Because you think that "being able to track leadership of a country that knows that other countries may want to target them" does not mean "being able to track pretty much anyone"?
Or do you think that those cameras are less secure because the leadership is not good with their people?
I thought I stated my position pretty clearly. This is like saying, “We should ban guns!” And then use a successful self-defense case as a supporting argument. Whether you agree or disagree with the thesis, I think we can all agree that’s a stupid way to make the point. But perhaps you just aren’t willing to have a genuine discussion.
Anyone who has a mobile phone has been tracked by their phone provider forever, with the accuracy of a couple blocks. Smartphones only bring more trackers to the equation in the form of apps.
What's the material concern to tracking that glasses add?
Surely the difference between location tracking (that still requires a warrant for the government to get access to, thus Stingrays) and the intimate visual processing and tagging that is derived from the likes of smart glasses is self explanatory, right?
To that point, the difference between geolocation and video tracking and analysis (like Flock) seems pretty obvious to me.
You can recognize a threat to national security without supporting the ideology behind it. It sounds like you are trying to to spread FUD around stronger privacy regulations. It would be a lot less funny when the shoe is on the other foot and it's not Iranian networks that's being compromised. Are you perhaps a vendor of mass surveillance systems like your username's namesake?
"But we cannot be profitable if we don't do surveillance". I don't believe that surveillance capitalism was created by governments "bullying" companies.
I am curious about how far a project like Confer can go, but I wouldn't be surprised if it couldn't be profitable (because it is designed to not do surveillance).
> The most interesting extension of this idea comes from the creator of Signal, Moxie Marlinspike’s recent work with Confer. In Passkey Encryption, he describes using the WebAuthn PRF extension to derive durable encryption key material from a passkey.
I do respect Moxie Marlinspike, but I'm not sure he "came up with this idea". I read about it first from the author of Age [1]. And to me it seems like whoever worked on adding a PRF extension to WebAuthn probably knew that PRFs are cool and could be used for cool stuff.
All that to say, I don't feel a need to attribute that to someone in particular, but if I did, I would want to be sure I am right.
> In practical terms, this replaces a lot of the awkward machinery behind encrypted systems. End-to-end messaging usually requires long-lived identity keys, recovery phrases, or some form of server-assisted key escrow. Encrypted SaaS products often rely on password-derived keys or server-stored wrapped keys for recovery. Using passkeys and the WebAuthn PRF shifts that root of trust into hardware-backed credentials that already exist on user devices, reducing both system complexity and the number of high-value secrets stored on servers.
I hope that makes the reason for my post clearer? Thank you for your comment, I'm pretty new to writing blog posts and your comment identified that I clearly hadn't properly communicated why I though the approach was novel or exciting. It might have been obvious to some, but having Moxie do it in a product makes it much easier to justify by coping his approach.
Agree that the idea of using passkeys for encryption isn’t Moxies or novel, since it’s explicitly in the spec. MaybeI failed to get at what Moxie’s implementation replaces and how that’s novel, and moving the ecosystem forward. I could see a similar system being used for E2EE messaging too.
> These devices could send headers to websites saying "I'm a kid" -- but this system doesn't exist
And there would be ways to work around it. If people find that privacy-preserving age verification is not good enough because "some kids will work around it", then nothing is good enough, period. Some will always work around anything.
if a parent gives a kid a full on smartphone, charge the parent with child abuse just like feeding the kid alcohol, cigarettes or having sex with them. people will catch on.
I've seen more than a few rewrite attempts fail throughout the years. However, I've never seen a direct language to language translation fail. I've done several of these personally: from perl to ruby, java to kotlin, etc.
Step 1 of any rewrite of a non-trivial codebase should should be parity. You can always refactor to make things more idiomatic in a later phase.
Unrelated, but I really want to take the opportunity:
How can one know what is dangerous for the eyes or not? Years ago I got an "IR illuminator" (from aliexpress, probably) that I wanted to use with my raspberrypi NoIR camera, for fun. Say filming myself during the night to see how much I move while sleeping, or making my own wildlife camera trap.
But I was scared that it could be dangerous and never used it (I tested it in an empty room, but that was it).
Is there a safe way for a hobbyist to get an IR illuminator and be sure that I won't make somebody blind with it?
Is it just a bunch of IR LEDs? Surface mount or through-hole? What's the module power rating? What's the power supply power rating? Are there any secondary optics like lenses over the LEDs? Is there a diffuser of some kind?
If it's a cluster of garden variety through-hole LEDs with domed tops (like you would see on a TV remote), they're necessarily low power on account of having poor thermal performance.
Another way to tell is if nothing gets warm at all. It's pretty hard to hurt someone with an emitter that both doesn't have a focusing optic and doesn't get warm.
Let me be clear - you're still responsible for verifying the safety of your stuff, and I am in no way assuring you that the device you have is benign, because I can't do that without inspecting it directly.
> Let me be clear - you're still responsible for verifying the safety of your stuff
Obviously yeah. I was just wondering if there were known rules like "these wavelengths under this power are fine for humans and wildlife, even if they put the LEDs right in front of their eyes", and also if you have an array of such IR LEDs, how they cumulate.
And curious about things like: if I don't see it, can it hurt my retina?
I probably will never do it: I wouldn't want to blind a fox just because I wanted to make my own wildlife camera :).
Invisible wavelengths can absolutely hurt your retina, but as wavelengths go farther beyond visible, your eye begins to not focus them properly on the retina, so the risks change. E.g. with 1550nm IR (common in telecom, sometimes in LIDAR) the risk of eye damage is to the surface of the eye rather than to the retina. Short wavelengths like UV will be absorbed by the lens at near-UV, and then eventually just be absorbed at the surface at shorter wavelengths.
I think it would be a cool exercise to figure out how much optical power you would see at, idk, 5cm from your illuminator. I assume it's a shortwave IR close to visible light, so you can assume it will focus like visible light, more or less.
Ideally you'd use an optical power meter but you could get a first pass by looking at the circuit and seeing how many mW pass through each LED, applying a conservatively high efficiency factor of W_optical/W_electrical, projecting that into a radiated cone for each LED and multiplying the power received on a dilated pupil sized spot at 5cm by the number of emitters.
Then you have to work out what the irradiance at the retina is once the light is focused. The hazard criteria include a time factor, so you'll have to decide if you/foxes would like to stare directly into the beam for 10 seconds? Or for the entire duration of your meditation session.
i went down a rabbit hole doing max permissible exposure calcs for the light you linked and basically i personally wouldn't worry about it. the energy is low and distributed among many emitters. by the time you're far enough away from the light to focus on it, you're receiving max a couple hundred microwatts/cm^2 at the cornea from each led.
I don't know if you ever write blog posts or anything like that, but I would love to see explanations about how you made those estimations. I honestly wouldn't know how to even start :-).
IR illuminators are not lasers. Their purpose is to cast light across a broad area, not to deliver it all to one point. They should not be harmful to vision.
The problem I see is that in our society, CEOs are chosen for their ability to convince that they can increase productivity. Not for their ability to improve the life of people.
Just like the paperclip AI issue, CEOs are optimising for arbitrary metrics, and they are really good at that (because we select them precisely for that).
So obviously, as soon as you start wondering about how competent a CEO is at talking about life, you're in for a treat. He obviously has no idea about life. He is just a successful paperclip production machine.
What scares me is that we select those people for their ability to convince that they will generate money, in the hope that they will actually do that, and then we value their opinion about completely unrelated topics.
You may as well ask a curling professional athlete what they think about the problem of AI and energy. Not that they necessarily will say something as dumb as Altman of course, but you wouldn't behave as if they were experts in the field of... you know... the impact of energy on humanity and life in general.
> He’s clearly saying “lots of important things consume energy” not “let’s replace humans with GPUs” or “humans are wasteful too”.
When people have to interpret what you are saying, assuming that you are too intelligent and empathic to mean what you actually said, I think it says a lot.
"What he said is wrong, illogical and dangerous, but you have to forget it and consider that he probably meant this completely different thing that I will expose to you. Because he cannot be rich and powerful AND capable of expressing basic ideas on his own, what did you expect?"
It's exactly the same UI as Stock Android on a Google Pixel. If you find GrapheneOS' UI odd, then Android is just not for you, I guess?
reply