WTF, they not just made unauthenticated RCE http endpoint, they also helpfully added CORS bypass for it... all in CLI tool? That silently starts http server??
Just play with electronics, Arduino/Raspberry/ESP32-compatible stuff is cheap and available. Lots of information about it. A phone is not that much different from a microcontroller board on a battery.
You don't need conspiracy, you need the incentives.
The state always thinks of self-preservation. Any bureaucrat is aligned to this goal by getting the benefits from the state. So, the more power it has over its citizens, which is the first threat it, the more safe it is and the less opinions of citizens matter.
Understanding this, every citizen must think carefully about giving away more power to the state.
If age check is truly anonymous/zero-knowledge, as in the requester can't identify me, the issuer can't link me to the attestation... why wouldn't someone start selling age verified accounts? Easy money for some 18yo.
If you were writing a script to mass-scan the web for vulnerabilities, you would want to collect as many http endpoints as possible. JS files, regardless of whether they're commented out or not, are a great way to find endpoints in modern web applications.
If you were writing a scraper to collect source code to train LLMs on, I doubt you would care as much about a commented-out JS file. I'm not sure you'd even want to train on random low-quality JS served by websites. Anyone familiar with LLM training data collection who can comment on this?
Often bank scams rely on sending money to another account (obviously registered with an ID), and then being drained at ATM. The account is going to be registered on a drop or another victim. Sure, it's burned after that, but as long as it's an insignificant cost, scamming is still profitable.
The same situation with malware, bad actors are incentivized to put effort into bypassing this, so dev accounts will be registered on random homeless people, stolen IDs, or just fake IDs. While normal developers will choose to give away IDs.
And as always, it starts with 'protect the children/elderly/vulnerable', then that authoritarian country requires Google to give away info on every developer to operate legally, then it's UK and other 'democracies', then you can't run your code on your device without the government approval.
Why/how society should give more protection than people close to you? Why his wife let him go somewhere unknown, knowing about his diminished state?
With all the labels and disclaimers, there can always be this one person that will get confused. It's unreasonable to demand protection from long tail of accidents that can happen.
The preference has been stated thousands of times. There's nothing to debate. They won't give you root and power. The only question is what you will do to change things:
Do you:
- Buy open devices?
- Sponsor development of open devices?
- Start open device companies?
- Develop open software that competes with walled gardens in quality and ease of use?
- Sponsor open software?
- Use open software?
- Engage in lobbying?
- Drop exploits (that would be worth a pile of gold) to let people jailbreak devices?
"Just" don't engage with them. A more technical solution is to make a custom feed that filters out what you don't like.
I have a script that generates an html file, sorting posts to tiers based on domain or keywords. Just as an example the shitty tier posts are now: bbc, wsj, vox, arstechnica; the top tier: itch.io, twitter, arxiv, github. Any posts from rare domains get into top tier, posts from frequent domains to middle tier. So it's mostly sorted to my preferences.
