Technology

Bypass Paywall Here

One of the features seems to be a "hide my email" feature, akin to Apple's hide my email or Fastmail's masked email feature.

Having used both of those, I would say one downside is that occasionally, a site will detect that I used the Apple one, which is strange because it's just an iCloud email address. Perhaps they're looking for a specific pattern.

I haven't yet seen the Fastmail one blocked.

One concern with the Proton one is that it seems like its masked emails are all at passmail.com. I've already found some sites block protonmail, so they'll surely block passmail like they do Mailinator and other sites. That could be a limitation that's less likely to affect Fastmail's service.

It does seem like sooner or later, if someone is able to build a reliable AI model of my face and voice, they could even phish my own relatives by video call.

Seems like a Philip K. Dick novel—objective reality is something you could only see around you, while the machine would be completely untrustworthy.

Kagi is a paid search engine. Instead of getting ads, you just pay for the privilege of using it.

I've been using it for a while and overall I think for most searches it's better than Google. It isn't necessarily that the content is always better (sometimes it isn't) but the signal is far easier to find through the noise.

Keaton Brandt writing in response to Elegy for the Native Mac App (which is arguably a eulogy).

Despite the headline, this isn't about xml.

https://evilpiepirate.org/git/bcachefs.git/tree/fs/bcachefs/bkey.c#n727

https://www.bleepingcomputer.com/news/security/lastpass-users-furious-after-being-locked-out-due-to-mfa-resets/

Lately I've been increasingly worried about corrupted payloads of even open source password managers. Password managers are among the world's biggest honeypots. Maybe you trust the coders of the password manager. Maybe it's Open Source. But do you trust all of its upstream dependencies? And all their CI build processes? And each of their developers' security?

That's part of why I won't use an Electron-based password manager like BitWarden: there's no Electron app with a minimal dependency graph. Even Electron itself could easily fall victim if someone important in the development pipeline is compromised... And besides, Electron sucks anyway.

So, one way I can mitigate against the possibility of a malicious payload being delivered on password manager update is to not put all my eggs in one basket. For example, where I can, I authenticate with a Yubikey (if only by TOTP on Yubico Authenticator). Then my password isn't enough. But where do I store the recovery codes? Ugh: in the password manager.

I've been thinking on this for a while, and I haven't really found a perfect solution that provides me a way to store secrets without also being too reliant on one party's software. If I rely heavily on the password manager, that puts too much trust in it. If I rely more on a hardware token, that's too risky in case of loss of theft.

What's a security-aware nerd to do?

Bruce Schneier and Nathan Sanders on AI and the public good:

Silicon Valley has produced no small number of moral disappointments. Google retired its “don’t be evil” pledge before firing its star ethicist. Self-proclaimed “free speech absolutist” Elon Musk bought Twitter in order to censor political speech, retaliate against journalists, and ease access to the platform for Russian and Chinese propagandists. Facebook lied about how it enabled Russian interference in the 2016 US presidential election and paid a public relations firm to blame Google and George Soros instead.

Schneier and Sanders mention that China and Europe have publicly funded AI (though China's seems designed to further state goals and is done through cronies), and that the US could publicly fund AI that's accountable to the public while also a starting place for future startups.

I'm not necessarily sold, but it is an interesting proposal.

By making drivers “businesses”, Amazon essentially avoids labor, safety, and liability laws all at once. It’s a huge racket.

I'd love apple products if they didn't make me feel compelled to be part of the ecosystem.

Edit: oops, just saw this was already posted in the news community a couple days ago

For those not aware of the tool used :

https://www.gbstudio.dev/

“I appreciate concerns with using Chinese technology, but we’re very confident that even though we’re using these chips, our products cannot be hacked, even by Initio or Hualan,” iStorage's CEO John Michael says. (Michael also noted that some of iStorage products use a chip sold by Taiwanese firm Phison instead of Hualan or Initio, but didn't specify which products.)

Even if a bridge controller chip doesn't create a secret key and isn't intended to store it, however, it still has enough access to it to enable a backdoor, says Matthew Green, a cryptography-focused computer science professor at Johns Hopkins University.

It'll require companies to disclose how they train their models, among other things... Final version isn't done yet.

cross-posted from: https://partizle.com/post/5619

"The United States government has been secretly amassing a “large amount” of “sensitive and intimate information” on its own citizens, a group of senior advisers informed Avril Haines, the director of national intelligence, more than a year ago.

The size and scope of the government effort to accumulate data revealing the minute details of Americans' lives are described soberly and at length by the director's own panel of experts in a newly declassified report. Haines had first tasked her advisers in late 2021 with untangling a web of secretive business arrangements between commercial data brokers and US intelligence community members."

I thought that this was timely and relevant. Does federalization/decentralization solve these issues as we go into Web3? I'm newer to these ideas.