Can’t wait to have Google’s telemetry injected into my Linux apps
The price gouging will continue until morale improves
It’s something that literally every dev has done at some point before they knew better.
If you’re working for a multinational tech company handling sensitive user data and still make this mistake, then you are being malicious in your incompetence. This is something that would cause you to lose a significant amount of marks on a first year college programming project, let alone a production system used by literally billions of people.
that logged unencrypted password data
Why the fuck would you need to log a password ever? This is absolutely malice and not incompetence.
Hanlon’s Razor revised: Never attribute to malice what can be attributed to incompetence, except where there is an established pattern of malice.
Does anyone remember an article/interview a while back where Mark Fuckerberg shamelessly admitted that he chose not to hash passwords in the original Facebook codebase specifically because he wanted to be able to log into his users’ other accounts that use the same password? I swear I remember reading something like this but now I can’t find it.
Anything that was designed be exploited was designed that way for a reason. You think Intel isn’t aware of the security issues with how they designed their CPUs?
The gyroscope can record your speech: https://crypto.stanford.edu/gyrophone/files/gyromic.pdf
And no OS requires permissions for apps to access your motion sensors.
If you’re not allowed to modify it, it’s not open source.
Additional reminder that Google not only records your location minute by minute, they also record your motion activity through your phone’s gyroscope and know exactly what you’re doing (walking, running, biking, driving, playing sports, etc). You can view all of this in your history. It’s genuinely infuriating that they can get away with this.
You can turn it off in your settings, but as with any proprietary software you can never be sure that they’re not still doing it (why wouldn’t they? that’s just leaving profit on the table)
This video from a security researcher says that pretty much every software that uses WebP was affected though, and once the issue was discovered, Google made commits in their own codebase to “fix” it. Which suggests it’s an issue with the upstream source code that Google provided to everyone else.