this service always made me feel uncomfortable, even the origin of the name “mechanical turk”… an illusion of automation meant to fool others, but really just the hidden labor of a foreigner
You're technically not wrong, but from your tone and wording I think you have a misconception about the machine, or are trying to induce such a misconception in others, to inspire others to take offense at the premise. There was never a Turkish person hidden inside the Mechanical Turk. The "foreigners" inside were a variety of chess masters from Germany, Austrian, French and the UK. Not the oppressed immigrants a modern reader might imagine when speaking of Turks and unspecified foreigners. And I suspect the chessmaster operators of the original Mechanical Turk were not remotely representative of the demographics of modern Amazon MT users. A Frenchman participating in a scheme to bamboozle some Austrian princes is not exactly something worth getting bent out of shape over.
(Furthermore I think in at least some of the cases, the chessmasters were operating the machine in their home country and weren't foreigners at all.)
The name was meant to inspire dread in those playing against it, much like how you know shit has gotten real when you have to fight robot Hitler in an American game.
The name “mechanical turk” comes from a fake chess-playing machine that hid a person inside of it, whom actually operated said machine. So I think the name is quite appropriate for this service.
> Why would it be uncomfortable? Those hidden inside the (original) machine were not exploited by the machine owner
Do you have a source for that assertion? As far as I can tell, several of the chess players known to have operated the Turk had substance abuse (chiefly alcoholism), health, and money problems (the words 'debt', 'penniless', and 'destitute' come up a few times). While not proof of abuse, it does suggest a strategy of recruiting the vulnerable.
In late 1700 and early 1800 Europe being a heavy drinker, having some kind of health issue and/or being penniless were the norm for most of the population. If performing a task because of those issues means being exploited then we must assume that almost everyone in Europe at those times were exploited in one way or another.
I understand what you mean if we judge it from modern western standards, but I don’t agree if we judge it by the standards of that era.
the whole argument is “biometrics are harder than you think to fake, better than nothing, and in a scenario where you’re being physically assaulted a password isn’t much safer”
what’s the issue? he’s not advocating for you to stop using a strong password if you already are, he’s saying people who use nothing should be encouraged to use something… perfect is the enemy of good
You miss another part:
Normalizing the use of biometrics may create situation where you don't have a choice to use something else.
Its similar to phone number verification.
> he’s not advocating for you to stop using a strong password if you already are
Did you read the article? He is exactly saying that acquiring your password (however strong) is in most circumstances much easier than acquiring your fingerprints.
He's not just saying that biometrics are better than nothing, because of course everybody agrees with that - no privacy/security activist ever said 'the police could compel you to unlock your phone with a finger, therefore you should keep your phone unlocked'!
Correct. I'm not saying he's wrong, I'm saying he's irresponsible.
I absolutely want any so-called security expert to always also include the big picture or shut up forever. There's too much confusion and too at stake for people as big as him to isolate personal security from big picture privacy.
I believe that Troy is quite clearly including the big picture, but his assumptions about it may be different than yours - in particular, he's effectively making a point that in the big picture defense from competent adversaries there is no major difference between passwords and biometrics (by providing examples where trying to rely on passwords doesn't help much) and thus discussing those attacks simply isn't relevant for a discussion on "biometrics vs passwords for the common person"; it would be worthwhile to discuss the weakness of biometrics to e.g. state-level actors if and only if the alternative (pin-codes/passwords) is meaningfully different in that regard, and IMHO it isn't as a resourced attacker can e.g. unlock phones without owner's cooperation no matter if you're using a fingerprint or a passcode.
“I smell marijuana” is probable cause… it’s been weakened recently, but probable cause doesn’t have to be proven. “Bloodshot eyes” is another one that works for DUI cause.
when you maintain an open source project you’re inundated with a constant stream of questions from beginners (no matter how much documentation you have), and using docker eliminates some of those questions
if more people donate it seems less likely that anyone would go after individual donors… not the reassurance you’re after, but it might be the best you can get
