Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Immediate bullshit argument (Score 1) 180

The original ruling in the Microsoft antitrust was that Microsoft was an abusive monopoly and needed to be split into two companies: one that made the OS, and one that made other application software. Microsoft successfully appealed because the Judge was found to have improperly discussed the case with media, reversing the ordered breakup and stating that traditional antitrust law was not suited for browser tying. Other actions were remanded back to the lower court.

The DoJ then negotiated a much lesser antitrust settlement with MS rather than risking taking it to court again.

Without the judge having talked to the media while the case was in process, it's very likely the original ruling would have survived the appeal, and Microsoft would have been broken in two.

Comment Immediate bullshit argument (Score 4, Interesting) 180

First, Chrome won the browser war fair and square by building a better surfboard for the internet

. No, it 100% did not. Let's take the Ruby founder taking some technical appreciation for the improvements of Chrome (despite other issues).

Beyond Google and Google services heavily positioning Chrome installs, other freeware like Flash, Shockwave, Java, CCleaner would promote Chrome, because you'd get paid up to $1 per install. Software that did this would sometimes alternate based on either existing install or keeping other people on their toes installing other software like the Ask.com toolbar or "McAfee Security Scan Plus". This helped convert technically illiterate users who were pushed into what their trusted site told them was the best, or what they either trusted or clicked through on a shrinkwrap installer.

Secondly, Google has a history of using Chrome specific quirks to make other browsers behave worse. Like using deprecated Shadow DOM v0 calls only ever implemented in Chrome/Chromium derivatives that loaded 5x worse in alternative browsers like Firefox that weren't Chrome based.

Google now lets to define the web standards that succeed or fail by overwhelming marketshare. It is the same behavior that led the Justice Department to declare IE monopolistic, even though the origin market differed by company (Microsoft by desktop OS, Google by internet advertising/services), the end result of the tying is the same - one monopoly supporting the other to the detriment of the entire web.

The ManifestV3 force and Manifest V2 deprecation that deprecates much more effective privacy/ad blockers used under ManifestV2 is a prime example of Google using their dominant browser position to preserve their ad business.

Comment Re:"But It's Open Source So It's Secure" HERPHERPD (Score 1) 68

People often point out in this DeepSeek debate that the LLM is open source. So while you can ban the iOS app or the service, there shouldn't be any issues in just using the LLM provided as open source code. Thus hey US companies, let's just take DeepSeek's LLM model and plug it in, crisis averted.

Open source code is only as good as far as it's audited and checked. Otherwise you have things like the attempted Jia Tan vulnerability in an extremely common Linux util (XZ utils). Had that gone unnoticed, a ton of Linux distributions would have been effectively backdoored by default.

Open source is not a silver bullet, and open sourcing code that has not been thoroughly reviewed should not create the assumption that it is free of attacks/vulnerabilities.

Comment Re:Woo-hoo (Score 1) 38

Chrome Sync isn't mandatory (you can disable it), and you can enable it to use a local passphrase (that must be entered manually on each device) that will encrypt all of the synced contents client side before uploading it to Google if you do have it on.

People that don't trust either option (that disabling sync truly disables the synchronization of data with Google, or that the local passphrase doesn't really meaningfully encrypt the data in a manner in which Google can't read it later) are likely using alternative browsers (Chromium based or not) or a Chromium build that is "de-Googled".

Comment Not the election results, US citizens betting (Score 5, Informative) 134

Polymarket deals in betting in US regulated markets, including betting amounts. Polymarket deals in crypto and never registered with identification information, betting limits, reporting, etc. to have US citizens betting. They knew this was almost certainly illegal and halted offering betting to US citizens in the US while allowing crypto bets regardless on theoretical ignorance of the source.

Now they get raided for allowing US citizens to bet in an unregulated market and cry foul about how it's political persecution before Trump takes office (after saying they'd allow US citizens back in when Trump takes office).

You can argue over whether or not such betting should be regulated. They fucked around and they found out, and judging by this raid, they almost certainly knew that US citizens were betting contrary to the law on Polymarket, and the FBI was aware of this and took the cell phone as evidence under probable cause/warrant.

Either Polymarket is vindicated or it isn't, they will have their day in court.

Comment Re: I don't understand (Score 1) 1605

Trump has 30% of the Republican party, the rabid type who would split off with him in an independent run, in the palm of his hand. Haley, Ramaswamy, Desantis all still tried and failed. The GOP was forced to.

Biden faced no serious challengers as an incumbent running for re-election, and the party leadership backed him as the incumbent president. The problem is that if Biden had honored his promise to be a "transition" to "a new generation of leadership", then without him there, the 2024 dem primaries would have been far more competitive with far more entrants. At best, the DNC leadership didn't know how bad Biden's mental decline had become, or at worse, they were complicit in pretending that the deck chairs were merely being moved on the Titanic.

Comment Re:What's the controversy? (Score 4, Informative) 29

It's very questionable how "american" UltraAV is. UltraAV is owned by Pango, a site which owns multiple VPN companies and a VPN review site (not suspicious at all).

Pango is in turn owned by WC SACD Holdings Inc, a Massachussets company. The CEO, Hari Ravichandran, is the CEO of Aura and talks as Pango as a subsidiary. Aura in turn has a technobabble about us page that says nothing.

The UltraAV software itself isn't signed by Pango, WC, or Aura. It's signed by "Max Secure Software India Private Limited". Which, at best, means that Pango subcontracted an Indian AV to brand as American so Kaspersky could claim they swapped out an AV for an "American" one. MaxSecure is generally considered sketchy software and has asked to be unlisted as a potentially unwanted program among other AV/antimalware apps, and that it will false positive files for the illusion of being effective.

This is sketchy as hell, and never should have been done without user consent, much less with the company they chose to contract.

Comment Incremental improvements, crap trade-in values (Score 1) 68

When I had an iPhone 13 Pro Max and looked at a trade-in offer for a 256GB iPhone 14 Pro Max, they offered $720 versus a $1200 purchase price. For that, I got an always on display (in Android phones for many years, I know), included satellite SOS (I regularly spend large amounts of time in areas with zero cell reception, a separate device would cost more than the difference between device and a pretty damn good camera upgrade.

Looking now at the same upgrade, they still have another year of satellite SOS coverage included on my current phone, the battery is fine, the display is marginally larger, the camera has seen minimal upgrades, the AI features are...unproven, the haptic button is not a reason to upgrade, the camera upgrades are not huge, and USB-C. Oh, and they're only offering $500 trade-in.

Even my upgrade from the 13 Pro Max to the 14 Pro Max was a stretch on a generous trade-in value and a niche use case for most. I'm not surprised demand is weak.

Another aspect is that there's no large FOMO factor in design to say you're not rocking something since the 14. 14 took the face ID bar at the top to "dynamic island". Other than colors (largely missed in most cases), there's no large design factor that screams you're using an iPhone 14/15/16 versus the others. This leads to less of a need to "keep up with the Jones'" on not using an obviously older iPhone model (for those who care about that; personally, I don't).

Comment Re:Signal (Score 1) 91

I don't really care about NSA honeypot that is Signal

Ah, there it is. The unproven conspiracy that Signal is an NSA honeypot because it's US based on the grounds of "how else has the government not cracked down on it?"

There's a reason why every criminal and terrorist organisation on the planet tells their people not to use it

Source? Or are you a criminal? The largest problem many have with Signal is that it requires a phone number as the handle, which is generally undesirable among criminals when many countries require proof of ID to get even prepaid devices. That makes it unattractive to criminals because untrusted parties (say, a mole/undercover cop) in a group could rat them out to authorities. That's unattractive for criminals but is not a practical issue for someone not conducting illegal activity with strangers.

Meanwhile we have no idea who is connected to the key exchange servers. Almost certainly, they have their own "NSA rack", as everyone else in the West does. How do we know? The are allowed to exist in the West, and they aren't getting Durov'd/Assang'd/Snowden'd.

Two aren't running messaging service, one is run by a man who could act on content reported to it, but doesn't. Signal cannot see the contents of user messages. Telegram can for 99.999%+ of them, unless it's an individual chat where the user manually turned on Secret Chats for E2EE (which is not a persistent setting, it has to be done every time somebody wants E2EE.) Signal is also much less used (40 million monthly active users as of early 2022 during the WhatsApp terms controversy; surely a number of those users fell off when that died down.)

But cherry on the cake was the hilarious spiel about Whatsapp not knowing about contents of group chats. All while proactively moderating group chats for content at government request against express wishes of every member of said chats. Which is publicly admitted to. Hell, Indian government touts this as a feature!

Whatsapp has threatened they will leave India over compromising Whatsapp's security/encryption. If you have a reputable source where the Indian government has claimed to backdoor Whatsapp, let me know. If they're claiming merely that Whatsapp will moderate content reported to it...that was already discussed. Whatsapp will act upon user reports. They can't see the contents of chats (text, audio, video, attachments) that were not reported. Of course, metadata can be hugely valuable, and that is not E2EE on Whatsapp.

I'm not sure if you're genuinely this clueless about reality, and exist in some kind of weird bubble where Whatsapp is actually a paragon of privacy while Telegram is the most leaky, and yet most encrypted IM service. Or you're just being an NPC for NSA.

I didn't call Whatsapp a "paragon of privacy", I spoke passively on what is or isn't encrypted on each service. Durov got squeezed by the French and he's already made changes (disabling people nearby, removing the statement that reported messages in so-called private chats won't be moderated). I just pointed out that Whatsapp E2EE encrypts the contents of messages themselves and Telegram doesn't. WhatsApp doesn't encrypt a wide, wide variety of other information which can be extremely revealing and valuable to law enforcement/nation states.

I try to minimize my use of WhatsApp to people who refuse to use any other messaging platform, and I don't trust FB/Meta. I don't use Telegram except for its larger group functionality (groups with hundreds of people), of which I have no expectation of privacy and accept that.

Comment Re:Signal (Score 1) 91

As compared to reality, where Telegram openly tells you the opposite

I don't agree on this one. Telegram claims to be an "encrypted messaging app", aping the claims of apps like Signal and WhatsApp that employ E2EE by default. To the average non-technical user who doesn't then specifically read an FAQ page, it sounds like Telegram employs E2EE by default. Only when one reads help documentation does it disclaim that most chats aren't protected by E2EE.

It's the governments that are complaining about Telegram's encryption. While being "mysteriously" quiet about Whatsapp.

So before we get to WhatsApp, let's start with Signal. Signal does not log IP addresses, and designs everything including profile data (profile name, profile pic) and message/group metadata (group name, group participants, sender of a message, etc.) E2EE. When served a subpoena, all Signal can disclose for a given profile (phone number) is the time that number first registered for Signal, and the time that it last connected to Signal. They can't disclose any message content because the design of the service does not give them access to it.

WhatsApp E2EE encrypts the contents of the messages themselves, but does not encrypt the group metadata (group name, who's in it), and does not encrypt the individual metadata (phone number, email, profile name, profile pic, etc). This means if they get a law enforcement request to give any data that is in their possession that isn't E2EE (say an individual user's profile name, groups they're in, and contacts), they can disclose that.

WhatsApp is not generally aware of the contents of individual messages or group chats - unless a user in the chat reports a message. In that case, the last five messages in the chat (reported message + 4 prior) are sent by the user's device to WhatsApp non-E2EE. Whatsapp with the report and the non-E2EE copies (made when the user hits the report button) can see those last five messages and decline to act/moderate/suspend or ban users/report to law enforcement as appropriate.

This is a key difference between Telegram and WhatsApp. Telegram is able to look at so called "private chats" (which just means they aren't searchable/have public handles within Telegram. Plenty of large Telegrams with tens or hundreds of thousands of users have Telegram invite links on public sites/public social media and are considered "private chats" by Telegram), but until Durov got arrested, they've declined to. That means if somebody on reddit posted an invite link to a Telegram group called "Stolen Credit Card Data for sale", Telegram considered it private, and even though someone from the public or law enforcement could easily join that group, see illegal activity is happening, and report it to Telegram - Telegram historically did not act on it, refusing to moderate this sort of group or worse (human trafficking, CSAM, etc.), or respond to any lawful requests for user data in such cases (even though they had the technical ability to do both).

On the other hand, Whatsapp is generally not aware of what users are sending to one another - unless a user reports. In which case, Facebook/Meta does become aware of the most recent messages, takes a look, and acts accordingly if it is either a violation of platform policy or outright illegal. For data that is within their possession because it isn't E2EE encrypted, WhatsApp complies with valid subpoenas and court orders from law enforcement.

This is why Pavel Durov is in cuffs and Mark Zuckerberg is not.

Comment Re:The problem with telegram isn't towing the line (Score 3, Interesting) 91

Telegram CEO Durov visited Russia more than 60 times from 2014-2021, pouring water on his story that he was in a "self-imposed exile.

Some take issue with the news source being Ukranian. For the part of Durov's lawyer, they do not deny the validity of the above reporting:

"There were no negotiations between Durov and the Kremlin," Peskov told reporters. "And the fact that he visited Russia, well, he is a Russian citizen, he moves freely, so naturally he visited Russia.

Before Durov was arrested, he tried to meet with Putin in Azerbaijan, but Putin refused. After which point, Durov flew straight from Azerbaijan to France, where he was aware he was a wanted man:

"Enough of Telegram's impunity," said one of the investigators, adding they were surprised Durov came to Paris knowing he was a wanted man.

For all the talk of "the arrest warrant was issued in the air", he was already on wanted lists, which is why authorities issued the arrest warrant when they saw him on a passenger manifest for a flight heading to France:

There was no official confirmation from France of the arrest, but two French police sources and one Russian source who spoke on condition of anonymity said that Durov was arrested shortly after arriving at Le Bourget airport on a private jet from Azerbaijan. One of the two French police sources said that ahead of the jet's arrival, police had spotted he was on the passenger list and moved to arrest him because he was the subject of an arrest warrant in France.

All of this is to say, by all appearances, Durov was much closer to Russia then he left on, had a backup plan of extraordinary French citizenship that France gave in 2021, he didn't enter Russia after 2022 (when he had entered more than 60 times 2014-2021, before the Ukranian war), he tries to meet with Putin in neutral territory in 2024, and when Putin refuses, he flies straight to a European country that he's a citizen of that refuses to extradite their own citizens to be arrested knowing he's a wanted man.

Sounds to me like somebody was on Putin's good side, at least until the war in Ukraine started, and then he hedged his bets.

Comment Re:Signal (Score 4, Informative) 91

You forgot "Telegram is bad because it doesn't encrypt your data, making it easy to steal. Also Telegram is in trouble because it encrypts your data so well, that government has problems getting to it".

Telegram's encryption of data does not really make it hard to get to. The only manner in which Telegram's encryption of data makes it hard for the government to get to is that they have a practice of putting servers with disk level encryption keys in one country, and the servers with disk storage for chats in another. This makes it so, if say the key server is in the UK, and the disk server is in Brazil, law enforcement from both sides would have to coordinate raids in both countries to occur simultaneously to seize the servers, and then cooperate on decryption.

Telegram's entire strategy of being hard to get to has been to just ignore lawful requests from law enforcement, even though for 99.9999%+ of chats, they have the keys to decrypt them as a company and can freely decrypt them if the company (or a key person, say its CEO, or an admin) were compromised by a nation state (either negative pressure like we'll bust your kneecaps or positive pressure like here's a stack of money)*.

Durov already started making changes to appease the French government after being arrested for not complying with french law and then entering France with an active arrest warrant. Finding people nearby is disabled now, and Telegram removed their text on their FAQ that private chats (ones that don't have open handles and can't be openly joined by any user, but are invite only either by a group owner or an invite link [the latter of which can be very openly spread online on non-Telegram platforms) don't get moderation, instead that reports in those chats will be acted upon to.

(*For all of Telegram's bluster about encryption, transport level and disk level encryption are bog standard in online server environments these days, and Telegram as a company has an ability to decrypt these messages. If we do assume that the few messages that are end-to-end encrypted are not backdoored in the E2EE approach [MTProto 2.0 is a very weird, very unproven crypto approach, but no backdoor has been conclusively proven so for the sake of discussion we give Telegram the benefit of the doubt], any chat with 3 or more people on it within Telegram cannot be an E2EE chat, and if you want to do it in a 1-on-1 chat, it must be manually turned on every time you want to use it.)

Comment Re:Nothing to hide (Score 1) 79

>Why does show of intent matters when you admit that requested action would be ineffective? What if they posted "Please don't do crime" click-through every time log in, would that be sufficient show of intent?

Bare minimum? It disrupts the groups. You can't prevent Joe and his drug distributor Dave from giving out a new handle. You can prevent a group of up to 200,000 people on Telegram from exchanging illegal material and contacts.

>There is no universal definition of illegal activity, as it largely depends on jurisdiction. For example, in Russia it is illegal to refer to invasion of Ukraine as anything but 'special military operation' and many people went to jail for long time for that. Would you like Telegram to enforce that illegal (in Russia) activity worldwide?

I would not want a law that referred to the invasion of Ukraine as illegal. At the same time, I would not want a courier that had the equivalent of an exposed postcard able to hide behind plain knowledge of illegal activity.

I use Signal and strongly encrypted personal communications with zero knowledge on the part of the service provider is the name of the game. You can either make yourself aware of how to comply, or make it structurally so you are unable to, completely technically comply. I would prefer an alternative where Telegram cannot willingly rat on its end users if so desired.

Slashdot Top Deals

C++ is the best example of second-system effect since OS/360.

Working...