Comment by a2128
2 days ago
It's our own fault for making the internet such a confusing Kafkaesque maze. Click this button, click that button, sign in to confirm you're not a bot, select the traffic signs, select the items that a rat would not eat, solve this maze to prove you're a human, type out the numbers hidden in these demonic noises, provide your phone number to prove you're real, compute proof-of-work, download this browser if you're having issues... The line between fraudster and modern tech company is honestly not clear anymore and especially not for people who don't care much about tech and just want to access something
Evolution is messy and guided by random occurrences.
Early in the internet days I had ran an open SMTP server for a few years before it was used as a spam relay. The web browser didn't have a security model. Online shopping was going up to a site, writing what you wanted on paper, then mailing off a money order.
Then both fraud and useful things like actual online shopping started happening while the size of the web exploded. Masses of people with no technical capability were getting online. And that's before we got to the age of social media and massive data collection.
Simply put we didn't make the 'web' part of the internet, some people tossed it out as a child and it's been a tooth and nail fight for survival ever since, patching itself up one vuln at a time.
never mind the fact that half these captchas are just excuses for orgs to sneakily extract some reinforcement learning data from you. last time I tried to sign into my microsoft account it made me do 6 captchas. SIX. not six like I failed 1 captcha six times, six like each captcha was iteratively marked i/6
Most of the time you get captcha failures like that it's because you're also doing things that are good for your security like blocking all kinds of 3rd party bullshit. I've had to do things like turn off adblock on a page to get past the captcha before turning it back on.
1 reply →
It's not just the captchas either, the "this GPS app needs access to your location" or "this photo taking app wants access to your camera" style pop-ups don't help either.
If you learn once that clicking "deny" in a notification pop-up means your phone doesn't ring when your grandson calls you on Whats App, you won't be clicking "Deny" in those pop ups any more.
I genuinely don't know how to solve that problem, and I definitely see non-technical family members struggle with it.
The silly thing is, it was known before all these permission pop-ups were created that users will simply press "Yes", "OK", "Allow", "Agree", etc., on every dialogue they see simply in order to get rid of it. Many people -maybe even most people? - just see them as needlessly getting in the way of where they actually want to be.
So, given that we knew that, why the hell did we create more?
Because there’s no good alternatives IMO.
Auto-deny leads to a lot of unexpected and broken behavior, and most users aren’t going to know where to go to enable that type of stuff.
But auto-enable is even worse: because malicious actors can get permissions they shouldn’t. In fact, even with mainstream applications, most of the permissions they ask for they don’t need to operate - they’re just used for tracking and data exfiltration.
So ask every time has been the solution and it works okay. iOS actually does a good job with this. For suspicious permissions, such as accurate location data all the time, it periodically re-prompts. It’s annoying, but it can catch a lot of suspect behavior. There’s shockingly little apps that need your exact location when the app isn’t open.
…but don’t click this button.
[flagged]
Yes, you can. You would be wrong, though.
[flagged]
Malicious compliance is usually intentional, yk?
Nope. We can blame companies for deliberately implementing the requirements in the most inconvenient (and usually actually non-compliant) way possible, to make it an unpleasant process to disagree, and all too easy to accidentally agree, to being stalked by hundreds of "partners".
You can blame anyone, really, but try to think about it this way: when a 5-years old child drives a car into a wall, you don't blame him, you blame the responsible adult in the passenger sit that says: "it's fine, go ahead, drive this car".
Or we can blame the literal scammers and other degenerates that lead businesses and have forced jurisdictions like the EU to implement these?
We've JUST unearthed yet another scandal from Meta, where they've been, surprise surprise, spying on people on Android. Cambridge Analytica, Yemen and countless other examples, all from this 1 company. And we're blaming the EU for trying to do anything against them, and not scumbags like Zuckerberg?