Asking genuinely, why that would be a political statement? An author is not bound to represent his or her own opinion in books, I think, no?
sudneo
joined 8 months ago
Agree. Social housing has been one of the first areas to suffer from cuts everywhere. It is a problem on its own, which short term rental makes worse.
The problem is that building is basically an irreversible use of land. It's only recently that we started seeing land as a commodity (few centuries) and with the current state of affairs, it's insane to leave it as such. Soil is too precious and too scarce to let market inefficiencies waste it. We should really explore all options before we decide to simply build more, especially in Europe where the population growth is basically null.
Soil consumption is one of the many environmental problems we face. Polluting and consuming more soil to condition the market is nonsense IMHO. Governments should simply regulate more so that people vacationing will go to hotels and houses will be available for residents. This also addresses the issue of locals being pushed further and further away in the cities they live, which creating more houses doesn't solve (it will just be the next round of isolated dormitory periferic areas, which have already tons of problems).
Short term rentals for houses was a very good and lucrative idea, but it's harmful to basically everyone but the landlords who rent out houses there. As such, we should simply strongly regulate it to discourage it as much as possible, if not banning it directly.
Computationally infeasible? It's as expensive if every user made a single login (if they use bcrypt for passwords).
They don't need to do it for every user, they need to do it for one only. Salting is fairly irrelevant in this context. And we are talking about resources for Microsoft, or Google, or Apple. And this is also assuming they can't further segment the customers by other metadata, such as location (in this case for example, Spanish users), which will drastically reduce the number of users to try. If every Spanish person had a user, you need 47kk hashes. Years ago single rigs pumped more than 10k bcrypt/s. That would be 1h of computation give or take? Assuming a fraction of that and not the immense computing power of big tech, it's still something completely achievable for an investigation.
But the question is "why"? Email addresses are personal but not secrets, there is no reason to add complexity and worsen the UX for such a feature imo. If anybody is not comfortable with this particular piece of data being associated with their account, they can just use a recovery phrase. It is by no means a necessary feature. What would be the advantage of having a recovery email "obscured"? The advantage of the functionality as-is is that it's trivial to see what you have configured, it's trivial to change address etc.
All of this to add an ineffective amount of privacy. If someone is under investigation, having the hash of the recovery email is in many case sufficient. Asking Apple/Gmail/Microsoft if the hash matches any of their customers covers probably 98% of the population. Billions of emails are also available through breaches, so there is very very high chance that if someone used their personal email, it's either with one of the big providers, or it has been leaked before. If it's not, and you used a private provider with no data, then there is no problem even if the address is obtained, as that cannot be further used to de-anonymize you.
Sure, but that's essentially a weaker recovery password (which also is an option in Proton).
Also that poses quite some challenges for email verification (say, you make a typo when you first write your address), let alone the fact that you won't see what emails you have configured essentially, which is also bad UX.
I think it's much simpler to have recovery email as it is and -if one doesn't want to associate proton account with any other account- offer other recovery methods, which are available (phrase and phone number).
https://proton.me/legal/law-enforcement
Here the mention clearly the data mentioned in the privacy policy which in turns clearly states that you MAY provide a recovery account which will be associated with your account. I also think that anybody that should be concerned for this should understand that law enforcement can get ALL the data the company has on you.
How do you imagine a recovery email to work, if the provider doesn't store it, and you lost access to your email by definition in the moment you need it? Recovery email is not needed, you can totally use your account without and proton doesn't ask for it. It's a feature where you obviously are disclosing that piece of information and link two accounts. It's either that or not using that feature.
The same thing which happened in the past. Antiterrorism laws used for -if I remember correctly - and environmental activist.
This comment is completely off the mark. The information that they disclosed is the recovery email -the same exact thing which happened previously- not any content of any email.
Also, proton does encryption with PGP, but you can't encrypt if the other side doesn't use PGP (which is the case for 99.98% of humans on the planet). If they do, proton supports this including with arbitrary clients using their bridge.
The other comment already covers the fact that VPN should be useful exactly when you are connected to untrusted LANs. I want to add that also the main point of your comment is anyway imprecise. You don't need a compromise DHCP, you just need another machine who spoofs being a DHCP. Not all networks have proper measures in place for these attacks, especially when we are talking wireless (for example, block client-to-client traffic completely). In other words, there is quite a middle-ground between a compromised router (which does DHCP in most cases) and just having a malicious device connected to the network.
I really don't get which critical contributions they do. On their own website https://opensource.apple.com/projects/ they seem to list basically tools and frameworks for building apps, which is on their interest first and foremost that developers have. I don't know what "Community projects" mean, and how big contributions they do there.
Also I don't really like your argument "why they should provide Linux support, they are a competitor". Well, this is what happens when a single company does both the hardware and the software AND doesn't care about the "freedom" part of Foss.
To be fair though most companies can't care less, open source is just a practice that some companies do to pursue their own interest. Microsoft does huge contributions to OSS (including the Linux kernel), same for Google, and yet I would not really say that those companies care about FOSS. Apple is even worse than them considering how they want to have the complete monopoly of what can run on their hardware, which is completely antithetical to the core idea of FOSS. Despite you paid already the 2.5k for your hardware and their OS, they can't just let you run whatever you want on it.