He / They

  • 10 Posts
  • 351 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle

  • Forking Firefox means it isn’t Firefox - yes, this means that the original was OSS, but you really need to be an expert to get at all the OSS code running on your machine. I mean that it is literally not Firefox, since your fork doesn’t have permission to use the trademarked name.

    This is only relevant if you are planning to redistribute it after you make changes. You can make any and all changes you want to FF on your machine to remove telemetry, and you do not have to remove the branding.

    If we think of the enabling functionality in Firefox as a virtual lock, breaking that lock is illegal under the DMCA. That seems very weird for code that is ostensibly open source.

    Extending this argument would mean that it’s potentially illegal under DMCA to remove any protection mechanism that it would be ‘hacking’ to bypass during usage (e.g. SSL, authentication, etc) from any OSS project. Thats not the case, because an OSS license gives you explicit permission to modify the application.


  • I am 100% on board with the author until they question it being open source, immediately after noting that users can take the source code and remove the telemetry function from it. They try to reconcile that contradiction by seemingly saying that since Firefox has the telemetry, a non-telemetry Firefox wouldn’t be Firefox, and that somehow makes FF not open-source?

    Is Firefox really open source if we have to submit to data collection to access features distributed under an open source license?

    Yes, ordinary end users can create a patch set to enable these features without needing to submit data to Mozilla - but that would clearly no longer be Firefox.

    Plenty of OSS licenses have rules baked into them about how you can use the code, or lay out obligations for redistribution. That does not negate their OSS-ness.

    “Is it really open source if I have to edit the source code I was given to remove a feature I don’t like?”

    I mean, yeah? What a program does is completely orthogonal to the rights granted by its source code license, which determines whether something is open-source.

    I am also not sure why they seem to think that this move either is meant to or is likely to push away technical users in favor of some supposed group of non-technical users who will go into the settings to manually enable a beta testing feature (Labs).

    Yes, (as the author notes) the purpose of a system is what it does, but the author isn’t presenting any evidence of what it’s doing vis a vis their claim of making technical users quit FF.

    Mozilla has plenty of issues, but I just don’t see “forces you to agree to telemetry if you want to participate in beta testing” as some canary in the coalmine of enshitiffication.





  • At this point, you’re better of self-hosting, or even co-lo hosting. Cloud environments are good when you need to scale faster than servers can be shipped (or plan to scale down before the costs add up), but $5k a month is literally a new, decently-beefy server every 2-3 months.

    In terms of solving the money issue, I feel like the only solution is a shared-cost/ shared-ownership model, where you get an initial pool of money together for the initial build-out, and then monthly costs are divided equally among all members. You can’t rely on donations, you need collectivism.


  • If they’re operating in the US, it doesn’t matter whether the app is intentionally pulling unnecessary information, there are still server logs showing the IP of each request being made for the real-time updates (ISPs also will have logs of the connections, even if they can’t see the SSL traffic directly). That IP + timestamp would let the government know (with the help of your ISP, who we know from the NSA leaks are all sharing info without asking for warrants) exactly who you are.

    If you are routing all your traffic through a VPN, you can make that much harder to correlate, but unless you validate on the wire or in the code that the app isn’t sending e.g. a device ID or any other kind of unique identifier, it could still end up compromising you. A webpage just intrinsically doesn’t carry the same level of risk as a local app.

    That’s why, as the article notes, many of these have been shutting down preemptively; they know they could be putting their users at risk.


  • I’m torn on this for any app-operating companies/orgs based in the US.

    The real-time maps mean at best they’re able to see at least the IPs of users, and at worst, a ton of device or personal information (depending on what perms are granted to the apps). This would be a treasure-trove of info for ICE. A lot of women stopped using period-tracker apps for a reason after Roe was overturned.

    Also, unless people are side-loading the apps, Google or Apple will also know exactly who downloaded them, since you can’t download through their app stores anonymously.

    There are websites with real-time information that don’t force you to install an app to view, and visiting a website rather than using an app makes it much easier to minimize the information you’re leaking.

    I’m glad that some of these apps are shutting down preemptively if they are certain they don’t possess the resources, or are located in a safe enough place, to ensure their users’ privacy. Ideally they would partner with a legal entity outside the US to operate the app instead, but obviously that’s a big burden.




  • In tight quarters like Europe, most countries would not allow this for a country they’re not actively at war with, no. If someone flies something into your airspace and isn’t actively attacking you, the presumption of an accident is normal, and shooting down aircraft would be considered pretty extraordinary. Hell, even the US didn’t actually shoot down the spy/weather balloons that China flew over them until they’d basically crossed the entire continental US. This law is only happening because they know Russia is doing this intentionally, the drones are armed, and they’re unmanned. If any of those factors were different, they probably wouldn’t be doing this.




  • …but there is now a clarity across Europe, and not just in Paris, that regardless of Vance’s reassurance, Europe has to have the capability to operate autonomously of the US. Trump is self-evidently not reliable, and his benign assessment of Putin’s intentions is not shared.

    Planning for a European reassurance force in Ukraine is under way, as is planning for a potential Russian attack on Europe. Since February, France and the UK, through a combined joint expeditionary force, have formed the nucleus of that planning, but this has broadened, with new political leadership increasingly coming from four members of the Weimar+ group: Poland, France, Germany and the UK.

    Honestly, I think Europe’s disillusionment with us will be better for them in the long run. The fact that they were waiting on Biden to take the lead in Ukraine, whose fecklessness over lending credence to Russia’s prima facie bogus claim of the war being US vs Russia made him hold back many strategic options from Ukraine, meant that they were also not thinking about what Russia’s aggression meant for them, and reacting accordingly.

    I think the original purpose of Article 5 (in terms of US intervening vs Russia) has probably been dead for a couple decades now, and it’s good that Europe won’t be finding that out when Russian troops are rolling in, and the US backs off.



  • Chinese hacking competitions (plural) are different

    A 2018 rule mandates participants of the Tianfu Cup (singular) to hand over their findings to the government

    This approach effectively turned hacking competitions (plural)

    So the article uses one competition doing this to assert this as “Chinese hacking competitions”. There are tens if not hundreds of hackathons in China.

    Please stop posting these heavily biased or misleading articles about China from questionable sites.

    We get it, you don’t like China. We got that after the first 50 posts about China being bad. Most of us don’t like the CCP either.

    But at least post reputable sources that don’t push agendas quite so blatantly.

    For anyone interested, this site (firstpost.com) is an english-language Indian news site owned by Network18, a news conglomerate with a right-leaning, pro-Modi bias.


  • Yes, they also of course ignored all my actual arguments in their response. Literally made a whole thing about how OP was not about positions just behaviors, I lay out how it very much was about positions, and the next response completely ignores that and pivots to something else entirely.

    It’s almost impressive how much near-sealioning they did.



  • The problem comes in (to me) when people come in big gangs to all yell the same stuff, don’t really engage with people who disagree but just mischaracterize the opposition and repeat their points of view forever, basically just engage in bad faith.

    You clearly aren’t intending this to be about this (OP’s) post, and yet…

    That is my remedy.

    I actually like your idea, and I think that it could work if there was some kind of set structure to the posts, maybe using a template to make it easy for an LLM to parse, and to prevent comments from asking more follow-up questions than allowed. My partner is involved with competitive debate, and I think a highly-structured variant could work in an asynchronous format like forums posts, especially if there’s a bot to auto-remove posts that aren’t formatted correctly (that part could just be a script with regex or something).