Malware won’t even need to wait for the user to access something sensitive, they can just go back through the user’s Recall history and get the data for immediate exfiltration. No chance for anti-malware software to update and catch it before it does anything truly bad, it will just always be too late if given even a minute.
And of Course, if you stream Netflix, tons of copyright protected material, lol.
Nope, DRM protected content like Netflix is one of the few things it doesn’t capture, it’s even mentioned in Recall’s privacy section. I’ll admit that that’s likely due to technical reasons with how the video stream is decrypted and decoded on the GPU and is never actually accessible to the user, not necessarily because they wouldn’t want to save that as well.
I feel like even if it was open-source, it would still be too big of a target for malware and data exfiltration to ever be justified for most people.
It’s always been a possibility that someone could do this but this makes it a default on feature for a lot of users you might interact with and makes them a prime target for malware to steal the sensitive data that wouldn’t have existed in most cases before.
To protect against casual theft of a device causing the data to be in the thief’s hands in addition to the actual device.
The average person unfortunately is not likely to properly backup their encryption keys so if they forget their password (or don’t use one and rely on the default of just TPM), they’ll complain about losing their data. Having the key backed up gives them a way to get their data back in non-theft situations.
A keylogger isn’t retroactive to before the keylogger was installed though. Recall is. Also, with Recall you don’t need to write keylogging software and get it past antimalware scans (and keep it from getting detected), you just have to get an infostealer past them one single time to take the Recall database.
That’s true. I know they did increase the number of filters from the initial amount but they really should just make it effectively infinite.
As long as that extension developer can be trusted to have access to read and modify the data of any site you load and to not sell the extension (and its userbase) for a quick buck (see Hover Zoom+ for an example of how much they’re willing to offer, as recently as today).
There are definitely trade-offs between the permissions allowed in V2 versus V3. It really depends on where you think the main threat is (websites and online tracking versus extension developers).
It’s basically similar to this example from the health field:
Like givesomefucks said, it’s probably not that they were actually after that information specifically, but that it just got caught up in regular website analytics that services put on their sites. You can still infer a lot about a person’s health information by just looking at the URLs they visit, so I’d say it is a concern but I’m not sure it should go beyond companies/agencies/organizations needing to know about the risks and a “stop doing this” warning. If analytics services were doing this intentionally and evaluating and using that data explicitly at the direction of some human in their company, then I think it would be a much bigger issue and a much bigger story.
That’s a sentiment that quite a few others online feel too:
https://www.techdirt.com/2019/03/13/do-people-want-better-facebook-dead-facebook/
I do get the argument though that if no improvement will ever be good enough for some people, then what incentive do they have to change for the better if it won’t make a difference to those people either way?
It also doesn’t help housing prices that the landlords are colluding to raise prices:
https://www.ftc.gov/business-guidance/blog/2024/03/price-fixing-algorithm-still-price-fixing
It isn’t just Airbnb’s fault, it’s landlords wanting to maximize their return, no matter the method (short-term rentals or price fixing collusion).
Google has a dominant position in the advertising industry with AdSense and their other advertising-related products. Google also has a dominant position in the browser market with Chrome. Google can’t use that dominant position in the browser industry to make changes to their browser that would negatively affect their competitors in the advertising industry without consulting competition authorities which are trying to make sure they aren’t intentionally harming their competition in the ad market using their dominance in another market (the browser market) to benefit themselves. Firefox is small enough (and generally doesn’t have any other services they could leverage) that they can just make changes to their browser without running afoul of any competition concerns.
There’s also the advantage that Google has when it comes to the large number of popular first party services they have, like Gmail, Search, YouTube, etc. Using those services alone, they may be able to develop a profile of a user that’s better than the competition would be able to do with the new Topics API, Protected Audience API, etc and thus even just getting rid of third-party cookies without a replacement might be seen as anti-competitive. This is probably why places like the EU are also forcing services to make it possible to unlink those services and not have the data shared between them.
Not too surprising. I’m not sure I’ve actually seen anyone adopt their new ad technologies yet and nothing is listed in my browser. If their competition hasn’t adopted it but they have, it’s definitely anti-competitive for the ad market if they just shut off third-party cookies and only affect other companies (which seems to be what’s delaying it with the UK’s CMA).
That’s likely what they want. If you’re not viewing their ads and your third-party app is even blocking all the tracking, then you are not providing any value to them to keep you as a ‘customer’. All it does is reduce their hosting and serving costs when you’re blocked or when you eventually stop using it.
To be fair, one of the apps mentioned, [Re]Vanced, is literally just the stock app with extra features patched in and the premium features enabled for free (like no ads and downloads). It makes sense that it would be more user friendly. Allowing that modified version doesn’t get them any revenue though while still costing them to host and serve the content to those users.
At least with NewPipe it supports multiple sites and is its own app with their own code and UI.
Not quite, in 2018 they did add tracking protection to their list of goals for their Private browsing mode and have implemented features to reduce tracking/fingerprinting/etc while in it. The main focuses though were still the same at the start though: protecting against local data being saved.
https://wiki.mozilla.org/Private_Browsing
We target Private Browsing to 3 privacy goals; in a Private Browsing session, Firefox:
- Doesn’t save the browsing history or display it in the Firefox UI
- Prevents the session’s data from writing to persistent storage
- Protects the session’s data from online tracking
And it’s been that way since the beginning basically and is a lot more upfront about what it does and doesn’t protect against than other browsers like Safari.
The new language just makes it even clearer it applies to Google’s online services and I don’t see that as a bad change though.
Guest sessions already exist in the profile menu and is a separate feature. Guest doesn’t save history/cookies/etc locally but also doesn’t use your existing history, extensions, bookmarks, settings, etc. It’s intended more for an actual guest user to sign into temporarily.
b and c) Go after the ISPs who don’t disconnect the pirating users and sue them instead. Go after the deep pockets.
I’m pretty sure that people were unhappy because it was opt-out at first. Now that bridging is opt-in, I don’t think most people have a problem with it and I’ve seen a number of posts from both sides of the bridge so it seems to be working.