I think you have a good point in that if you are going to use usernames as an identifier, there is an argument that having an email also be an identifier is sort of redundant.
One problem with that is that when users are given the option of an arbitrary username, they tend to be much more likely to forget that username than they are the email address they use daily. So, you need some way of resetting their password and letting the user recover their username. In some cases, you could pair that with other identifiers, like their name, phone, social security number, etc. However, then you are just trading the email as an identifier for something else, which you would also need to check during registration.
For this reason, I've found that moving away from a username and just relying on an email for a login makes managing multi-user sites a great deal easier from an admin side.
That's fine though, sending a forgot username / password e-mail is much simpler to do without exposing the fact that you know their e-mail (just send a "sorry, we don't have that e-mail on file" to the e-mail address if there's no match)
I agree that e-mail makes for a better login experience, but if exposing who uses your site is too much of a privacy concern, I'd rather move to usernames than have to implement awkward user experiences to never reveal whether someone is a user or not.
I think a lot of sites already do that, although they may not send an email saying 'sorry, we don't have that e-mail on file,' it is pretty common to get a 'if that email exists, we have sent a reset e-mail to it' message when you do a password reset that doesn't expose if the email exists in the system.
Although to the point of this article, they will then happily tell you you can't use an email during signup, so it is a mixed-bag.
I suppose if you allowed multiple usernames per email, you could just email them all the usernames that they have on that email address when they forgot their username, but that seems like a clunky setup. It probably depends a lot on the service though, as someone posted a link to a discussion from 2014 about Amazon's reasoning for allowing multiple emails elsewhere in this thread, which makes a bit of sense for their use-case.
Based on the article, it looks like the bricking/disabling occurred after an update to the latest version of the OS.
So, I don't think it is accurate to say that it 'allows remote control by its masters,' as it appears that they just added some sort of check in the latest version of their OS that can tell if the hardware is legit. There isn't any evidence, at least not in the article, that indicates they have some sort of remote control/phone home service running on the phone that allows them to control it arbitrarily.
To be fair, I would be incredibly surprised if creating a built-in Android content blocker is something Google would even consider, let alone implement.
It is disappointing that they aren't making that API public, but just having that be a core feature of their operating system is pretty huge. Hopefully they have plans to make it public or Firefox will just implement their own ad-blocker into IOS firefox.
Firefox for Android ships with their own browser engine and access to a vast extension library including AdBlock Plus and uBlock. Apple doesn't permit this on iOS which is why Firefox for iOS is using the Mobile Safari engine, doesn't support extensions, and doesn't support ad blocking.
Firefox desktop has numerous adblockers/tracker blockers already available. Mozilla is even sourcing the list from one of the more popular ones, Disconnect. I assume they didn't feel the need to reinvent the wheel in that ecosystem.
Disconnect may be available on Firefox mobile as well, I'd need to check. I never bother beyond uBlock Origin and Self-Destructing Cookies.
I don't think this adds the layer of security you think it does, merely a minor bit of obscurity. In context of the specific vector you reference, author={$user_id}, it probably doesn't do anything at all to protect you.
Not that there is anything wrong with adding a bit of obscurity, not using 'admin' as a username and using a non-privileged author for posts can go a long way.
However, if you are worried about someone getting your username from "author={$user_id}," using a user_id of 2,3,4,5, ect, probably isn't going to protect you. I think you are incorrectly assuming that the person that would use this method to get a username is going to stop if they get a 404 at #1(or even after just a single attempt.)
Except, the bandwidth has already been paid for, at least twice.
Once by the consumer by way of a monthly internet bill and once by the content provider(website) in the way of their hosting/bandwidth costs.
It is not clear by the ISP's name(Free) whether or how much they are charging for internet access. negrit seems to suggest that this ISP has a fairly aggressive pricing model.
However, if the cost of people actually using their internet access, especially just to browse websites, is too much for Free, they should look to their pricing model or consider upgrading their networks, as opposed to trying to extort(or at least block) advertisers.
As you mention, this ends up being a much bigger issue in regards to net neutrality. For now, it is just youtube that is using 'too much' bandwidth, but blocking that will only mean other sites will take its place as bandwidth hogs.
Hopefully this will result in discussions to finding a fairer solution, but I believe that should involve upgrading infrastructure and providing better service, rather than blocking sites like youtube or netflix.
That is incorrect, at least for most retail OEM keys anyway.
I noticed that starting with Vista, the distinction between OEM vs Non-OEM key seems to have been reduced. This makes life easier when there is no recovery partition or the hard-drive is hosed. Whereas with XP, you did have to use an OEM version for the key to work.
I have not had any issue validating windows using the above versions of Win 7, as well as a few vista cds that I believe are retail, as long as there is an OEM sticker on the laptop. Every so often I have to call in and do the automated telephone activation, but they are valid CD Keys and I think that is probably tied to how often the key was activated.
Having said that, at least with Vista, the disc the manufacturer gives you is often locked to a specific laptop/bios/board.
It takes exactly 30 seconds and it is fully automated. Punch in a string of numbers, hear back the activation code. No personal information, no humans involved. I too was dreading doing over the phone activation, but it was remarkably nice experience.
Given they state that some accounts were compromised by stolen passwords from "other websites," it would make sense to run some sort of dictionary attack using lists from those sites.
- The SPAM filter in Thunderbird is A.W.F.U.L. Let me repeat that A-W-F-U-L. Despite training it for years it routinely misses the same spam, with the same title, and the same content, while sometimes marking very important emails as junk.
As someone who has also been a heavy Thunderbird user for years, I have not had the same experience. If anything, same content/subject/sender email spam is where Thunderbird's spam filter shines for me.
I have two fairly heavily spammed accounts, one of which has a public email address. They consistently catch and remove same or similar content spam every day without issue.
In regards to false positives, it does happen sometimes. Although in most cases the emails that end up in the junk folder legitimately resemble a spam message. Almost any time a legitimate email has been marked as spam, which doesn't really happen all that often, unspamming it is sufficient to ensure the sender doesn't end up there again.
I get more false positives than false negatives. But when I switched to out Outlook 2007 for half a year (got my hands on free Office 2007 launch kit) That was the first thing I noticed. Outlook, at least for me, had amazing spam control right out of the box. Everything else was dreadful but the spam control was amazing. Then again, I tend to have email addresses from almost 10 years ago when I was 15.
Maybe its because I'm using a portable version of Thunderbird. Although it shouldn't matter.
No, it's not just you. I've had an unhappy experience with the spam filters (with a normal Thunderbird install) for years now. It seems to miss things that are obviously spam (to a human); thankfully I haven't had too many false-positives... that I've caught, at least.
Game and software companies have been doing this for a little while now. I think Sony may have done it first such TOS change to get a bunch of publicity.
As far as being legal or not, I am not sure it has been officially tested yet. However, I think it certainly seems like dirty pool.
One problem with that is that when users are given the option of an arbitrary username, they tend to be much more likely to forget that username than they are the email address they use daily. So, you need some way of resetting their password and letting the user recover their username. In some cases, you could pair that with other identifiers, like their name, phone, social security number, etc. However, then you are just trading the email as an identifier for something else, which you would also need to check during registration.
For this reason, I've found that moving away from a username and just relying on an email for a login makes managing multi-user sites a great deal easier from an admin side.