Others studies by one of the authors (Sapan Desai) whose company Surgisphere is supposed to be behind the alleged fraud are being scrutinised and even his credentials are under question now - https://www.theguardian.com/world/2020/jun/10/surgisphere-sa...
I really wish the PDF layout was easier to parse. No matter which library you use, you always run into edge cases which make text selection and extraction an issue on certain files. I was recently extracting financial data from a bank which provides only PDFs and every time they changed the format just a little bit I had to change large parts of my code to extract the transactions I wanted.
I agree to this, it's the same with insurance companies too when resolving claims. Feels like they certainly want to make the extraction look complicated for an unknown reason. Not often and not all companies but edge cases
So NextDNS is free to sell metadata. What is the extent of this metadata - is it like ‘this user spends 10 hours a day actively using the internet’, or ‘this user consumes a lot of streaming video content’, or this user ‘watches netflix every friday evening’, or ‘this user uses duckduckgo instead of google’? Can these examples be considered metadata?
They do not need to sell metadata. They can sell services. Neither Google nor Facebook need to sell data. They sell services.
Those companies are not obligated to disclose what metadata they might have. Neither is NextDNS.
If the Privacy Policy stated that NextDNS will not create, collect or acquire metadata about its users, then we would have less reason to be concerned.
However the NextDNS Privacy Policy is all of nine sentences. It is not very restrictive.
The opt-out form [0] asks only for the name, phone number, DOB, address, email, etc. How do they ensure that someone else did not opt-out or opt-in on someone else’s behalf without their permission? And how are they deduplicating people with the same name and DOB? By a fuzzy match against their address? How do these things usually work in UK?
It's just a guess for this exact case, but UK government do have some access to credit history and this usually mean name plus dob plus address. And it's can use electoral roll databases for actual citizens.
The author mentions that this bug saved him 1000s of hours in development. How is a sandbox escape useful in development? Can someone give me an example?
If you're looking for 0day kernel exploits that might be popped from say MobileSafari, having an unrestricted, unsandboxed non-root shell is a much better starting point compared to a regular sandboxed app launched from xcode. Or even just for inspecting the filesystem outside a regular app's restricted container.
I think this is the right way - store data but publish it publically when you are confirmed with coronavirus. Then apps installed on others phones would automatically see your data and would do an intersect to see if they were in proximity, and notify you accordingly. This way only the data of those impacted by coronavirus becomes public. And although it’s public technically, as the app has access to it behind the scenes, but legally you won’t be allowed to reverse engineer the response data and publish it online on a map,etc. so that adds some privacy from the general public’s eyes.
What if every coronavirus victim voluntarily uploads their location data publically (their identity kept anonymous). Now you can, without uploading your own data anywhere, check if you have ever been in vicinity of any of them. If you have been, you can get tested and then upload your own data if that comes out positive. This way not eveyone has to share their data, only a few who have been infected.
Exactly, push right instead of pull. But it would require the systems to be designed in such a way that the user has ownership of the data they produce. GDPR should have solved that. Google location services have a complete history but it is not something I can download and share with a 3rd party which would in theory simply scan for possible encounters with infected people. We need to design systems that are interoperable, if a system is collecting data I produce, I should be able to retrieve that data at the click of a button, and share them to another service if I wish so.
https://www.theguardian.com/world/2020/jun/03/covid-19-surgi...
Others studies by one of the authors (Sapan Desai) whose company Surgisphere is supposed to be behind the alleged fraud are being scrutinised and even his credentials are under question now - https://www.theguardian.com/world/2020/jun/10/surgisphere-sa...