Agreed, now the fun part of coming up with a legal basis to do so and convincing regulators.
Agreed, now the fun part of coming up with a legal basis to do so and convincing regulators.
I don’t think this requires an act of congress. I think you might see more consumer advocation on the part of FTC (although it doesn’t currently regulate online broadcast), or potentially the CFPB.
Admittedly it’s more likely to see the EU do some regulations, but it all depends on the election.
While I agree, I have a hard time seeing how people will stop using it until the field changes. Maybe in 10 years it will the the MySpace of the sitcom era, but right now it’s still growing. That growth is giving it carte blanche to manipulate the users as it sees fit. Regulation might impact it, but it’s still a bit of a Goliath.
- Compared to 2023, YouTube’s user base has grown by 20 million this year, representing a 0.74% increase. From Global media insights
Also the active user base is 2.7 billion people in 2024 from the same source above.
The alternatives are out there, but just not in the same league.
Yt-DLP and it’s variation (Seal, YTDLnis, etc.), newpipe and it’s variation (Tubular, Newpipe Sponsorblock, etc) already allow you to do this without having to get manual.
[# Systematic Destruction (Hacking the Scammers pt. 2)
Taking on the “Smishing Triad”](https://blog.smithsecurity.biz/systematic-destruction-hacking-the-scammers-pt.-2) g
His blog on the topic if you don’t want the wired summary.
Alternative link non paywalled
If this request worked, it meant that I could use an “encryptedValue” parameter in the API that didn’t have to have a matching account ID.
I sent the request and saw the exact same HTTP response as above! This confirmed that we didn’t need any extra parameters, we could just query any hardware device arbitrarily by just knowing the MAC address (something that we could retrieve by querying a customer by name, fetching their account UUID, then fetching all of their connected devices via their UUID). We now had essentially a full kill chain.
I formed the following HTTP request to update my own device MAC addresses SSID as a proof of concept to update my own hardware:
…
Did it work? It had only given me a blank 200 OK response. I tried re-sending the HTTP request, but the request timed out. My network was offline. The update request must’ve reset my device.
About 5 minutes later, my network rebooted. The SSID name had been updated to “Curry”. I could write and read from anyone’s device using this exploit.
This demonstrated that the API calls to update the device configuration worked. This meant that an attacker could’ve accessed this API to overwrite configuration settings, access the router, and execute commands on the device. At this point, we had a similar set of permissions as the ISP tech support and could’ve used this access to exploit any of the millions of Cox devices that were accessible through these APIs.
Blows me a away that an unauthenticated API with sensitive controls and data was publicly facing. Corporations these days want all your data but wonder why some customers are worry about how it is protected, it let alone if it’s being sold. Why should I allow you to control my hardware when you can’t protect yourself.
While I agree with the sentiment, I have accepted that the simple way to make “things” work now is to leverage the cheap computing that is ubiquitous. That headunit is likely now built on a SoC or some embedded OS and is easier and cheaper because of it.
Functionally we need regulations and safeguards in place that maintain the accountability for making the choice to use and build an OS as a life safety device that also serves Bluetooth audio. If the cost of supporting it, or failing to properly develop it, then perhaps the choice to make it dumb will become more adopted. Other economic forces are more likely to play out, but it’s a possibility that we can reinforce by what we buy and signal.
What are a few? Any good lists?
In technical terms you mean doing an incremental or differential back up to a local network storage location, correct?
This alongside using Backblaze is what I would suggest assuming you are thinking online. Cheap and reliable, also relatively easy via a cron job. https://help.backblaze.com/hc/en-us/articles/1260804565710-Quickstart-Guide-for-Rclone-and-B2-Cloud-Storage
Anyone have the unwalled content?
Looks like industry got what they wanted.
I think they dodged that as well… https://arstechnica.com/?p=1989111
“Android users’ hopes that Apple’s iMessage would be forced to open up in the European Union have been dashed. Bloomberg reports that iMessage won’t qualify for the EU’s new “Digital Markets Act,” allowing Apple to keep iMessage exclusive to Apple users. …”
The link sending is a bit convoluted, but once you figure it out it is a beautiful app.
Article like this explain how they might be trying to look good and yet still do an end run.
I understand this as the California Effect and similarly the Brussels effect. While both do change company policies, I do understand that many companies are going to continues to try and avoid a regulatory ruling as there is so much status quo market loss on the line for them.
This article describes how they’ll be trying to use MOUs with nongovernment bodies to mollify consumers and regulators.
Based on this, it looks like an attempt to negotiate with the consumers “directly” and make it look like they are being active.
…