- If I remember right, a problem with this is that you need to get those proofs by submitting your id or similar, you only get a limited amount of proofs at a time, they expire in maybe a few months, and you can only get them using a government specific app that is only for "secure" devices. Instead of being tracked by the site you're being tracked by the government, you now need a Google Android phone in order to browse adult sites on your PC, and depending on your habits you may need to re-show your id potentially multiple times a day unless you opt to being tracked by the sites instead.
It really should be just once that you need to show your id and then you should be able to generate as many proofs as you need whenever you need on any computer device, but they have an obsession on making very sure that it cannot be circumvented, as if it was insanely important.
- > All competent #1 cloud-based password managers are like that.
If you say so...
Sadly there could potentially also be a supply chain attack that happens to make its way into the client you use to view your supposedly secure vault. Odds are they use npm, btw.
- I saw someone claim on SO that they were not able to get a PWA to install properly until they changed their IP address, supposedly because they were from Iran, a sanctioned country.
- To my knowledge, every PWA installed from Firefox on Android will become a bookmark. For Firefox I believe that means for example that if you try to open a link elsewhere that is within the manifest scope, it will not open in the PWA. That's because it's not possible to deep link to the PWA without it having an AndroidManifest with a corresponding intent filter, which is what the Chrome WebAPK achieves and why they can support for example custom protocol handlers or share targets or launch handling options.
- To be fair, Android also sabotages PWAs, it's just done behind your back. You see, in order to get a PWA to properly install, you'll have to use Chrome, and you'll have to have a Google Play account and Chrome will submit the PWA manifest for validation to a Google server, which in turn will decide whether the PWA is worthy, and if it is, it will generate a so called WebAPK, which is then installed on your device. If it's not worthy however, then it will become a bookmark instead, and many of the features that can be described in the manifest will not work at all.
So if you wanted to use a different browser or install a PWA without a connection to the internet, or without Google Play, all you get is a bookmark.
- Possibly. I just can't think of other stupid ones that have a comparably wide impact.
- Doesn't spare you from having to interact with the popup. This is probably the single dumbest law to ever have been made. It wastes everyone's time, and not insignificantly. While the browser is and always was in full control of cookies, nobody checks whether the popup actually even does what it says. And since it's a waste of your time in the first place, who takes the time to report illegal ones, much less has any interest to do so, because where you saw it is where you will likely never visit again anyway.
If anything browsers should be simply rejecting all cookies by default, and the user should only be whitelisting ones they need on the few sites where they need it.
- It's not even certificates that's the problem, but trust. And here Google is making exceptions to allow unencrypted connections to private addresses, because trust is hard. If encryption was not tied to trust, then we would have 0 unencrypted connections by now and we would be that much better off.
Making an exception to allow plain HTTP connections instead of making an exception to allow self-signed certificates, seems like the worse choice to me.
- That looks like a variable that points to an anonymous function. For simple small functions here and there it may not matter, but if the entire call stack in a debugger is full of anonymous functions then it could be a problem.
I think I see many prompt injections in your future. Like captchas with a special bypass solution just for AIs that leads to special content.