"Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."
The computer, however, will stop you from recording DRM'd content.
Find it fascinating that when faced with drawing safety and security boundaries, the primary beneficiary is not the owner of the device, or the person using it, but random corporations who control the intellectual property rights.
I find it equally fascinating that in order to get anywhere near an integrated computing experience in 2024 we apparently need constant recording and transformer models.
No structured file systems, no permission models, no shared stores, no capabilities - just firehose the display output and hope for the best.
@sarahjamielewis it's infuriating to me that every operating system is full of APIs for rendering text to the screen, only for us to take pictures of that text and scrape it back out with OCR.
The reality on the ground is that as soon as the UK's Online Safety bill becomes law then the de-facto assumption must be that any service provider with significant exposure to the UK might be under a notice that mandates the compromise of the security and/or privacy of that service.
The statement made today - explicitly designed to defuse any tension that might have held up the bill - only re-enforces that position.
The framing that this is a "win" for online privacy is deeply disingenuous.
I miss the old internet, hanging out in irc channels, posting in small forums, wasting an afternoon jumping from niche site to niche site, trying to track where you were in a haze of dozens of browser windows.
As if the integration of a broken, backwards technology into the core of our computing systems happened by accident.
"No, you see the OS doesn't get to see those bits of the screen, so it totally makes sense why the system scraps your financial documents and passwords but not netflix" - utterly unhinged worldview
The boundaries could have been cut dozens of different ways, but they are where they are because of the compromises built into our systems.
And every paper cut compromise has led us to a place where modern Windows prevents you from taking a screenshot of Mickey Mouse while it happily subverts every other kind of process and workflow isolation.
At the end of the day, I'm the kind of person that compiles (and occasionally writes) my own kernels - this affects me to the extent that people and organizations I engage with use these awful machines - and I expect they will in droves.
I've long given up on the idea that any systems besides my own can be trusted to keep secrets - but I will keep trying to both build better ones, and encourage others to do the same.
I didn't spend the last 6 years building open source, peer to peer metadata resistant communication applications and libraries for fun.
I did it because any secure communications that rely on a centralized service provider is forever reliant on the whims of whatever jurisdiction regulates it's existence - that is not ground on which you want to anchor your rights to communicate and associate free of surveillance.
Really uncomfortable with (otherwise cool) organizations using the presence of cryptography to back up a security/privacy claim that is 100% policy based.
Just because they don't do a thing doesn't mean they can't do a thing.
"We don't know who you talk to" (because we don't log that information as it passes through our servers)
is a very different claim than...
"We don't know who you talk to" (because we physically and computationally will never have access to that information)
There are so many problems with the UK's Online Safety Act. But reading through the Ofcom consultation document I'm struck by a few things.
Every implementation cost cited is about 2-3 orders of magnitude smaller than I would have come up with if asked for a conservative estimate for the kinds of services cited.
The "Defences" section which explicitly carves out a defence for harassment of queer people - really underlines the type of "safety" this act provides.
The Drugs section is a whole clusterfuck of overreach. I am in Canada, where Cannabis is legal.
Annex 10 states "It is not relevant whether the drug is a controlled substance in the state or territory from which the post originated." and seems to require all dispensaries in Canada to put "offer is not extended to users
within the United Kingdom" on all social media posts that might be seen in the UK.
Ultimately I don't think these documents or the overall act matter all that much.
Governments around the world have decided that this is the Internet they want. A highly censored, corporatized collection of services - filtered through they're own prejudice, and politics.
Any hope I have for humanity is rooted in the idea that people, on the whole, will reject that.
There is lots of discussion about Electron / webp and - as someone who would never ever use electron for anything remotely approaching a security sensitive context - I do think it misses the mark.
Electron is bad because it shares an attack surface with the most attackable surface, but then extends it with all the functionality that was deliberately removed / never implemented because security.
(While giving developers very few tools to actually lock down that context in a meaningful way)
I don't think I've ever seriously audited an electron app and not found a critical vulnerability related to the fact it was an electron app.
The webp vuln impacted basically anything that touched webp files - which includes a lot of things that are not browser engines.
It's an argument for stronger vetting of new file formats - especially those implemented in unsafe languages - separate from not using electron (though you should also probably not use electron)
Ultimately the biggest problem is there is little investment in cross-platform UI tooling that isn't coming from the the browser space.
Small teams can't afford to build an application for every given platform stack, so they pick the path of least resistance. As a result machines and people are increasingly vulnerable as applications are absorbed into the web context.
There us nothing on the horizon that changes that fundamental economic consideration.
It took me a long time but I finally understand that "python" isn't a language, "python" is a superposition of a dozen or so different languages.
For success with "python" you have to be ultra careful with ensuring that if the person who wrote the script used "python 3.9" that you also run it with "python 3.9" - if you don't you will be faced with hundreds of exceptions that have no relation to actual reality.
Never rely on distro packaging, always build from source. Use venvs liberally.
I still don't fully understand why if I have python 3.11 and I run something written in python 3.10 that it will just randomly throw exceptions...why seemingly minor versions seem to be completely incompatible,,,but I have grown to accept that it's just better to not question such things.
The thing about chat control / upload filters / client side scanning, whatever it's being called now; They are responses to an old generation of technology - one of an internet governed by centralized corporations.
Anonymous, peer to peer, file sharing exists. No centralized place to subvert - except the software running locally. Imperfect now, but intrinsically extant.
What proponents of these laws really want is to roll back the clock; something that is, fundamentally, not possible.
@sarahjamielewis Nazis are unserious people doing very serious things: they can and will outlaw basic human activities in order to exert violent nonsensical control over everyone else. It's exhausting but they need constant opposition. Even Holocaust victims talked about how ridiculous Nazis were -- Nazi itself is a shortening of "Nationalsozialistische" that happens to be a colloquial and derogatory word referring to an awkward, backward, and clumsy peasant. They were mocked from the start.
It's a mistake to confuse the attack vector for the core vulnerability.
No amount of incentive engineering fixes the cold truth that neither security nor privacy are considered desirable economic outputs; unlike vulnerabilities and surveillance for which the market is broad and deep.
One is backed by volunteers and donations, the other by billion dollar contracts.
No amount of procedure, policy, or technical design beats that level of imbalance.
There was a time in the early 2000s when Firefox triggered a browser renascence and there was a lot of excitement about what a "browser" could be...feeds, blogging integration, collective tagging, open comments....
The original spirit that the web should be as writable as it was readable, extended to shareable.
And in some way, shaped by economics and technology, we got an approximation of that vision..shrinkwraped and sanitized.
@sarahjamielewis@nilesh Gotta say I find Arc is capturing a lot of that energy right now—loving both the product and their vibe of joyful experimentation. But no idea what in the heck their business model is, which scares me.