The point is that it’s a loophole in privacy laws so they don’t have to outright tell people that they collect personal or identifying information. So they can legally mislead people by claiming it’s anonymous telemetry in hopes that users don’t actually look into it or understand the implications.

Ad firm money.

Maybe I’m just cynical, but my first instinct when I see stuff like this is they have a secret contract with an advertiser and are selling this information.

Like if you’re going to use Arch btw, go all the way and use actual Arch.

Those are absolutely ways of covertly identifying your device while technically not counting as “personal information” under privacy laws.

It’s not removeding over Microsoft, it’s prevent Microsoft from removeding us over. Microsoft is not the victim in this.

Trusting your security to Google is literally like trusting a fox to guard your hen house.

This video from a security researcher says that pretty much every software that uses WebP was affected though, and once the issue was discovered, Google made commits in their own codebase to “fix” it. Which suggests it’s an issue with the upstream source code that Google provided to everyone else.

Source: https://www.eyebuydirect.com/blog/what-is-the-rarest-eye-color

Can’t wait to have Google’s telemetry injected into my Linux apps

It’s something that literally every dev has done at some point before they knew better.

If you’re working for a multinational tech company handling sensitive user data and still make this mistake, then you are being malicious in your incompetence. This is something that would cause you to lose a significant amount of marks on a first year college programming project, let alone a production system used by literally billions of people.

that logged unencrypted password data

Why the removed would you need to log a password ever? This is absolutely malice and not incompetence.

Hanlon’s Razor revised: Never attribute to malice what can be attributed to incompetence, except where there is an established pattern of malice.

Does anyone remember an article/interview a while back where Mark removederberg shamelessly admitted that he chose not to hash passwords in the original Facebook codebase specifically because he wanted to be able to log into his users’ other accounts that use the same password? I swear I remember reading something like this but now I can’t find it.

Anything that was designed be exploited was designed that way for a reason. You think Intel isn’t aware of the security issues with how they designed their CPUs?