To refine what I meant to say, much of the R&D they did was not directly productizable and was highly experimental. Which was only possible because of how insulated from external market forces the environment inside Bell Labs was. Thiel Fellowships are not aimed at that kind of work and also Thiel is not to be trusted.
How does the law differentiate that from jQuery on a CDN? The CDN is also doing some amount of tracking, and some of it is simply technically necessary. Google is actually using the Google Fonts service to track traffic.
Ah, well, if it's written in a FAQ, then the most naive interpretation of the sentence must be true. No way they'd just lie or pull off a "trickster genie" interpretation of that sentence.
A CDN delivering something like jQuery will not receive cookies nor query parameters and will return a very generous max-age, allowing the browser to reuse the resource for any number of pages or sites without contacting the CDN again.
The value of CDNs like this has diminished greatly with the advent of HTTP/2 and HTTP/3.
This is true, but there is a mitigation available: The site can require the resource to match a specified cryptographic hash before running. This did not work with polyfill.io because that CDN would dynamically return different resources based on the user agent.
Technically CDNs are not needed, we could just fully drop CDNs as well and cache files by content hash in the browser across multiple sites (<script hash="AAAAAAAAA" fallback="https://cdn..."></script>, instead of by path).
It would make the web faster and reduce tracking.
Now, is that really what Google Fonts or Cloudflare CDN wants ?
Maybe, but it will reduce the amount of data shared to the intelligence groups.
Caching across sites is a privacy risk in itself, because scripts can measure the time required to load a resource and therefore detect if a visitor has visited another site with the same resource before. That‘s why modern browsers no longer cache across sites.
Because the point of cache is to save time, not waste it. Like most naïve delays in response to timing attacks, that also doesn’t solve the tracking problem – if there’s any detectable difference (consider a cross-site tracking server that serves the content with a controllable delay) under any circumstances (consider network and disk load and availability), the mitigation is defeated.
Sites don’t share that many resources byte-for-byte anyway. The current solution is fine.
Random delays don’t stop timing attacks. You just need to gather more data before your estimate of the “unrandomized timing” is good enough for you to make your conclusions.
It’s hilarious that your off-the-cuff solution to “stopping data being shared to the intelligence groups” is itself reintroducing a known and now-mitigated security vulnerability.
I mean I'm not writing a literal law, but that would be roughly illegal and punishable in my fantasy world where a right to digital privacy existed. Laws, as a rule, don't physically stop anyone from doing anything they want. Plenty of illicit things happen on the internet already.
> How does the law differentiate that from jQuery on a CDN? The CDN is also doing some amount of tracking, and some of it is simply technically necessary.
I don't know, it might be an intractable problem. It sucks how there's no way to tell the difference between the payloads of two different 3rd party scripts when they're executed in the browser, huh?
There's a BBC short series from some years ago where our intrepid correspondent visits twilight zones. The episode on Transdnestr is really a trip. He even manages to visit an arms factory masquerading as making consumer stuff. The episode is worth looking up.
What's so bad about the idea? I like the idea, this is not well executed but I am looking forward Apple making something like it - maybe by just improving the WatchOS.
What fud? This is a standard way to deal with grid issues.
Some people don't see electric cars / chargers as ideology that must remain absolutely pure of oil. Some are just pragmatic - it's a good car that runs cheaply, and supercharger is critical infrastructure that needs a reliable backup.
> Some people don't see electric cars / chargers as ideology that must remain absolutely pure of oil.
It’s normally the anti-EV people that seem to go for this angle as a kind of “gotcha”. They are normally the ones spreading the “all the chargers run on diesel generators” misinformation too.
Can you run a charger on a generator? Probably. Is it standard practice or mildly common? Absolutely not.
I don’t think these are equivalent. You might get special cases such as a charging station in the outback of Australia where this is necessary but it’s not like it’s a standard option on any install.
> Tesla uses local diesel generators to handle spikes.
This suggests that it is a standard solution for a reasonably common problem for Tesla. Common enough that it is seen as the accepted solution by the company.
The only instance I have ever seen of this was an attempt as anti-EV misinformation which was debunked. It is not a common solution at all.
It would definitely be a viable solution in some places and I am not against it, but for some reason the anti-EV lot want to push a narrative that it is common when it is not.
Spikes in grids are not common in any way. But if they are happening at a particular location then yes, a generator is a standard solution for everyone, not just Tesla. There are not many ways to handle it, it's basically either a battery (very expensive and probably too small capacity and output current), a generator or shutting down.
