>"like a light switch, this data stealing can be turned off."

I think there should be delayed, positive confirmation when location/tracking/telemetry/behavior data is collected or shared. A single click on something shouldn't be all there is when it is this serious.

I can appreciate that stance. And, like I said, I do respect what they are doing. But not enough to actually use it. I will say, if Firefox (or its children) somehow disappeared, it might be where I would turn first.

While that is true, it would still be nice to have the ability to edit for a certain time period or until it is moderated or replied to. I can't imagine how many stupid mistakes I have made and didn't see and wish I could have edited it a few minutes after posting.

Yes, I should have used "Preview" and then reviewed it first. My bad. Let's be honest- how many of us actually do that.

>"And yeah [they] [[Firefox]] are pretty much the last major independent browser. Safari exists but it's kind of so-so. A lot of little rendering problems."

And it is not multiplatform- it is Apple-only.

>"Mozilla is dead to me after the TOS change"

You are over-reacting and operating on outdated information.

>"One example is that Brave blocks all those pesky pop-ups on random sites asking you if you want to log in using your Google account, while Firefox and uBlock don't."

Firefox/Ublock can do this with an added filter rule, and it works perfectly. Add this single line:

||accounts.google.com/gsi/iframe

>"In my opinion, videos should never auto-play at all ever."

I couldn't agree with you more. And you can get that behavior in Firefox with the right settings, but it can be tricky, and it doesn't work perfectly with all sites.

I will not use Brave, if for no other reason, it is Google/Chromium based. And that means it has hard dependencies on Google decisions and furthers Google's control over the web. But I do have respect for what they are doing. I just wish they did it with their own engine/base. We really need at least 3 independent, open-source, standards-based, multiplatform, healthy browsers.

It doesn't have to have 100% of the "market" to be a monopoly. Think of it as a "near monopoly" because that is what it is. The few competing search engines mostly use Google or Bing as their base. So the only real competition is Microsoft Bing, and that is way far behind, and also a huge, monopolistic entity itself.

The search space is, indeed, not healthy. Neither is the browser space, with Firefox being the ONLY non-Google-based multiplatform browser. And it doesn't help that Mozilla is beholden to Google for money.

My hope would be that Google would be forced to pay Mozilla *anyway*, as punishment. But the amount should go down each year, slowly, giving Mozilla a fighting chance to adapt.

>"There's 9,000 satellites circling the earth"

There *are* 9,000, not there "is". Sorry, pet peeve of mine; this misuse of "there's" seems to be expanding exponentially.

I will point out the article (not the summary) is correct: "Right now there are more than 9,000 satellites circumnavigating overhead"

In any case, what they are projecting sounds a bit sensationalistic/alarmist to me. There are meteorites falling to earth all the time.

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fscience.nasa.gov%2Fsolar... : "Scientists estimate that about 48.5 tons (44,000 kilograms) of meteoritic material falls on Earth each day." That is 17,702 tons per year.

>"How about I hit you in the head and place your hand under one of these scanners while you are knocked out.."

You know what I meant. I never said one couldn't be physically compelled to provide a biometric through physical force. No biometric can protect against that. Even something you know can be compelled with a gun pointed to your head or that of a loved one.

One can't *nefariously* collect/read the mentioned biometrics (like deep vein palm scan or retinal scan), aside from physical force (or perhaps extreme trickery). It requires cooperation and knowledge of the user.

>"We live in a world where laws are proposed and are maybe followed and maybe enforced."

Right. So I don't want those biometrics used where they can be collected and used without my knowledge and consent with some pinky promise that they won't be abused. We have to insist on no biometrics at all (which might not be practical), or choose to allow only those biometrics which have the absolute least risk of abuse.

>"And how do we hold Microsoft accountable now?"

By leaving their products. Voting with your feet and your wallet.

>"32% password success rate sounds like bullcrap to me."

Probably.

Maybe it is high on systems that require some stupid 15 character passwords with X symbols and stupid aging (which should not be used). But even then, I doubt it is a 68% login failure rate.

On systems with REASONABLE complexity and without aging (so the user can actually remember the password), I would estimate an average login success rate of maybe at least 90%. If it is a situation where 2FA is appropriate, then of course that number will go down. But nowhere near down to 32%.

>"it's outsourcing your entire authentication infrastructure. That's a bad strategy for self preservation."

Yep.

What happens when that outside company has a technical problem? Or has to comply with some new policy or law? Or has to turn over access without your knowledge to law enforcement? Or just doesn't like you for whatever reason?

"You will own nothing and be happy" Hmm...

>"I don't think it is but your average user likely doesn't use a random password. If someone has physical access and the know how will break either in short order."

* No system should allow repeated failed login access without delays between each attempt.

* No system should allow unlimited login attempts. After X tries, there should be an extra-long delay and other actions. That might be reporting it to someone, locking the login, blocking the source for X minutes/hours or forever, etc.

For most systems/situations, overly-"strong" passwords reduce security, they don't improve it. Because it encourages writing down passwords, and using the same password on multiple systems.

Admittedly, things are a bit different for situations where the attacker has physical access to the physical system components (situations where they can get around any login attempt delays).

>"This is to ensure normal humans can remember their password without having to write it down."

People wouldn't have problems remembering their password if stupid, outdated, "security practices" didn't force them to change the password all the time. Way before NIST (I think it was) *finally* admitted that aging passwords *reduced* security, I was fighting with auditors who insisted that I should implement password aging. So of course they have to be poorer quality, and written down. And of course all users actually do is increment the "number" required in the password by 1 each time.

I still work with systems that age passwords.

Yeah, the hand measurement stuff was total junk.

The palm deep vein scan was/is a brilliant idea. It senses live-presence, is completely passive, is low power, it prevents collection of anything latent (even the fingertips are nowhere near any sensor) and they are so damn simple- looks like just a IR sensor chip at the base of a plastic box connected via USB. More advanced ones might even be able to "see" bloodflow as further "proof of life"/validity (in addition to body temp/IR emission).

They showed me the image pattern it collected after my simple/fast enrollment and before I tested its use. It read back as valid in maybe 1 second? And this was a long time ago, even- maybe 10 years ago?? The idea was/is- if I were brought into any of their facilities without ID and unconscious or unable to communicate, they could know who I was and get to my chart quickly for fast and accurate care. And apparently the scan isn't affected by dirt, debris, sweat, cuts, etc. Plus the pattern essentially never changes (or doesn't ever change enough to matter).

As for security, I have no doubt there are ways it could be fooled, but it would have to be pretty elaborate, and wouldn't be successful if there is a human there (or maybe an AI) watching the user using it (so a fake "hand" can't be used).