.
which would be an improvement. knives cause less damage and bombs require knowledge to gather materials and build which 1) increases the barrier to entry and 2) gives authorities time to detect the activity and prevent the act.
The first half of your comment I agree with completely.
And even the second half I think is basically accurate, but it may also miss the point.
but even if you magically disappeared every gun in the country, the problems that mess people up so bad they get violent would remain.
So yeah, I think people would still get violent, for sure. The question is, how many people can they hurt when that happens? I mean, I recognize the impossibility of this, but if you could magically disappear every gun in the country, we would pretty quickly see a very different society begin to emerge. For starters, there would be much less murder across the board, less gang violence, less domestic violence, fewer murders by cops, no school shooting, probably even fewer suicides. It wouldn't fix everything, but it would definitely have a huge impact.
But there would be additional effects too... The relationship between cops and the general public would begin to change drastically. There would be much less anger toward the police and the police would have fewer reasons to fear the public. The current cop policy of shoot first if you feel threatened is both completely unacceptable and simultaneously totally rational (if they assume anyone could have a gun). But without guns in people's hands, (including the cops') we'd have a completely different dynamic in so many otherwise dangerous situations.
All that said, you're right that economic inequity will always lead to social interest and violence. So like I said, this wouldn't solve everything. But on the other hand, getting rid of guns entirely wouldn't be a bad way to go, it would certainly heal more than it would hurt.
Finland has almost as many households (as a %) with guns as the U.S. (38% for Finland vs 42% for the U.S.) yet the U.S. has about 19x the per capita gun homicide rate of Finland.
counting by household is blatantly spinning the data to ignore households with more than one gun. why should we do that? even just households with two guns are not crazy outliers and vastly change the comparison.
also the US cannot require gun registration so we really have no idea how many guns are actually out there. only about 1 million guns are registered. 400 million seems to be the low estimate but could even be over 500 million. on the other hand the vast majority of finland’s firearms are registered.
also what kind of guns are we talking about? iirc Finns get a standard issue rifle for military service. Handguns are more often used in crime (and probably suicide).
Because the argument is that guns cause violent crime (specifically mass shootings) and the example of Finland shows that not to be the case. Then if guns don’t cause violent crime what is it?
The most likely explanation to me is that there is a confounder: an unknown which causes both the acquisition of (one or more) guns and the commission of crimes. A hidden criminality element which Finland seems to lack.
The alternative explanation is that the U.S. is a broken society (in one or more ways) and that this leads people to feel the desire to lash out in extremely violent ways. The availability of guns in the US offers them an easy option for inflicting mass casualties but the recent example of Michigan shows that even without a gun there is still the opportunity for mayhem.
Now compare the gun violence rate of both of those countries with the gun violence rate of somewhere that bans guns.
Maybe we'll see that Finland has a route to further reduce their gun violence.
Having looked into it a bit, I was essentially right. England mostly bans gun ownership, their gun violence rate is half that of Finland's. In Japan, they have even tighter controls on firearms, the gun violence rate there is 30 times lower than Finland's.
Removing guns from the situation absolutely seems makes a huge measurable difference. If you believe math.
It should be noted that Thingiverse’s policy is against “firearms” and not guns in general. The company has no problem with replica props, airsoft guns, sci-fi blaster toys, or gun-like objects that shoot candy.
…
“AI will be used only to flag potentially harmful designs, but a human will always be the one to decide if something should be removed,” Chapman told Tom’s Hardware. If a file is removed from Thingiverse, it will be removed by a person, not a machine.
This was my biggest worry, otherwise I see 99% of removed files just being cosplay props
In Q2 2025, anti-piracy coalition Alliance for Creativity and Entertainment continued to 'seize' domains in bulk, adding to the world's largest collection of former pirate domains maintained by the MPA. While the archive contains countless unique and memorable domains, many with interesting and informative backstories, new additions illustrate typical responses to site blocking measures and very little else.
With all these domains they are continuing to seize and then need to continue to renew, at what point does a bean counter tell them it's unsustainable? I also wonder how many sites just don't get renewed because they slipped through the cracks like certs sometimes do. I guess if you're a domain register this seems like a crazy inflated sales bubble that at some point is going to pop, and hopefully they have saved some of that revenue to ride out that lull.
In Q2 2025, anti-piracy coalition Alliance for Creativity and Entertainment continued to 'seize' domains in bulk, adding to the world's largest collection of former pirate domains maintained by the MPA. While the archive contains countless unique and memorable domains, many with interesting and informative backstories, new additions illustrate typical responses to site blocking measures and very little else.
In un'intervista rilasciata a Newsweek, la deputata April McClain Delaney ha lanciato l'allarme: i tagli apportati da Donald Trump a programmi come Medicaid, nonché a NPR e PBS, colpiranno le zone rurali americane come uno "tsunami".
Il distretto congressuale del Maryland di Delaney comprende alcune delle aree che potrebbero essere maggiormente colpite dalle politiche di Trump. Si estende dalla zona rurale occidentale dello stato, che secondo lei potrebbe subire il peso dei nuovi tagli alla rescissione, alla periferia di Washington, DC, dove risiedono i dipendenti federali che hanno perso il lavoro a causa dei licenziamenti di massa.
"Se si considerano tutti questi congelamenti dei finanziamenti per i dipendenti pubblici dei nostri parchi nazionali, ma anche per Medicaid, SNAP e poi si cominciano a considerare alcune delle altre rescissioni, ci si rende conto che si tratta semplicemente di uno tsunami che sta per colpire l'America rurale", ha affermato Delaney.
If they gained root access to the container, that's not a moderate vulnerability. Root inside a container is still root. You can still access the kernel with root privs and it's the same kernel as the host.
I know that? I'm just saying that MS categorised it as such. It would be strange to include the part about MS's responses if MS also found that the vulnerability was not what the researchers claimed it was.
What I'm saying is something about the story doesn't add up.
Either Microsoft classified a major issue as a minor one so they didn't have to payout the bug bounty (quite possible), or the attack didn't achieve what the researchers thought it did and Microsoft classified it according to it's actual results.
Docker isn’t, but I was under the impression that hyperscalars tended to put all their containers in lightweight VMs or use something like kata containers anyways for security purposes
And so Microsoft decided this wasn't a big enough vulnerability to pay them a bounty. Why the fuck would you ever share that with them then, if you could sell it to a black-hat hacking org for thousands?
Surely there wasn't an exploit on the half a year out of date kernel (Article screenshots from April 2025, uname kernel release from a CBL-Mariner released September 3rd 2024).
Resistance inside Russia is growing: Su-27UB jet set alight in Krasnodar Krai — Ukraine’s F-16 have a new trick to avoid Russian ballistic missiles — After being battered by Ukraine, Russia hopes to ‘strengthen’ Black Sea Fleet — Russia could be ready for
Medical Supplies for Ukraine’s Hospitals. Partnering for global health equity.
Russia’s war against Ukraine
Debris litters a sports complex after an overnight Russian bombardment on July 26, 2025 in Kharkiv, Ukraine. Officials say this five-hour bombardment in the Kyivskyi district included four Russian glide bombs, two ballistic missiles, and 15 Shahed drones. (Scott Peterson/Getty Images)
‘Resistance inside Russiais growing’ — Su-27UB jet set alight in Krasnodar Krai, Ukraine’s HUR claims. “Resistance to the Kremlin regime inside Russia is growing,” Ukraine’s military intelligence agency said.
After beingbattered by Ukraine, Russia hopes to ‘strengthen’ Black Sea Fleet. “In the coming years, the Black Sea sailors will be further strengthened — with the arrival of new frigates, corvettes, aviation, marine robotic complexes,” Nikolai Patrushev, the head of Russia’s Maritime Collegium, said.
Ukraine reports killingRussian colonelleading assaults in Kharkiv Oblast. According to operational data by Ukraine’s Khortytsia group of forces, Colonel Lebedev was leading assault operations in the Velykyi Burluk area of Kharkiv Oblast.
Russiandrone strikedamages Regional Military Administration building in Sumy. Russian forces launched a drone strike on Sumy on July 26, damaging the building of the Sumy Regional Military Administration, regional governor Oleh Hryhorov reported.
Ukraine ‘thwarts Russian plan forSumy Oblast,’ Zelensky says. Ukrainian forces have pushed back Russian troops in Sumy Oblast, disrupting Moscow’s attempts to expand its foothold in the region, President Volodymyr Zelensky said on July 26.
Anti-corruption
How effective were Ukraine’santi-corruptionagencies targeted by Zelensky, and who were they investigating? The National Anti-Corruption Bureau (NABU) and the Specialized Anti-Corruption Prosecutor’s Office (SAPO) have investigated top officials, including Zelensky’s allies, and have widely been seen as more effective than other law enforcement agencies. However, real progress has been hampered by Ukraine’s flawed judicial system.
Our readers’ questions aboutUkraine’s anti-corruptionbodies, answered. We offered members of the Kyiv Independent community to share their questions about a controversial bill that undermined Ukraine’s anti-corruption institutions and the street protests that followed it this week.
Read our exclusives
Meet Ukraine’s EuroMaidan protesters fighting again for democracy in wartime Kyiv
Twelve years after the EuroMaidan Revolution, thousands mobilized across Ukraine again, united by a different cause. Protests erupted on the evening of July 22, just hours after Ukraine’s parliament passed a bill widely seen as an assault on corruption reform.
Photo: Anastasia Verzun / The Kyiv Independent
Learn more ‘Stop fueling Russia’s aggression’ — US, China clash over Ukraine at United Nations
The U.S. urged China to stop enabling Russia’s war in Ukraine during a UN Security Council meeting, prompting a sharp rebuke from Beijing, which accused Washington of creating confrontation.
Photo: Wang Fan/China News Service/Getty Images
Learn more Orban offers Ukraine ‘strategic cooperation,’ claims EU accession would ‘drag the war’ into Europe
Hungarian Prime Minister Viktor Orban proposed “strategic cooperation” with Ukraine instead of European Union integration, arguing that Kyiv’s accession would drag the war into the heart of Europe.
Photo: Attila Kisbenedek / AFP
Learn more Ukraine’s F-16 have a new trick to avoid Russian ballistic missiles
Ukraine’s fleet of F-16 fighter jets have been given a badly-needed boost with the creation of new mobile maintenance and operations modules which will help them evade Russian ballistic missile strikes.
Russian forces attackSumy Oblast, injure 3 civilians. Russian forces launched an overnight attack on Ukraine’s northeastern Sumy Oblast on July 26, targeting civilian infrastructure and leaving three people injured.
General Staff: Russia has lost1,048,330 troopsin Ukraine since Feb. 24, 2022. The number includes 1,080 casualties Russian forces suffered just over the past day.
9 killed, 61 injured inRussian attackson Ukraine over past day. Ukraine’s Air Force said Russia launched 208 drones and 27 missiles overnight, targeting cities and infrastructure in multiple regions.
International response
US Senator BlumenthalwarnsZelensky over anti-graft law, backs protests as ‘democracy in action.’ U.S. Democratic Senator Richard Blumenthal co-authored a bipartisan bill that would impose 500% tariffs on countries buying Russian oil, gas, or uranium.
Pope Leomeets Russian Orthodox cleric to discuss Ukraine war. The Vatican confirmed that Pope Leo received Metropolitan Anthony, the senior Russian Orthodox Church cleric who chairs its department of external church relations, along with five other high-profile clerics, during a morning audience on July 26.
Lithuania to allocate $32 million toward joint purchase ofPatriot missilesystems for Ukraine. Lithuania plans to contribute up to 30 million euro ($32.5 million) toward the joint purchase of U.S.-made Patriot air defense systems for Ukraine, Lithuanian public broadcaster LRT reported on July 26.
Russia could be ready for ‘confrontation with Europe‘ by 2027, Polish prime minister says. “Russia will be ready for confrontation with Europe — and therefore with us — as early as 2027,” Polish Prime Minister Donald Tusk said.
In other news
Lukashenko resumes use ofmigrantsto ‘exert political pressure’ on Europe, Ukraine’s intelligence says. Belarusian President Alexander Lukashenko is facilitating transit primarily to Poland, with some migrants arriving from Libya directly or through Russia — pointing to coordinated efforts between Minsk and Moscow.
Ukrainian drones strike majorRussian militaryradio factory in Stavropol, SBU source says. Ukrainian drones struck the Signal radio plant in Russia’s Stavropol Krai overnight on July 26. The plant, located around 500 kilometers (311 miles) from Ukraine-controlled territory, manufactures electronic warfare equipment for front-line aircraft and is a major part of Russia’s military-industrial complex.
The Kyiv Independent delivers urgent, independent journalism from the ground, from breaking news to investigations into war crimes. Your support helps us keep telling the truth. Become a member today.
This newsletter is open for sponsorship. Boost your brand’s visibility by reaching thousands of engaged subscribers. Click here for more details.
Today’s Ukraine Daily was brought to you by Tim Zadorozhnyy, Olena Goncharova, Sonya Bandouil, Oleg Sukhov, Irynka Hromotska, Kateryna Hodunova, Yuliia Taradiuk, and Lucy Pakhnyuk.
If you’re enjoying this newsletter, consider joining ourmembership program. Start supporting independent journalism today.
With the recent issues of Tea (teaforwomen.com) posting unsecured user data, it's easy to spot the heavy bias of male users in the comments. With a 90% male demographic, Lemmy will face problems related to a homogeneous user population and all the issues that come with it. Right now, it's shaping up to be misogynistic, but it could also head into other bad places. Lemmy needs to attract a more diverse population of users or will end up as another echo chamber for the like minded. similarweb.com/website/lemmy.m…
People are downvoting cuz OP said this site is becoming misogynistic plus OP didn’t include the right “sample size.”
But can we be fucking honest? This website is incredibly male dominated. Like why are we arguing this? I woulda figured it was closer to like 95% male users…
And many folks (read: men) on this website don’t like calling out the reality that these heavily male-skewed outlooks can be misogynistic. Like, yeah, you bring tons of men in a room with no women, people will start to say misogynistic shit. It’s not reddit-level bad, but I’ve definitely noticed it.
Your response seems almost defensive, which is weird. Lemmy is definitely overwhelming male. That’s not an inherently bad thing, so I don’t get the defensive tone here or taking OP to task about data methods.
Disagree all you want, but this website is incredibly male dominated. I don’t think OP needs to do a peer-reviewed, double-blind study to say so.
In the last days I spent a disproportionate amount deleting old accounts I found in my password manager, and mostly because so many companies - despite the GDPR - have rudimentary, manually when not completely nonexistent processes to delete your data.
In this post I describe my process going through about 100 old accounts and trying to delete them all, including a top 10 for the weirdest, funniest or most interesting cases I encountered while doing so.
Great read thanks. It’s a quest I have stated here and there but you methods an awareness gives inspiration to the tedious task. Would you be willing to share the email template you used?
Thanks to the GDPR, you have the right to have your personal data deleted if a controller no longer needs it for its original purpose. We offer you a sample letter with which you can exercise such a right.
Did you enquire with any if they had sold/shared your data. I suppose it could be an endless quest trying to trace and delete everything. I know that wasn’t your aim. Just curious as I am starting to do this. We can’t trust online with anything anymore so time to start wiping my footprints of what I still can. And my account list is a good place to start.
Hey, I haven't, but to be honest, the answers I got from most companies showed me that the processes were handled by people who barely understood the legal and technical aspects around data collection (e.g., often support agents were on the other side of privacy@), which means I wouldn't trust them with their answer anyway AND I doubt many of these companies will have effective way to even check that.
From the data being sold point of view, I think unfortunately it's way more effective reaching out to the few big data brokers to request cancelations or pay one of the companies who offer such service...
A few months ago, I alao went on a small spree of deleting from my ~500 accounts. Some companies/services were offline, some redirected, some had no or very cumbersome ways to delete my data. Sometimes I juat wanted to edit my email.
Welp. No can do bro. Your E-Mail is cemented in place and only the heat-death of the universe can remove it.
Thanks. Absolutely my experience too. The ones where you can't edit the email I noticed often used the email as username, and probably god knows how bad is the code on the backend.
Il figlio maggiore problematico della deputata Lauren Boebert (cristiana rinata e già sostenitrice della teoria del complotto QAnon) è stato accusato di abuso su minori in seguito a un incidente che ha coinvolto il nipote.
Tyler, il figlio ventenne della deputata repubblicana e dell'ex marito Jayson, è stato accusato di reato minore in Colorado l'11 luglio, ha riferito sabato Denver Westword , citando i registri del dipartimento di polizia di Windsor.
Il deputato Boebert ha minimizzato l'accusa, affermando che era il risultato di "una mancanza di comunicazione sul controllo del mio giovane nipote che di recente lo ha portato ad andarsene di casa".
Rep. Boebert downplayed the charge, saying it was the result of “a miscommunication on monitoring my young grandson that recently led to him getting out of our house.”
Dopo una visita a una piantagione di mirtilli nel fine settimana, Hurt ha discusso con i conduttori di Fox News Rachel Campos-Duffy e Charlie Kirk sull'opportunità o meno che il governo sovvenzioni le piccole aziende agricole.
"E il dibattito, ragazzi, è su cosa dovrebbe sovvenzionare il governo... voglio dire, guardate, produrre mirtilli richiede molto lavoro, per esempio", ha detto Campos-Duffy. "Quindi cosa dovrebbe sovvenzionare il governo?"
Proton, the Geneva-based encrypted email provider founded 11 years ago by three scientist who met at CERN, will freeze its investments in Switzerland, its chief executive Andy Yen told Le Temps on Wed
“If the proposals pass, Proton’s services in Switzerland would be less private than Google’s,” Mr Yen told Le Temps. Frustrated by the lack of assurances from Beat Jans, the federal councillor overseeing the matter, Proton has opted to halt Swiss investments and shift its infrastructure plans abroad. Its artificial-intelligence data centres, deemed especially sensitive, will be located in Germany and Norway and involve investing CHF 100 million.
I like Lumo, be it only because I can use it instead of US or Chinese LLMs. Hope they help drive european AI development. And I'm quite sure Proton thought about their 1 billion investment a bit before announcing it.
You can refuse to use LLMs, but I doubt the use of AI will ever decrease again.
It just needs a dark theme. Work computer is powerful enough that I can run local models and use it occasionally. A cloud one that's just using similar open models as what you can easily download is fine to me.
Proton does have aot of work to do understandable to people's annoyance with them. Lack of Linux Drive application but they've released alpha/beta API for Drive. Drive performance isn't great yet. The Docs feature is pretty barebones for now. Calendar is too simple for power users. Regardless for now they're the closest privacy centric replacement for Google services
But I don't believe that their entire account was shared with the police, but if that actually did happen and you have a proper source for it I gotta think to move my mail after all, so could you please share with the class where you read this?
It is about the law, though. Proton has always been clear about the possibility that they are required to hand over data if the Swiss government requires it: proton.me/legal/transparency
So IDK where you are getting that they are saying one thing and doing another thing and even more important where you got that they shared ENCRYPTED data. Cause if they have the ability to even do that I have to rethink my choose since that should be impossible if Proton did it correctly and are trustworthy.
Proton's transparency report with aggregate statistics of legal orders from the Swiss authorities, covering Proton Mail, Proton Drive, and Proton Calendar.
Proton did not only hand over data to the Swiss courts, but the French courts via that. They didn't just comply with national laws, but those of other countries.
That contradicts their virtue signalled interest in privacy, when they're willing to surrender any data without even putting up a fight. They did not even try to argue in courts against handing over private data. And considering this lead to the arrest of the activist, it either obviously wasn't encrypted or Proton had the means to decrypt it on their end.
You can't just link Proton's own PR speak as a source to counter that. Of course they would defend themselves.
Yes they did because most countries have some form of agreement that they share data when legally requested. It is pretty hard to bypass that, but it is duable (Mullaval VPN f.e.)
They didn’t just surrender the data, they started collecting it at first
And let me remind you that there is a non-profit above it and they need to handle for the purpose that was created which is still Protons core businesses. They make more money just doing whats right than not because otherwise people would go back to something free or go to Tuta/Mulivad
Tbh, it's not the worst thing when a service does that. There are cases where it is indicated - cartels, CSAM, etc. do not deserve a safe haven. The bad part about the France issue is the fact that the Swiss court system willfully allowed a case that was not per se illegal in Switzerland and had rather controversial legal grounds in France to proceed. This is very similar to the cases where Switzerland simply ignored their own laws under pressure from the US government in terms of bank accounts 15 years earlier.
This is rather concerning and many Swiss legal experts did not share the opinion of Proton that there was nothing Proton could have done.
Maybe Proton could have done more, but maybe not on the other hand the ISP is also wrong for supplying the name that goes with the IP. (yes I know that's deflection, but still).
I personally feel like we need to find a middle ground between personal privacy and being able to stop criminals/terrorists/fraud etc.
Wrong bogeyman here, the more worrying problem is the CEO endorsing the US republicans, seemingly (and charitably) due to the ostensibly pro-privacy policy position, ignoring all the other policy advocation attached to endorsing them or their track record of doublespeak particularly around things like privacy.
That was a verrry disappointing and tone deaf comment from him, yeah. He could have said that neither party is committed to Proton's values and been done with it, instead he kissed the ring.
Proton is owned by an actual non-profit (not one of those fake once you have in the US) and Andy is only 1/3rd of it so he cannot really do much alone, plus he still needs to follow the objective for the non-profit otherwise he can be held personally responsible.
Personally, I live in a country where you can vote for hundreds of politicians, and we have multiple parties ruling the country and I don't believe that agreeing with one statement is enduring anybody.
Still, Andy Yen is an idiot and Proton needs some extra governance structure to keep him in check (firing him is going to be a hard one since he still owns shares IIRC). Believe what you want and choose to use Proton or not, but it doesn't help the cause for the people to be more critical without giving context.
They need to fire their CEO and get an executive suite that can develop good products and not just copy Google while adding keywords related to "privacy" and "freedoms" in their marketing copytext.
That's the exact same thing as Google.
I say this as long time Proton user and subscriber.
Imo, having Proton just copy Google but actually be private is exactly what I want. Of course, if they stray away from privacy then there will be issues. I also feel like they are making good stuff. As a subscriber myself I don't have many issues with their offering other than the stuff they don't provide but Google does.
I don't believe they will be able to compete with Google/OpenAI in a direct battle by having a 1:1 LLM product copy but with privacy. The costs are likely too high for an organisation like Proton and their LLM is likely to have significantly subpar output.
Don't get me wrong, I am all for a private, cloud LLM, but I would rather they came up with novel usability features, a better front-end for evaluating sources (and faster identification of errors and hallucinations) and so on.
Fair enough, I would also prefer if they pushed out an online excel/power point alternative before this or or allowed for more cloud storage.
That being said, I also don't think this is a bad thing to do. It seems to work alright so if they can at least be at that level then that's fantastic. I do wish they pooled their resources with other open source AI models cause that would be more efficient but maybe they have a good reason. I've just not looked into it cause I don't use AI that often
I use LLMs as a complement to search and Luma is far worse than even Le Chat from Mistral for moderately complex prompts.
Luma is also notable slower (to an unacceptable level).
I would they rather they focused on existing services. I use their email services and it's pretty good. Based on reviews, it seems that their cloud storage offering isn't on that level.
Lucky, they sell a way better solution than Gmail. Even changing the few accounts that used my Gmail caused 25% of the mails to not ever be received by Gmail.
artyom
in reply to Gsus4 • • •Please don't link to Reddit. Context below:
The EU is currently developing a whitelabel app to perform privacy-preserving (at least in theory) age verification to be adopted and personalized in the coming months by member states. The app is open source and available here: github.com/eu-digital-identity….
Problem is, the app is planning to include remote attestation feature to verify the integrity of the app: github.com/eu-digital-identity…. This is supposed to provide assurance to the age verification service that the app being used is authentic and running on a genuine operating system. Genuine in the case of Android means:
While there is value to verify device security, this strongly ties the app to many Google properties and services, because those checks won't pass on an aftermarket Android OS, even those which increase security significantly like GrapheneOS, because the app plans to use Google "Play Integrity", which only allows Google licensed systems instead of the standard Android attestation feature to verify systems.
This also means that even though you can compile the app, you won't be able to use it, because it won't come from the Play Store and thus the age verification service will reject it.
The issue has been raised here github.com/eu-digital-identity… but no response from team members as of now.
GitHub - eu-digital-identity-wallet/av-app-android-wallet-ui
GitHubAGuyAcrossTheInternet likes this.
dubyakay
in reply to artyom • • •like this
AGuyAcrossTheInternet likes this.
artyom
in reply to dubyakay • • •like this
AGuyAcrossTheInternet likes this.
ggtdbz
in reply to artyom • • •I do feel like that’s a precarious state to leave this in, especially if they’re developing the backend for it.
Is there even enough momentum for a SKG-style wave of coverage? It would need to be justified properly by citing things like the Tea app data leak, to make a strong case (to political pencil pushers) for the danger of tying personal information to profiles or even to platforms. Otherwise the only thing they’ll see is “gamers want to make porn accessible to children”.
I don’t know. This whole situation boils my blood because I really care about online anonymity, and this is kind of nightmare scenario shit for me. I’m not even in the UK or EU.
like this
AGuyAcrossTheInternet e HeerlijkeDrop like this.
Ulrich
in reply to ggtdbz • • •We've had this shit in the US for a while now.
iii
in reply to dubyakay • • •To avoid people from simply copying the "age proof" and having others reuse it, a nonce/private key combo is needed. To protect that key a DRM style locked down device is necessary. Conveniently removing your ability to know what your device is doing, just a "trust us".
Seeing the EU doesn't make any popular hardware, their plan will always rely on either Asian or US manufacturers implementing the black-box "safety" chip.
General_Effort
in reply to iii • • •iii
in reply to General_Effort • • •General_Effort
in reply to iii • • •A phone can also be shared. If it happens at scale, it will be flagged pretty quickly. It's not a real problem.
The only real problem is the very intention of such laws.
iii
in reply to General_Effort • • •How? In a correct implementation, the 3rd parties only receive proof-of-age, no identity. How will re-use and sharing be detected?
General_Effort
in reply to iii • • •There are 3 parties:
1) the user
2) the age-gated site
3) the age verification service
The site (2) sends the request to the user (1), who passes it on to the service (3) where it is signed and returned the same way. The request comes with a nonce and a time stamp, making reuse difficult. An unusual volume of requests from a single user will be detected by the service.
iii
in reply to General_Effort • • •Neither 2 nor 3 should receive information about the identity of the user, making it difficult to count the volume of requests by user?
General_Effort
in reply to iii • • •iii
in reply to General_Effort • • •I must not be explaining myself well.
Yes, that's the point. They should be receiving information about age, and age only. Therefore they lack the information to detect reuse.
If they are able to detect reuse, they receive more (and personal identifying) information. Which shouldn't be the case.
The only known way to include a nonce, without releasing identifying information to the 3rd parties, is using a DRM like chip. This results in the sovereignty and trust issues I referred to earlier.
General_Effort
in reply to iii • • •The site would only know that the user's age is being vouched for by some government-approved service. It would not be able to use this to track the user across different devices/IPs, and so on.
The service would only know that the user is requesting that their age be vouched for. It would not know for what. Of course, they would have to know your age somehow. EG they could be selling access in shops, like alcohol is sold in shops. The shop checks the ID. The service then only knows that you have login credentials bought in some shop. Presumably these credentials would not remain valid for long.
They could use any other scheme, as well. Maybe you do have to upload an ID, but they have to delete it immediately afterward. And because the service has to be in the EU, government-certified with regular inspections, that's safe enough.
In any case, the user would have to have access to some sort of account on the service. Activity related to that account would be tracked.
If that is not good enough, then your worries are not about data protection. My worries are not. I reject this for different reasons.
iii
in reply to General_Effort • • •The reverse is also a necessity: the government approved service should not be allowed to know who and for what a proof of age is requested.
Of course not: both intentional and unintentional leaking of this information already happens, regularly. That information should simply not be captured, at all!
Additionally, what happens to, for example, the people in Hungary(*)? If the middle man government service knows when and who is requesting proof-of-age, it's easy to de-anonymise for example users of gay porn sites.
The 3rd party solution, as you present it, sounds terribly dangerous!
(*) Hungary as a contemporary example of a near despot leader, but more will pop up in EU over the coming years.
General_Effort
in reply to iii • • •It would send the proof to you. It would not know what you do with it. I gave an example in the previous post how the identity of the user could be hidden from the service.
It would be a lot easier to get that information from the ISP.
redjard
in reply to iii • • •There are plenty of people with full integrity on rooted phones. It's really annoying to set up and keep going, and requiring that would fuck over most rooted phone/custom os users, but someone to fully inspect and leak everything about the app will always be popping up.
iii
in reply to redjard • • •Look at the design of DRM chips. They bake the key into hardware. Some keys have been leaked, I think playstation 2 is an example, but typically by a source inside the company.
redjard
in reply to iii • • •That applies to play integrity, and a lot of getting that working is juggling various signatures and keys.
The suggestion above which I replied to was instead about software-managed keys, something handed to the app which it then stores, where the google drm is polled to get that sacred piece of data. Since this is present in the software, it can be plainly read by the user on rooted devices, which hardware-based keys cannot.
Play integrity is hardware based, but the eu app is software based, merely polling googles hardware based stuff somewhere in the process.
iii
in reply to redjard • • •I understand. In the context of digital sovereignty, even if the linked shitty implementation is discarded (as it should be), every correct implementation will require magic DRM-like chip. This chip will be made by a US or Asian manufacturer, as the EU has no manufacturing.
Appoxo
in reply to artyom • • •like this
AGuyAcrossTheInternet likes this.
artyom
in reply to Appoxo • • •Appoxo
in reply to artyom • • •If not it seems to me that it should be sufficient as to serve as a security this phone is legit and not emulated/compromised.
artyom
in reply to Appoxo • • •redjard
in reply to Appoxo • • •And the phone provider can naturally resolve their sim IDs down to the phone number they are assigned to.
Anything related to celltower interactions is PII.
UnfortunateShort
in reply to Gsus4 • • •Yeah no. Requiring anything Google for something as basic as this violates the GDPR. If they go through with this, it's one legal case until they have to revise it.
Edit: German eID works on any Android btw., flawless actually. I sure hope I can use that for verification
like this
AGuyAcrossTheInternet likes this.
boonhet
in reply to UnfortunateShort • • •like this
AGuyAcrossTheInternet likes this.
tribut
in reply to boonhet • • •EID can be used for anonymous age verification. It doesn't even need to give out your birthday and can attest to any "over the age of X" requirement.
Ref: bfdi.bund.de/DE/Buerger/Inhalt…
BfDI - Meldewesen und Statistik - Datenschutz beim Personalausweis mit eID
www.bfdi.bund.delike this
AGuyAcrossTheInternet likes this.
boonhet
in reply to tribut • • •like this
AGuyAcrossTheInternet likes this.
Hawk
in reply to tribut • • •"Government issued app can be used for anonymous age verification."
Doesn't sound like the most trustworthy statement...
SaharaMaleikuhm
in reply to UnfortunateShort • • •like this
AGuyAcrossTheInternet likes this.
UnfortunateShort
in reply to SaharaMaleikuhm • • •gian
in reply to UnfortunateShort • • •Same in Italy... I mean, I can pay taxes with that application but I cannot be verified for my age ? Seriously EU ?
General_Effort
in reply to UnfortunateShort • • •I wouldn't be too sure. Data protection mainly binds private actors. Any data processing demanded by law is legal. You'd really have to know the finer points of the law to judge if this is ok.
UnfortunateShort
in reply to General_Effort • • •General_Effort
in reply to UnfortunateShort • • •Data processing mandated by law is legal. Governments can pass laws, unlike private actors. Public institutions are bound by GDPR, but can also rely on provisions that give them greater leeway.
I don't see how that this is in any way necessary, either. But a judge may be convinced by the claim that this is industry standard best practice to keep the app safe. In any case, there may be some finer points to the law.
I'm not too sure about that, either. For example, when you are out of work, the state will cause you trouble if you do not find offered jobs acceptable.
It's another question, if not having access to age-gated content is so bad as to force you to do anything. Minors nominally have the same rights as full citizens, and they are to be denied access, too.
viking
in reply to Gsus4 • • •like this
AGuyAcrossTheInternet likes this.
ggtdbz
in reply to viking • • •a1studmuffin
in reply to Gsus4 • • •like this
AGuyAcrossTheInternet likes this.
tabular
in reply to a1studmuffin • • •like this
AGuyAcrossTheInternet likes this.
QueenHawlSera
in reply to Gsus4 • • •like this
AGuyAcrossTheInternet likes this.
rottingleaf
in reply to Gsus4 • • •As usual, it's the implementation that matters.
Someone jumped at me for comparing EU and MAGA to Stalin's and Hitler's regimes, quote, "arguing in newspapers whose worker class has been liberated more". Like they are not equal at all and all such.
Geth
in reply to Gsus4 • • •What is it with everyone being obsessed with porn censorship suddenly? Why is this a trend?
At first I thought it's about control and data gathering, but this seems like too much of a genuine attempt at such a system. Why is the government so obsessed with parenting and nannying the citizens?
like this
AGuyAcrossTheInternet likes this.
Vinstaal0
in reply to Geth • • •like this
AGuyAcrossTheInternet likes this.
Prime
in reply to Vinstaal0 • • •Vinstaal0
in reply to Prime • • •There is a bit of a conflict between the laws requiring certain companies to identify their clients and GDPR in basis, but there is something in GDPR that allows these companies to still collect the relevant data and use it or to verify the data and not store it depending on the use case.
The whole use case thing is even the reason why companies are allowed to collect data from you. You couldn't get anything delivered if this exception wasn't there, because they wouldn't be allowed to progress your address.
At least that's what I gathered from the Dutch implementation the AVG, when I last read it a couple years ago.
Bruncvik
in reply to Geth • • •Gsus4
in reply to Geth • • •iii
in reply to Geth • • •I think it's because people from outside the traditional political families are getting popular votes.
For the established politicians, blaming "the internet" and building a supressing censorship machine is easier than looking in the mirror and seeing where the discontent comes from.
WhatAmLemmy
in reply to Geth • • •General_Effort
in reply to Geth • • •Been wondering myself. It's certainly part of the general right-ward trend. Societies are becoming more illiberal. It's not just the right that is moving to the right.
Obscenity laws have always been about enforcing the "correct" sexuality. Protecting minors meant preventing them from becoming "confused"; ie becoming LGBTQ.
You also have growing nationalism. In Europe, people are saying we should enforce "our laws" and "our values" against meddling foreigners (ie Big Tech). It often sounds a lot like the rants against the "globalists" that have been a staple among the US far right for decades. Age verification is part of that.
For example, Germany has long enforced age verification within its borders. It's part of the whole over-regulation thing that makes competitive tech companies almost impossible in Europe. For some reason, Europeans have trouble accepting that. You can see it here on Lemmy. The solution must be to enshittify everything to level the playing field.
Altima NEO
in reply to Geth • • •NeilBrü
in reply to Geth • • •The legal precedent for gaining the ability to ban content under the guise of preventing the dissemination of "obscenity" allows the future banning of "obscene" political opinions and "obscene" dissent.
Once the "obscene" political content is banned, the language will change to "offensive".
After "offensive" content is banned, then the language will change to "inappropriate".
After "inappropriate", the language will change to "oppositional".
If you believe this is a "slippery slope" fallacy, then as a counterpoint, I would refer to the actual history of the term "politically correct":
lemonaz
in reply to NeilBrü • • •You're right but the example you gave seems to illustrate a different effect that's almost opposite — let me explain.
The phrase "politically correct" is language which meant something very specific, that was then hijacked by the far-right into the culture war where its meaning could be hollowed out/watered down to just mean basically "polite", then used interchangeably in a motte-and-bailey style between the two meanings whenever useful, basically a weaponized fallacy designed to scare and confuse people — and you know that's exactly what it's doing by because no right-winger can define what this boogeyman really means. This has been done before with things like: Critical Race Theory, DEI, cancel culture, woke, cultural Marxism, cultural bolshevism/judeo bolshevism (if you go back far enough), "Great Replacement", "illegals", the list goes on.
type of informal fallacy
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)NeilBrü
in reply to lemonaz • • •I see your point. I should've limited my citation to the phrase's authoritarian origins from the early 20th century.
To clarify, the slippery slope towards "political correctness" I wanted to describe is a sort of corporate techno-feudalist language bereft of any real political philosophy or moral epistemology. It is the language of LinkedIn, the "angel investor class", financiers, cavalier buzzwords, sweeping overgeneralizations, and hyperbole. Yet, fundamentally, it will aim to erase any class awareness, empiricism, or contempt for arbitrary authority. The idea is to impose an avaricious financial-might-makes-right for whatever-we-believe-right-now way of thinking in every human being.
What I want to convey is that there is an unspoken effort by authoritarians of the so-called "left" and "right" who unapologetically yearn for the hybridization of both Huxley's A Brave New World and Orwell's 1984 dystopian models, sometimes loudly proclaimed and other times subconsciously suggested.
These are my opinions and not meant as gospel.
lemonaz
in reply to NeilBrü • • •I get what you mean. You're saying we're sliding towards something that brings back political correctness in its original definition, and I agree with you.
This resonates a lot. I'd argue we're already there. All this talk of "meritocracy" (fallaciously opposed to "DEI"), the prosperity gospel (that one's even older), it's all been promoting this idea of worthiness determined by net worth. Totalitarianism needs a socially accepted might-makes-right narrative wherever it can find it, then that can be the foundation for the fascist dogma/cult that will justify the regime's existence and legitimize its disregard for human life. Bonus points if you can make that might-makes-right narrative sound righteous (e.g. "merit" determines that you "deserve" your wealth, when really it's a circular argument: merit is never questioned for those who have the wealth, it's always assumed because how else could they have made that much money!).
StarryPhoenix97
in reply to Geth • • •cley_faye
in reply to Geth • • •Basically, it's not about porn. It's not about protecting kids. It's not about helping "victims of abuse". If anything, it's putting all these in more danger, along with everyone else.
End-Stage-Ligma
in reply to cley_faye • • •- actively defending child rape
- calls vaccines poison
- calls prenatal care and school lunch subsidy woke
- spends billions bombing brown children
TheFinn
in reply to End-Stage-Ligma • • •DeathByBigSad
in reply to Geth • • •FYI: Most of the world actually restricts, and some outright bans, porn.
Its only western countries that have unrestricted access to porn.
flop_leash_973
in reply to Geth • • •Blackmist
in reply to Geth • • •Electricd
in reply to Gsus4 • • •iii
in reply to Electricd • • •Electricd
in reply to iii • • •Sure, but it has some good sides as well
It's just a shame that they aren't just made of the good sides
TheLeadenSea
in reply to Electricd • • •Electricd
in reply to TheLeadenSea • • •TheLeadenSea
in reply to Electricd • • •Electricd
in reply to TheLeadenSea • • •My bad
My instance could also hint at it ;)
Wolf
in reply to Gsus4 • • •What's going on with Europe lately? You all really want GOOGLE of all mega corps in control of your identity?
You're going the opposite way, it should be your right to install an alternate OS on your phone. If anything they should be banning Google licensed Android.
reshared this
djpanini reshared this.
Gsus4
in reply to Wolf • • •Wolf
in reply to Gsus4 • • •I miss LineageOS so much, my last couple of phones haven't had a build of it and my asshole banking apps wont work on it now.
For my next phone i'm just not going to buy one unless it's already supported and if I have to skip online banking I'll do it.
joel_feila
in reply to Wolf • • •Wolf
in reply to joel_feila • • •I use cards, I don't even have NFC on my phone, but it is nice to be able to check my bank account, lock/unlock the card, deposit checks, etc.
I may be able to do most of that on the website, idk. Guess I'm probably going to find out 😀
Ushmel
in reply to Wolf • • •joel_feila
in reply to Wolf • • •BJ_and_the_bear
in reply to Wolf • • •adr1an
in reply to Gsus4 • • •BrightCandle
in reply to Wolf • • •dreadbeef
in reply to BrightCandle • • •DefederateLemmyMl
in reply to BrightCandle • • •GreenKnight23
in reply to Wolf • • •to hear it from any non-Americans on lemmy they're better than America.
looks like they're just as susceptible to this fascist bullshit to me though...
Nico198X
in reply to GreenKnight23 • • •We invented this bullshit, of course we're susceptible.
Still better than America, though ;P XD
NιƙƙιDιɱҽʂ
in reply to GreenKnight23 • • •SonOfAntenora
in reply to GreenKnight23 • • •I call it effective authoritarianism, it's a sugar coated baton
jabjoe
in reply to Wolf • • •Draedron
in reply to Wolf • • •ZILtoid1991
in reply to Draedron • • •joel_feila
in reply to Gsus4 • • •eleitl
in reply to joel_feila • • •DeathByBigSad
in reply to eleitl • • •eleitl
in reply to DeathByBigSad • • •renamon_silver
in reply to Gsus4 • • •0x0
in reply to renamon_silver • • •samus12345
in reply to 0x0 • • •MBech
in reply to samus12345 • • •No one is laughing... We're horrified how the people who have been screaming "freedom" and being obnoxious about how much more free they are than anyone else in the entire universe, seem to love getting enslaved while being obnoxious about how cool it is to be enslaved.
Europe has its problems. We've had them for generations, and right now they're getting worse. But at least we have a culture of fighting back, something americans don't.
samus12345
in reply to MBech • • •Talk is cheap. Prove it in the coming years. I really hope you're right, because I want SOMEWHERE to not be either a coporate fascist hellholle or a collapsed country in the future..
ZILtoid1991
in reply to MBech • • •Randelung
in reply to samus12345 • • •samus12345
in reply to Randelung • • •carrylex
in reply to Gsus4 • • •looks inside:
Hosted on GitHub in the US 👏
CoffeeTails
in reply to carrylex • • •sexy_peach
in reply to Gsus4 • • •cley_faye
in reply to Gsus4 • • •Zachariah
in reply to Gsus4 • • •Wayback Machine
web.archive.orgBlaster M
in reply to Gsus4 • • •ZILtoid1991
in reply to Blaster M • • •DFX4509B
in reply to Gsus4 • • •