Keyoxide: aspe:keyoxide.org:KI5WYVI3WGWSIGMOKOOOGF4JAE (think PGP key but modern and easier to use)

  • 0 Posts
  • 62 Comments
Joined 2 years ago
cake
Cake day: June 18th, 2023

help-circle
rss

  • Search for firefox-tou.
    The presence of that now magically removes mentions of privacy and not selling user-data in multiple places.

    -    <p>
    -        Firefox is independent and a part of the not-for-profit Mozilla, which fights for your online rights, keeps corporate powers in check and makes the internet accessible to everyone, everywhere. We believe the internet is for people, not profit. Unlike other companies, we don’t sell access to your data. You’re in control over who sees your search and browsing history. All that and exceptional performance too.
    -    </p>
    
    +    {% if switch('firefox-tou') %}
    +      <p>Firefox is independent and a part of the not-for-profit Mozilla, which fights for your online rights, keeps corporate powers in check and makes the internet accessible to everyone, everywhere. We believe the internet is for people, not profit. You’re in control over who sees your search and browsing history. All that and exceptional performance too.</p>
    +    {% else %}
    +      <p>Firefox is independent and a part of the not-for-profit Mozilla, which fights for your online rights, keeps corporate powers in check and makes the internet accessible to everyone, everywhere. We believe the internet is for people, not profit. Unlike other companies, we don’t sell access to your data. You’re in control over who sees your search and browsing history. All that and exceptional performance too.</p>
    +    {% endif %}
    

    Difference here is Unlike other companies, we don’t sell access to your data.

    -    <h2 class="c-section-title">The best privacy</h2>
    +    {% if switch('firefox-tou') %}
    +      <h2 class="c-section-title">Always protected</h2>
    +    {% else %}
    +      <h2 class="c-section-title">The best privacy</h2>
    +    {% endif %}
    

    Pivoting from privacy to security in the tos.

    -      <li>
    -        <h2>{{ ftl('does-firefox-sell') }}</h2>
    -        <p>{{ ftl('nope-never-have', url=url('privacy')) }}</p>
    -      </li>
    +      {% if not switch('firefox-tou') %}
    +        <li>
    +          <h2>{{ ftl('does-firefox-sell') }}</h2>
    +          <p>{{ ftl('nope-never-have', url=url('privacy')) }}</p>
    +        </li>
    +      {% endif %}
    

    As you mentioned they will apparently sell your data under tos.

    Where does the tos apply and where the mpl now?
    They would have removed all those mentions of privacy entirely if the mpl had no use anymore, wouldn’t they?


  • Probably only sucessful ones.
    Google captchas have had multiple rounds (with it faking you out claiming you failed) for probably a decade. Every round of the game updates some confidence score which if you get it high enough lets you pass.
    This conversely means there is no way to fail, you just get stuck in an infinite loop of challenges if your score doesn’t get high enough.

    The only other alternative means of pricing it would see even valid users consume way more than one “verification” per actual completed captcha, since so many users have low enough scores to need multiple rounds of captcha even when completing them with perfect accuracy.
    I doubt they do this, but if they do it’s a scandal waiting to happen, besides also being very weird for any kind of statistic google certainly offers for their captcha.





  • They did this exact thing for csam detection a while back, and were made to stop due to public outcry.
    It might have been analyzed locally and before encryption then though, still however without consent of the user and sending problematic results to apple.

    It is very realistic that here they would make the device decrypt and check the description against a database and make it send the file and description off for reporting when a match is found.



  • It doesn’t.
    Both DX and K2A-O open a local keepass file.
    They are capable of reloading the file when it is changed, and can be set to immediately write out changes to the file.
    Then you take whichever file sync tool you like and sync it with all other devices using it. As long as the sync tool can sync files in your internal storage, it will work.

    I use syncthing, with a dedicated keepass folder containing only the database file. Then I simply add all my devices to the share and it’ll sync any changes to all other devices. I also have version history enabled for the share.



  • They were doing the same on other repos for months.
    Both their npm module and android client.
    On android they tried to get people to add their own fdroid repo because the official fdroid has not had updates for 3 months due to the license changes.

    Edit: Looking at it now compared to 4 days ago, they apparently got frdoid to remove bitwarden entirely from the repo. To me this looks like they are sweeping it under the rug, hiding the change pretending it has always been on their own repo they control.

    Next time they try this the mobile app won’t run into issues, the exact issues that this time raised awareness and caused the outcry on the desktop app, which similarly is present in repos with license requirements.

    If they were giving up on their plan, wouldn’t they “fix” the android license issue and resume updating fdroid, instead of burning all bridges and dropping it from the repo entirely, still pushing their own ustom repo? Where is the npm license revert?



  • It means previous versions remain open, but ownership trumps any license restrictions.
    They don’t license the code to themselves, they just have it. And if they want to close source it they can.

    GPLv3 and copyleft only work to protect against non-owners doing that. CLA means a project is not strongly open source, the company doing that CLA can rugpull at any time.

    The fact a project even has a CLA should be extremely suspect, because this is exactly what you would use that for. To ensure you can harvest contributions and none of those contributers will stand in your way when you later burn the bridges and enshittify.