Much of that money goes to permitting, admin, and insurance. What you’re seeing is probably the $10-20 million that wasn’t successfully siphoned off by bureaucrats.
Kinda easy to guess, there’s really only one possibility and answer: people felt a certain way after reading and voted accordingly. The idea that anyone votes based on the content of what’s been said is false. For example, you’re not gonna upvote a true statement of a statistical fact if you think there’s a terrible reason for it. You’re gonna downvote because you feel bad about what you perceive as the reason regardless
Because “successfully siphoned off by bureaucrats” has an implicit value judgement in it. If someone a) thinks the cost of regulation provides value and b) believes that downvoting is a reasonable response to opinions they disagree with, they’re likely to downvote in this case.
Personally I only believe one of those things. I also believe the point about additional cost of development could have been made without the value judgement.
tl;dr she didn’t send any obvious signals that she was pregnant, and didn’t get any ads. The headline only represents about four paragraphs from a very long article that rambles all over the place.
Then eventually she dropped the experiment, proving just how easy it is for one slip-up to tip them off:
> My modest experiment went surprisingly smoothly. Because I’d had my first child not long before, this time I didn’t need to buy anything, and I didn’t want to learn anything. I smooth-brained my way to three months, four months, five; no diaper ads. I called up a lawyer and data-privacy specialist named Dominique Shelton Leipzig to get her perspective. Globally, she told me, we generate 2.5 quintillion bytes—that’s eighteen zeroes—of data per day. “The short answer is, you probably haven’t hidden what you think you have,” she said. I told her about the rules I’d set for myself, that I didn’t have many apps and had bought nothing but prenatal vitamins, and that Instagram did not appear to have identified me as pregnant. She paused. “I’m amazed,” she told me. “If you didn’t see any ads, I think you might have succeeded.” I congratulated myself by instantly dropping the experiment and buying maternity pants; ads for baby carriers popped up on my Instagram within minutes.
I reckon privacy is a lost cause except for diehards like me. For by far the vast majority of people find the so-called freeware offered by Google et al just too convenient to resist.
For Google et al the tiny minority of us who've achieved some degree of privacy aren't worth worrying about, and we as a group aren't going to grow any larger for reasons that achieving a reasonable degree of privacy is a far too onerous a job for the majority of people, moreover most would consider their phones broken after such privacy modding.
For instance, the phone I'm typing on now hasn't yet been rooted but that largely doesn't matter, it's reasonably private (but not completely so) with the following tweaks: first, it has no Google account (probably the most important tweak of all), all apps except for a few F-droid ones have internet access disabled (their calls to the internet are diverted to a VPN nul location by a firewall), all Google apps are disabled including Google Play Services and especially Chrome, no non-F-droid app has access to background data, and as a precaution the disabled Google apps have all permissions denied/turned off, in effect they have access to nothing, neither the internet nor hardware. These tweaks send both the Play Services and the apps that rely on it into spasms and they keep bleeting notifications to turn Play Services back on or the apps won't work, this bleeting is most annoying but it too is easily remedied by disabling notifications from the offending apos. Finally, my F-droid browsers have JavaScript disabled (there's more but that'll do for now).
Wirh these tweaks the phone still works fine for me, calls and messaging all work OK, so too do GPS, WiFi, the internet along all phone sensors and my non-Gmail (POP) email account.
That's about the minimum one needs to do to achieve even a modicum of privacy on one's phone. That said, a phone so tweaked is essentially useless to the vast majority who expect Google, Facebook and similar apps to work (if you want privacy you just can't use them). That the vast majority cannot do without these Big Tech apps is why I believe privacy is essentially dead.
Incidentally, some may be interested to know that many (but not all) apps that complain about not working if Play Services are turned off actually do still work. What Google and developers don't tell you is that these apps use the Play Services to report your activities to Google and the world, it's a key reason why I nuke Play Services.
Usually microG makes the GMS complainers work while still voiding all the data they try to report.
IMHO unrooted android is starting to become actually viable, for example there are apps (like AdGuard) that use a VPN to MitM all your connections and filter out ads even if they attempt to hide inside HTTPS connections.
And with the `pm disable-user` trick you can disable apps that you can't normally uninstall (or disable). Which is great for OEM- or carrier-installed bloatware.
Also worth noting: it was her second child so she “didn’t need to buy anything or search for information”. And the experiment was terminated (it appears - it’s a bit unclear) after 5 months.
Another interesting factoid mentioned:
> identifying a single pregnant woman is as valuable to data brokers as knowing the age, gender, and location of more than two hundred non-pregnant people, because of how much stuff new parents tend to buy
I don't remember the exact list, but it was 4-6 life events that are each potentially worth $100+ per person to marketers, and I think that was in ~1996 dollars.
Iirc:
College graduation/ first real job, Wedding, first home purchase, first kid on the way, retirement filed-for, and ??? I'm forgetting something. Maybe out-of-town move?
Related and overlapping: I suggest searching for the late 90s article on Target basically telling a teen that she was pregnant via direct mailers before she even knew. Dad over reacts then has to eat his accusation when they (Target) were right.
Based on non-typical purchase of un-scented lotion and 2-3 other undisclosed items.
Idk how old you are, but part of the point is the 'before times' ended much earlier than most are aware.
The biggest lesson of the Target story (for the marketers) was don't let consumers know that the marketer knows so much about them.
Had they just sent diaper coupons mixed with generic ads, they might have been more successful. 'Congratulations You're Pregnant!' is what didn't work.
This is very typical of New Yorker pieces - I enjoyed the broader context of capital surveillance. We can’t editorialise titles here, so this is bound to happen.
It's an extension of the chosen-plaintext attack, and so requires the attacker to be able to send custom text that they know is in the encrypted payload. If the unencrypted payload is "our-secret-data :::: some user specified text", then the attacker can eventually determine the contents of our-secret-data by observing how the size of the encrypted response changes as they change the text when the compression step matches up with a part of the secret data. It can be defeated by adding random-length padding after compression and before the encryption step, though.
Essentially if you zip something, repeated text will be deduplicated.
For example "FooFoo" will be smaller than "FooBar" since there is a repeated pattern in the first one.
The attacker can look at the file size and make guesses about how repetitive the text is if they know what the uncompressed or normal size is.
This gets more powerful if the attacker can insert some of their own plaintext.
For example if the plaintext is "Foo" and the attacker inserts "Fo" (giving "FooFo") the result will be smaller than if they inserted zq where there is no pattern. By making lots of guesses the attacker can figure out the secret part of the text a little bit at a time just by observing the size of the ciphertext after inserting different guesses.
Encrypting without zipping doesn't leak any information about the content. You can't rule out certain byte sequences (other than by total length) just by looking at the ciphertext length.
If "oui" compresses to two bytes and "non" compresses to one byte, and then you go over them with a stream cipher, which is which:
This has nothing to do with compression. If you use "yes" and "no" instead of "oui" and "non" (which just happen to be three characters each) and you compress "yes" to "T" and "no" to "F" then the uncompressed text will be the leaky one.
Yes, and my example was an example meant to prove the opposite idea. The point is that it is irrelevant whether you compress or not. You can leak information either way.
It's in the article if you would bother to read it LOL. "simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy . . . [the researchers] can search for chosen phrases within the encrypted data"
Cryptography noob here: I'm confused by "Encrypting without zipping doesn't leak any information about the content." Logically speaking, if we compress first and therefore "the content" will now refer to "the zipped content", doesn't this mean we still can't get any useful information?
Not OP, but 'zipping and encrypting' one thing (a file for example) does not leak information by itself. The problem comes when an adversary is able to see the length of your encrypted data, and then can see how that length changes over time - especially if the attacker can control part of the input fed to the compressor.
So if you compressed the string "Bob likes yams" and I could convince you to append a string to it and compress again, then I could see how much the compressed length changed.
If the string I gave you was something already in your data then the string would compress more than it would if the string I gave you was not already in your data - "Bob likes yams and potatoes" will be larger than "Bob likes yams likes Bob".
If the only thing I can see about your data is the length and how it changes under compression - and I can get you to compress that along with data that I hand to you - then eventually I can learn the secret parts of your data.
Encryption generally leaks the size of the plaintext.
This is true in both the compressed and non-compressed case. However with compression the size of the plaintext depends on the contents, so the leak of the size can matter more than when not using compression.
Even without compression this can matter sometimes. Imagine compressing "yes" vs "no".
> Encryption generally leaks the size of the plaintext.
Ah, I see. Naïvely, this seems like a really bad thing for an encryption algorithm to do—is there no way around it? Like, why is encryption different from hashing in this regard?
There are methods, but they are generally very inefficient bandwidth wise in the general case. The general approach is to add extra text (pad) so that all messages are a fixed size (or e.g. some power of 2). The higher the fixed size is, the less information is leaked and the less efficient it is. E.g. if you pad to 64mb but need to transmit a 1mb message, that is 63mb of extra data to transmit.
Part of the problem (afaik) is we lack good math tools to analyze the trade offs of different padding size vs how much extra privacy they provide. This makes it hard to reason about how much padding is "enough".
Another approach is adding a random amount of padding. This can be defeated if you can force the victim to resend messages (which you then average out the size of).
Hashing is different because you don't have to reconstruct the message from the hash. With encryption the recipient needs to decrypt the message eventually and get the original back. However there is no way to transmit (a maximally compressed) message in less space then it takes up.
There are special cases where this doesn't apply e.g. if you have a fixed transmission schedule where you send a sprcific number of bytes on a specific agreed upon schedule.
Yes, of course it leaks more information than encryption without compression, because that’s just encryption which doesn’t leak anything.
In an enormous number of real world cases adversaries can end up including attacker-controller input alongside secret data. In that case you can guess at secret data and if you guess correctly, you get smaller compressed output. But even without that, imagine the worst case: a 1TB file that compresses to a handful of bytes. Pretty clearly the overwhelming majority of the text is just duplicate bytes. That’s information which is leaked.
Good lord could you imagine the meltdown HN would have if Apple had taken this option to solve the old-batteries-support-lower-peak-current physics problem?
“Your device battery no longer supports the camera. Or the backlight on the top third of the screen. But it runs at full speed otherwise!”
ATC is a unique thing - if you’re interested, suggest listening to the https://www.opposingbases.com/ podcast. It’s eye opening how much complexity they deal with, and how frequent the edge cases really are.
Genuine question - why do you allow _any_ time? I don’t have kids, so I’m able to make these large generalizing statements: seems like personal connections to AI chatbots are a form of brain rot.
There are plenty of positives for kids with AI bots.
Children often have questions that they are not comfortable talking to their parents about. And their peers can often be more clueless than they are. Or maybe they just want to understand the world they live in with something that is more fun and engaging than reading Wikipedia.
What's harming children right now aren't services like this. It's the peer pressure and unreal expectations being set by social media.
>What's harming children right now aren't services like this.
kinda really fucking depends on what "services like this" are telling them. Remember when the national eating disorder hotline replaced it's humans with chat bots that started telling people to just eat less?
NYC recently made a chat bot to answer legal questions for small businesses and it gave tremendously wrong information, likely harming both the employees and the business.
As a parent, I'm with you. But parenthood sucks. From day one, that person you're "responsible for" is actually a separate entity with its own thoughts and bodily autonomy.
And here they are, growing up with this technology, entirely unlike anything available to us in our childhoods. But one thing remains the same: if we shut them out altogether, they'll route around us and find it on their own.
A teetotaler myself, but the "not one drop" mentality doesn't really make a ton of sense to me. Not because I want my kid using AI or alcohol, but I'd rather him try it under my watch than go out and find it on his own.
But if this is a feature that parental controls cannot limit, then I honestly don't know what to say other than, perhaps we're fucked as a society.
Ya, the other thing is that we need to gradually give them freedom and have them make some recoverable mistakes under our watch, or they could go straight from sheltered kid to adult in the world on their own. By 16, they should have 75% of the freedom of an adult, because they’ll have 100% at 18.
0-60 time is 2.6 seconds, or 10.32m/s^2 if it’s evenly distributed. So from zero you’d be doing 11.5mph in 0.5s (and travelled a little over four feet).
But importantly, it looks like this is more of a ratchet effect… so if your pedal is stuck at 100%, it’s because you pressed it that far (even if intending it to be momentary). That’s not something you’d normally do in a parking lot full of nuns, you’re probably on a highway with some time to react and press the brake. My guess is that’s why we haven’t seen a tragic accident out of this.
