I know they aren't? The person hinted at something but didn't say anything concrete, so I don't actually know what they're saying, which is why I asked them to clarify.
I've been using mastodon for nearly 10 years. Fediverse, in my actual experience, is overwhelmingly a really good place to meet and chat with interesting, friendly people. Follow and engage with cool people and you'll have a good time. If you go looking for what you don't like, you'll find it, because it's there just like anywhere on the net. The difference is you don't have to see stuff you don't want to see, because the software and protocol have features that allow this. I'm on a pretty small server and we all are pretty much on the same page about what we expect our social interactions to be like. You know you can just filter out content, right? Your server can totally block or defederate from servers that have objectionable content, too (by whatever your collective definition of "objectionable" is). It works pretty well if you use it the way it's designed to be used.
Maybe yes? Maybe no? This has been an ongoing situation with the UK and demanding backdoors into US platforms - I’m not convinced them dropping it came down to “striking a secret deal”.
Not at all. The code that you see is not guaranteed the code that curl will receive. And even if you check the curl output, if you run it a second time to pipe to sh it might receive something different.
I've been in infosec for the past 14+ years and hiring these types are pretty nuanced and complex. On one hand, you have a person who shows their ethics are questionable at best. Do you want those folks having the proverbial "keys to the kingdom"?
On the other hand - people make mistakes and learn. And these types of folks are decently effective at what they do - although I will say the fact they got caught demonstrates they're not THAT good.
I'd probably pass on this specific person for the latter reasons.
Monero was built and used for privacy purposes but it gets abused by cybercriminals for malicious purposes. Just like all cryptocurrencies and even plain paper cash.
You have a service thats installed for one-click operations from Brave customers that want to use their VPN. The VPN service doesn't run in the background post-installation and no tunnels are established.
I see the customer experience reasoning here. Can someone explain the actual risks - I'm not seeing any.
Unsolicited, a company, whether I trust them or not, has said "Hey, I'm gonna install this network interface on your computer. Don't worry I won't turn it on unless you tell me to, but if I do, then all your traffic will pass through me. It's there just in case you need it. But don't worry, I won't flip the switch until you tell me to. I can, but I won't. It's not a big deal. Trust me."
I'm really not keen on this. In order to install a service, Brave's update agent must have Administrator level privileges on the system, which is how it is setup on the default system-wide install. I didn't install a VPN Provider when I installed Brave, I installed a browser. The action to, by default, add additional network interfaces to my machine, that given that the updater has the permissions to install, also has the permissions to activate, could at any point send all traffic on my machine through that Wireguard tunnel that I did not knowingly authorize the install of.
We all assume risks when we install software made by other folks, regardless of whether we can view its source or not. We have to provide some implicit trust to the makers of software to make choices that are inline with our desires and interests as a result of that. For me, this is a choice that is in violation of that trust, and that's not acceptable to me.
I'm not sure I'm going to die on this hill, but Brave has certainly reached a new level of the trust thermocline, and like others, I'm going to be evaluating whether I keep their browser on my systems going forward.
As someone who works in the antibot space for a FAANG, this type of solution can actually be very effective initially. Bad adversaries will adjust their TTP's (Tactics, techniques and procedures) accordingly - I wouldn't be surprised if ATO (account take overs) rise to compensate for paywalling on new accounts.
I really respect the dedication to removing the huge problem of bots in the social space and I feel the ripple effect could be tremendous if a big dent is made.
reply