So... the electric company can't become a monopoly because you can spend the money and effort to create your own electric company? How can that not be said for anything anywhere that becomes an obvious monopoly?
In addition to the non-cookie fingerprinting mentioned by others that can happen, there is a loophole in the GDPR cookie control legislation that allows "legitimate interest" cookies to continue to be placed and tracked when you click Reject All.
You have to edit your cookie preferences for the site (assuming they provide the option) and deselect Legitimate Interest cookies proactively in order to block them.
This recent write-up on Reddit alerted me to this information:
This is wrong. Cookies are covered by ePrivacy, article 5(3), not GDPR. There are two regimes for cookies: strictly necessary ones, and others, requiring consent. The fact that disabling “legitimate interest” cookies does not break the service should tell you that they are not strictly necessary.
GDPR enters the picture when cookies are used to identify users. And using the “legitimate interest” basis for ad purposes is illegal, and instead will require consent. Adtech is just hoping that users won't notice and lodge a complaint.
I have somehow never gotten around to throwing away the box of ancient floppies I've got in a closet from ages ago, and the Windows 95b (OSR2) installation disks I made were still in it, complete with custom color printed labels I splurged on.
The media I copied from took up 28x 3.5" HD floppy disks. It's possible they were copied from what was originally a CD-ROM. I don't remember clearly anymore.
Note: I'm not trying to refute or correct your 13-disk figure, which was clearly a different installation set, and likely original Windows 95 rather than my OSR2, which came out around 1997.
I am a layperson, so the answer is probably painfully obvious, but why can't e-mail have TLS-style key exchange, where the sender's server gets the public key from the recipient's server and encrypts the message with it before sending it over?
The recipient could keep their private key secure so that only their client could decrypt the messages, and take the risk of losing access to those messages if they lose their private key.
Or they could let their provider hold onto a copy of the private key so they don't ever have to worry about losing it, with the trade-off that the provider could decrypt their e-mails.
But either option requires zero user interaction on the sender's or recipient's part past "login and send" or "login and receive", while limiting decryption to the recipient and maybe their provider.
You could, but you're dropping the qualification of end-to-end encryption.
Brainstorms of a (mere) hobbyist:
Some might reason that that yields additional hardening to traditional TLS-enabled webmail applications.
On the other hand, that is more architectural design and work shifted away from the endpoints (and wasted, complex efforts with no added benefit if improperly implemented by the provider).
The provider can serve key escrow and still have the end-user application perform the encryption, which may or may not technically qualify. It certainly wouldn't fly without skepticism in a popular service/standard.
I haven't looked into it deeply enough to present a confident statement either way.
Why can't somewhere.com have the public key for user@somewhere.com and serve it to other e-mail providers on request?
Letting one's provider hold onto the private key doesn't provide the same level of security as the user being the only one with it, but it's a helluva lot better than not bothering with encryption at all.
Private keys can also be protected with a password, right? So the provider could have a copy of the private key but not the password to utilize it. The user would just have to never forget the password as opposed to never losing their private key to a hard drive failure or whatever.
> Why can't somewhere.com have the public key for user@somewhere.com and serve it to other e-mail providers on request?
They could, but then somebody would have to deliberately request it. That would also mean adding a separate transmission/protocol different from the email protocols routing the messaging. That is a more streamlined process, but still not fully automated.
The only way to ensure adoption is to force onto users as an automated check of the primary protocol like the handshake of TCP. Even then you should still have to account for SPAM and anonymous users you don't want to exchange keys with.
Yes, private keys can be issued with a password. That is not an excuse to disperse your private keys though, because that password can be brute forced and then a criminal can access any account using that key set provided they aren't further blocked by something like 2 factor authentication. The password is just there as added security for things unintentional disclosure or unintended access, but not as a primary means of security.
"Targeted" for me would imply that Windows is checking first to see whether Firefox is installed, and only showing the suggestion if so.
If this is just a general suggestion that gets pushed out to all Windows computers, then it's not so much targeted as merely questionable use of platform.
I would be very surprised if it was just pushed out irrespective of telemetry. Since Windows 10 is a mass-market operating system, I'd be surprised if 1% of their users had ever heard of Firefox.
Since Firefox usage share on Windows is >1%, I'd be pretty surprised if most of those users are inadvertently using Firefox without every having heard of it.
