Mikina

That is true, but can't they (a company that wants to, not the goverment) do that already if they want to, under ChatControl 1.0? And I wouldn't say that whether a service is E2EE or not makes any difference here - scanning private user messages shouldn't be allowed, whether they are encrypted or not. IMO if ChatControl 2.0 passed and was made mantadory for everyone, the fact that it is mostly noticable on E2EE apps is only a side-effect of blanket surveilance, and not the main issue with the proposition.

What's the point of them agreeing that they will let the 1% of users of E2EE services keep their privacy, while they already scan 90% of communication (I mean, just GMail + FB/IG + iCloud, that is already being scanned, makes for most of the worlds communication) for the past year or so?

Now I'm curious whether Facebook/Instagram, who does offer encrypted chats and also scans all your content under ChatControl 1.0 voluntarily, also scans the encrypted chats or not. I'd vager they do, but that's just a speculation.

But they did briefly mention that they will begin "phasing out" chatcontrol 1.0. I wonder what does that means, and how long will it take.

I think the headline is missleading, if I understand it correctly.

ChatControl is already possible, and implemented for major communication service providers that most of the people use. It's just not mantadory.

Currently a regulation is in place allowing providers to scan communications voluntarily (so-called “Chat Control 1.0”). So far only some unencrypted US communications services such as GMail, Facebook/Instagram Messenger, Skype, Snapchat, iCloud email and X-Box apply chat control voluntarily (more details here). source

~~The article states that they decided that they will not blanketly require it, but I don't think it says anything about rolling back the first version of ChatControl that's already in effect.~~

EDIT: I was wrong, the article actually does mention it, even though on pretty vague terms:

The current voluntary chat control of private messages (not social networks) by US internet companies is being phased out. Targeted telecommunication surveillance and searches will only be permitted with a judicial warrant and only limited to persons or groups of persons suspected of being linked to child sexual abuse material."

Get GrapheneOS, your mobile phone will be one of the best sources of data about you, and if you're on Googled Android or IOS, there's nothing you can do to stop google apps stalking you, which they have already had several lawsuits about doing it even when you disable it. GrapheneOS takes care of it by sandboxing google apps, so they can't do almost anything, along with really fine-grained permissiion control, i.e giving messenger access to only selected photo you want to upload, and nothing more.

As far as browser goes, I recommend Mullvad, and bundle it with their VPN. Not only can it be payed for by Crypto, it also means that almost every other VPN user will have the same browser fingerprint as you - fingerprint of the Mullvad browser, which is based on Tor browser and designed to be as unfingerprintable as possible, so it will be really hard to distinguish you using secondary fingerpriting, such as extensions or minor browser details.

Don't use Gmail or GDrive, ideally get your own NAS for file sharing and switch to something like Protonmail, which now also offers Drive. Get a domain that is vaguely company-sounding. Something like @techcorplimited.com, and create a catch-all email address, so any email sent to that domain will end up in your inbox. You can now use randomname.randomsurename@techcorplimited.com as your throwaway email address, and just randomly generate them for all services you use, while also making it believable to confuse even AIs.

Even when using VPN, don't sign into your accounts. You don't need to sign in to Youtube to tell it that it was you all the time, just remember your favorite youtubers and look for them by hand every time.

If you're really serious, look into https://www.qubes-os.org/

I was working on a pretty well known game, porting it to consoles.

On PS4 we started getting OOM crashes after you've played a few levels, because PS4 doesn't have that much memory. I was mostly new on the project and didn't know it very well, so I started profiling.

It turned out that all the levels are saved in a pretty descriptive JSON files. And all of them are in Unity's Scriptable Objects, so even if you are not playing that level, they all get loaded into memory, since once something references a SO, it gets loaded immediately. It was 1.7Gb of JSON strings loaded into memory once the game started, that stays there for the whole gameplay.

I wrote a build script that compresses the JSON strings using gzip, and then uncompresses it when loading the actual level.

It reduced the memory of all the levels to 46Mb down from 1.7Gb, while also reduced the game load by around 5 seconds.

I disagree. I've been/am working on several pretty large projects in Unity (some of them sold hundreds of thousands copies), and especially once you start porting to consoles, the experience goes to shit. Their support is vague, documentation is plainly wrong in some places - I've once spent few days figuring out how to use a documented and explained feature, only to find out later that there's a closed few years old bug on their issue tracker that it's actually not supported, and the documentation only does not explains it very well. (The feature was multiple hits per single Raycast in jobs, here are the docs. According to the bug resolution, only one hit per ray is supported, and the docs only don't explain it very well. The docs are still the same.)

You also inevitably run into issues that you simply don't have in other engines - it's closed source. You have no idea how is something implemented, or whether something isn't working because you are doing it wrong, or if it's Unity bug/fault. In Unreal, if something doesn't work, you can always just check the engine code, and either fix it yourself, or better understand why it's not working. If you need to slightly modify some engine behavior, you're out of luck with Unity - you have to resort to ugly hacks that sometimes work, but usually at a cost. In Unreal, you just modify the engine code and be done with it.

Trusting Unity with any feature is also a gamble. Have you started developing a multiplayer game on Unet? Tough, we don't want to support that anymore. But, we will create a better multiplayer system, just wait for it! Then they removed Unet, and the new networking relacement is widely regarded as pretty much unusable - or at lest it was last time I checked. Thankfully, there are a few amazing open source networking addons.

In general, while Unity is an ok-ish game engine for smaller hobby projects (but for that, Godot is better), it's really an awful and frustrating experience once your project size grows and you need to build bigger games, or if you start porting your games to consoles.

And it's also really apparent from the way they communicate and threat you company that they don't give a fuck and only want your money.

Exactly. To me, this explanation sounds like they'll just magically estimate the numbers without really being able to prove it. And that sucks.

However, we can be sure that developers will have their own analytics, that are probably way more accurate and they know exactly how many people have played or installed their game. And I'm betting that this number will be a lot smaller than the Unity "estimation", and people will get even more angry.

Their CEO is the guy who was leading Electronic Arts when it was voted the worst company of the year, implemented first lootboxes and who was openly suggesting to charge people real money per reload.

You are not wrong.

John Riccitiello is an American business executive who is chief executive officer (CEO) of Unity Technologies. Previously, he served as CEO, chief operating officer and president of Electronic Arts...

I see a lot of people mentioning that you should just switch to Firefox, but if you're doing that because of privacy, you will not be off that much better by doing just that - unless you fiddle with the settings and get a custom user.js, such as this one, that properly hardens it and a few extenstions, such as Decentraleyes, Cookie Auto Delete or ClearURLs.

But it can get annoying, so instead I'd recommend giving LibreWolf a try. From my experience it works pretty much out of the box, and for the few settings that may be annoying to you they have a quick guide about how to disable them.

But even better than that, I'd recommend giving Mullvad Browser a try. It's basically a clear-net version of Tor Browser, and so far I haven't heard anything negative about them. I also really like their idea about pairing a VPN service (that's optional) with a browser, so now you have exactly the same browser fingerprint as any other user using the same VPN (as long as you don't add any extensions), which will make you more resistant even to the more advanced fingerprinting techniques, since there's basically no way how to tell all of the users of the VPN apart. Some more info and reasoning, along with more recommendations, can be found at https://www.privacyguides.org/en/desktop-browsers/#mullvad-browser

I've recently started using Mullvad, and was using LibreWolf as my daily browser, so now I'm switching between them randomly. I do run into issued from time to time, mostly because of 3rd party requests or auto-deleted cookies when leaving a domain, which can break some kind of cross-site flows. But whenever there's an issue, I just quickly fire up Brave to do that one task. But all things considered it's an amazing experience, so I do recommend giving some of them a try.

From how I understand it, in Veilid everyone is both and entry, relay and an exit node - there's no distinction. Because you have to have exit nodes - the communication has to go though somewhere, so the receiving server will always know the IP of the last node (the exit one). It just has to go through somewhere. The whole main point of TOR (and Veiled, which seems based on the same thing) is that since you go through three nodes, each node can tell where is the request coming from, and where to send it. So the server doesn't know where did the request came from, but knows the IP of the exit node.

The issue is that if they bust someone for doing illegal shit, your IP may be investigated. They don't know what communication came from you, but something may have, since just by using veiled, you become an exit node. Or I'm misunderstanding it, but that's what I understood from the description.

That's why I'm avoiding any extension I know I really don't need.

I've already burned myself once, when Nano Defender sold out and turned into a cookie-stealing malware. By the time it was one of few adblockers that were not being blocked by adblock killers. They've pushed a malware update through the Chrome web store, and started exploiting stolen cookies immediately.

It was a difficult day, where I had to explain to few of my exes that someone hacked their Instagram account due to an ad-blocker I've set up for them when we were dating few years ago.

It's also why FOSS and hacking community is so important. It's exactly so we can fight against something like this, by simply hacking and reflashing our own devices, so we can get rid of all the software-imposed bullshit.

I studied gamedev and always wanted to make games, but I'm really glad that I've instead chosen cybersecurity for my first job thanks to a random optional course about pentesting I had in college. It's a skill that will be more and more important, and I highly recommend to anyone just reading a book or two about hacking, and getting their hands dirty on some IoT hacking labs and writeups as soon as possible.