If donator's blood has same concentration of pfas as recipients, the recipient's concentration does not change! Also, the recipient has probably just lost blood, so total amount of pfas won't change either, and taking into account that people that donate blood do so often with some regularity, the donators blood actually is likely to have less pfas than the recipients original blood.
Some companies have a "law of two feet" regarding meetings. If it isn't a productive use of your time, you can leave. This is obviously very dependent on culture, and you're being trusted to make the judgement call.
There are such sensors, listening to thermal noise, right inside most CPUs https://en.wikipedia.org/wiki/RDRAND It's a question of trust. Do you trust that Intel (or whoever builds the physical RNG) didn't build a backdoor, a secret predictability?
Maybe it's safer to build your own.. or combine several sources (like linux kernel does).
I don't see any problem with an INTEL on-cpu-die random number generator based on Johnson noise. What level of concern would someone have to have to NOT trust that?
If it's even remotely an issue there are dedicated hardware sources in various form-factors like PCIE or USB. They're pricey but at least you can vet what your getting if that matters so much.
Are there any real-world accounts of people getting pwned because of a bad pseudo rng?
A thermal noise-generator is fine from a physics perspective. I think that people maybe can't verify what's actually on the die.
How much do we trust what we're told about the circuit? Does its interface talk to that noise-source all the time? Or is there a cutaway inside that maybe jumps to a seeded PRNG in response to a special memory-write? Would you know if it did?
I'm not saying that RDRAND is backdoored. I've got no reason to assume that it is. But it would also be very hard to prove that it -isn't-. If I was doing something where I actually cared about the quality of my entropy, I might not want to just take Intel at their word.
Sleep more at night time. Go running. Start a side project, preferably something with easy to achieve, yet rewarding steps. Work with it hour or 2 per day, just for pleasure.
All this "do you agree to this and that" nonsense could be avoided by "inversion of control": instead of sites asking users whether they agree to this 100 page document, websites should be legally bound to listen and honor directives that users give about the data the sites gather.
For example, for cookies, legally force, with the cookie (with a standard protocol), transmit of "intent", like cross-site tracking, whether it is used for advertisement or something else, whether it may be shared with third parties, etc. Then the browser would simply not accept cookies with intent the surfer disagrees with.
Another possibility is, that the browser could, in a standard header, with a bunch of standardized flags, tell what the site may or may not do with the data they gather about the surfer.
> Another possibility is, that the browser could, in a standard header, with a bunch of standardized flags, tell what the site may or may not do with the data they gather about the surfer.
There was a W3C standard called P3P which is similar to what you describe. It was implemented by Internet Explorer, but fell into disuse long before cookie notices became common. Bringing back something like that would be an improvement over having to deal with cookie banners per site.
In an international internet, how would any non-technical requirement get enforced? Legal is easy to skip. Just run the website by a subsidiary housed in a less regulated country.
Isn't that just an "in theory" though? In practice, a ton of sites have these cookie warnings because the EU mandated them. If a large enough legal body mandated that websites obey prescriptive privacy statements from their users, most legitimate sites probably would.
The same way GDPR is enforced. Given the cookie popups I'm seeing everywhere, it doesn't seem to be toothless.
Realistically, if the EU were to impose such a rule, then any ad company doing business in the EU would have to follow it. Thus, any web site deriving any significant revenue from EU advertisers would have to follow it. I'd strongly assume that it's not possible to effectively monetize EU eyeballs without EU advertisers. Of course, anything operated by a EU company or hosted in the EU would also be subject to these rules.
While some local US news would certainly take the "we block all traffic from the EU" approach to avoid dealing with it, the advertising and tracking landscape would quickly and drastically improve.
If now, for example, California would also decide to copy these rules, this would very quickly be the worldwide standard.
A much more naive version of this, the Do Not Track header, was removed from major browsers (partly) because it was actually being used for fingerprinting. I strongly suspect a less naive version would be subject to more abuse: as it gets more granular it becomes a fingerprint all on its own.
I understand that you’re suggesting pairing it with legal force, but I also highly doubt that would or could be effective in any kind of consistent way.
I think another reason Do Not Track failed is that advertisers (e.g. Google) didn't like it. Microsoft setting Do Not Track on by default in Internet Explorer was likely the death knell.
The on-by-default setting was technically a violation of the standard, which meant that participants felt they could ignore the setting for IE, which didn't help the initiative for sure.
The industry-led-initiatives are all basically bad, for the obvious reasons. So many of them amount to telling ad networks whether or not the massive amount of data they have collected about you should be part of the consideration for what ads to show (for now) — many offer no possible way to opt out of recording and storing such data in the first place.
This is a situation where legislation is probably the only answer.
>The on-by-default setting was technically a violation of the standard
A standard written for advertisers by advertisers. This is the problem. There are technical solutions, but the biggest advertiser (Google) makes the browser. This is the same as "the revolution will not be televised." The adversary controls the medium.
Attach it with legal force and money, as in allow users to sue for violations, and explicitly permit class actions with the definition of class (all people similarly situated; definition frequently abused by defendants) to be anyone with a browser.
Needs more work,, but the concept is that it needs to incentivize developers to develop track-the-tracker technologies that will catch violators, which then leads fairly directly to a profitable private suit (instead of relying on the overworked govt bureaus to do it).
For example, for cookies, legally force, with the cookie (with a standard protocol), transmit of "intent", like cross-site tracking, whether it is used for advertisement or something else, whether it may be shared with third parties, etc. Then the browser would simply not accept cookies with intent the surfer disagrees with.
And then you get Facebook spending millions of dollars taking out full-page ads in newspapers telling people that you are an evil demon who kicks puppies and hates small businesses.
(Ever notice that when Facebook wants to reach the most people, and the most important people, it uses newspapers, rather than its own platform?)
I guess that proves his point - Facebook itself admits how worthless their advertising platform is when it come to influencing important/powerful people.
One doesn't exclude the other. Facebook is incredibly valuable.
If they wanted to, Facebook could target directly 1:1 to decision makers on their platforms with their own data. It would probably be creepy though instead of just doing a blanket all of DC type promoted post.
Personally, I find that this [0] doesn't break many sites at all, but messes with cookies to an appreciable extent. Combine this to an extensive use of that [1] and clearing your cache and cookies every day, and I think you're in decent shape while some heavy and heavily lobbied government body inches towards doing something about it.
I went a step further and installed Temporary Containers. Unless the domain is a special one (and goes in a long-lived container), a new tab cannot share any content with other tabs. Whenever the tab is closed all site-related content is removed.
It's still a bit wonky because some sites do redirections, and it's not properly caught (unless there's some option I missed)
The next step is to disable _all_ cookies, even first-party, by default (unless I have a special relationship with the domain of course). It's working surprisingly well and I believe this should be the default.
I did this too. Another pain point I've found is when logging into websites with github or other oauth provider requires grouping that website in with the services perminent container.
You’re on the right track. Browser makers should be on the users side and websites should have to honour users preferences which are configured and sent to sites in the headers.
No one wants to be tracked though but they want the website to work. “All cookies” seem to play with that line. Don’t track me but allow website to work must be enforced on the client side. It’s what we do with uBlock origin and things in the like.
They are required to have a button to let you manage preferences, and are required to allow you to disable all cookies that aren't necessary for the site to function.
So, on any GDPR cookie banner I always click the smaller "manage" link instead of the "accept all" button. On the manage page, disable every option provided, then close the modal. I've never had a site that offered this kind of banner break in any way because of the disabled cookies.
You probably have had sites that either had no such options, or stuffed some tracking into required/legitimate interest/essential sections and tracked you anyway however.
This is more clicks, is often broken, and even if the button exist it may be tiny and hidden at the bottom of the list of all partners.
If I just clicked a link to a random article from search or social media, I'm not spending a full minute getting past the prompt on a website I'll probably never visit again. I'll click accept, and make sure my browser is loaded with all possible privacy extensions so none of it works.
> all cookies that aren't necessary for the site to function
You know what is necessary for a site to function? Revenue. Therefore advertising cookies are necessary for the site to function and we shouldn't need these banners.
Very clever, everyone else who didn't want to comply with the rules had the same thought.
However:
Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects [1]
Section 3.3, Paragraphs 51-53:
> 51. Online behavioural advertising, and associated tracking and profiling of data subjects, is often used to finance online services. WP29 has previously stated its view on such processing, stating
> > [contractual necessity] is not a suitable legal ground for building a profile of the user’s tastes and lifestyle choices based on his clickstream on a website and the items purchased. This is because the data controller has not been contracted to carry out profiling, but rather to deliver particular goods and services, for example
> 52. As a general rule, processing of personal data for behavioural advertising is not necessary for the performance of a contract for online services. Normally, it would be hard to argue that the contract had not been performed because there were no behavioural ads.This is all the more supported by the fact that data subjects have the absolute right under Article 21 to object to processing of their data for direct marketing purposes
> 53. Further to this, Article 6(1)(b) cannot provide a lawful basis for online behavioural advertising simply because such advertising indirectly funds the provision of the service. Although such processing may support the delivery of a service, this in itself is not sufficient to establish that it is necessary for the performance of the contract at issue.
That's great and all, but then they're blatantly violating the clearly written rules of GDPR.
I'm an American citizen, so I have no real recourse with that, but their European citizens can bring the case to a regulator and they could very well be fined.
That interpretation goes against the spirit, and the very plain letter of the GDPR regulations.
I mean, they rightly wouldn't accept the argument, because it's a poor argument given the protections that Europe has decided should exist for the privacy of individuals.
I happen to agree with the European values more than I agree with your values.
My data privacy should be a more important and more fundamental right than your ad revenue.
what about an even simpler mechanism - a website offers cookies to the browser, and the browser can choose to either store or not store that cookie. if the browser chooses not to store the cookie, it's up to the website to inform the user that their browser has rejected the cookie and explain what functionality won't be provided.
Would making all HTTP requests embed a header with a CCPA / GPDR claim be binding? It is as verifiable as any request through their form... its my original connection, so if they associate tracking data with me then they must associate this with me as well. Businesses should agree to my terms to make socket connections to me, else I should be able to see them in court. Proliferation is one way to end the modern shitty tracking madness.
> x-ccpa I do not consent to the sale or disclosure of my personal data and demand the deletion of my personal data per Californa CIV 1798.120, 1798.121, and 1798.105
At a basic level, you shouldn't have to declare that you haven't agreed to something. You have only agreed to it if you actually do something to agree to it. The only advantage this could possibly have is if the web sites stop asking you to agree if you tell them in advance that you won't. However, I can't see that it would be illegal for them to ask anyway, so they will.
Secondly, this is another thing that would be used to fingerprint the web browser.
We sometimes like to pretend that if a law is in force somewhere, it's in force everywhere, but that isn't the case. Otherwise, I'd be in serious trouble for saying I support Hong Kong independence. So you're creating these massively granular permissions and then passing some law, somewhere, saying they can't be used to fingerprint, but that's precisely what they will be used for everywhere the law isn't in force, which will likely be most of the world.
I said the same thing in a recent thread about cookies, and someone pointed out that there had been some kind of proposal along these lines, but it hadn't gotten any traction. I don't recall the name of it tho. (it wasn't Do Not Track, it was more complex, where cookies had some kind of "intent"/category associated with them).
eventually all sessions will have to operate like they are in a private window keeping the cookies permanently isolated to the host site visited and quarantine any third party cookies perhaps even find a means to spoof them.
in effect our browsers will need a db type tech to manage cookies and only serve them back when appropriate. a lot of what sites want to preserve for us; log in and such; can easily be done without cookies
Take a look at Global Privacy Control (GPC) which aims to do similar to what you’re describing, and is legally binding under CCPA and could be under GDPR too: https://globalprivacycontrol.org/
The more "disentangled" the world is, the less there is incentive to avoid direct confrontation (war). If economies are disentangled, economic area A can grow by taking resources of economic area B by force. If they are entangled, using force just hurts everyone.
If the playground is not even, introduce rules to even it out. Do not shut out.
While I understand the concept it hasn't always borne fruit for example in the case of ww1. Sure Eastern Europe was less coupled but that wasn't true of western Europe.
I think too much emphasis gets placed on the material, it is the basic needs of humans after all. However many peoples material needs are satisfied to a absolute basic level already, after that there is diminishing returns.
Take my home of Northern Ireland. In the current state most people have absolute coverage of material needs. Yet there is a fairly large cohort of young that join military groups. In fact one of fundamental problems is a lack of purpose, an immaterial concept with no inherent value.
Europe became peaceful during a stage of existential threat of Soviet invasion. In that Western Europe had a purpose.
Maybe training with actual bottom-line utility function would have shown some use case, that is, instead of MCC you would have predicted whether sending a person to change the drive now before it fails would cost less than letting it fail and cleaning up afterwards.
But if the drives are part of redundant array, it would be almost always cheapest to let them fail.. and if large part of failures are asymptomatic, you need the array anyway for critical stuff, so I suppose it's a useless exercise.
I think you are mixing weather and climate. Climate is long term average of weather (directly from definition of word "climate"). Weather is very hard to predict 2 weeks ahead. Climate is stuff like "average rainfall in march in past 50 years". Some processes affecting climate may also be chaotic, but they are slow (by definition, otherwise they would be part of weather), and so I don't think 500 years is beyond speculation at all. Glacial periods have lately been around 100000 years, so 500 years to future we are not going to be much more or less glacial than we are now.
Rapid rises of temperature have coincident with mass extinctions before. Climate for past 10000 years have been remarkably stable, but is dependent on stable ecological processes (see Attenborough latest documentary on Netflix).
