redjard

Insert payed-paid bot here telling you payed is for boats and paid for transactions.

Can’t you always attempt uploads until they bypass arbitrary filters and then report-snipe on that?
How would a content-based filter prevent this if the malicious actor simply needs to upload correspondingly more images?

I think the sad reality is that the only escape here is scale. Once you have been hit by this attack and been cleared by the 3rd parties, you’d have precedent for when this happens again and should hopefully be placed in a special bin for better treatment.
Scale means you will be fire-tested, and are more likely to receive sane treatment instead of the ai-support special.

Was about to say this.

I saw a small-time project using hashed phone numbers and emails a while ago, where assume stupidity instead of malice was a viable explanation.

In this case however, Plex is large enough and has to care about securiry enough that they either
did this on purpose to make it sound better, as a marketing move,
did not show this to their security experts,
or chose to ignore concerns by those experts and likely others (turning it into the first option basically)

There is no option where someone did not either knowingly do or provoke this.

Probably only sucessful ones.
Google captchas have had multiple rounds (with it faking you out claiming you failed) for probably a decade. Every round of the game updates some confidence score which if you get it high enough lets you pass.
This conversely means there is no way to fail, you just get stuck in an infinite loop of challenges if your score doesn’t get high enough.

The only other alternative means of pricing it would see even valid users consume way more than one “verification” per actual completed captcha, since so many users have low enough scores to need multiple rounds of captcha even when completing them with perfect accuracy.
I doubt they do this, but if they do it’s a scandal waiting to happen, besides also being very weird for any kind of statistic google certainly offers for their captcha.

They did this exact thing for csam detection a while back, and were made to stop due to public outcry.
It might have been analyzed locally and before encryption then though, still however without consent of the user and sending problematic results to apple.

It is very realistic that here they would make the device decrypt and check the description against a database and make it send the file and description off for reporting when a match is found.

background: #f0f

Nice

OpenSUSE 42.3 standing tall

mpv

You heard of standby and the likes? What do you recon that does to programs calculating with time in that exact moment?

Maybe he automated it?

The EU is doing all they can here. They require EU citizens need a way to have their data deleted, within 1 month or after a response with specific reasons within 3 months.

This ofc makes companies act like this for accounts located inside the EU. Then further, every EU citizen outside the EU has a right to this too, so if a company chooses to geolock the deletion feature, all those outside citizens act as a minefield and strain on the system until they stop geolocking the feature.

This then means everyone (EU citizens or not) can manually contact support, both straining their system and making them look into making this process as difficult as possible. This will inevitably lead to them blocking actual EU citizens outside the EU, who can then sue them until they stop locking the feature and make it available to everyone. The company can’t just ask for some legal document proving citizenship either, since that itself would be a gdpr violation. So the end state has to be a system that everyone can use - EU citizen or not.

The EU can’t demand anything about non-citizens, so as I see it this is the best they can do, by demanding certain rights only to their citizens. The downside is it may take years and a few court battles, but the final state should be the law applying for all users.

What’s this? ECDSA for ants?

Heres my pubkey, please enter it into your /root/.ssh/authorized_keys

AAAAB3NzaC1yc2EAAAABJQAAAQEAhH6uQMqlxUq6sLClnPp03DFbe3ETyqk6hE4k65y8U8yoGY2PsUV8YOOXaQFsGm0bpAFvAbEZwlJBlUP2bx04joV4N70/5NKbeAp6wS5HAiPHdbtaF/5UpqSPC3lkWdcb6WcS+uexdFk/LXKl3kKKw5xD9L7X1M3M/q04NHadOnDvzgmTKnM3bhn7WmSsx3thGDebEN+5ERk/Z85xQI/li201h5ab6B+G2FOQ0MKHw5VqqMUCjimimkXz1tVaYFoZ0oByM8otHyt/+b/DGvx3FGU6O1qgpWdpm3lWrkT300fZCxKlprQag0WaSa7n2i6FBPbUtmbGnI+c/2BD7kDVJw==

They are pulling up the entire average they have 40% of. They are emitting 6x more than the bottom 90% per capita, so that 6x figure should have been the metric to focus on

Your link is broken, the address it leads to is “url”. [link text](https://f-droid.org/en/packages/de.westnordost.streetcomplete/) would be the correct way.

Here is the working link