I think the real issue in this case is if they are marrying your voice data (personal preferences) to you. They get your name when you pay with credit card. And they get your license plate. And now with AI are they selling this married information?
That's what I'm getting at with the expectation of privacy part. Talking into a drive thru speaker isn't really a private activity since everyone around can kinda hear it, but it'd probably be better to disclaim it anyway since someone attempting to file on you for it still costs money.
They steer you towards ordering on the mobile app instead, which typically gives you a 4-6 digit confirmation code which you then use combined with your name, when you pick up. And/or your receipt in the app.
Strolling down the sidewalk at a park with a friend and chatting with them isn't necessarily a private activity either: We're in a very public space. Anyone within earshot can hear whatever we're talking about. If the sounds of our conversation winds up being incidentally in the background of someone filming the squirrels the tree frogs or something, then there's probably nothing to be done about that.
But (in some states), it seems that it would be a very different can of worms if I were to elect to deliberately record the conversation I have with my friend without their consent. Even in a public space, that would appear to run directly afoul of the applicable laws.
Depends on the country. In Finland, it's ok to record your own discussions. Whether the recorder is BK (a third party) or the cashier is an interesting question, though.
I wouldn't chance it. Stick an "audio may be recorded for performance evaluation purposes" on the drive thru kiosk and call it a day. Otherwise you're inviting litigation when something like this happens.
You can want things to be black and white but litigators are going to argue.
Drive thru conversations are not private under the Katz test, so there is no reasonable expectation of privacy. That makes video or audio recording in that setting lawful.
Katz came about because the FBI recorded a gambler outside the booth with the doors closed. Hence we have the Katz test.
Heck, you can even record someone making a drive thru order yourself and no one can do anything about it
Not a red herring. The Katz test defines when a conversation is private, and a drive thru order does not meet that standard, so recording there is lawful even when it is done by a private person and not by law enforcement.
Audio cannot be recorded without consent in CA. Security cameras have an option to disable audio for this reason. People never do it but it's the case.
It's related to wiretapping laws that are very broad.
> For the purposes of this section, “confidential communication” means any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto, but excludes a communication made in a public gathering or in any legislative, judicial, executive, or administrative proceeding open to the public, or in any other circumstance in which the parties to the communication may reasonably expect that the communication may be overheard or recorded.
Did you read that law? It applies to “Confidential communication…carried on among the parties in the presence of one another or by means of a telegraph, telephone, or other device, except a radio”. Conversation in public is by nature not “confidential”. You are grossly misinterpreting this law and (unintentionally/ignorantly) spreading misinformation.
In Australia, at least in the late 90s, you were allowed to record voice and video without consent or notification of all parties, but you were not permitted to play/show the recordings to anyone else.
This was well know amongst the sort of people who regularly got harassed by police (in my circle of friends, riders of sportsbikes). There was well known legal advice saying to record every interaction you had with police, and if it turned out badly in any way, as soon as you got home write down the transcript of the conversation as "contemporaneous notes" and email them to your gmail account to establish a timestamp. But the only time you ever even mentioned your recording would be to your lawyer, so that if the cop challenged or contradicted your notes in court, your lawyer could then offer the recording as evidence.
These days, dashcams are pretty ubiquitous, and demonstrate that whatever the legal technicalities are, video recording in public without consent is not only widespread, but bashcam footage is also something police regularly request from the public.
Those don’t apply to public spaces in the USA. This is super well-established law. If you needed consent to record in public there would be nearly zero YouTube videos recorded in public. And security cameras would generally not be allowed to record audio. And Tesla’s “Sentry mode” would be illegal.
In the USA, there is no right or legal expectation of privacy in public spaces, which includes fast food restaurants that are open to the public (indoors or outdoors)
> You don’t get to secretly record voices in public spaces.
> Video recording is permitted without consent in the public places.
I have no idea why you would think that these two statements are related, or why people would continue this conversation. Fishing and skateboarding are two other things that are often allowed, but neither are related to recording audio.
And for anyone who thinks this is a nitpick, please look it up.
edit: also, saying that you can record people when you're obviously recording people is also not relevant. The problem is recording people without their knowledge or consent. I cannot put an audio recorder in my pocket in many places (such as Illinois) and record you, whether in a private space or in a public space. If I put my audio recorder on the table, and you can choose whether you want to speak or not, it's legally an entirely different scenario, whether we are in a public space or not.
Please stop spreading misinformation . There are so many court cases about this. A quick google will give you dozens you can read.
Legally there is no “reasonable expectation of privacy” in public spaces and the only limit on that are extreme telephoto lenses looking from public spaces into private spaces.
Unfortunately, you are not correct.[1] Recording police in a public place-- sure. Otherwise, eh, at best you're over-extrapolating (and ungenerously!) from your local circumstance.
Okay, wow -- I stand corrected. I will edit my comments. It will take me awhile to wrap my head around Massachusett's-style state-level restrictions. While I wouldn't personally expect this to survive a Supreme Court adjudication, apparently there exists no Supreme Court ruling either upholding or striking down the prohibition on secretly recording oral conversations in public.
The key element here that everyone seems to be confused about, is secret vs non-secret.
If you have an obvious security camera, or an obvious camera that normally would record audio, and you’re in public waving it around and it records audio? You are not secretly recording audio.
Same if someone is standing next to a obvious and clearly visible security camera which normally could also record audio, also, not secretly recording audio.
A hidden mic in your jacket, or like in that case, hiding the camera under a jacket? That is hidden recording.
The general rule of thumb is - if everyone can clearly see what you’re doing, it’s not secret.
Password1, Password2 ... Password123456789 - I can do this all day. And realy you should as a password you can easially remember is a bad password so the first part that doesn't change is the important part
This is fine for services you can easily access on a phone or computer.
My employer requires I change my laptop password every 60 days, it stores the last 2 years of passwords to prevent reuse.
I am not opening up LastPass and plugging in a 32 character random string every time I want to start my computer up. My password at any given point is either a few random words and a number, or a short (8-12 character) alphanumeric string without symbols. But you know what it always is? On a post-it note stuck to the inside of my laptop.
My employer is consciously choosing to make my laptop less secure because the CISO is an idiot.
I once joked (I think because my employer had a similar, crazy requirement) that my keyboard's firmware was programmable, and I could just reprogram that FW so that Level3Shift+some key would rattle off the month's password.
Believe it or not, "Yubikey" security keys have about 8 different configurable modes. One of them is "emulate a USB keyboard and enter a static password".
So not only could you implement your idea - you could also tell people you "log in with a yubikey" and they'll think you're at the forefront of security.
The only solution to this problem is to put your password on a post-it note in the most obvious place possible? Are we sure the CISO is the idiot in this story? This sounds like malicious negligence. I sure hope nothing that actually matters is on your system.
Well, a TPM would eliminate this user-hostile auth dance, although that security model is different than a password.
Failing to recognize and channel human behavior into positive behaviors and outcomes does suggest a level of ignorance/arrogance outside of extreme situations.
There’s probably a type of data one might handle to justify physical access threat models, but incompetence and out of date knowledge from these types is far more likely. FWIW something like a third to half of CISO’s are from nontechnical management backgrounds, based on surveys I’ve seen.
I think it’s valid to question the wisdom of a CISO using misguided password guidelines. I don’t think it’s valid to respond to guidelines you disagree with by willfully sabatoging security. You relinquish your righteous position on password security when you put your password on a post-it in your laptop.
You call it "willfully [sabotaging] security," I call it "the best alternative that doesn't leave me with a 30% chance of forgetting my password every 60 days."
1Password is smart enough to let me have a secure, non-leaked password of high complexity that I have memorized, then let me go years without resetting it. I started there and the policies have made my laptop progressively less secure over time.
It just so happens that the best alternative you could think of is literally the worst alternative anybody could think of. If I didn’t know better I would call it wilfully bad and chosen more to prove a point than for any other reason.
Reads like you are trying to argue for abstinence only education here. The reality security must operate in is that the best security policies are those that people don't circumvent.
If people have to resort to sticky notes, sharing credentials, scripts that automatically update a file containing a plaintext credential, or what have you, odds are that security has massively fumbled the ball.
Keep in mind this is already intuitive enough for everyone, even the security minded, within some set of social and or professional norms. No one uses one time pads for common password based authentications, nor do they rotate passwords daily, nor do they require 64+ characters. We don't do this because its obvious to everyone that business would be too great, and people simply would not comply. Many security teams seem interested in pushing that boundary as far as they can without regard to what the probability density function of compliance actually looks like.
I say this as my password for Nationwide Children's Hospital has officially become the first password to cross that line for me, and now lives in a paper notebook. Forced reset, 2FA mandated, requiring 15 characters, upper, lower, number, and special char (but only a subset of special chars).
Maybe its overkill that the place I go to fill out questionnaires about baby poop, has minimum password requirements such that the entire world's computer would take over 10,000 years to crack.
If it’s too much to take then it’s too much to take and nobody can argue with that. When that happens, you resort to something more reasonable. Putting your password in a notebook, for example. Putting it on a post-it note on your laptop is not that reasonable alternative.
I have 25 years of enterprise-level web application development experience. I passed the CISSP on my first try with minimal study. I read RFCs for fun.
And yet I can't even get a screening interview with an actual human (although my one AI interview asked surprisingly competent follow-up questions).
All my employees are Trump supporters and Trump got 75% of the vote in my county.
They want the 70s-80s economy back, but they don't want to support unions.
They think they deserve to receive government benefits. But others are moochers, and they don't deserve it.
They think Trump is deporting criminal / drug cartel illegal immigrants.
My state is red (State houses & governor have been conservatives for the last 30 years). Yet they blame all the issues on democrates. When my state signed the carry law, they thought Biden was the one who signed the law.
If you are in the deep trump territory, listen to conservative/religious radio stations. You will know how much hate they are spreading against liberal, trans, gays, and immigrants.
> If you are in the deep trump territory, listen to conservative/religious radio stations. You will know how much hate they are spreading against liberal, trans, gays, and immigrants.
You have to distinguish between the rhetoric being spread to hijack the economic woes and the actual root of the problem. All that stuff is designed to give people an outlet for their very real economic frustrations. It's not deep seated (yet), it's a tool to exploit them. The only reason why it's working is because these people have been ignored for too long by the establishment in both parties, and it's not too late to respond and adapt.
There are some cases where that is true, there are some cases where Ukraine got the same stuff that is current with the US, and there are cases where Ukraine was literally the first user of new tech (the GLSDB, for instance.)
One reason for this mix is that the Russo-Ukrainian war has defied some US expectations of what future wars it might need to deal with might look like, making previously-retired equipment relevant again (the drone war has made a lot of retired anti-aircraft tech more relevant, because relative cheap short-range missiles and short range anti-aircraft guns are a lot more useful against drones than they are against modern fighters, for instance) and, in other cases driving new weapons development.
>the us is at least a generation ahead of that equipment.
Can you list the in service equipment that is a generation ahead of M777 and ATACMs? I sure wish we could get some of these wiz-bang fires assets out here in the First Island Chain.
While a replace for M777 may not be in service, the US had stopped manufacturing and continued only after Ukraine requested it. This indicates that it isn’t an integral tool to the US’ arsenal, and has been superseded.
> November 2024 BAE announced the opening of a new artillery factory in Sheffield during 2025 to resume production of complete M777 artillery pieces for Ukraine and to help fulfil orders for fresh titanium cast spare parts from the US supplementing its US parts factory which also resumed production during 2024.
Similarly, ATACMs production was also halted.
Really, your question, tone and phrasing really indicates that you are not really looking for an actual conversation but rather a gotcha moment.
It’s worth noting that variants of weapons and exist, and sending older ones to Ukraine does not imply that it is getting access to newest and greatest.
I made some grammar errors when i was writing this — i was on the phone. The gist is there; both weapons had their manufacturing ceased which means either the US had enough stockpiles or they were superseded.
The weapons were either sold to Ukraine or other countries, and it was only after Ukraine requested more of them that production started again, which implies the US had no need to produce them because they were superseded in US’ arsenal.
Furthermore, just because Ukraine received X weapon, doesn’t mean they received the latest and greatest variant that’s in use — they might have very well received a previous generation of said weapon.
Asking which weapon or system replaced them as is in service does not look like discussing in good faith simply because the systems might change or newer variants may be used.
>which implies the US had no need to produce them because they were superseded in US’ arsenal.
No, it does not imply that they were superseded. It means that the stockpile of weapons and spare parts was considered large enough to support the US's expected burn rate of material. Supplying Ukraine in a peer conflict changed that calculus, requiring new production to keep parts supplies above a certain desired threshold. The M777 is proving to be....not that reliable in the harsh conditions of the Eastern Front.[1][2]
>Furthermore, just because Ukraine received X weapon, doesn’t mean they received the latest and greatest variant that’s in use — they might have very well received a previous generation of said weapon.
This is supposition on your part....and it's WRONG. That's my point. You're simply stating things that are factually incorrect. Ukraine received M777A2s[3], the most modern variant of the M777 in service with US forces.[4]
>Asking which weapon or system replaced them as is in service does not look like discussing in good faith simply because the systems might change or newer variants may be used.
>Do better.
It's not a question of "variants", it's not a question of whether systems "might change", and it's not an issue of grammar errors. You made a false statement, perhaps unknowingly. I asked you to clarify with specifics, perhaps you know some weapon system I'm not aware of (despite having a rough idea of the IOC fielding plan for Marine fires assets in my AO over the next several years), and you've now made 2 posts bereft of details or references to obfuscate the fact that your original post was completely wrong and baseless. All this does is lower HN's already-low signal-to-noise ratio on military subjects.
US Army and USMC towed Field Artillery batteries are equipped with M777A2, the same weapons platform and variant we sent to Ukraine. We are not "a generation ahead" of the equipment sent to Ukraine. Period.
If this belief is strong enough, they would act on it. The fact that they act means the economy starts rolling, and produce the type of thriving that they come to believe! Ala, a self-fulfilling prophesy.
Therefore, it's important to find out why people believe things, despite being contrary to empirical evidence.
