At the next day... there were no politicians left. 😁

I think the idea of WorldCoin is to have a "wallet" linked to a single physical person, then you can sign any work with your key, that you got by proving you are a real person.

IMHO, the coin part is just a hype element to get people to sign up for the password part.

As for ActivityPub, I don't see how it helps with anything. An organization vouching for something, can already post it on their web, or if they want a distributed system, post it on IPFS.

How would that work?

AIs learn from existing images, they could just as well learn to reproduce a tattoo and link the pattern to a person's name. Recreating it from different angles, would require more training data, but ultimately would get there.

I'm guessing it should've been trained on more pattens, and increase that temperature a bit.

To be somewhat creative, it should have a large training set, and an iterative approach to the output. From the looks of it, this one is just a single step LLM, picking design elements one by one.

While I don't think training on hidden data, or without the author's permission, is particularly great... won't the next article be "AI discriminates against races/cultures/ages" when this data gets removed from the training set, without being replaced by equivalent authorized photos?

Not sure what to make out of this article. The statistics are nice to know, but something like this seems poorly investigated:

AI overview answers in Google search that tell users to eat glue

Google's AI has a strength others lack: not only it allows users to rate an answer, but it can also use Google's search data to check whether people are laughing at or mocking its results.

The "fire breathing swans", the "glue on pizza", or the "gasoline flavored spaghetti", have disappeared from Google's AI.

Gemini now also uses a draft system where it reviews and refines its own initial answer several times, before presenting the final result.

That's the idea behind OpenAI's Worldcoin.

I'm going to guess the "mod = hack" comes from people adding mods to the client, to do things like change textures to make them partially transparent, letting them see the enemy before they see them.

This stems from online games having to send an enemy player's position and expected movement, before they do it, so the user's client can render it in time. That means enemies get spawned into a client scene before the user sees them, then the client manages visibility,.and sends the user's actions so the server can determine the results.

Making walls partially transparent on the client, allows things like predictive aiming to shoot at an enemy just as they become partially visible but before they can see you on their client with opaque walls, giving an unfair advantage.

Other mods would allow a client to automatically parse the enemy's position, auto aim and auto fire. They aren't hacks as long as they use the game's official API for mods... and some games did expose that data to mods, making unfair mods possible.

Some apps have multiple pages, some have a map, some show different timespans of weather predictions with different data, some show photos of places, some allow selecting multiple places but show them differently, some show maritime weather, and so on.

There is a limited amount of creativity, but a properly "creative" AI, should not keep repeating the same design pattern over and over.

Apple has copyrights on the looks of every element, and patents on the way they interact. Aldo trademarks, but I doubt they apply in this case.

Some patents may have expired (good thing they don't last as long as copyrights), some they may not bother to defend (litigate) against small users.

In this case, Figma's AI seems to repeatedly follow Aple's design too closely.

Keyboard and mouse... but the Steam Controller is cool too.

Other than that, any PS clone. The long thin horns fit my hands better than others.

Thank you for publishing it under a permissive license.

Screenshot for reference?

Option to change it to any flag?

Using the term "freeware" is silly, but consider this:

Is the act of reading/watching something, equivalent to making a copy? Freedom of thought is an agreement much older than the 1990s, it has nothing to do with copyright, and all to do with secrecy. If something is made public, then it isn't secret, so obviously anyone can read/watch it, be it with a wetware neural network, or an AI neural network. Making an exact copy is either plagiarism, or copyright infringement... but abstracting a style, then applying it to some other data, is "inspiration".

Imagine a website with a licensing disclaimer like "you are allowed to read the content, but not to comprehend or express any thoughts based on it". Nonsense, right?

Can't beat sandpaper textured concrete.

The overall data flow works the same, but Google has its own ad network, Google Ads.

Analytics showcases to any webmaster what are Google's data gathering capabilities, Trends showcases comparative segmenting capabilities, while Ads, GA360, and Google Cloud, are what they try to sell.

Google doesn't publish website statistics, because they don't want to sell a tool that would enable website owners to shop around for different ad networks.

That... depends.

Lemmy is just a carrier software, its license has nothing to do with comments.
Instances however, each have their own TOS and can enforce license controls.

Ideally, all comments should have a "license" field, so stuff like instances with ads on them, or subscription-only instances, or CC0/CC-AS only instances, could inform other instances of their rights, and avoid comments that don't meet their policies.

I haven't done sandbox detection for some years now, but around 2020, it was already "difficult" as in hard to write from scratch... yet already skid easy as in "copy+paste" from something that does it already. Surely newer sandboxes take more stuff into account, but at the same time more detection examples get published, simply advancing the starting point.

So maybe TikTok has a few people focused on it, possibly with some CI tests for several sandboxes. I don't think it's particularly hard to do 🤷

There is some irony to be had, in discussing this stuff on a page that starts by asking me to login, then to be good and disable my ad blocker, only to proceed with keeping half the text of the article as images so you can't copy+paste it... and even all the comments!

Anyhow...

https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/?utm_source=twitter&utm_medium=social&utm_campaign=organic

😈 Thanks for telling us where you got the link from, I didn't really care. 😁

Static backup (possibly): https://archive.is/UD2SA

*Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)

Check out: https://amiunique.org/fingerprint

No app needed!

Using that as a baseline... the CPU type, memory usage, disk space, etc. are some extra data points freely available to all apps.

A developer can distribute an app with multiple versions, some targeting more modern and capable devices, some older and more limited. It's a feature, not a bug!

*Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)

This is overreaching for an app that has nothing to do with managing other apps. Still, you may want some app with those capabilities... so let's call it "sus".

*Everything network-related (ip, local ip, router mac, your mac, wifi access point name)

Your IP is... well, you're using it to connect, they will see it, duh.

The rest is overreaching and comes into PI violation terrain, but can be used for geo location... the OS does it, that's the data it uses to fine-tune the GPS's location.

*Whether or not you're rooted/jailbroken

Typical feature for banking ad DRM protected apps. Nothing to see here.

*Some variants of the app had GPS ping- ing enabled at the time, roughly once every 30 seconds - this is enabled by de- fault if you ever location-tag a post IIRC

Best answered by a comment [1] (SEE BELOW).

TL;DR: more DRM stuff.

*They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

This is somewhat sus, but a local proxy by itself, doesn't mean any sort of risk, or that it could be exploited.

For example, Tor can be accessed using a local proxy (although VPN mode is safer).

The scariest part of all of this is that much of the logging they're doing is remotely configurable,

Not exactly. It's how feature flags, and remote testing/debugging works too.

and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function.

This is worse (why do they use a custom OLLVM fork?), and obfuscation usually means they have something to hide. It's the opposite of security for the user.

They have several different protections ir. place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you're trying to figure out what they're doing.

Not good, but unfortunately allowed. That behavior is shared by both DRM protected software, and malware.

There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.

False.
There are two legitimate reasons: plugins, and DLCs.

It can be used for shady stuff, but is also a "feature, not a bug".

On top of all of the above, they weren't even using HTTPS for the longest time. They leaked users' email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don't forget about users' real names and birthdays, too. It was alllll publicly viewable a few months ago if you MITM'd the application.

Well, that's just stupid, there is zero reason to send data unencrypted.

They encrypt all of the analytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can't see what they're doing.

Ehm... this is the correct behavior. See previous point.

They also made it so you cannot use the app at all if you block com- munication to their analytics host off at the DNS-level.

Sus... but see the introductory part of this comment. Should boredpanda also be banned?

TikTok put a lot of effort into preventing people like me from figuring out how their app works. There’s a ton of obfuscation involved at all levels of the application, from your standard Android variable renaming grossness to them (bytedance) forking and customizing ollvm for their native stuff. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it’s more complicated and annoying than most games I’ve targeted,”

This is bad, and a reason to use FLOSS apps... but since it's been an accepted behavior for Privative Software, along with DRM... don't blame the player, blame the game.

No, seriously, blame the DMCA and friends. There is no way to at the same time "enforce DRM, keep a copy of all keys at a trusted third party, and keep users secure"... so the current situation is "you get none of those".

---

[1]

sr71Girthbird 39 points 1 day ago

Not OP but I work at a company providing video infrastructure, and one of our products is an analytics suite. It provides all the data he men- tioned and ton more. Turner, Discovery, New York Times, Hulu, and everyone's favorite company, MindGeek all use our Analytics, among hundreds of other large customers. Specifically where this guy says, "Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds" that's called a heartbeat. The app or video player within the app has to have a heart- beat so that the player can detect if a viewer is still watching video etc. Our analytics + video player services send a regular heartbeat every 8 seconds. It definitely pulls in your exact location.

an article about Xi Ping's government warning about USAian surveillance

Not possible. The CCP doest "warn", it orders to block the app/site/word/photo, and it never existed. Anyone daring to say that it did, or to warn of stuff the CCP didn't say, gets imprisoned or worse (see: the doctor who dared to warn abot COVID, instead of following CCP's truth).