I think you could make that case easily for Facebook but less easily for Google. The number of useful Google products (AOSP, for instance) is enormous. They contribute massively to open source†. Their co-founders clearly have less evil tendencies that Facebook's founder. Their free products are insanely useful. A lot of Google's products have a price tag attached to them especially for the enterprise sector where they don't trade your data. I would compare Google to Apple and Microsoft and Amazon. Facebook is a totally different entity – I'm of the opinion that Facebook should _never_ have been allowed to acquire WhatsApp and Instagram.
† Before anyone points out that FB contribute to open source… they've about, what, 50 projects, Google has over 2,000 and has been running that Google Summer of Code project for many years which supports 1,000s of projects outside Google.
Except that list really is just bloated with rules that don't do anything anymore.
> We measure how EasyList affects web browsing by applying EasyList to a sample of 10,000 websites. We find that 90.16% of the resource blocking rules in EasyList provide no benefit to users in common browsing scenarios.
Part of the point of an adblocker is to protect you in uncommon browsing scenarios. This is almost like saying that a malware list is bloated because some of the hashes its storing are uncommonly downloaded. Having as close to full coverage as possible is important.
It also opens up an attack vector for advertisers that they absolutely will exploit. With unlimited rules, there's no reason for ad networks not to use a few domains and serve their ads from a few sources. With a hard limit, there's a strong incentive for networks to collectively try and flood the lists with tons of different domains until we run out of room to include all of them.
> the possibility of tweaking the 30k limit.
This has been the number one complaint about the proposal from day one. If at this point the Chrome team still hasn't decided to tweak the limit, I just don't see how there's not gonna be any new argument past this point that anyone can make to convince them.
Comparing it to a malware list is a bit extreme, isn't it? In one case, you actually get infected, in the other, you see one ad. Your next point about advertisers abusing it is a good one though.
I believe in the response, they said they are running benchmarks to see the performance hit, so they are definitely still looking at tweaking the limit.
I don't think the consequences are the same, but I do think the underlying idea is applicable.
Two things to keep in mind:
A) uBlock Origin doesn't just protect me from ads, it also protects me from many trackers. I'm in the (maybe minority, I don't know) camp that says that excessive tracking and de-anonymization attempts cause people tangible harm. They're not as drastic or as harmful as installing malware on my computer, but I put these practices in the same category as a malicious attack.
B) Under the most recent stats I've checked, Malvertising has almost surpassed general unsafe sites like porn/torrents as a source of consumer malware. Even Google Ads aren't immune from some of these attacks[0]. So for less computer-literate friends that I have, I consider a gimped adblocker to be a malware risk source.
But to your point, maybe a less emotionally charged comparison could be Chrome's automatic whitelist for autoplaying videos. Nobody is going to die if a video autoplays on their tablet, but at a fundamental level the point of blocking autoplay is to actually block it, everywhere. Not to block some of it. People didn't want Google trying to guess which video sites were the most annoying, they just wanted Google to turn off autoplay.
In the same sense, if someone installs an extension that says it's going to block ads and trackers, I don't think it's unreasonable for a consumer to want it to block all of the ads (or at least as many as is possible to detect), not just some of them on the X most popular websites.
It has the advantage of being faster, with the disadvantage of being less dynamic. Existing rule lists will need to be slimmed down. That's not necessarily a bad thing, because all they ever do is grow without being pruned of old rules.
It seems to me people are upset because they read the title and misinterpreted it to me that adblocking as a whole is going away. But to be fair, even the article itself does a poor job of clarifying that.
Google has not shared any actual evidence that there's a performance gain to be had. Non-google benchmarks of uBO show it not being a performance problem in the first place, so there simply isn't much room to be faster than it.
uBO is not the only adblocker around. It's likely not even the most popular. These changes will apply to all of them, bringing the baseline of performance up.
How would it look if someone else got the patent and completely blocked Google? It's not even a question for large companies. The issue is this archaic patent and copyright system where someone "owns" an idea... Absurd.
This type of argument doesn’t stand here. Since the truth is that there is prior art, and the right thing to do is to make sure nobody got the patent, google could have make sure nobody get the patent.
Ironically that’s what they ended up doing, but i doubt it was on purpose.
Well, not if you're physically located in in the U.S. at the tome, but the GDPR effects non-EU businesses and governments as long as the person involved is an EU citizen.
No it doesn’t! The citizenship has nothing to do with the law. It’s the residency. An EU citizen living in New York has exactly zero to do with GDPR. An American citizen living in Paris though, would be covered by the law.
However it does apply to EU companies regardless of where the data subject is, and given that Apple is clearly an EU company if you see how its business is structured to (illegally) avoid taxes[1], it would apply in both cases.
But, more importantly, the GDPR doesn't help if the data is needed for a criminal investigation. There are very clear exemptions to the GDPR protections, and this is one of them.
> Well, not if you're physically located in in the U.S. at the tome, but the GDPR effects non-EU businesses and governments as long as the person involved is an EU citizen.
In what court would you bring a case against the United States under the GDPR?
If the business operates with the EU, this generally involves having a subsidiary in an EU country (most companies have subsidiaries in Ireland that own all of their "IP" for tax avoidance reasons, and thus can be very trivially fined as they operate as an EU company).
I get your point, but practically most large companies have EU subsidiaries (and in many cases, structure their businesses to exploit the benefits of EU nations like Ireland) and thus must follow EU laws anyway.
It upsets me a lot how these financial institutions have complete power over us. God forbid a bank writes a loan to a scammer in your name, cause to them it's your fault. Absurd!
Yes!
The only real change that needs to happen is that banks needs to be liable for loans they write in your name fraudulently. If they accept stolen data without verifying it is actually you, it needs to be their fault.
The current system of it being your fault makes no sense.
> banks needs to be liable for loans they write in your name fraudulently
Is this not the case already? I know that it could be an incredible hassle to prove that you didn't take out the loan and that someone else has stolen your identity. (There's also the question of who has the onus of proof -- you or the bank.) But if it's a fraudulent loan and you could prove it was fraudulent (which I agree could be difficult to prove), can you be held responsible?
> But if it's a fraudulent loan and you could prove it was fraudulent (which I agree could be difficult to prove), can you be held responsible?
The simple answer to this is "no." Identity theft can take time and, occasionally, a small amount of money to clean up. This has a very real cost if you happen to be a person that has little of these resources. But you can never* be held responsible for a loan you didn't take out.
This is also the core reason why Equifax has not suffered many consequences: it's because the real world harm of their negligence simply wasn't that significant. I don't even know if there is any data to show that the number of identity thefts has increased in the wake of their breach.
*Unless I guess you receive a summons to a court date and don't show up and someone gets a default judgment against you. "Never," here, as usual, means "extremely rarely."
From a quick Google search I got "Online fraud attack rates have increased by 13% since the start of 2017, according to a new study from e-commerce fraud-prevention provider Forter. Digital goods—including gift cards, gaming and music—experienced the sharpest increase in online fraud in the wake of the Equifax breach, soaring 167% between the first quarter of 2017 and the same period a year later, Forter said. E-commerce sellers of electronics saw a 66% increase in online fraud over the same period, and online fraud in food and beverage also showed a sudden surge." though who knows how reliable that is.
One thing I hate about massive corporations is that there's no semblance of accountability. I'm not looking for Hamurabi's law, but as long as companies can act with impunity in the face of the law we're in for a rough future :[
The thing is, the burden of proof shouldn't be on the victim to prove that the loan was fraudulent. The bank should have to prove that it was valid otherwise it's automatically ruled in the victim's favor. You know, innocent until proven guilty and all that.
If an average individual had done this, they would face charges (and they should.) But mysteriously when it is done tens of thousands of times it somehow becomes legitimate. I'm a pretty liberal person but I am deeply disappointed in the previous US administration for not pursuing this scandal towards justice.
Equifax really isn't a financial institution. But yeah, in a capitalist system, it shouldn't be surprising that capital has power over you just like in a monarchy, the monarchs have power over you.
Power is never taken. It can only be given. That’s why threats of violence from the would-be rulers are usually necessary. A few people having power over the many is because the many don’t scare the few.
Just issue public/private keys to citizens. They sign with their private key, banks verify with their public key. Anyone can request your public key from the Social Security Administration via API. Done.
The SSN acting both as the identifier and the password is the real problem, and throwing the blockchain into the mix just complicates things more.
We still need a central agency. It's the authentication method that is pathetically worthless.
Terrible idea. If you try to force users to do key management, you've lost.
Keybase is the only one getting this right, and people are now claiming they're ignoring security in order to do it. It would be a dumpster fire to trust government agencies to get the design requirements right.
For the last several decades, many of us Americans have become too skeptical about what government can do in terms of technology, even while it's completely true that government often gets it wrong.
That skepticism may have something to do with many of us Americans watching our government spectacularly fail to keep pace with changing technology over the past few decades. Not sure there's any real solution for a nation of federated states who don't like to coordinate with one another. Please prove me wrong, politicians.
It's definitely tricky, not disagreeing there. But Belgium is also a federation of multiple language regions who don't like to coordinate with each other. Way smaller and way fewer regions, sure, but equally with more hostilities between them.
There are very few government officials worldwide who truly know technology or how to effectively engage the real experts in an agile way rather than just government contractors. That seems to be the main problem to me.
Even in the US, the US Digital Service and 18F have done great work. And Canada has at least one backbencher MP who's a Linux and free software geek, asking legitimately knowledgeable questions in committees on topics like IPv6, copyright, and plenty of unrelated topics too.
Of course I realize those organizations and people are exceptions. But they, and the Belgian and Estonian examples, indicate what can be.
Maybe we can figure out how better to make technologists interested in serving in government, or working closely with it from the outside.
I'm paraphrasing from this article in the New Yorker [1] that I read some months ago, but it seems the trick to getting bona fide technologists to work in government is to offer competitive pay and benefits, as well as making the job "sexy" by offering a chance to work on a truly revolutionary project that will make life better for your countrymen. That's what's working in Estonia, at least.
I'm holding out some hope that Estonia will be able convince their fellow EU member states to pick their game up now that they have the rotating presidency of the EU council [2].
But one thing Estonia has going for it (or working against it, depending on perspective) is its close proximity to a technologically advanced hostile nation. Estonia's rapid progress has been spurred in large part by the necessity of protecting itself from Russian cyberattacks, a Big Issue if I'm remembering the New Yorker article correctly.
Let's all move to a system where, once someone has taken a fraudulent loan in your name, it gets put on a permant record that can't ever be changed or undone, what a great idea!
You'd think that crypto proponents would have learned after the first five major bitcoin breaches and millions of dollars of losses without recourse, that having trusted people with the power to change transaction history is a good thing.
A consenting adult pays another consenting adult with more experience to do a life threatening task together. One dies. How is this not okay? What are you expecting? For people to never climb Mt Everest again?
In the USA, it's illegal for me to pay you to kill yourself. The issue isn't as cut and dry as legality anyway. Just because something is legal doesn't mean it's morally justifiable. So yeah, there is a world view where paying people money to risk their lives to advertise your buttcoin is immoral.
The point of the crystal clear rules is to reduce how much the human operator needs to think about what they're doing. Should you teach your workers every legal nuance they need to sell a car (and hope they follow them), or do you setup clearly defined rules that can be easily followed and repeated?
