AmbitiousProcess (they/them)

Works the same on DuckDuckGo for those who don’t have a Kagi subscription!

Depends. Obviously when they say “secret spyware” that means it is, in fact, secret, and we don’t know which spyware they’re using, but as the article notes it could be Paragon Solutions.

They have a system called Graphite, but that primarily targets just instant messaging platforms. If the article is to be believed when it says it could activate your camera, that would signal to me it’s more likely something from NSO Group, like their Pegasus spyware that can also access your camera, GPS coordinates, and more.

All of these are going to be reliant on zero-day exploits, essentially exploits that aren’t known to anyone yet and are still unpatched. All exploits will be a little different, but when it comes to mobile spyware, we usually see them delivered either through texts, websites, or email.

Those attacks can either be someone just receiving the text (even if they don’t click on it, AKA a “zero click” attack), or maybe having to actually go to a particular website with the exploit baked in, or running an attachment from an email.

I never thought I’d like using a word more than enshittification, but conshitidation takes the cake, I think.

This is really bad even just from the perspective of user behavior. Training people to scan QR codes from anything that looks like a captcha box is HORRIBLE for security.

“Thanks for scanning the code, just one more step! Please input your phone number, and type in the code you receive.”

Boom, account stolen.

This does seem to work with sandboxed Google Play Services on GrapheneOS btw.

I scanned the demo QR code on Google’s talk page about it with sandboxed Play Services enabled and it gave me a custom popup asking if I’d like to verify.

“I should base my surveys about human behavior solely on responses from non-human machines” said… someone, apparently? Damn. 💀

We can’t wait for that to happen, xitter needs to close the technology before the first image puts them in trouble.

That is why this bill imposes heavy fines. No company has good reason to operate a tool like this if every single nude generated can cost them half a million dollars each.

This bill isn’t a “you can do this but we’ll give you a slap on the wrist each time you do” bill, it’s a “if you build a tool like this and let it loose, your company is going bankrupt and we’re talking your life savings, so you’d better not”

Grok generated about 6,700 undressed images per hour.

https://www.latimes.com/business/story/2026-01-07/musks-grok-ai-generated-thousands-of-undressed-images-per-hour-on-x

That would be 3.35 BILLION dollars per hour if the maximum 500k fine was enforced for each.

(I’m citing the law, not the article)

There’s a few things that I think help prevent something like that from happening.

“Nudify” or “nudified” means the process by which: an image or video is altered or generated to depict an intimate part not depicted in an original unaltered image or video of an identifiable individual

“Intimate parts” includes the primary genital area, groin, inner thigh, buttocks, or breast of a human being.

So a reasonably sized bikini probably wouldn’t qualify, because it still covers intimate areas to some degree, but anything too skimpy would.

The prohibitions in subdivision 2 do not apply when the website, application, software, program, or other service requires the technical skill of a user to nudify an image or video.

So something like Photoshop wouldn’t qualify because you’d need the skills to actually edit images yourself.

I think this:

“No, see… My app is designed to show you what you look like in user-created outfits. Like a virtual closet mirror! What do you mean users are trying on tiny bikinis and clear cellophane dresses? How could I ever have planned for that?”

Would be prevented by this law, but with very good reason. Anyone developing a feature like that could very well simply develop a filter that can tell if too much of a sensitive area is being exposed that wasn’t previously there. If they put technical safeguards in place, and it takes reasonably large amounts of effort for a user to bypass, then the site wouldn’t be liable because it would require “technical skill of a user”.

A site like that can exist, and being able to digitally try on outfits is nice, but it shouldn’t be allowed to ignore the obvious consequences of not putting restrictions on how much skin can be shown.

You won’t get anywhere if you end up having to use their devices.

If you’re able to bring and use your own, just use it how you normally would. Maybe throw on a VPN while you’re at it though, (assuming you have to use their Wi-Fi network) since a lot of these institutions use filters on the router level, but if all they see is a stream of arbitrary traffic from your device to a VPN company’s server, they won’t get much info or blocking ability.

Most can, but they still rely on your phone getting an internet connection later, on your phone being trusted to send data over itself, and of course still require your phone to actually be charged. (Can change if it’s a regular card depending on the issuer though)

Also, if you’re just generally curious about stuff related to offline payments, there’s actually a major security hole that Visa refuses to fix, which allows a device to pretend to be an offline-only card reader, then charge any value to someone’s card, and get away with it, even if their device is locked.

Not really a point in favor of my original argument though, since CBDC infrastructure would require replacing or updating all the readers anyways, and implementing the standards to prevent such an attack, like MasterCard has used for a while now.

In 2026, when is your phone running out of battery

Not too regularly to me, but it happens frequently to most of my friends, and some street performers I know who don’t always have good access to a power outlet, or the money for a portable charger.

…or losing wifi?

I and many other people regularly experience complete cell dropouts when at my local grocery store. No service. (Works fine outside and slightly down the block) We are in a city, not the middle of nowhere either.

There have also been internet dropouts for my local store’s machines, meaning people paying with cash could go instantly, whereas people who only had cards or phone payments had to wait in a massive line since every transaction took 2 minutes to go through.

You can also just get a crypto card if your worried about your phone being unreliable.

Sure, but at that point I could just get literally any card. I was only commenting on CBDCs, though I suppose the same critiques could apply to direct crypto transfers.

At the end of the day, CBDCs tend to rely on phones to work, and thus can’t work if your phone doesn’t, unlike cards, and especially unlike cash. (given cash relies on nothing but you and the person you’re transacting with believing the cash is real, vs phone payments or even just cards still requiring an internet connection at some point, and power to the reader, plus permission from an external gatekeeper as the cherry on top)

Not even just permission, especially given most of these systems are made to operate on your phone rather than through a physical card.

Oops, your phone died? Sorry, no groceries for you! Did your internet connection stop working on your phone? Sooooooooooorry, you’re not gonna be able to pay your bus fare.

Hence why this article is about them leaving the openly Nazi billionaire’s platform while remaining on other platforms that are mainstream and still provide a lot of reach :)

I totally recommend just clicking through random pages on there for a good 10 minutes or so. You’ll be surprised at how many random, cool, interesting things you find that you’d probably never see otherwise in a million years. (also an AMAZING place to find small blogs to add to your RSS reader of choice)

They feed a lot of this into their main search index if you pay for Kagi search too, so a lot of these sites will appear higher than they would on Google, Bing, DuckDuckGo, etc, if their content is relevant. Especially fediverse sources.

The email dump has an email in it that’s ALL in Papyrus 😭

(File 2010-03-16 03-04-26 Sugar.eml)

You could make that argument about any tool Wikipedia editors use. Why should they need spellcheck? They were typing words just fine before.

…except it just makes it easier to spot errors or get little suggestions on how you could reword something, and thus makes the whole process a little smoother.

It’s not strictly necessary, but this could definitely be helpful to people for translation and proofreading. Doesn’t have to be something people are wholly reliant on to still be beneficial to their ability to edit Wikipedia.

“More secure” is a minefield of marketing and intentionally misleading the populace.

Here is the popular phone cracking company Cellebrite’s leaked slides showing them telling the people they’re selling their tools to that they can’t as easily (if at all, depending on device state) crack GrapheneOS as they can stock Android:

https://grapheneos.social/@GrapheneOS/112462758257739953 (This is just a well-summarized and explained post from GrapheneOS themselves, but the original leak was independent of them, and the slides and final interpretation are no different from what GrapheneOS is showing, thus I wouldn’t consider this just “marketing”)

Objectively, if you have a GrapheneOS phone, and you plug it into a Cellebrite machine, it will not have its data extracted if it’s before first unlock, or after first unlock but on the lock screen. (as long as you’ve updated your security patches since like 2022, which most GrapheneOS phones will be) A stock Android phone, or even many iPhones were not as resistant to brute forces or even full file system extractions as a Pixel with GrapheneOS.

GrapheneOS also has additional features that can make the cracking process even more difficult, such as disabling USB even after first unlock when on the lock screen, automatically rebooting after set period to return the phone to BFU state, or setting a duress PIN that wipes the phone, which could be triggered via a brute force before the real PIN is guessed.

Also, in case you want to look at the diagrams in the post more since they don’t really explain all the acronyms, here’s a key:

• BFU (Before first unlock - essentially when you’ve restarted the phone but not put in the PIN/password yet. When fingerprint unlock will not work)
• AFU (After first unlock - after you’ve put in your PIN/Password, fingerprint gets enabled at this point. Using the “Lockdown” button from the power menu on GrapheneOS disables fingerprint and appears to be BFU, but isn’t fully in BFU state and should still be considered AFU just in case)
• FFS (Full Filesystem extraction, essentially dumping literally every single possible file, app data, etc)
• BF (Brute Force, basically just spamming the PIN/Password to try and crack it. GrapheneOS is essentially never vulnerable to this due to the Pixel’s secure element, and it’s the same for newer Pixels with stock Android too, though those tend to still be vulnerable to FFS)
• “Up to late 2022 SPL” (“Secondary Program Loader” version, which most GrapheneOS phones will have updated by now as long as they’re running a GrapheneOS version released after 2022. As you can probably tell, 2022 is referencing the (late part of the) year that version was from. It’s essentially what helps to load programs on the device)

I forget which country it was, but Graphene was specifically listed as being used by criminals/drug dealers.

You might be referring to Catalonia, Spain?

In their case, it was more about Pixel phones in general being used by criminals, and GrapheneOS being their OS of choice which made cracking them harder, rather than GrapheneOS itself being considered criminal or suspicious, but I get where you’re coming from.

You could also be referring to the UK, but that was regarding a journalist with GrapheneOS, but the charge was refusing to unlock his phones. And yes, I said phones, because he was also carrying an iPhone, and they wanted that password too. So in this case the charge wasn’t GrapheneOS-specific.

There’s also France, who was going after GrapheneOS because they wanted an encryption backdoor, but GrapheneOS just said no, so they told police to consider any Pixel with GrapheneOS “suspicious”, but not to consider it a crime in itself. (nor did they have the legal authority to do so) GrapheneOS actually migrated all their server infrastructure out of France as a result of this.

The point is that now, using Graphene, counts against you for the purposes of pressing charges or taking you to a black site.

Generally speaking, even in those areas, this (fortunately) just isn’t true. You are more likely to be considered suspicious in Catalonia if you have… a Pixel, GrapheneOS or not. You’re likely to be criminally charged in the UK… if you don’t give up your password, GrapheneOS or not. And you’re likely to be considered “suspicious” in France… but can’t be charged with anything for it, and the only way they’ll know if you have GrapheneOS installed is if you were already arrested for something else and had your phone seized.

Practically speaking, it’s better to support an OS that protects your data, but could increase the risk of you getting in trouble for protecting your data, than an OS that doesn’t protect your data, and gives it all to the authorities, making whether or not you’re considered criminal pointless. After all, you could voluntarily unlock your GrapheneOS phone in any of these jurisdictions and stop facing any of these possible consequences, and it would carry the same implication as a non-GrapheneOS phone that does it whether you provide your PIN/password or not.

So this:

That is an extra charge.

Just isn’t (at least currently) the case, since no regions currently doing anything against GrapheneOS have made the act of having GrapheneOS installed in itself a crime.

Not to say this couldn’t change, and you’re totally valid in assuming that governments will try to push this, but at least currently, using GrapheneOS will not in itself increase the chance of you going to a black site.

Don’t forget Kagi! (though it isn’t technically comparable to the others since it’s a paid, but without ads one)

Why are they spending money on infrastructure and support but getting no revenue in return?

I already addressed this in my comment. If you want me to expand on how they most definitely can make money from something like this, Mozilla:

• Gets revenue from their paid VPN service that already exists, and it would be a way to convert users to a revenue source, since the thing being taken away after the data cap is itself a VPN
• Gets donations, which more users with a good opinion of the browser will bring
• Has sponsored integrations, which pay money on a per-click basis, (e.g. AccuWeather integration where Mozilla gets paid if you click through to their website, pinned sites like Amazon that appear on the new tab page for new users) and ones that are influenced by overall number of Firefox users (e.g. Google’s deal to be the default search engine when you first install Firefox)

If this feature brings in new users, they can get revenue from any of these 3 sources, especially the sponsored listings. If this feature is just a benefit for existing users that might have already changed all their defaults and disabled sponsored content, it increases the chance of VPN conversions and donations, and increases the likelihood someone will recommend Firefox to a friend.

Either they are okay with losing even more money, OR they plan to enshittify.

Or they’re trying to get and retain users, which helps them make money from existing revenue options without having to make anything worse, while also providing a beneficial feature. I’m not saying there’s no chance they’ll enshittify, but I don’t think unconditional pessimism is the right move here.

For this and many many other reasons, it’s time to switch to a privacy fork like LibreWolf or WaterFox

I can’t speak to Waterfox myself, but I would agree with saying LibreWolf is a good idea if you care.

I just personally haven’t bothered switching since Firefox currently works fine for me, and anything they’ve done I dislike is fairly easy to just disable in settings and never see again.