NZgeek 's Techdirt Comments

Latest Comments (66) comment rss

  • On the post: Carmakers Push Forward With Plans To Make Basic Features Subscription Services, Despite Widespread Backlash

    NZgeek ( profile ), 18 Dec, 2023 @ 05:43am

    Where is the meat in this article?

    This has to be one of the worst articles I've seen here in a long time. It goes off on a long tirade about how vehicle manufacturers are turning to subscription fees, while simultaneously only giving a single example: BMW's heated seats, which was a failure and they're backing away from. If you're going to write about this subject, there are different categories that you need to acknowledge. The most insidious is the most recent: replacing commonly-expected functionality with always-online versions that require a subscription fee. The most obvious example of this is GM/Ultium moving to Android Automotive (the one that's built into the car) and disabling Android Auto (the one that's on your phone) and Apple CarPlay. A monthly subscription is required for things like navigation to work at all. The next category is functionality that's present in the vehicle, but which requires requires a subscription or activation fee to use. For example: * BMW and heated seats. * BMW and Apple CarPlay in the early-mid 2010s. * Mercedes Acceleration Increase, an annual subscription that remove artificial performance limits in their EQ range of EVs. * Tesla disabling Autopilot or Full Self Driving when their cars are sold to a new owner. These are obvious money grabs. The functionality is present and useable, and the only thing stopping it from being used is a paywall. It's bullshit, but at least these feature are optional. The last category are quality of life services that have an ongoing cost to provide. For example: * The car having its own mobile connection for online services. * Online search for destinations. * Rerouting navigation based on live traffic updates. * A mobile app for remotely monitoring the vehicle. It would be nice if it was just included with the cost of the vehicle, and should it be for the first few years. But after this period, it seems reasonable to charge a small fee to cover the ongoing cost of providing these services. And if someone doesn't want to pay, the loss of functionality should either be a very minor inconvenience (mobile app) or replaceable (Apple CarPlay or Android Auto).

  • On the post: Steamed Hams, Except It’s The EU Commission’s Alleged CSAM Regulation ‘Experts’

    NZgeek ( profile ), 16 Nov, 2023 @ 12:41pm

    E2E is not broken by client-side scanning

    It's been noted a few times in these articles that client-side scanning is somehow breaking out weakening E2E encryption. That is not the case. E2E encryption refers to the secure pipe between the sender and the recipient. The message is encrypted by the sender and only the recipient had the means to decrypt it. None of the servers the message transits along the way can access the message contents. Client-side scanning happens either before the message enters the secure pipe or after it comes out the other end. The E2E encryption remains perfectly unbroken, but the privacy breach is still there. The real issue with client-side scanning is that it's fundamentally flawed. If the content is sent to a server for scanning before it's sent, that's a massive privacy issue. There are also many ways to non-destructively alter images and text so that they no longer appear illicit. If some or all of the processing is done on the device in order to preserve privacy, it's possible to hack the process, feed it fake data, or bypass it completely. It's about as effective as the "I'm not a terrorist" checkbox on immigration forms. Law enforcement and law makers need to realise that people will always find ways to send illicit information to each other. It's happened for thousands of years. It's not a war they can win.

  • On the post: As Biden Looks To Ban Targeted Ads, Activists Look To Use Them To Get News To The Russian People

    NZgeek ( profile ), 04 Mar, 2022 @ 03:40pm

    Targeted vs behavioral

    There's a big difference between targeted ads and behavioral ads, and I hope the Biden administration sees that and acts accordingly. Targeted ads simply change what ads you see based on some criteria. If you're viewing a motoring news site, it makes sense to show you ads related to cars. Forums for new parents might show ads for nappies. Behavioral ads are the ones that track you around the internet. They look at what does you visit, what you buy, which social media feeds you look at. They build up a profile and use that to decide what ads you see. It's targeted ads on steroids. I would be very happy to see behavioral advertising go extinct. It's too invasive, and there's no evidence it's any better than dumb targeted advertising. Dumb targeted ads would work plenty fine for Russia. Just target any IP address on the counter that's not owned by the government. It doesn't need to be any more complicated than that.

  • On the post: Chip Shortage Forces Canon To Issue Workarounds For Its Own Obnoxious DRM

    NZgeek ( profile ), 11 Jan, 2022 @ 04:45pm

    Re:

    Epson can be counted in with the bad folk. They've got the same chips to check that the cartridges are genuine. What's worse, they sell identical cartridges under different model numbers in different parts of the world. Moving to a new region and want to take your printer with you? Good luck! You probably have to buy third party chips to get the official cartridges to be recognized by your printer, which also means wading through the "this ink is not genuine" warnings.

  • On the post: UK Government Apparently Hoping It Can Regulate End-To-End Encryption Out Of Existence

    NZgeek ( profile ), 11 Jan, 2022 @ 04:32pm

    Client-side filtering

    The UK government are deluded of they think that client-side filtering is going to fix anything. Software can be modified. If filters are introduced, someone will make a hacked version of the client that either skips or fakes the filter check. Anyone who wants to avoid prying eyes will use that hacked client.

    Of course, talk of client-side filtering could just be a ruse. "The boffins told us that the filtering won't work, so the only option is to snoop on everything you say. Sorry!"

  • On the post: Turns Out That Brexit Means Rotting Pigs' Heads, And Losing An EU Copyright Exception

    NZgeek ( profile ), 23 Jan, 2021 @ 03:43am

    Re: Obvious jokes about David Cameron aside....

    The fishers and the pig farmers and the people who relied on trade with the EU would have generally voted to stay. Why would you want to risk making it harder to sell to one of your biggest customer bases? I feel sympathy for these groups because they've been screwed over by their own government's hubris. And what's worse is that same government is trying to pretend like it's all just "teething problems", when what they're really seeing is the consequences of their own damn actions.

  • On the post: New Hampshire Supreme Court Issues Very Weird Ruling Regarding Section 230

    NZgeek ( profile ), 30 Jul, 2020 @ 06:40pm

    I think I see the reasoning here

    Based on my readings of CDA 230, the legislation is focused on content: sites aren't liable for content posted by users, and can moderate that content as they see fit.

    In this case, it's somewhat unclear why the business was kicked off Instagram. I think that's why the appeals court sent this case back. If the ban wasn't due to a content moderation decision, it's probably not appropriate to dismiss this case on CDA 230 grounds.

    What should happen is that this case gets dismissed based on the ToS wording. That's a much clearer victory, regardless of why the account was banned.

  • On the post: CBP Has Access To Billions Of License Plate Images Collected By Private Companies

    NZgeek ( profile ), 24 Jul, 2020 @ 04:26am

    This is why privacy laws are needed

    As broken and annoying as the GDPR is, the fact that it prevents this sort of indiscriminate data collection is a good thing. It would be extremely difficult for any company in the EU to build up a ALPR data set like this.

    The US really needs to step up and put in place some privacy laws to protect the general populace. However, such a move would get widespread pushback from businesses whose business models rely on playing fast and loose with data, and we all know that the rights of corporate entities are more important to the US government than the rights of real people.

  • On the post: As Some Are Requiring People To Give Up Their Info To Dine, Stories Of Creeps Abusing That Info Come Out

    NZgeek ( profile ), 16 May, 2020 @ 02:41pm

    Re: Re:

    NZ privacy laws apply to organizations, not individuals. (I believe the same applies to the GDPR and CCPA.) Let's assume that the accusations are true, which is probably the case. The employee will currently be on administrative leave (likely without wages) while the investigation takes place. They'll be fired for gross misconduct and will be ineligible for a benefit for up to 3 months. They likely won't find much work for a while, except maybe some minimum wage manual labour. The Subway franchise store will be investigated by the NZ Privacy Commissioner. The owner and managers likely gave little or no training on privacy, assuming common sense would prevail, which is insufficient under the law. The business will receive a fine that's big enough to hurt but not enough to kill it. The owner will probably go after the employee to recover some of this cost. Even though the employee isn't liable for criminal charges, they'll feel the consequences here for some time to come.

  • On the post: FTC The Latest To Discover 'Smart' Locks Are Dumb, Easily Compromised

    NZgeek ( profile ), 11 Apr, 2020 @ 05:21am

    There's a common saying in information security circles:

    The 'S' in 'IoT' stands for 'security'.

    I think that says it all.

  • On the post: Top Oracle Lawyer Attempting To Gaslight Entire Software Community: Insists APIs Are Executable

    NZgeek ( profile ), 30 Sep, 2019 @ 04:19pm

    Re: Bad analogies should stay in the kitchen

    The design of the menu is potentially copyrightable. The names of any signature dishes are potentially copyrightable. But that's it. You cannot copyright facts. A list of dishes, what they contain and their prices are facts. It's a listing of truthful information. The law explicitly excludes this type of information from being copyrighted.

  • On the post: Top Oracle Lawyer Attempting To Gaslight Entire Software Community: Insists APIs Are Executable

    NZgeek ( profile ), 30 Sep, 2019 @ 04:12pm

    Another analogy

    The API (application programming interface) is nothing more than a description of inputs and outputs, and what the code is supposed to do.

    You can compare this to designing and building a house. The interface is the what of the house. It says what the house must have and must do. For example:

    • You must have a front door that connects to the pavement with a path.
    • You must have a secondary exit at the back of the building that can be used as a fire exit.
    • You must have a kitchen, bathroom and toilet that hook into the existing water and sewer lines.
    • You must have at least 1 bedroom.
    • The house must meet with accepted standards on design and construction.
    • An ordinary person must be able to use the building as a long-term domicile.

    It doesn't specify the how of the house. You can change almost anything you like, and so long as you meet the standards, what you've built can be considered a house. (There's no guarantee whether it'll be a good house, but it'll be a house.)

    Hurst is effectively trying to argue that the set of requirements is the house. She's trying to say that because Oracle (via purchasing Sun) came up with the requirements of what the house must have and do, Oracle now own the rights to all houses and can prevent people from making their own houses.

    Pretty much everyone can see that's not right.

  • On the post: Class Action Lawsuit Hopes To Hold GitHub Responsible For Hosting Data From Capital One Breach

    NZgeek ( profile ), 12 Aug, 2019 @ 06:30pm

    Re: Re: Re: Re: Re: Re: What is the relevant law?

    It actually could be valid. Wikipedia contains some good information about the structure of SSNs. The rules are fairly loose, and there's no check digit to ensure that it's not just a nonsense value. The only public rules around SSNs are:

    • they're made up of 9 digits, typically grouped 3-2-4
    • none of the 3 groups can be made up only of zeroes
    • the first digit cannot be 9
    • the first group cannot be 666
    None of these rules would prevent 123-45-6789 from being issued. Under the old issuing scheme (retired in June 2011), that number would be a completely valid SSN issued in New York. It would be area 123, group 45, serial 6789. The newer scheme randomly generates numbers. It's unlikely that this number will be generated, but it's possible.

  • On the post: Travelers To New Zealand Now Face $3,000 Fines If They Don't Give Their Device Passwords To Customs Agents

    NZgeek ( profile ), 29 Oct, 2018 @ 04:26pm

    Reasonable suspicion required

    This article is missing an important piece of information, which sets the NZ policy apart from things like TSA policies.

    Your device can only be search if customs authorities have a reasonable suspicion that the device contains evidence of a crime. You're not at risk of getting your device searched "just because", as happens with the TSA.

    As such, this isn't going to be an issue for most travellers. You're only generally at risk if you're doing something dodgy.

  • On the post: United Airlines Made Its App Stop Working On My Phone, And What This Says About How Broken The Mobile Tech Space Is

    NZgeek ( profile ), 09 Sep, 2018 @ 04:10pm

    Re: It costs time and money to support older versions of phone O

    Android is very open. There are projects like LineageOS that can run new Android versions on older phones.

    For example, I recently installed LineageOS on my wife's old (unused) Samsung phone. The most recent firmware version from Samsung is Android 5.0.1. The version of LineageOS I installed was Android 8.1, which is only 1 version behind the latest.

    The biggest problem is getting people to update their old phones in this way. It's quite a technical process, and if you don't know what you're doing there's a fair chance of turning your phone into a shiny paperweight. But if you can make your way through, it's definitely worth the effort.

  • On the post: United Airlines Made Its App Stop Working On My Phone, And What This Says About How Broken The Mobile Tech Space Is

    NZgeek ( profile ), 09 Sep, 2018 @ 03:58pm

    Re: Software industry perspective

    You can partly blame Linus Torvalds for this. He has staunchly refused to create a stable HAL for Linux, instead requiring that drivers are constantly updated whenever changes are made to the interface.

    This makes it extremely difficult to allow the OS to be upgraded, because the kernel cannot be upgraded independently of the drivers. Any change to the driver interface prevents the kernel from being updated.

    It's only recently that Google have implemented their own Android HAL over the Linux kernel, which will help ensure that the OS can be updated independently. Not many devices support this yet, and it's only been available with Android 8.0 Oreo and newer, but it'll help to stop these devices from becoming obsolete in the future.

  • On the post: United Airlines Made Its App Stop Working On My Phone, And What This Says About How Broken The Mobile Tech Space Is

    NZgeek ( profile ), 06 Sep, 2018 @ 08:01pm

    Software industry perspective

    I work in the software industry, and have some insight into the thinking here. There are two main reasons for dropping support for older phones: (1) support costs, and (2) security changes.

    It costs time and money to support older versions of phone OSes. You need to maintain test devices for each significant OS version, and each change needs to be tested on all versions to make sure it works consistently. If you look at Google's figures on Android OS version share, versions prior to 4.4 KitKat make up around 4.4% of all users and versions prior to 5.0 Lollipop make up 13% of all users.

    If you're writing software, you've gotta make a decision about whether that bottom 4.4% / 13% of the market are worth chasing after. If they don't bring in any significant amount of revenue, they may not be worth the extra support cost.

    On the security angle, the big thing here is TLS version support. Android versions prior to 5.0 Lollipop didn't have good (or any) support for TLS v1.2. The current security community opinion is that anything older than TLS v1.2 is considered to broken to use, and some industry regulations (e.g. PCI DSS) state that you cannot use older TLS versions.

    There are possible workaround that allow TLS v1.2 to be used on older devices, but again this comes down to market share and support. Is that bottom 13% of the market really worth the effort?

  • On the post: Five Below, Trendy Retailer, Sues 10 Below, Ice Cream Seller, For Trademark Infringement

    NZgeek ( profile ), 18 Dec, 2017 @ 08:35pm

    Is this where Bacardi need to step in with their trademark for "42 Below" and tell Five Below to shut the $#!@ up?

    (Yes, I know it's vodka vs retail stores, but that sort of common sense hasn't stopped this sort of thing before.)

  • On the post: If A Phone's Facial Recognition Security Can Be Defeated By A Picture Of A Face, What Good Is It?

    NZgeek ( profile ), 11 Apr, 2017 @ 08:27pm

    Re: It's the same (or worse) in windows.

    The facial recognition built into Windows 10 ("Windows Hello") is really quite good. It requires a 3D camera system that can detect depth, and cannot be defeated by a 2D photo or video. However, the number of laptops/tablets out there that have this hardware is pretty small.

    It's quite possible that your friend's laptop is running Lenovo's Veriface software, which only requires a 2D camera. The lack of depth sensing makes it much easier to fool. Similarly, Dell laptops use SensibleVision's FastAccess software, which has the same limitations.

  • On the post: Like Flies: Doom The Latest Game To Remove Denuvo Via Patch

    NZgeek ( profile ), 19 Dec, 2016 @ 03:13pm

    Denovo does not give refunds

    It's untrue that Denuvo give refunds (partial or otherwise) for games that get cracked during an initial period. This was posted about 5 hours ago on TorrentFreak, who got their information via Kotaku.

    https://torrentfreak.com/denuvo-we-dont-give-refunds-when-games-get-cracked-161219/
    http://kotaku.com/denuvo-explains-why-doom-dropped-their-anti-piracy-tech-1790192362

Next >>