It has come to my attention that many of the people complaining about #Firefox’s #PPA experiment don’t actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it

The documentation under the “Learn more” link next to the “Allow websites to perform privacy-preserving ad measurement” checkbox in Firefox preferences explains very clearly what it is and how it works. Asserting that people who read that and are indignant about it being enabled by default just… “don’t actually understand” it is absurdly insulting and basically gaslighting.

Why Can’t Robots Check “I’m Not A Robot”?

They actually can: https://nopecha.com/ is one of several services which apparently reliably solves them automatically. They give you 100/day for free, and if you need more it’s just $1 for 60000 - two orders of magnitude cheaper than the human-powered captcha farms which have been in business since captchas became popular. Captchas don’t stop bots, they just keep out the amateurs.

(I haven’t tried this service and certainly don’t endorse it; I notice their website uses cloudflare and fully blocks Tor - no captcha is even offered 🤡)

adding all compiled file types including .pyc to .gitignore would fix it

But in this case they didn’t accidentally put the token in git; the place where they forgot to put *.pyc was .dockerignore.

It seems to me that switching SIMs provides little privacy benefit, because carriers, data brokers, and the adversaries of privacy-desiring people whom they share data with are obviously able to correlate IMEIs (phones) with IMSIs (SIMs).

What kind of specific privacy threats do you think are mitigated by using different SIMs in the same phone (especially the common practice of using an “anonymous” SIM in a phone where you’ve previously used a SIM linked to your name)?

At my workplace, we use the string @nocommit to designate code that shouldn’t be checked in

That approach seems useful but it wouldn’t have prevented the PyPI incident OP links to: the access token was temporarily entered in a .py python source file, but it was not committed to git. The leak was via .pyc compiled python files which made it into a published docker build.

oldie but goodie

the original tweet (nitter)

this isn’t remotely how this meme is used lol

wikipedia articles about him have been deleted twice:

• https://en.wikipedia.org/wiki/Wikipedia:Articles_for_deletion/John_M._Dougan (2016)
• https://en.wikipedia.org/wiki/Wikipedia:Articles_for_deletion/John_Mark_Dougan (2019)

fwiw /c/linux@lemmy.ml is pretty active and (imho) reasonably moderated :)

Are they really related?

Yep. Also . . . 😬