• 6 Posts
  • 184 Comments
Joined 1 year ago
cake
Cake day: June 8th, 2023

help-circle
  • Do they “give high rankings” to CloudFlare sites because they just boost up whoever is behind CloudFlare, or because the sites happen to be good search hits, maybe that load quickly, and they don’t go in and penalize them for… telling CloudFlare that you would like them to send you the page when you go to the site?

    Counting the number of times results for different links are clicked is expected search engine behavior. Recording what search strings are sent from results pages for what other search strings is also probably fine, and because of the way forms and referrers work (the URL of the page you searched from has the old query in it) the page’s query will be sent in the referrer by all browsers by default even if the site neither wanted it nor intends to record it. Recording what text is highlighted is weird, but probably not a genuine threat.

    The remote favicon fetch design in their browser app was fixed like 4 years ago.

    The “accusation” of “fingerprinting” was along the lines of “their site called a canvas function oh no”. It’s not “fingerprinting” every time someone tries to use a canvas tag.

    What exactly is “all data available in my session” when I click on an ad? Is it basically the stuff a site I go to can see anyway? Sounds like it’s nothing exciting or some exciting pieces of data would be listed.

    This analysis misses the important point that none of this stuff is getting cross-linked to user identities or profiles. The problem with Google isn’t that they examine how their search results pages are interacted with in general or that they count Linux users, it’s that they keep a log of what everyone individually is searching, specifically. Not doing that sounds “anonymous” to me, even if it isn’t Tor-strength anonymity that’s resistant to wiretaps.

    There’s an important difference between “we’re trying to not do surveillance capitalism but as a centralized service data still comes to our servers to actually do the service, and we don’t boycott all of CloudFlare, AWS, Microsoft, Verizon, and Yahoo”, as opposed to “we’re building shadow profiles of everyone for us and our 1,437 partners”. And I feel like you shouldn’t take privacy advice from someone who hosts it unencrypted.


  • It sounds like nobody actually understood what you want.

    You have a non-ZFS boot drive, and a big ZFS pool, and you want to save an image of the boot drive to the pool, as a backup for the boot drive.

    I guess you don’t want to image the drive while booted off it, because that could produce an image that isn’t fully self-consistent. So then the problem is getting at the pool from something other than the system you have.

    I think what you need to do is find something else you can boot that supports ZFS. I think the Ubuntu live images will do it. If not, you can try something like re-installing the setup you have, but onto a USB drive.

    Then you have to boot to that and zfs import your pool. ZFS is pretty smart so it should just auto-detect the pool structure and where it wants to be mounted, and you can mount it. Don’t do a ZFS feature upgrade on the pool though, or the other system might not understand it. It’s also possible your live kernel might not have a new enough ZFS to understand the features your pool uses, and you might need to find a newer one.

    Then once the pool is mounted you should be able to dd your boot drive block device to a file on the pool.

    If you can’t get this to work, you can try using a non-ZFS-speaking live Linux and dding your image to somewhere on the network big enough to hold it, which you may or may not have, and then booting the system and copying back from there to the pool.












  • Does the server operator avoid any responsibility for data protection by just having the actual physical copies of all the data they do have access to (user names, post contents, etc.) physically live over at Discord? If the company president’s PC is hacked and someone steals copies of all the personal information in support chats that were conducted over Discord, or the contents of private channels where people posted their home addresses for Secret Santa, or whatever, can the company get out of having any sort of data breach disclosure obligations because the data was really Discord’s data?


  • As long as what is going on here is basically comparable to what is going on when a company uses a third-party service as a peer to individuals, then yes, the company probably isn’t somehow responsible for what the service is doing. Government Twitter pages have been found to legally constitute public forums, but that was in the context of restricting the government from blocking people. The person whose page it is still don’t really run the place and probably isn’t responsible for the actions of the platform.

    But if a company hires another company to build and operate a communication platform for it (more of a Mailchimp or Invision Community situation), then you probably have a data controller-data processor style relationship.

    So, is Discord more like Spotify or is it more like Mailchimp?





  • But if the developer makes a Discord “server” for their game community, they are telling Discord to set up a service. If the developer encourages people to join it and retains moderation rights, they’re taking that service they ordered from Discord and providing it to other people. If the developer failed to get some legally required in their jurisdiction contractual terms from Discord about what Discord can and can’t do with data on the people who use the service, the developer could get in trouble when they provide that service to people without the service following local laws.