The best response that I've seen to this so far is this video of a former student speaking to the school board:

Bridget, our first ever interaction was when you retweeted a hate article about me from The Nationalist while I was a Sarasota County school student. You are a reminder that some people view politics as a service to others while some view it as an opportunity for themselves. On this board you have spent public funds that could have been used to increase teacher pay to change our district lines for political gain, remove books from schools, target trans and queer children, erase black history, and elevate your political career, all while sending your children to private schools because you do not believe in the public school system that you've been leading. My question is why doesn't an elected official using our money to harm our students and our teachers for her gain seem to matter as much for us as her having a threesome does? Bridget Ziegler, you do not deserve to be on the Sarasota County School Board but you do not deserve to be removed from it for having a threesome. That defeats the lesson we've been trying to teach you which is that a politician's job is to serve their community, not to police personal lives. So, to be extra clear: Bridget, you deserve to be fired from your job because you are terrible at your job, not because you had sex with a woman.

Closest to the original source I can find (referenced in numerous news articles): https://www.tiktok.com/@queenofhives/video/7313654227564383530

With a breach of this size, I think we're officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.

Ah yes, MacRumors falsely reporting... Apple's own statements, right...:

Previously: https://web.archive.org/web/20240216001557/https://developer.apple.com/support/dma-and-apps-in-the-eu/

Why don’t users in the EU have access to Home Screen web apps?

To comply with the Digital Markets Act, Apple has done an enormous amount of engineering work to add new functionality and capabilities for developers and users in the European Union — including more than 600 new APIs and a wide range of developer tools.

The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality. We expect this change to affect a small number of users. Still, we regret any impact this change — that was made as part of the work to comply with the DMA — may have on developers of Home Screen web apps and our users.

Now: https://developer.apple.com/support/dma-and-apps-in-the-eu/

Why don’t users in the EU have access to Home Screen web apps?

UPDATE: Previously, Apple announced plans to remove the Home Screen web apps capability in the EU as part of our efforts to comply with the DMA. The need to remove the capability was informed by the complex security and privacy concerns associated with web apps to support alternative browser engines that would require building a new integration architecture that does not currently exist in iOS.

We have received requests to continue to offer support for Home Screen web apps in iOS, therefore we will continue to offer the existing Home Screen web apps capability in the EU. This support means Home Screen web apps continue to be built directly on WebKit and its security architecture, and align with the security and privacy model for native apps on iOS.

Developers and users who may have been impacted by the removal of Home Screen web apps in the beta release of iOS in the EU can expect the return of the existing functionality for Home Screen web apps with the availability of iOS 17.4 in early March.

You also know that all votes are technically public and can be viewed by any instance admin that's federated with the server a community is on, right? There's no way to see that in the Lemmy UI at the moment but the data is there on the server.

The names are public. Per Georgia Code Title 17. Criminal Procedure § 17-7-54 it looks like they're spelled out as part of the standard form that indictments take. Addresses aren't that hard to get once you know the name.

Currently being investigated by browser makers but not something they can just do on their own like Signal.

Here's Chromium's current proposal that they're testing:

https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html

For me it's not boot licking but recognizing that IA made a huge unforced error that may cost us all not just that digital lending program but stuff like the Wayback Machine and all the other good projects the IA runs.

There was the one case with the scammers in the UK using a homemade cell tower to essentially send out phishing texts directly to cell phones in an area, completely bypassing the phone company. It seems like this scare texts scenario would fit that kind of tech even better, as you only need to send out a message once to a large amount of people and you don't need to collect information in response like in a phishing scenario.

That's likely what they want. If you're not viewing their ads and your third-party app is even blocking all the tracking, then you are not providing any value to them to keep you as a 'customer'. All it does is reduce their hosting and serving costs when you're blocked or when you eventually stop using it.

Doesn't necessarily need to be anyone with a lot of money, just a lot of people mass reporting things combined with automated systems.

As for what these were, they are modified versions of the official YouTube app. What has been taken down is the full modified app files (.ipa) ready to install on an iPhone, not the source code to the tweaks that are in the repos.

These modifications do things like replicate the paid YouTube Premium features, from the uYou features list for example:

• Ad-Free Browsing: Bid farewell to interruptions and enjoy seamless video playback without annoying advertisements.
• Background Playback: Keep your favorite videos running in the background while you multitask or lock your device.
• Video and Audio Downloads: Download videos, shorts, and audio tracks in various formats, including MP4 and WebM, for offline viewing and listening pleasure.
• [...]

You can see why Google would want to have them taken down. They aren't even a re-implementation with their own code/UI like NewPipe.

They're downplaying their responsibility and the problem while taking a negative tone about the white hat (bold added):

https://www.cuinsight.com/press-release/cu-solutions-group-issues-statement-on-recent-crm-vulnerability/

CUSG was notified of this vulnerability by Jeremiah Fowler, a self-acclaimed “researcher” who appears to access corporate systems to expose vulnerabilities, then notifies the organizations regarding their exposure. At least in the case of this incident, he also requested a “bounty” to help fund his research, and then published the information in his blog which was later picked up by a specialized publication called, “HACK READ.” These posts can then be google-searched by other parties including media outlets. CUSG did not agree to pay the requested “bounty.”

CUSG was in the process of gathering information and preparing a client communication when news of this publication broke. Nowhere in the article is an actual breach alleged. In fact, after exaggerating the incident to readers in an effort to sell their products, even the HACK READ article and Mr. Fowler’s personal blog post point out that the identified vulnerability was secured and rectified “on the same day.” [...] In his Website Planet blog, Mr. Fowler has done similar “research/publication” work regarding scores of companies including Software Projects, Australian travel agency Inspiring Vacations, the America Family Law Center, Redcliffe Labs, Deutsche Bank, retailer Hendel Hogar, and numerous others. Again, the motivation seems to be to raise awareness, but also to benefit Mr. Fowler personally in his career as a researcher, writer, and speaker.

CUSG CEO Dave Adams, summarized this incident this way: “While researchers like Mr. Fowler can help remind us of the importance of good data security, the publication of his findings in ways that potentially disparage corporate brands, create a customer “call to action”, and exaggerate the facts is clearly irresponsible and could place him and others at legal risk if their hacked data ends up being mishandled.”

And of course, the obligatory 'we have an excellent security team, everyone faces threats, you can't blame us':

Continuing, Adams expressed confidence in CUSG’s Internal Technology security: “For over 30 years, CUSG has operated with the same experienced technology team and leadership that has a stellar reputation for managing IT security on behalf of its stakeholders. While all companies are exposed to the ever-growing threats of cyber-security, and ransomware, CUSG’s team constantly monitors vulnerabilities and makes corrections immediately as needed and then reports to stakeholders with transparency.”

Basically the standard "we take security seriously":

https://www.troyhunt.com/we-take-security-seriously-otherwise/

“We take security seriously”, otherwise known as “We didn’t take it seriously enough”

You mean a lawsuit like the one about the "Great 78 Project" by the music companies or maybe the one about the "National Emergency Library" by the book publishers?

I think you're right that we need to start working on alternatives, hopefully something decentralized. The Wayback Machine would be an irreplaceable loss though if the data isn't preserved somehow.

It should never have gotten to the external feedback stage because internal feedback should have been sufficient to kill the idea before it even got a name due to it being such a security and privacy risk. The fact that it didn't is worrying from a management perspective.

To be more accurate: Mozilla does plan on deprecating MV2 once they have all of the MV3 stuff supported and sufficient time to transition has been given but they will make the the crucial "webRequestBlocking" API used by ad blockers available on MV3 (unlike Chrome) for those extensions that need it to do more than declarativeNetRequest allows for.

See: https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/

Towards the end of 2023 — once we’ve had time to evaluate and assess MV3’s rollout (including identifying important MV2 use cases that will persist into MV3) — we’ll decide on an appropriate timeframe to deprecate MV2.

To protect against casual theft of a device causing the data to be in the thief's hands in addition to the actual device.

The average person unfortunately is not likely to properly backup their encryption keys so if they forget their password (or don't use one and rely on the default of just TPM), they'll complain about losing their data. Having the key backed up gives them a way to get their data back in non-theft situations.

It was just for the EU, because they didn't want to add a whole framework and support for third-party browser engines to act as home screen web apps. Now they'll continue to offer those based on WebKit everywhere.

Isn't the main problem that most people don't use the E2E encrypted chat feature on Telegram, so most of what's going on is not actually private and Telegram does have the ability to moderate but refuses to (and also refuses to cooperate)?

Something like Signal gets around this by not having the technical ability to moderate (or any substantial data to hand over).

https://blog.mozilla.org/addons/2024/05/14/manifest-v3-updates/

We also wanted to take this opportunity to address a couple common questions we’ve been seeing in the community, specifically around the webRequest API and MV2:

1. The webRequest API is not on a deprecation path in Firefox
2. Mozilla has no current plans to deprecate MV2 as mentioned in our previous MV3 update

That said, I believe Firefox users have gotten a lot of benefits by having extensions made that work in both Firefox and Chromium-based browsers. I don't believe there will still be as much effort for a Firefox-only extension but I believe there will be a sufficient number of motivated users and developers to still develop blockers and other extensions that take advantage of Firefox continuing to support MV2 and webRequest.

That's one of my main problems with Microsoft at this point. They can make improvements to the underlying technologies (WSL, better security sandboxing, FDE by default on supported hardware, etc) and develop actually decent software (Edge) but then they keep doing things to piss off the users like forced online account logins, the mess they made of the default app selection going from 10 to 11, pre-installed junk, and now this. They just need to get out of their own way and focus on making decent products: ones people want to use, instead of ones they're coerced to use.