He / They

  • 38 Posts
  • 1.99K Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle

  • Forking Firefox means it isn’t Firefox - yes, this means that the original was OSS, but you really need to be an expert to get at all the OSS code running on your machine. I mean that it is literally not Firefox, since your fork doesn’t have permission to use the trademarked name.

    This is only relevant if you are planning to redistribute it after you make changes. You can make any and all changes you want to FF on your machine to remove telemetry, and you do not have to remove the branding.

    If we think of the enabling functionality in Firefox as a virtual lock, breaking that lock is illegal under the DMCA. That seems very weird for code that is ostensibly open source.

    Extending this argument would mean that it’s potentially illegal under DMCA to remove any protection mechanism that it would be ‘hacking’ to bypass during usage (e.g. SSL, authentication, etc) from any OSS project. Thats not the case, because an OSS license gives you explicit permission to modify the application.


  • I am 100% on board with the author until they question it being open source, immediately after noting that users can take the source code and remove the telemetry function from it. They try to reconcile that contradiction by seemingly saying that since Firefox has the telemetry, a non-telemetry Firefox wouldn’t be Firefox, and that somehow makes FF not open-source?

    Is Firefox really open source if we have to submit to data collection to access features distributed under an open source license?

    Yes, ordinary end users can create a patch set to enable these features without needing to submit data to Mozilla - but that would clearly no longer be Firefox.

    Plenty of OSS licenses have rules baked into them about how you can use the code, or lay out obligations for redistribution. That does not negate their OSS-ness.

    “Is it really open source if I have to edit the source code I was given to remove a feature I don’t like?”

    I mean, yeah? What a program does is completely orthogonal to the rights granted by its source code license, which determines whether something is open-source.

    I am also not sure why they seem to think that this move either is meant to or is likely to push away technical users in favor of some supposed group of non-technical users who will go into the settings to manually enable a beta testing feature (Labs).

    Yes, (as the author notes) the purpose of a system is what it does, but the author isn’t presenting any evidence of what it’s doing vis a vis their claim of making technical users quit FF.

    Mozilla has plenty of issues, but I just don’t see “forces you to agree to telemetry if you want to participate in beta testing” as some canary in the coalmine of enshitiffication.





  • The Right will shame us for any form of violence, in order to maintain their own monopoly on violence.

    It’s not just expected, it’s accepted by both the Left and Right that right-wingers will use the threat of violent force to their ends, but if anyone opposes that force with their own, the Right will claim they are unreasonable and evil. This is the simple manifestation of White Supremacy as an ingrained mindset, where the same actions that a WASP man takes are wrong for anyone else to, because they are lesser.

    We have to move past the half-skeleton Democrats in congress lecturing us because they too have internalized this dynamic. As much as I love Bernie, AOC is correct in actively choosing not to publicly lecture protesters against using whatever means they have to protect human lives and democracy, and in pointing out that MLK only succeeded because the white government was scared of what might happen if they didn’t negotiate with him.

    Trump is going to escalate no matter what we do, until this country is nothing but a white christian ethnostate run by a succession of white male conservative dictators. This is not a negotiation, because he’s not going to negotiate.



  • At this point, you’re better of self-hosting, or even co-lo hosting. Cloud environments are good when you need to scale faster than servers can be shipped (or plan to scale down before the costs add up), but $5k a month is literally a new, decently-beefy server every 2-3 months.

    In terms of solving the money issue, I feel like the only solution is a shared-cost/ shared-ownership model, where you get an initial pool of money together for the initial build-out, and then monthly costs are divided equally among all members. You can’t rely on donations, you need collectivism.


  • If they’re operating in the US, it doesn’t matter whether the app is intentionally pulling unnecessary information, there are still server logs showing the IP of each request being made for the real-time updates (ISPs also will have logs of the connections, even if they can’t see the SSL traffic directly). That IP + timestamp would let the government know (with the help of your ISP, who we know from the NSA leaks are all sharing info without asking for warrants) exactly who you are.

    If you are routing all your traffic through a VPN, you can make that much harder to correlate, but unless you validate on the wire or in the code that the app isn’t sending e.g. a device ID or any other kind of unique identifier, it could still end up compromising you. A webpage just intrinsically doesn’t carry the same level of risk as a local app.

    That’s why, as the article notes, many of these have been shutting down preemptively; they know they could be putting their users at risk.


  • I’m torn on this for any app-operating companies/orgs based in the US.

    The real-time maps mean at best they’re able to see at least the IPs of users, and at worst, a ton of device or personal information (depending on what perms are granted to the apps). This would be a treasure-trove of info for ICE. A lot of women stopped using period-tracker apps for a reason after Roe was overturned.

    Also, unless people are side-loading the apps, Google or Apple will also know exactly who downloaded them, since you can’t download through their app stores anonymously.

    There are websites with real-time information that don’t force you to install an app to view, and visiting a website rather than using an app makes it much easier to minimize the information you’re leaking.

    I’m glad that some of these apps are shutting down preemptively if they are certain they don’t possess the resources, or are located in a safe enough place, to ensure their users’ privacy. Ideally they would partner with a legal entity outside the US to operate the app instead, but obviously that’s a big burden.



  • Upvoted for visibility, not for happy.

    This is a huge deal partially because the NG cannot be used simply to assist in regular policing actions as part of a federalized deployment (legally, anyways, per the Posse Comitatus Act) without actually formally invoking the Insurrection Act, so they could only ostensibly be deployed somewhere after mass civil unrest has broken out, not just tag along with ICE which is almost certainly what Trump will try to have them do.

    When NG is called in by the state governor, PCA doesn’t apply, but that is not happening here; Newsom has explicitly said he is against this.

    Newsom is calling out that there is “no unmet need” specifically to try to head off the claim that the local authorities are unable to enforce the law.

    If this actually happens, it could be the most significant and direct attack on state power that Trump has taken to date.



  • Yes, but by definition all of them are also playing the game, and given that this is mostly a novelty feature (and also based on how shockingly little use the user-facing chatbots I’ve seen in professional settings are utilized), I personally doubt that the chatbot energy usage will top the game’s.

    My guess is there will be 90% of people who use the feature once or twice before ignoring it forever, 9% who will use it occasionally for e.g. video creation purposes, and 1% or less who will actually sit there and use it a bunch just to talk to. That would about match up with ChatGPT’s general usage trends.






  • In tight quarters like Europe, most countries would not allow this for a country they’re not actively at war with, no. If someone flies something into your airspace and isn’t actively attacking you, the presumption of an accident is normal, and shooting down aircraft would be considered pretty extraordinary. Hell, even the US didn’t actually shoot down the spy/weather balloons that China flew over them until they’d basically crossed the entire continental US. This law is only happening because they know Russia is doing this intentionally, the drones are armed, and they’re unmanned. If any of those factors were different, they probably wouldn’t be doing this.