Ich mag Pfosten.

I like posts.

  • 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: July 8th, 2023

help-circle
  • The text does technically give the reason on the first page:

    It is not a regular language and hence cannot be parsed by regular expressions.

    Here, “regular language” is a technical term, and the statement is correct.

    The text goes on to discuss Perl regexes, which I think are able to parse at least all languages in LL(*). I’m fairly sure that is sufficient to recognize XML, but am not quite certain about HTML5. The WHATWG standard doesn’t define HTML5 syntax with a grammar, but with a stateful parsing procedure which defies normal placement in the Chomsky hierarchy.

    This, of course, is the real reason: even if such a regex is technically possible with some regex engines, creating it is extremely exhausting and each time you look into the spec to understand an edge case you suffer 1D6 SAN damage.


  • The cookie consent rules appeared 2009, and consent was made more strict in 2018 with the GDPR.

    EU bodies such as the WP29 data protection board had been writing since at least 2014 on the need of reform because the cookie consent rules are onerous in practice. Everyone wants reform.

    So there was (is?) an effort to replace the ePrivacy Directive with a shining new ePrivacy Regulation that would also harmonize it with the GDPR. At the time, it was hoped it could come into force together with the GDPR in 2018. This regulation would have allowed the use of some cookies without consent, even when not strictly necessary.

    But the proposed regulation is disliked by both the data protection side and the industry side, because it changes the existing balance. It was heavily lobbied against by Google and others, and never got ready enough for a vote (report from 2017, and in 2021 the NYT reported on internal documents where Google boasted that it successfully slowed down any progress). Every year someone in the EU tries to pick it up again, but always there’s something more important and it gets dropped again. I guess the effort this article reports on will falter as well.

    Some silver linings though:

    • Because responsibility for enforcement for cookie consent currently differs from GDPR stuff, clever data protection authorities like Belgium and France have been able to issue fines against big tech companies without having to involve their extremely industry-friendly Irish colleagues.
    • Subsequent lobbying has not been able to prevent improvements on other aspects, e.g. Digital Markets Act and Digital Services Act, the latter of which also forbids Dark Patterns. However, these Acts primarily affect very large companies, not the average website.

  • For a project like Signal, there are competing aspects of security:

    • privacy and anonymity: keep as little identifiable information around as possible. This can be a life or death thing under repressive governments.

    • safety and anti-abuse: reliably block bad actors such as spammers, and make it possible for users to reliably block specific people (e.g. a creepy stalker). This is really important for Signal to have a chance at mass appeal (which in turn makes it less suspicious to have Signal installed).

    Phone number verification is the state of the art approach to make it more expensive for bad actors to create thousands of burner accounts, at the cost of preventing fully anonymous participation (depending on the difficulty of getting a prepaid SIM in your country).

    Signal points out that sending verification SMS is actually one of its largest cost centers, currently accounting for 6M USD out of their 14M USD infrastructure budget: https://signal.org/blog/signal-is-expensive/

    I’m sure they would be thrilled if there were cheaper anti-abuse measures.


  • This article is ahistoric and unnecessarily conspirational.

    Signal and its predecessors like TextSecure have been run by different companies/organizations:

    • Whisper Systems
    • Open Whisper Systems
    • Signal Technology Foundation (and its subsidiary Signal Messenger LLC)

    Open Whisper Systems received about 3M USD total from the US government via the Open Technology Fund for the purpose of technology development … during 2013 to 2016. Source: archive of the OTF website: https://web.archive.org/web/20221015073552/https://www.opentech.fund/results/supported-projects/open-whisper-systems/

    The Signal Foundation (founded 2018) was started by an 105M USD interest free loan from Brian Acton, known for co-founding WhatsApp and selling it to Facebook (now Meta).

    So important key insights:

    • It doesn’t seem like the Signal Foundation received US government funding. (Though I haven’t checked financial statements.)
    • The US government funding seems to be a thing of the fairly distant past (2016). The article makes it sound like the funding was just pulled this year.
    • The US government funding was small compared to Signal’s current annual budget. It was not small at the time, but now Signal regularly makes more from licensing its technology than it regularly received from the US government. According to ProPublica, Signals financial statements for 2022 indicate revenue of about 26M USD