Iirc the way that blind works is by verifying you work at a specific company but then that email address cannot be used again.

It’s not associated with your specific account.

Someone who worked at blind explained that but there’s no way to know this for sure.

These states:

• Florida, Nevada, New Hampshire, South Dakota, Tennessee, Texas, and Wyoming
• Arizona
• California
• Massachusetts
• New York
• Washington

At least Amazon is thinking of the shareholders.

The hardest thing about Linux Mint is installing all of your software. It’s daunting even for very established users.

I moved from Ubuntu to LM a few months ago and I’ve enjoyed it.

I’ve requested confirmation and have only gotten it once or twice.

What I’ve started doing is actually just sending them their same exact terms via their corporate registered address (regardless of their instructions) with the arbitration clause and jury trial waiver and just about anything I don’t agree to removed. I tell them so long as they continue to provide the services to me, that they implicitly agree to the terms I’m sending them, with any further updates requiring them to send a registered (not certified) letter.

I intentionally do not provide any way for them to identify my account except for the return address.

I figured if I ever had to go to court, one of these things would happen:

• judge finds that the original terms are enforceable, which means I’m no worse off
• judge finds that my amended terms are enforceable, which means it worked
• judge finds both terms unenforceable and I can continue to sue them

So far, no company has ever written me back or turned off my access to the site.

I suggest everyone do this because these forced arbitration clauses are very anti-consumer and we need to start clawing back our rights.

Car companies have definitely imagined this. And if they could, they 100% would.

I think I used to do something similar with email spam traps. Not sure if it’s still around but basically you could help build NaCL lists by posting an email address on your website somewhere that was visible in the source code but not visible to normal users, like in a div that was way on the left side of the screen.

Anyway, spammers that do regular expression searches for email addresses would email it and get their IPs added to naughty lists.

I’d love to see something similar with robots.

No, it was a few years back when a researcher found that there was a plain text file of county employee social security numbers just sitting inside the JavaScript of a government website.

There are too many Google results from the upcoming election for me to sort through but suffice it to say, the guy was a class A idiot.

It reminds me of a lawmaker in one of the flyover states that wanted to make it illegal to look at the source code of a website.

Think about this for a second.

And realize that this twat is writing laws.

Given the number of TV shows and movies around this topic, I can sense this change coming.

If I have to interact with someone that’s wearing goggles, I might go full Luddite.

It’s sad that so many plugins like this exist.

Remember ExpertsExchange? They charged people for the correct answer but was in the top 10 results. They got blocked very quickly when Google, yes Google, allowed you to block any site from your search. That feature is now gone and you have to specify that in your search terms.

For those who are unfamiliar with both Bandcamp and Bandcamp Friday, can you ELI5?

Back then, Amazon was the shit. My GF at the time and I cancelled our Costco membership because shipping was good and selection was better.

Now, Amazon is shit. And now back to buying in-store whenever possible. And got a Costco membership again.

I have a running cart in my Amazon and about once every two weeks I’ll hit the purchase button.

Just not worth it anymore.

If the attack was carried out over one IP address, they should have been able to detect it.

There is no real reason why 7 million different accounts access the site from one location.

I don’t know how sophisticated the attack was but the future threat is instead of DDOS attacks would be distributed ACCESS attacks where millions of controlled devices attack a site with known credentials to download small bits of information over time. Even better if you can work out ahead of time the account’s general location and then assign devices in the area to access that account.

I use yubikey everywhere it’s available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.

But today, it’s usually as simple, or simpler, than TOTP.

So it might be worth trying again. I’d use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you’re into that.

I just wish YubiKey could store more than like 30 TOTP tokens.

Yes but this wasn’t a data breach. This was a data stuffing incident, meaning they took someone else’s data dump and tried their email and credentials here.

• never use the same username and password in two or more places
• always use MFA, a hard token if you can like a yubikey

They finally made YouTube unusable for me even with ublock. Refreshing the filters didn’t work and told me I could only watch 3 videos.

Google was always going to win the war but I didn’t expect it to be like this.

I’m now using piped for all YouTube videos.