Category Archives: News

Article note: ...A subset of the things Cookie Auto Delete has been doing (with user-settable policy and one-time overrides) for the several years since I switched back to FireFox. At least this should work on mobile since they won't bless CAD to run there.

Enlarge / This menacing firefox seems to be on the prowl for unwanted third-party cookies. (credit: Hung Chung Chih via Getty Images)

Mozilla's Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The new feature allows users to manage all cookies and locally stored data generated by a particular website—regardless of whether they're cookies tagged to that site's domain or cookies placed from that site but belonging to a third-party domain, eg Facebook or Google.

Building on Total Cookie Protection

The new feature builds and depends upon Total Cookie Protection, introduced in February with Firefox 86. Total Cookie Protection partitions cookies by the site that placed them, rather than the domain that owns them—which means that if a hypothetical third party we'll call "Forkbook" places tracking (or authentication) cookies on both momscookies.com and grandmascookies.com, it can't reliably tie the two together.

Without cookie partitioning, a single Forkbook cookie would contain the site data for both momscookies.com and grandmascookies.com. With cookie partitioning, Forkbook must set two separate cookies—one for each site—and can't necessarily relate one to the other.

Article note: The most fascinating thing to me is that there are indicators of biological race that are so blatant that shitty low-hanging pattern recognition tools can find them, but it's so fraught/taboo to discuss biological race even to enable better targeted medical care that no one is/will admit to being aware of them.

Article note: The incentive structure is to vomit papers, so people vomit papers. Here we see the naturally resulting arms race between plagiarism detection tools and "automatic paraphrasing" tools in action. Some of the automatic paraphrases are amazing, "flag to clamor" for signal to noise, "focal preparing unit" for CPU, "arbitrary right of passage" for random access.

Article note: It's official.

Article note: There are a few things I notice that are a little odd as far as attribution lines, but it's a nice chart with a ton of truly obscure things broken out.

Article note: Sigh. Privacy getting "Think of the children"'d again. You build the technical capability to scan all your users' devices for undesirable content of any particular kind (with sketchy perceptual hashing tools! Surely nothing bad will happen there! How you feelin' "human inspection" hired to spend all day looking at pictures of people's kids in baths to make sure nothing sketchy is going on?), and you will get pressure from governments and interest groups to scan for arbitrary other things, because you have already expressed that your system can do so. Previous similar tools were a little less gross there was a "It's running server side, we're making sure we aren't storing or transporting illegal content" pseudo-justification, and the _vendor_ was running it on their hardware instead of user's expensive devices they supposedly "own" snitching on them.

Article note: This is solidly in the "Consequences of dung-beetle programming" column.

Article note: For 2/3 complaints, all they had to do was say they were focusing on scaling and urgently needed management features during the pandemic, not ...blatantly lie... about their encryption features, and not insert spyware APIs into their code. The "zooombombing is the platform's fault" one is a little more of a stretch, since Zoom was very suddenly pushed into all kinds of unintended new use-cases ... but see above, it _is_ what they should have been working on.

Enlarge / Technical preview of Zoom's end-to-end encryption, made available months after Zoom was caught lying to users about how it encrypts video calls. (credit: Zoom )

Zoom has agreed to pay $85 million to settle claims that it lied about offering end-to-end encryption and gave user data to Facebook and Google without the consent of users. The settlement between Zoom and the filers of a class-action lawsuit also covers security problems that led to rampant "Zoombombings."

The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a "prohibition on privacy and security misrepresentations" in a settlement with the Federal Trade Commission, but the FTC settlement didn't include compensation for users.

As we wrote in November, the FTC said that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers. In reality, "Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers' Zoom Meetings," the FTC said. In real end-to-end encryption, only the users themselves have access to the keys needed to decrypt content.

Article note: That's one hell of a hunt, and excellent process documentation. Because I spend over half the year trying to teach EE/ECE sophomores to design, build, and debug digital hardware, I really respect good process docs for hunting hard bugs.

Article note: ...Nice. Into the "talking to old computers" toolbox.