It’s patched now, but for a few weeks, hackers could VPN close to where your account was made and trick Instagram’s support AI into giving them the keys.

Once it looks like the request is coming from the correct region, they tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control.

[email protected]

“Tried to exterminate all mosquitoes”

is a way better origin story for the end of humankind than all the everything else going on.

Now that they’ve milked the brand dry, my bet is they’ll either:

Let it go bankrupt and walk away with the profits, or

Sell to someone who will use what’s left of the brand’s credibility to drain any remaining suckers hoping for a revival.

Corrected headline: AI gave companies a new excuse to make jobs worse

• A new Surfshark study found that over 50% of the top 15 mobile browsers collect user location data.
• Microsoft Edge, Aloha, Yandex, and Phoenix collect precise location data, with Edge and Aloha openly sharing it with third parties.
• Privacy-focused browsers like Tor, Brave, and DuckDuckGo do not collect app-level location data, proving that continuous tracking isn’t technically necessary.

proving that continuous tracking isn’t technically necessary

This guy is wearing the cyberpunk act two villain starter pack.

I see nothing wrong with someone having two homes.

I do.

I used to get my meals from food pantries and churches.

The rule was: no one gets seconds until everyone’s been served.

If that makes me an evil commie or something, fine. It feels less evil than homelessness and plural homeownership existing at the same time.

The pitch MKBHD seemed to settle on was that Google will probably say, “Yes, we’re taking all of your clicks. BUT, when we do finally send someone to your site, it’s a guaranteed sale.”

Which ignores every part of the internet that isn’t trying to sell you something, but it tracks.

Whether self-hosting stays viable long-term is the real question worth sitting with. Right now it works because Bitwarden’s clients are open source and the server API is public. Vaultwarden implements that API, and the official apps can’t tell the difference. That depends on Bitwarden continuing to publish open source clients and not restricting which servers they’ll talk to — neither of which is guaranteed under new management. The brake on the worst case: self-hosting is a listed Enterprise feature that generates real revenue. Killing it upsets paying business customers. That matters. The catch: what Bitwarden sells to enterprises is their own official server stack, not Vaultwarden. Vaultwarden exists in a space they’ve tolerated but never endorsed. If the calculus shifts, the tolerance ends without any announcement. Just let the API drift until compatibility breaks on its own.

Starting to plan my next migration : Vaultwarden, or completely separate alternative like Psono or AliasVault?

Why did you come back to make this comment?

The Malawi iron man? He’s awesome.

Imagine the things he could have accomplished if he and all the people like him had Burlington, Ontario money, instead of “I had to make this out of scraps” money.

Edit: Bringing up Kamkwamba is pointing at a rags-to-riches story and pretending it’s proof the game is fair.

Crazy the things you can accomplish when your parents have money.

Me, after firing the Cisco CEO: We just made $53 million in revenue!

Short-term, no change.

Medium- and long-term, Bitwarden could cut off access to their clients and go closed source.

Hopefully, Vaultwarden devs take advantage of the early warning and prepare contingencies for if when Bitwarden crosses the point of no return.

BLASTS

“Of course, the problem with this form of social media circulation is that all of the details about the study got stripped away,” Williamson said. “All that was left were the major claims, which certain social media users helped boost and propel. All this helped the paper get a huge amount of attention, even though the findings really were not supported by the underlying research at all.”

Williamson has not been alone in such concerns. When the paper was first published, Ilkka Tuomi, chief scientist of the research institute Meaning Processing Ltd., posted on LinkedIn about the pitfalls of such meta-analysis studies attempting to “draw conclusions about incompatible and ill-defined outcomes” from experimental results involving very different populations. “The only reason to do these studies seems to be that statistics and meta-analysis tools can crunch out numbers that look [like] science,” Tuomi wrote.

I don’t want to “attribute to malice that which is adequately explained by stupidity,” but this seems like exactly the kind of thing everyone involved in publishing this should have been aware of.

If only we’d had age verification back then, Epstein and his ring of sex traffickers would never have been able to abuse those children!

/s

Title made me think NPR was the headquarters

They’re not.

I’m guessing it’s just that websites are an easier target, legally speaking, than VPNs.

The EFF warned that the legal risk could push sites to either ban all known VPN IPs or mandate age verification for every visitor globally.

No worries. They’ll use military-grade encryption.