The thing to remember here is that the only way to hide (real world) data in an image is to reduce the amount of data in the picture... a blur or swirl leaves most if not all data just in the picture (although distorted) Any filter that removes data (such as pixelate or blacking out / whiting out) can be used to safely hide this data... Just remember to also strip out any unwanted meta data (Exif-data) and do not use layers but a 'flattened' version of the picture.
Pixelation is also attackable. Generate input (e.g. GAN) and apply pixelation until it converges. Probably won't be super accurate but enough to probably ID someone.
Black/delete (and flatten/rebroadcast) is the only way.
I'd worry about hallucinations when applying a GAN to a pixellated image. You'll get out a face, but who's to say that it's the correct face? Lots of people look similar.
Well. It’s a very Roddenberry view to not have borders, currency, poverty.
Might be better than what we have but it won’t fix any inherent problems in society (or to put it differently. The inherent society problems must be solved before such an utopia can be created imho.)
If the U.K. properly implemented the European directives, if a company sends you something without you requesting it (e.a. Unsolicited) than it’s legally a gift. Even if they add a bill (it’s unsolicited after all).
If they request it back you may send it back with property rights reverting to them (it’s a gift again) but legally there is no way to enforce it nor is there a request to get anything back For it (Ea. Money or other credit)
If there is no contract (Ea a purchase request/ intend) than anything a company Can send to a consumer is a gift.
> If there is no contract (Ea a purchase request/ intend) than anything a company Can send to a consumer is a gift.
I understand that there are restrictions to unsolicited goods, perhaps even a ban.
But an absence of contract does not make something a gift. Whether something is a gift or an offer to purchase or anything else depends on the facts, it's not implied.
So either there is a statute that says this case is legally treated as a gift or the item remain the property of the sender until the intention is clear.
Edit: There is indeed a law that makes it a gift (from EU Directive you mention, perhaps). See my previous comment above. This is indeed required because as explained it cannot be implied.
The directive is an old one making all consumer business laws in the union more or less the same.
The thing that makes it a gift, is that A gift is the only allowed legal transformation that can happen. (Ownerships transfer is a transition in the legal sense). Ea. A company is required to always act lawfully and the only action open for unsolicited (=anything without a predefined base) package is to gift it.
A contract (=agreement to do something in exchange for something else, usually in paper but can be in any form even verbally) is needed before any transformation besides gifting.
This legal sense does not mean it’s still proper to send the package back if the company contacts you and pays for the shipping, but that’s not in law.
The detective I remember reading about during my ‘middle school’ studies (around 1998). I could be mistaken In it and if I am feel free to tell me. All I remember was that the directive made it so that all in the commons market must implement similar protections for Consumers regarding unsolicited mail and package by companies, not in small part to stop the extortion type of sale practice of the “free sample with overpriced subscription” (it’s why they switched to you having to request the sample)
The thing that makes it a gift is that there is a law that explicitly makes it so.
Without such explicit law it wouldn't be a gift because it isn't the intention of the sender. These goods are sent as an offer. If you accept the offer then indeed a contract is formed, but if you refuse the offer then nothing happens, i.e. the goods remain the property of the sender.
That's why they enacted that law, in order to stop the practice altogether in one fell swoop as long as the public is aware of it (which clearly is still not really the case).
The Directive is from 2011. That's the one that was transposed in UK law through the Regulation I mention in a previous comment.
You make it clearer than I said it. Thank you for that. And I learned from you that the U.K. implemented the detective by explicitly making the action a gift, this differs from my country in that regard. (I am always glad to learn something new)
Except for:
- updates of software.
- distribution of public video files.
- distribution of install images.
- distribution of raw public measurements (ea science data).
Basically BitTorrent is the protocol for any usecase with 1:n (or n:n) with public data (ea. No data access controle is needed).
Copyright has nothing to do with it and the nature of BitTorrent does make it also a good fit for some pirates.
Never forget that the following is shared over BitTorrent:
- World of Warcraft updates.
- Linux distribution install images.
- haveibeenpowned sha lists.
And that’s just what I personally know. I know there is more.
Regarding your side note. Apple is also, more and more, requiring you allow the login with Apple button. This would effectively shield most of the data off if you want.
How does a feature of the Command line version of php impact developers? Developers should not run applications on production machines themselves (either its a script, a deployement agent / engine or a operations guy that does that work (including devops guy with operations)).
As for security you must keep up with the capabilities of the tools you use. Php has been able to run as a webserver for years (even before 5) all they did is implement a good sane dev server to run php code without setting up a complex php environment (that is probably less secure).
This is only present in the CLI builds of php, And you should limit who can run the php scripts anyway on a production server.
Remember that setting up a reverse shell only requires a networkable shell (like bash). Most linuxes (including containers) there for have the capability of having reverse shells started on them. The way to protect abuse of PHP’s webserver function is the same as the one to protect against bash reverse shells. Do not allow any outbound traffic but only traffic you trust!
Do not blame php for having a feature that others have had for years. PHP’s version is no better or worse than any of them.
I see a lot of claims regarding controle of data. But only 1 option (Fauna.com) as to actually store the passwords. (Or am I missing something).
This would mean I do not only need to trust your code. I also need to trust this totally 3rd party with my passwords...
Further you list it works everywhere, but are missing a cli variant (so not everywhere).
As to the trust claim in the fake exchange between the 2 people. Nobody talks like that, if they do not want to use a password manager it is always another reason than trusting the code. (Or all you would need is some audits to create that trust)
It just gives the feeling (to me) this is a piece of software looking for a problem to fix.
"But only 1 option (Fauna.com) as to actually store the passwords. (Or am I missing something)."
This is because I wanted to get some opinions from potential users before I'll invest more time in developing it and provide them with more options and additional tooling e.g. like CLI which I didn't even consider before (thanks again).
Even though this app looks very simple it took me a lot of time to get me to this point and release it as it is.
I know that most users don't give a *t, but I did care about the code quality, no without a reason.
I wanted to make it easy to tinker and personalise - you don't have to wait for me to change / add database provider or e.g. until I make it works without them.
"Nobody talks like that, if they do not want to use a password manager it is always another reason than trusting the code."
I think you used "nobody" here the same way as I used "everywhere". Sometimes it's hard to evade generalisation, but I was thinking about devices with GUI.
