I use cash still and this is exactly what I do with my coins. I have a huge vase that I keep all my coins in. Years ago, I used to convert the coins to bills maybe once or twice per year when the vase filled up now. I use cash so infrequently now (and also usually get change rounded to the nearest dollar) that it’s been several years since the last dump and the vase hasn’t filled up yet.
I’m in the midst of a similar situation. My firstinitial.lastname email keeps getting very sensitive legal documents from law firms handling the case of someone who does not seem to know what their actual email address is. I called the firm and told them they needed to have an in-person meeting with their client and get a correct email address from them. That seemed to help for a few months. But now I’m getting emails again from a different law firm.
And I worked IT for legal firm, if we were not sending documents over email, we would get replaced by the client.
I spent 3 months on secure document transfer portal system, got scrapped after 4 months because clients wanted their forms as Word/PDF and they wanted them without hopping through any hoops.
Yes I know this was about wrong delivery address (person with same name, wrong account); the point is that email is not completely secure - certainly not for very sensitive (legal) content
Gmail can be fetched via IMAP and leave Gmail's infra entirely. And I don't think Google guarantees that their implementation stays fully on their own owned infra. It's a reasonable assumption but I'd never trust that for a security guarantee.
Email is not an end-to-end secure data protocol without the use of client side encryption/decryption like PGP/GPG, but even then, sender/receiver and time are all in the envelop metadata.
Probably because Law Firms arent necessarily computer security firms. Lots of people have terrible op sec. Additionally if you the recipient are on gmail it stops mattering, now Google knows your legal woes.
Exactly, I’d never use Gmail for anything sensitive. Even for just personal emails I use my own mailserver.
(And again, for truly sensitive stuff I don’t use email at all)
Sure even though, as most others, my server supports TLS, having your email not leave gmail at all may be slightly more secure.
Part of the point however was that when either server or receiver is using Gmail, your possibly confidential email content is still in Google’s hands. Using a personal server reduces that part of the attack surface. Still this does not mean I vacate my overall point that email in general is suboptimal from a secop standpoint.
Why’s that even relevant if the recipient is the wrong address? Email isn’t particularly secure anywhere, and gmail has forwarding and IMAP and aliases and other services that send emails outside of gmail. But sending sensitive documents to the wrong recipient, which was the topic that started this sub-thread, is a case where it does not matter how secure your servers are.
Sure it is, and your own comment above about gmail to gmail being fairly secure demonstrated that. Using a photocopier is intentional, and everyone knows what a photocopier is. Most people don’t know what IMAP is, and an email sender does not know if the recipient uses IMAP.
And this is still irrelevant to sending email to the wrong recipient, so I don’t know why you’re stuck on infra security.
Even if the law firm uses a Gmail account - which most of course don’t - Google still has access to your sensitive legal email content.
(And that’s apart from the meta data leaking)
if you attach documents by linking to a Google Drive document, sure.
if you attach documents 'inside' the mail (i.e. MIME encoded multipart) that is most definitely not secure.
1) you do not know how that mail gets delivered, not necessarily via servers that support encryption
2) you do not know how that mail, or the attachment, gets stored on the local machine
3) you do now know if the mail, or attachment, is sent to someone else
4) you cannot revoke the access to the document once the Need To Known stops
In our ISMS, sending Highly Sensitive data (ex: customer data) by attaching directly to a mail, is strictly not allowed by the IT charter. We explain it during an on-boarding meeting to all new staff members. And it's a fireable offense.
I get and can appreciate the spirit of this but it’s both misdirected and unenforceable. Misdirected because licenses should dictate use of the product but this license wants to dictate behavior of the licensee, which in turn is obviously unenforceable. I too would rather that unethical people not use my software but there’s really no ethical way to do that through licensing.
This resonates deeply with me. I don’t have any social media accounts, I’ve never been on tiktok or instagram, and the one social media I did have (facebook), I deleted 10 years ago. Yet I still can tell when there’s a new meme or trend. This is new though. Only in the last year or two have I felt like social media has really invaded offline spaces.
You’re demonstrating the problem of averages. While what you are saying might be true on average, it doesn’t negate the point being made, which is that millions of people continue to struggle to survive and live without adequate food, heat, water, healthcare, etc.
Also, there are multiple wars going on across the world that are making the problem even worse.
No, really, there are fewer famines. The UN, who defined poverty in terms of basic necessities, had to review their definition because how do you make UN survive if there weren’t enough poor populations in scope.
Shifting the goal. The goal was commiseration for poverty, and you want a stable future.
It’s difficult to reconcile the desires of 8bn people. Some don’t care about climate change, some would like to see their granddaughter, some will live through flooding or an earthquake, some would like better health. Most of misery in the world does not come from the lack of money. If anything, disagreements between people are the cause of the lack of money, not the result.
>>> Photos captured by Mobile Fortify will be stored for 15 years, regardless of immigration or citizenship status, the document says.
The headline plus this quote reveals the real intentions — to create a comprehensive dataset that includes biometric data and can be used however the government wishes, regardless of one’s citizenship. I have no doubt that this data will also be sold to other entities.
I remember reading years ago about how facial recognition was particularly bad at correctly identifying people with darker skin and was generally not great as the sole method of identification. The possibility of a mistaken identity being captured by this app would have life-altering implications with essentially no recourse. This is really disturbing.
The same whistleblower mentioned newly-created doge credentials being used to attempt login to the NLRB system from an IP address in Primorskiy Krai, the province around Vladivostock in Russias far east. They were blocked because the system doesn't allow non-US access even with proper credentials. There are many possible explanation for that since it's just an IP address.
This is some more detail about the whisteblower's testimony from an earlier Krebs article:
I think "Scrapping" semantic meaning is slowly switching to "illegally collecting", and for those who mean that, your comment is perceived as pedantic (basically me when people talk about "crypto" and i am still responding "cryptocurrency you mean?")
1. Scraping a website, by anyone, allowed by courts if it is publicly accessible
2. "Scraping" of data, by the government, from various sources into a centralized database in partnership with Palantir. It's a worse version of the "Patriot" Act
It was exfiltration -- copying or moving data from an internal system to an external system. They insisted on and bragged about full access because now it would be "efficient". But it was clearly just simple opportunity for theft by a bunch of shady assholes. They also touted the ability to link data across multiple department to mine data on US citizens. The libertarian, "don't make databases of us" folks sat around with their thumbs up their asses because reasons. See also the Krebs link.
Why are you defending this crap? They also destroyed the departments that were actually making digital services more streamlined and easier to use 18F by dissolution and US Digital Services by capture.
>>>> Photos captured by Mobile Fortify will be stored for 15 years, regardless of immigration or citizenship status, the document says.
That's what happens when you don't have mandatory id system and want to enforce immigration policy -- government just does whatever bullshit sticks and there is no carefully crafted set of safeguards and procedural rules to slap it for doing too much.
> remember reading years ago about how facial recognition was particularly bad at correctly identifying people with darker skin
I would imagine that for current administration it's not a bug, but a feature.
I think the answer is in the article, you get a mobile app that acts as a defacto national ID with the officers using the app explicitly being allowed to ignore any other ID documents.
Have not gotten a data pipeline to run to success since 9AM this morning when there was a brief window of functioning systems. Been incredibly frustrating seeing AWS tell the press that things are "effectively back to normal". They absolutely are not! It's still a full outage as far as we are concerned.
In the institutions I’m familiar with, DEI is basically a statement about respect for people from diverse backgrounds and the DEI committee is a couple of people who organize an annual cultural fair or something similar. It’s crazy to me how blown out of proportion that simple acronym has become over the last few years.
University research is conducted in pursuit of knowledge not truth. While there are overlaps, there is a distinction. The pursuit of knowledge allows us to question, consider, discuss, analyze, critique, etc, even if (and especially when) we are unsure of the truth or if there isn’t a “truth”to be attained. The pursuit of knowledge also allows us to study why and how something is false.
reply