And now I understand why that weirdo was so hellbent on the corporations of the world supporting this

Not sure if google is particularly different but the way this works for the other services is basically low energy bluetooth scanning coupled with the phones providing their location*. So basically all the devices on that scanning/spy network periodically ping/listen for nearby devices/trackers. When it finds one, it sends a quick message to the servers with that phone’s location and the ID of the tracker. Get enough of those pings and you can triangulate the position of the tracker pretty precisely.

Which… is why this fundamentally does not work with “hacker” solutions that allegedly emphasize privacy. Because you just don’t have enough devices listening. This was painfully obvious with tile back in the day and is still an issue with Samsung in some countries.

*: Via a combination of gps, cell tower, and wifi network scanning. The less obvious part of that being wifi networks which is the majority of how interior positioning works.

I mean… bluetooth is literally broadcasting your position (sort of/it depends on the implementation). It is not at all a stretch that you should turn that off if you care about privacy. Same with not scanning for what wifi networks are available or even pinging GPS satellites (because that leaves a log). Hell… cell tower logs are a treat for cops/TLAs for a reason.

Aside from that? Good for you. If you actually follow through on that I can respect it. My point is more that this particular solution seems like the worst of all worlds.

Either you are demolishing your battery with regular phone homes to a server you hopefully control or you are relying on a push via SMS and the hope that you lose your phone somewhere you havea reception. And you still only have YOUR phone and YOUR network to track it which has significant drawbacks if you travel.

If people truly change their lives and focus on it, you can do a lot. But it does not take much, at all, to become compromised to one degree or another and people vastly underestimate the amount of redundancy. Or even the impact of a sibling or partner or even friend.

Instead, the common case is people will tweak one small aspect and think that does anything other than inconvenience them. Or, worse, they’ll watch a youtube and decide to put EVERYTHING through their vpn which… defeats the purpose because they are still one easily collated set of profiles/cookies that can trivially reveal that “Fred Smith in Afghanistan” is really “Fred Smith in North Carolina”

Which is why my approach is that there is data I very much want to protect and data I know I can’t. So I focus on understanding the former while doing what I can with the latter.

And something like this? There are probably specific niche use cases for this. But it is a product/service that fundamentally requires aggregated data. And, depending on the implementation, it is going to fuck with your battery hard.

I guess. But it is really going to depend on where you live and just how frequently it does dial home.

My personal use for these networks is luggage tags. But a friend lost her phone on a hike a few years back and the find my phone stuff was more or less useless due to poor reception and ever dwindling battery.

The real benefit is the low energy bluetooth magic and OTHER devices to do the phoning home. Because maybe I have shit reception but someone hiking a hundred feet away has good reception and updates the ping.

Took a bit to figure out what it was even claiming to do

When enabled your phone constantly sends e2e encrypted your location to the server where you can than access it from a webbrowser.

God no. Just take a hatchet to my battery and be done with it.

Also: Until a month or two ago, sure. But google finally got their shit together-ish and set up a tracking network the same as apple and samsung. And that is what you are sacrificing your privacy for. Yes, you give Big Tech tracking information… that they already have. In exchange you can actually have peace of mind of knowing your luggage is in the same airport or even where you parked. And you can’t really self-host a crowd-sourced network.

Really depends on your current tool so RTFM on that.

But when you are activating it in your account? There is a QR code you are supposed to scan. And there is almost always a button like “Having trouble?” or “Show TOTP Key” or whatever. Click that and you get a long alphanumeric string instead. Paste that into the TOTP field for Bitwarden (or Keepass or whatever) and it will generate codes for you.

Once or twice I have had to actually use my phone camera to decode the QR code so that I can manually type in the TOTP code/seed, but I think the last time I did that was in like 2020?

There is.

2FA. No, not the fucking “we’ll send you an SMS” bullshit that is increasingly used to just highlight an active phone number for spam purposes. Proper TOTP with the code backed up to a proper service (bare minimum, Bitwarden)

Someone can steal your password and even your email account (unless you TOTP that too…). They still can’t get into your account unless you are an idiot who gets tricked into providing the 2FA key.

In a perfect world? Have your TOTP credentials in one encrypted database/Bitwarden account and your passwords in another. In reality? Just use a trusted service. I used to be a big fan of Keepass but protecting that with a yubikey (or similar) is a huge mess.

The recent push for passkeys (?) is a nice-ish middle ground. People don’t need to understand how to paste a TOTP code into Bitwarden but they still need to approve a login. That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.

I mean… It would be nice if they put a nicer message there. But I mostly agree with that.

Look up how people social engineer their way into apple accounts and so forth. The more you put the burden on a (perpetually) underpaid CSR the easier it is to steal an account, Spin a sob story and then harass the CSR until they just reset your password so you will go away. Except there is no guarantee that is YOUR password and now we have yet another stolen account.

The list of all the horrifically shitty things LMG has done over the past few years will fill up a thread on its own and I strongly encourage you to educate yourself before even thinking of defending them for… anything.

But some highlights:

1. Over the span of a week or two went from “Companies aren’t your friend. I am not your friend” to “Written warranties are worthless and can only hurt you so you shouldn’t want them. Also, if there were a written warranty and I were to die then my wife (who just so happens to be the CFO and second biggest shareholder in the company…) would suffer from harassment. So written warranties are bad and just trust me bro”. This was bad enough that his decades long crony (Luke) even openly criticized him
2. Stole a GPU from a small company, shit on their prototype for weeks on end even after knowingly using it with the wrong card, and then sold the prototype cooler to a random third party. Proceeded to make claims (that the timeline doesn’t even work for) that they resolved this before anyone caught them and their main argument is they accidentally removed said company from those emails where they were “solving” it.
3. Have increasingly openly acknowledged they will do big pieces on products they hate if the money is right. I think the most recent shitfests are a pool cleaning robot that barely functions and now sponsorshipps from one of the shittier VPN companies because the money is really really good.
4. Responded to an “internal investigation” of sexual harassment and assault claims (where at least one perpetrator is literally recorded sexually harassing the entire company… during the all hands about sexual harassment… literally the day after his direct report left the company because of being sexually harassed) by talking about how they will sue any future whistle blowers or accusers for defamation.
5. Went full “but the white man is the real victim” after even d-brand acknowledged a fuck up where they “roasted” an Indian guy because they thought his name was funny
6. Basically turn every single accusation into “They are personally attacking Linus Sebastien because they are jealous of his success and genius” level cancel culture nonsense

They are rapidly circling the drain and I for one am waiting for the “Well, these aren’t tech so we don’t have a conflict of interest and you should buy some joe rogan branded supplements” within the next few months. Likely because more and more actual tech companies don’t even want to deal with them for the PR boost.

I mean… plenty of youtubers and channels are doing exactly that. Ian McCollum (Forgotten Weapons) and the “educational” gun youtubers have History of Weapons and War. A bunch of creators did Nebula. Corridor Digital have their channel. That comedy channel that came from college humor have their own site? Same with those two channels that pissed everyone off in the past few weeks? And Linus Media Group have been trying to add “we run a shitty version of youtube” to their grift for years now. And Rooster Teeth and Giant Bomb had their own video site for basically the entirety of their runs.

Let alone stuff like Utreon and the other one. And then there are the various successors to liveleak that are basically about spamming yu with an insane amount of spyware and ads in exchange for letting you upload faces of death.

And while I think it is a fundamentally flawed idea that mostly just does the legwork for those sites to run the software: Peertube is a thing and there are plenty of instances that exist.

So I am REALLY curious what evil organization you think is waiting to kill anything that is not made by Youtube. If you comply with DMCA requests and don’t host CSAM then it is just a function of whether you can afford it.

Which… is the real issue. There is just a ridiculous volume of storage and bandwidth required for even a “small” youtube. Which is why almost all of the successful “alternatives” only really host a very small subset of videos.

So… to punish them for “harvesting” your data you are going to… continue to give them your data.

“Time theft” is very questionable and more a topic for society as a whole but…

Okay? Then don’t watch youtube. Rather than allow them to engage in “time theft” but calling yourself smart because you don’t watch ads.

Also: As has been pointed out repeatedly in this thread, the scale of Youtube (and Twitch) is massive and truly hard to comprehend. The only companies that even have a snowball’s chance of running that are Google, Amazon, and MS because they ALSO have giant “cloud” services. And… it is pretty clear none of them really know how to run a site like that (hence why MS just gave up entirely).

In this case, they are a monopoly because they are the only company that even wants to try and make something as massive as youtube work.

But, regardless: It is fine to not “feel bad” about running an adblocker. Just don’t “feel bad” when youtube runs a you-blocker as a result.

Sort of.

The issue isn’t userbase size. Plenty of creators have tried to have their own private hosting over the years. The fact that the “successful” ones are Rooster Teeth (dead), Giant Bomb (basically dead), and Linus Media Group (unfortunately not dead, but shifting ever more toward right wing grifting) says a lot.

The issue, as those channels learned, is discoverability. If your entire fanbase go to giantbomb.com to watch videos then you aren’t getting surfaced in the youtube/whatever algorithm. So as your userbase leaves (get pissed off, get older, die, etc) you don’t have a good way to replace them and you more or less wither and die. You could see this on the forums (and the threads on sites that still have forums) where you almost never saw a new fan show up and it increasingly became all about the more vocal members of “the community” as even the fans started to nope out of chat (because nobody gives a shit about the guy whose gimmick is that he kept saying he was a duck…) and forums (because we don’t care about the guy who can’t stop talking about how “kino” Snyder films are).

And that is why stuff like Nebula, Gun Jesus’s latest side hustle, Corridor Digital’s site, etc are very much dependent on relying on Youtube for the “advertising”. It says a lot that most of us only even check Nebula when we see a new Legal Eagle or Nile Red video on youtube and want to watch the ad-free version.

And the fact that Microsoft noped out says it all.

Basically, the only orgs that have a snowball’s chance of hosting a twitch/youtube are Amazon, Google, and Microsoft on account of them also being three of the largest “cloud” providers and having the resources at cost. Amazon/Twitch are scrambling to find a way to deal with the increasing shift to sponsored streams, Google/Youtube are cracking down on adblockers, and Microsoft just gave up.

People refuse to even let an ad play but sure, they’ll participate in the pledge drives

Mentioned it before but:

LLMs program at the level of a junior engineer or an intern. You already need code review and more senior engineers to fix that shit for them.

What they do is migrate that. Now that junior engineer has an intern they are trying to work with. Or… companies realize they don’t benefit from training up those newbie (or stupid) engineers when they are likely to leave in a year or two anyway.

Not sure if they had a third party manage it for them (there has been a LONG history of super vague “secret” dealings) but it was for their kickstarter rewards through backerkit or whatever. So the same survey you get asking how many extra books you want to buy or whatever.

King under the Mountain always rubbed me wrong. They hit right at the tail end of “wow. kickstarter is awesome” and right before people realized how many DF-like colony sims there actually were. And then their kickstarter survey, for a key with no add-ons, required an insane amount of personal information. I think they claimed it was for VAT but saw a few “ask a lawyer” threads that pointed out that was nonsense and could have been done with a checkbox.

And the super duper secret publisher right around the time interest was spiking because of DF-GUI was more than a bit sketchy

I dunno. I know that it is hell out there for indie devs (not so much in 2021/2022 but…) but all that combined with the game never feeling like more than a “unity school project” REALLY raises a massive number of red flags. Probably just a single kid in over their head and trying to act like a “real” studio but… yeah.

Still, good to see it was released as open source and here is hoping the fanbase that glommed onto this can carry it forward.