> even with Grooveshark being down it still works!
Wait what, how does (did?) that work?
And more importantly (I can find the opus files myself): can/could it retrieve my account data to know which songs to download?
I've been able to partially reconstruct my music from localStorage, downloaded songs on my phone (yay for having root and access to that data folder), and memory, but it's still incomplete
Fwiw, here's my own little contribution to getting song data from Grooveshark, in my first blog post: https://lgms.nl/blog-1 (not my first blog site though). Happy to meet other fans :D
I haven't been able to find the comment again, but I am 95% certain he admitted to editing the production DB long before this incident. I think it was an IAMA with kn0thing, where they admitted something along the lines of editing the DB to fix typos in titles. Not quite as bad, but no surprise he continued the behavior.
Is there a good (for the end user) reason that Messenger does not have E2EE enabled by default?
From The Verge's article[1]:
> However, campaigners note that Meta always has to comply with legal requests for data, and that the company can only change this if it stops collecting that data in the first place. In the case of Celeste and Jessica Burgess, this would have meant making end-to-end encryption (E2EE) the default in Facebook Messenger. This would have meant that police would have had to gain access to the pair’s phones directly to read their chats. (E2EE is available in Messenger but has to be toggled on manually. It’s on by default in WhatsApp.)
From Meta's perspective, in all the ways that matter, the advertiser is the end user. Non-advertisers' impressions and data are simply inventory that can be sold to end users. And it would be bad for the "end user" if that inventory was stored by default in a form that could not be easily indexed for cost-efficient packaging and delivery.
It doesn't matter whether end (you) to end (facebook) encryption is enabled or not. That only protects data "in transit". The information is still accessible in to facebook "at rest". Enabling E2EE should give you absolutely no sense of privacy from Facebook because it doesn't exist.
This is contrary to the universally understood meaning of E2EE (as in, end to end between the two participants in the conversation). I'm not one to blindly take Facebook's PR statements at face value, but if you're making the claim that Facebook is deliberately advertising E2EE while secretly redefining the term to mean non-E2EE, you should have some strong evidence. Those sorts of linguistic gotchas don't work in real life or in a courtroom.
It's mostly not enabled by default due to uproar from politicians and organizations like NCMEC on how it would protect child abusers. I expect that they are currently working on features to help address that and will enable it by default when those are ready.
Drop the web app, make a native one like Signal does if they even bother with desktop. They clearly don't want people to use it anyway, they've been implementing dark patterns to push the phone version of Messenger for years.
Encryption keys could themselves be encrypted with a password that the user would type, that is only ever saved in browser local storage, or even only in memory and needs to be retyped on each pageload.
There's nothing preventing the government from forcing Meta to implement a backdoor that exfiltrates the unencrypted key, of course, but that's true of non-web-based systems as well.
I am not sure how would that prevent them having access to the key and subsequently the data? Is there any platform which implements what you are suggesting and prevents the platform access to the data on a web application?
Genuinely asking as I would love to implement something for my customers which gives them control over their data while it resides on my servers.
Your parent poster proposes that the key itself is protected by a password that the user needs to enter and that the unlocked key is only stored on the users device (local storage for browsers,…)
The server only serves encrypted data that gets decoded in the browser.
The primary usability problem for that approach is that there’s no way to recover the data (messages) if the user ever forgets the keys passphrase.
Another problem is that all of the rendering that uses such encrypted data needs to happen client side in JS, WASM or similar.
Ah. I misinterpreted this thinking the user password would be used but in this case having a separate password which user would have to reenter erratically.
I am not in security but think that XSS might be a concern here with something so sensitive.
And UX problems that come with it. Sounds interesting though to at least discuss with customers to see if the benefits are worth the costs to them.
I am at a loss for words if people expect Facebook of all companies to not access the data on their platform. Of course they will access the data on their platform. Texts and apps like Signal are a different story.
> There's a feature where you can even share the login to a site on it, but they can't view the password - only lastpass can fill it up.
Is there anything that stops someone from letting LastPass fill the field, then use the browser tools to change the form field from `password` to `text`?
Does anyone without Prime really miss it? Or did you cancel and regret it? Mine is up for renewal at the end of this month, fairly certain I'm not going to renew regardless of a price hike.
There is no way I could not renew. I use it way too much. I easily save that much in gas and probably 10x that in valuable personal time not having to go to walmart/best buy/etc
Walmart has their “Plus” offering that is $99 and gives the same kind of free shipping as Prime. If you’re okay with it, you can also get free grocery delivery from your local store.
I don't miss it. Just watch out that they select automatically the non free option for shipping even if there is a free option with the same expected delivery. (This is for > $25 orders.) I'm located far from a distribution center so that might make a difference.
Canceled 5 years ago and don't miss it at all. Sometimes I will have to spend 10 minutes longer looking for a supplier online, but I can get all the same things for a similar price and I haven't had any of the issues I used to with Prime like receiving fake shampoo (with brand names misspelled), I get equal or better product quality, and I feel better supporting local businesses.
Added bonus is I found myself impulsively ordering less useless crap since it requires more thought to order and isn't delivered immediately.
Not him, but I miss when search results weren't clogged up with 80 copies of the same piece of shit from the same Chinese factory branded as 80 different items, and rampantly astroturfed reviews. The website used to lead faster and was smoother to use, customer service was much better, less amazon pushing air fryers and rice cookers and other flavor of the month useless shit.
This. I’ll also add that the reviews themselves were a great resource when researching the a product space — 10 years back I’d use Amazon rather than google for learning before buying. Now both are garbage; I get some value out of restricting search results to Reddit and then filtering by time (past month, year, etc), but Reddit will inevitably destroy that once they have shareholders to appease. Sigh.
It probably depends on how you use it. Many of my relatives have cancelled it without a problem.
I buy all sorts of one day/same day items that I would need to go to a store for otherwise (virtually anything that isn’t fresh food that you might want same day like toothpaste or soap or bandages), so I could never give it up.
Just earlier today, I was looking to buy some isopropyl alcohol spray. There was one that was listed as "Get by Sun Feb 6". Out of curiosity, I applied that filter.
Now that item had disappeared. And a much smaller list of items where none of them were actually available tomorrow, and in fact, most were a week slower than the first I found.
What do you mean "up for renewal"? You can cancel Prime at any time, there's no contract term.
(Personally I keep Prime mostly for Prime Video, and a few other perks. I typically only buy a few things from Amazon each month, so the free fast shipping is a bonus for me, not a must-have).
OK, seems like they changed their policy at some point and it no longer mentions pro-rated refunds:
"Paid members who haven't used their benefits are eligible for a full refund of the current membership period. We'll process the refund in three to five business days."
This is a manufactured argument. 99% of their question was "do you value prime enough to keep paying for it", it was nice of the person to let them know that you can quit anytime and get a prorated return of money for the annual subscription price but really wasn't the main point of the question.
Similar experience here. I also found that Wal-Mart has a similar selection (lower prices for some items) to Amazon. It shares the same price threshold for free shipping, and also arrives sooner (reliably two to three days from Wal-Mart in my area, versus five to seven from Amazon without Prime).
Cancelling has made me more deliberate about my purchases, which I think has been a net positive. There's a reason why every retailer wants to decrease friction in purchases and sometimes that little bit of friction is a good thing for your wallet.
We cancelled once for about 6 months. We missed it. You never realize how many little things you buy are only available on the internet, and a couple of bad customer service experiences made me really appreciate Amazon.
Only 22 orders placed in 2021, and a spot check of ~15 of the items would ship "free" anyways. I don't care enough to check every single item, but of the ones I checked I could not find a single one that would have an added shipping cost.
The "2 day guarantee" doesn't really exist anymore, so I have to ask - what am I paying for?
Yes, small purchases through Amazon (enabled by Prime due to no price minimum for 'free' shipping). I picked up a tip on Hacker News to avoid small ~$20 USD purchases because it adds up, and this habit has saved me a lot of money.
Have cancelled mine a few years back as I realized the only thing I was using is 2-day shipping but I have been just ordering multiple items which exceed $25 to leverage FREE shipping and usually they ship fast. So no need for Prime for me!
It's easy enough to get free shipping without Prime (just wait until there are enough items in the cart to get free shipping). But I'm still getting value out of Prime streaming so I'm keeping Prime until that changes.
tried prime 10 years ago and it wasn't anything worth writing about. i dont order that many products from them anyway and if i do i would just batch them up to get free shipping
I've been using a MikroTik router at home for 6+ years; I would say that RouterOS is absolutely NOT "easy for a noob". It's on the prosumer side of things, but you need to be willing to sink your teeth into some fairly gritty network configuration workflows.
Anyone posting on HN will likely be able to figure out the basics, but it is definitely much less polished than other prosumer products such as Ubiquiti and the documentation can be a little rough around the edges.
I had this almost exact experience with Philadelphia Rock Gym. They sent a couple emails "threatening" to send my account to collections over $50 I did not authorize them to bill me for (repeatedly said in writing to cancel my account, they kept my membership open anyway). I just ignored them, nothing ever came of it.
It did finally come up for me. Signing up (had a Square account for years, but wanted this to be specific to a small business I have) was pretty quick and easy, as was setting up the checking account.
Why would anyone want their screen to be anything other than a featureless rectangle?
There's a huge market for making TVs look like anything other than a slab of glass. Aesthetics count. Is why the 17 inch iMac with the crane neck is still covered.
For what it's worth I don't think featureless rectangles are a bad thing. I'm just saying that it gets hard to distinguish products from each other when the designs converge so much.
[1]: http://www.scilor.com/grooveshark-downloader.html