> I work in billing software for a publicly traded software company and this is a constant temptation. I'm never gonna do it because I'm not gonna blow up my career for a relative pittance, but I can't tell you how many times I've been annoyed that I couldn't act on private information and make ~$100k or so.
> These guys are like the kids who saw the Tide Pod challenges and decided to actually eat the pods. I bet insider trading is not as fun when you're unemployed and bankrupt.
This is very misleading particularly for those not familiar US laws. If you want to say publicly disclosed campaign contributions with no quid pro quo is bribery than say so but that's not most people's definition of bribery. Democracy requires campaigns and campaigns require money.
> If you want to say publicly disclosed campaign contributions with no quid pro quo is bribery than say so but that's not most people's definition of bribery.
No. It is the "I will vote for this law if you contribute this much". In my country (New Zealand) that would get you jail time. Because it is bribery
Highly skeptical of this take. Lots of allegations claiming various payments are really bribes When all is said and done there will be few true bribes found and those will likely be by rogue relatively lower level or little supervised employees Suspect this is a disgruntled employee with a good lawyer who dreamed up a way to squeeze Microsoft. Who doesn't hate or want to hate Microsoft ? Big companies are well aware of the massive liability and associated legal costs under US federal law for bribery (domestic and foreign) and no way are they going to conspire systemically to destroy themselves. There have already been well documented and publicized federal bribery cases against companies such as Walmart. No legal department is going to tolerate bribery
Are there best practice process diagrams to support the correct usage of these with b2c services?
how should the initial verifiacation happen?
what happens when i loose/corrupt/break the device?
should this represent me as a human or the keys to an account? - should a human hold the permissions ultimately (if so how to i override a key?)
I always wonder, are there banks using U2F/Fido(2)/Webauthn or whatever it’s called now? I’m reasonably certain not in Germany, but is there one in another country?
What about downloaded back up codes ? Phone push approval? U2f key? Authenticator app? Can't imagine complaining about being shut out if you didn't have at least one or all of these set up. Google even nags you about setting these up.
It might be 2FA's very purpose, but I've found that a 2FA-less account is a lot more distrusting of logins. Some of my relatives don't have 2FA set up and they got more "verify it's really you" prompts compared to my personal MFA'd account.
