RGR / GBG / RGR would be the final level if the game progressed beyond 10, it requires 18 clicks to solve. All other states can be solved in fewer than 18 clicks.
I contacted LG last month regarding their use of the Facebook SDK's automatic event collection in their ThinQ Android app. They responded and told me that they're disabling it in an upcoming release (incidentally, today's). If a single email is all it took to get a company with over $50 billion in revenue to disable Facebook's tracking in one of their apps, I really don't think that these companies are sharing data intentionally.
What justification does Facebook have for keeping automatic event collection turned on by default in their SDKs? Why can't they enable it only when the the user has explicitly opted in (https://developers.facebook.com/docs/app-events/gdpr-complia...)? They even say, "you need to ensure that your SDK implementation meets these [GDPR] consent requirements."
> I don't think these companies are sharing data with Facebook intentionally.
That would imply they are incompetent and negligent.
Would one not expect large companies like LG to have internal security and privacy reviews of the software they publish, and know very well what they are doing?
> That would imply they are incompetent and negligent.
Not really.
Product Manager: I want to be able to support Facebook login for our app.
Developer: OK... [googles for how to do that] ... We can use the FB SDK for that.
PM: Cool, let's do that.
Dev: [implements it]
Nobody really does much more due diligence than that most of the time. I suppose you could argue that's negligent, but if that's the case, then pretty much every company that has an app with login functionality is probably in that boat.
> I suppose you could argue that's negligent, but if that's the case, then pretty much every company that has an app with login functionality is probably in that boat.
I think every company that does this is negligent. Audit your dependencies, people!
I think for small teams this is a near impossible task. For big corporations it should be doable and expected. They actually have some leverage to push the other big companies to track less. Something a small company simply can't do.
> This is the Facebook SDK, from Facebook, and everybody knows what their business is.
Ignorance is a bliss. Talk to some people that still use fb after their scandal and you'll get "who cares, everyone is tracking users and selling data anyway" as an answer.
Exactly. A simple online search for the phrase "Facebook SDK" will reveal plenty. It's not like you need forensic accounting level research to see that the SDK does much more than provide a simple login mechanism.
> That would imply they are incompetent and negligent.
> Would one not expect large companies like LG to have internal security and privacy
can't tell if this is sarcasm because this is exactly what they are. an OEM is just packaging stuff and always bigger than it's parts (in this case meaning the knowhow of their otherwise bright and knowledgeable engineers is lost in the organization as a whole). the biggest companies are always the dumbest places where no matter how bright you may be the management layers above make sure that this gets cancelled out (I've worked at Samsung, Nokia and Ericsson and it was the case in all these places). Doubt LG would be any different.
Given Google's hostility towards the glacier-slow release schedules of Android updates and the continued embedding of vendor apps that screw up Android by phone vendors such as LG, I'm already quite biased in favor of "companies like LG are incompetent and negligent", based on the evidence available over the past several years.
You might not even need a rooted phone. For at least one of these apps, you can extract the secrets from an ADB backup, which does not need root (it only needs the developer mode).
I gave up tracking the delay a while ago but I think the macOS and iOS packages were lagging by six months at one point. Heck, even now the last commit with actual code [1] is over two months old yet the macOS app updated two days ago for me.
Uncommented code is dumped into the GitHub repo every couple of months after enough people complain. That's not what I would call open source.
Google disabled backups for their Authenticator app so I don't think they will ever let you export the secrets.
I wrote an application to automate OTP secret extraction for just about every app out there after trying to migrate a few dozen tokens from Google Authenticator to AndOTP. You might find it useful: https://github.com/puddly/android-otp-extractor
I really hoped Google would have allowed some way to locally make full Android backups by now but I guess that's not compatible with their business model.
I've been running a VPN (currently WireGuard, previously StrongSwan) on a VPS through https://www.vultr.com/ for a little over a year now and have had no issues with the App Store. Signed-out Google Search, however, is a different story...
Do you know any good guides on configuring server to act as a vpn/proxy (routing mostly)? Regular wireguard articles don't cover this use-case at all, assuming reader know everything beforehand
For what it's worth, the RELATED, ESTABLISHED rule in FORWARD is a bad thing to forget; I was getting all sorts of interesting ICMP timeout errors because I didn't have it.
New connections from clients were allowed, but I didn't have a rule to allow related and established, which made some things work, but mostly not.
