These are three distinct topics, but in my opinion they all deserve attention, and once you consider all the facts, you might conclude that so many people are barking at the wrong tree.

1·The Cyberhavoc

I don’t know how to put it, but you’re terribly unaware of how much we are vulnerable to cyberattacks. You all, bar some security experts.

No, this is not just about what you know as malware (and used to call viruses and trojans a couple of decades ago).

No, this isn’t about the more recent fad—ransomware.

This is about the fact that the complexity of nowadays’ software made it ridden not just with bugs, but with security vulnerabilities that are atrociously numerous, being present virtually in every single piece of software that has any way to be accessed from a network.

I suggest you to spend a couple of days perusing the archives of security newsletters such as the short selection below; you’ll be frightened to death if you really spend the time to do it!

No, seriously: spend some serious time reading at least the newsletters for the last 3 months by the first two sources above. Unless you’re a security expert, you’ll most likely find out you don’t know how fucked-up we are in this “all-IT” and “all-Cloud” society we’re so stupidly created!

I’d also suggest you top follow some IT security guys on Twitter; there are probably thousands who know what they’re talking about, but I only could make a very short list. You wouldn’t have enough time and motivation to read even those selected by me—that’s because the security vulnerabilities are overwhelmingly overabundant!

If the list seems random, that’s because there are so many of such people out there (especially white hat hackers, reverse engineering gurus, etc.)! I just retrieved some of those whose recent tweets were deemed relevant by me; I might follow many more on Twitter, but I just can’t be bothered to look into the list of people I’m following.

Almost one year ago, I wrote about The Ongoing Cyberwar Nobody Talks About. Things didn’t change a bit or, if they did, it was for the worse. Most companies are hushing up their security incidents when they can. Nothing happened if nobody knows that it happened, right?

As for the IT companies tens or thousands of millions have accounts with, things are eventually disclosed. But there isn’t much you can do about it.

This is the result of our society relying on everything to be connected to the Internet, on everything being in the fucking Cloud.

This is the result of blindly trusting the “digital transformation” (that’s an EU policy) and the “Artificial Intelligence” to fix our bureaucracy and stupidity. 30 years ago, we’ve been told that the “digital age” means less printed paper, yet it seems to me that the opposite is true: the digital version of everything still needs to be printed out in most cases. You know, legal reasons and whatnot.

On the other hand, everything, from your CCTV camera to your “intelligent house” and passing through your supermarket’s cash registry, is connected to the Internet. You also need the Internet to connect to your bank, to make an appointment with a public service (COVID-19 oblige), to do everything. Your “intelligent assistant” and your smart TV (which isn’t a TV anymore, but a computer) can’t live without Internet. Terrestrial analog TV has been phased out (it’s called “digital television transition”) in most “civilized” countries; similarly, AM radio broadcasting has ceased (in some countries FM radio too, being replaced by DAB+). The idea is to replace everything with digital streaming, which is stupid both in terms of energy consumption and of security.

The fucking stupid politicians who decided what I described above have a match in the very competent IT people (competent but lacking common sense, which makes them retards by my definition) who always want something “better” and “more advanced” for everything that worked just fine! You see, a pencil, a brick, a screw, a roof tile, millions of things are still looking exactly as they looked 50 years ago; but a software cannot stay unchanged for more than 1-2 years, or people would get “bored”—not the regular people, but the idiots who want to sell the software or the products that include that software! Unfortunately, the open-source developers aren’t any better: they forgot the old “KISS principle” (“keep it simple, stupid”) or “if it ain’t broke, don’t fix it!”

But greed was even more powerful than boredom. They wanted to make “better” software not by optimizing it, but by developing it quicker, and by making it have “a better, more scalable architecture.” That’s why nowadays you can’t run a graphical multi-user OS on a system with i486 at 25 MHz (Pentium recommended) and 12 MB of RAM (16 MB recommended) as it was with Windows NT 4.0 Workstation, but on systems with at least a dual-core 8th generation 64-bit CPU at 1 GHz or more, and 4 GB of RAM, and let’s not mention other requirements (disk space, TPM, etc.).

Incidentally, this also meant they invented the speculative execution and branch prediction, a veritable Pandora’s box that made possible “hardware” vulnerabilities such as Meltdown and Spectre, and, more recently, Redbleed. All Spectre patches that actually work reduce the performance by 12-28% by some accounts, or in the case of the Linux kernel, by up to 39% for Intel CPUs and 14% for AMD processors. Now, guess what? Patches for Redbleed slow down the Linux 5.19 kernel by up to 70%, according to VMware’s Manikandan Jagatheesan who reported on running kernel 5.19 VMs on ESXi.

That’s the price for the greed we had to obtain more in terms of performance, no matter we can’t audit the algorithms and ascertain that they really work well. The same with ALL the millions of pieces of software used on billions of computers worldwide: every week, dozens of important security vulnerabilities are disclosed—and usually patched, but more and more often after having disclosed personal data of millions of customers!

Color me a Luddite (which I am!), but I’d have been happy if the “progress” had stopped in 1996: I was pretty happy with the operating systems of the time, and also with Linux 1.2.13 and 1.3.18. Today, I’m afraid we simply cannot control the complexity of our software. The world is a mad machine running towards its destruction!

2·Those VPN myths

How can people understand the dire situation of the cybersecurity we have in 2022, and what’s at stake (EVERYTHING! Our entire civilization, because we made it ENTIRELY dependent on the bloody Cloud!), if they can’t even understand what a VPN can do and what it cannot do!

I wrote before about what I consider to be the legitimate uses of a VPN, and most of them aren’t what most people think they should be. There are also countless articles on what a VPN cannot do, and why nowadays you don’t really need to use a VPN when connecting to a public access point, but they are fewer than the VPN-promoting articles. (Yes, I do use a VPN, but for different reasons.)

Let’s add some more tidbits from the huge ocean called Twitter:

You are using an ISP: they know a lot about what you’re doing (yes, with a VPN you can nonetheless minimize that).

You do have a Google, Microsoft, Apple, Facebook, Twitter, Instagram, TikTok, Amazon account: you have zero privacy.

Your phone is using whatever apps it’s using: most of them are leaking a lot about you.

You can’t be “safe” and have “privacy”—unless you’re living under a rock. (Or not living anymore, 6 ft under.)

3·The GDPR is a creator of Bullshit Jobs and does more harm than good

The General Data Protection Regulation (GDPR) is one of the most cretinoid inventions of the EU! Absolutely nobody asked for such an inept legalese, yet it has been adopted, and implemented, and it has created tens of thousands of “GDPR experts,” “compliance officers,” and (obviously) GDPR-specialized attorneys.

This is the culmination of Europe’s fight with the windmills, which included, among others:

  • The mandate of pestering the users with the cookies acceptance dialog boxes.
  • The right of having your data removed from the databases of an authorized personal data processing entity (e.g. your electricity provider, your bank, etc.) upon demanding it in writing (the utmost absurdity ever).
  • The concept of the “right to be forgotten” by the Web search engines.
  • The non-storage of the personal data unless really necessary, and the interdiction to transfer such personal data unless in special situations (already present in 2002/58/EC, previously in 97/66/EC and in 95/46/EC, repealed by the GDPR).

Not related to the privacy, but to “choice”:

  • Imposing fines to Microsoft for shipping Windows 7 and newer with Windows Media Player, leading to the creation for Europe of the “N” editions (and for South Korea of the “KN” editions) that lack Windows Media Player and Windows Media Center (Win7), or Windows Media Player, Groove Music, Movies & TV, Voice Recorder, and Skype (Win10).
  • Imposing fines to Microsoft for not forcing the users to choose a default web browser different from IE.
  • Imposing fines to Google for shipping Android with Google as the default and preinstalled search engine.
  • Imposing fines to Google for being basically an advertising company.

I’m puzzled by EU’s choice: why didn’t they fine Microsoft for shipping with Notepad.exe, WordPad.exe, MSPaint.exe and Calc.exe? This surely “distorts the market” and “cripples the competition”! Also, how about the built-in antivirus? How can the other security companies live with the fact that Windows does include a (pretty decent now) security solution?

But let’s go back to the GDPR and the previous forms of privacy-related EU regulations.

■ The “right to be forgotten” is an EU concept since the Directive 95/46/EC, now included in the GDPR. Even before the GDPR, Google has removed 1.4M URLs prior to May 2014—but only if you were trying to access them from the EU. Obviously, Google does not have to remove links to sensitive personal data globally, the European Union’s ECJ decided in the cases C-507/17 Google and C-136/17 G.C. e.a. Courts or data regulators in the UK, France or Germany should not be able to determine the search results that internet users in America, India or Argentina get to see.

Maybe someone should refer the ECJ to this explanation from 2014 on why “the right to be forgotten” can’t possibly work. Not to mention the VPNs & stuff. Judges seem to be the most retarded creatures on Earth.

From 2019: It’s time to forget the right to be forgotten:

Furthermore, where does the right to be forgotten fit into a world that increasingly functions through blockchain, which is designed precisely to record everything permanently? How will the right to be forgotten work when someone asks for a transaction to be eliminated that technically cannot be eliminated? Will a judge ask someone to rebuild the blockchain with his or her bare hands and try to eliminate something that cannot be eliminated?

I said it at the time, and I say it again: there is no “right to be forgotten”: from a physiological or neurological point of view, no one can be forced to forget. Laws fail when they cannot be enforced. Privacy is a very important right that must be enshrined and protected, but there are limits. If you did something, you did it. If something happened, it can’t be unhappened. If something was published, it cannot be unpublished.

The right to be forgotten is a monument to human stupidity created by incompetent people who never understood how the internet works, and which is now the right to have a search engine erase a result you don’t like, but only for Europeans who don’t have a VPN. What the ECJ must now do is not limit the right to be forgotten, but instead to recognize that what they ruled on May 13, 2014 was wrong, and completely overturn that absurd decision. Trying to create a Ministry of Truth that decides what can be published and what not is a legal aberration.

Anyway, now you know: the ECJ has provided a get out on its previous ruling: when you want to find something out about a person, just launch your VPN, point it to a node outside Europe, and avoid censorship. Let’s be clear: the “right to be forgotten” does not exist, it never existed, and yesterday’s ruling makes that even clearer than it already was. The ECJ may be the court of final appeal, but it got this one seriously wrong. It’s time to forget the right to be forgotten.

This is the meta-version of the “criminal record” certificates, in which the crimes “expire” something like 5 years after one gets out of jail. OK, you might have a paper that says “this person is not a criminal,” yet by consulting the publicly accessible archives of the courts, it’s easy to find the sentence that has put you in jail! Also, there are newspapers, in physical form, and they cannot be censored the way a Web search can!

Censorship. It’s all censorship that protects the corrupt and the snowflakes.

■ The GDPR, per se, does more harm than good to people trying to read newspaper or websites from e.g. the US, Canada, Australia. This is what I get when visiting some non-European websites:

I’m not sure why they even considered observing the GDPR, as long as they’re not an EU entity and don’t have any EU branch (so they simply cannot be fined), but they have obviously considered not worth paying a “GDPR compliance officer” as long as their main public was not in EU.

Oh, there’s actually the website GDPR Shield | EU data privacy compliance made easy:

Obviously, the best way to make something compliant to an absurd regulation is to make that thing unavailable in the respective jurisdiction. Thank you, GDPR!

From a Twitter thread from May 2018, by the well-known security expert Mikko Hyppönen:

Well, many US newspapers are still unavailable if you have an EU IP (one of the reasons a VPN is useful).

Note that the penalties under the GDPR are not a joke: up to €20M or 4% of your company’s annual worldwide revenue, whichever is higher. So far, Amazon was hit with a €746M GDPR fine, but they won the appeal; and WhatsApp got a €225M GDPR fine, and is appealing.

■ The GDPR harms even the EU small projects, such as the various independent forums, including those related to open-source software.

Take an example: Forum:

Rough translation:

The forum has finally closed. We have been active 2011-2018. We had multiple forums, topics = 1,227, posts = 21,820, users = 5,838.

Why have we closed:

1. The legal basis can no longer be implemented in the EU as a private forum operator. GDPR and Cookie Guidelines etc. One needs a lawyer, a data protection officer and is exposed to many external dangers. This is no longer fun.

2. Without an active forum that lives with users, there is no point in maintaining everything. Running a forum involves a lot of work and costs. Why do all this, when the EU annoys you more and more, and few users participate.

3. A team must work together and pull together. It is not enough to only fulfill wishes unilaterally.

It’s been an interesting time over the years. But there is always an end.

Thank you, GDPR!

But what could a forum “expose” as private data, in the case of a security breach due to not having GDPR-vetted procedures? Let’s say a user has: a username (not revealing anything, say it’s “ludditus”), a hashed password (not usable as is), an optional real name, an optional self-declared location, an e-mail. The only thing that cannot be “unleaked” is the e-mail (the password has changed).

Now, consider this:

  • No matter what the GDPR says, and no matter what the TOS and the EULA and whatever crap is shown to you when you register to a website, there is no way to be sure they don’t sell your data! As a matter of fact, I’m pretty sure every single one of them (banks, online shops, utility providers) is selling your data! This is the only explanation of the increasing level of spam. The GDPR is not enforceable, as it simply cannot be proven that your data has never been transferred, voluntarily, to a third party! Conversely, it can’t be proven that it has been sold. Furthermore, in 2021, the district court of Hamburg-Bergedorf clarified in a ruling that receiving an unsolicited e-mail doesn’t constitute a significant impairment, so you’re not entitled to compensation under the GDPR. Once again, the GDPR is useless shit—but incurring costs to anyone in the EU.
  • Therefore, your right to be removed from the databases of banks, online shops, utility providers, etc. are totally pointless, since your data has already been sold to third parties! Try to find those third parties…
  • Spam aside, why would anyone be so offended that their mail is publicly known? Decades ago, there were telephone directories (telephone books) in which everyone having a landline connection was listed with: name, address, telephone number. Somehow, the world was able to survive with this “data breach by design”!

■ Another example of contemporary idiocy: the right to image—regulated by law in most “civilized” countries. Knowing that anyone can take photos of you or can film you with their smartphone (Google Glass?), this can be understood to a point. Also, the protection of the kids kicks in—mandating the blurring of children’s faces in publicly available or broadcast images or shows. But then:

  • How was the world able to cope with the “lack of the right to image” in the times of great photographers such as Robert Doisneau, Henri Cartier-Bresson, Brassaï, Paul Almásy, Willy Ronis, etc.? Back then, you didn’t need to ask permission to take a photo in a public place, even if it included persons, not just monuments! (Until 2016, it was illegal to take photos of the Louvre ugly Chinese Pyramid; now there is a partial Panoramafreiheit to that.) But even if, out of courtesy, you were asking people for permission, in almost all cases you would have received their approval. Oh, and there were kids in those photos too!
  • In what way could a picture of a child be “abused” by a maniac?! It’s just a picture! As I said, it has never been a problem before, as we weren’t (yet) as stupid as to blur everything! But even today, when a child’s face is hidden in the press and at the TV, there are plenty of unblurred pictures on Facebook (some retards are even having their profile avatar showing them alongside their kid or grandchild!), not to mention… the underage children acting in so many films! How is the “image” of the children not “abused” when they play in a movie? Even when the parents are giving their approval, who says that the child, upon reaching the adult age, will not regret having taken part in a film?
  • Finally, if the UK has millions of CCTV in public areas, it’s not the only country to so do. CCTV is extensively used in some French town. How come the EU is OK with filming everyone—in public places, that’s right, but by millions of CCTV cameras that keep the recordings up to 30 days!—but taking an innocent photo is a no-go? Try to take a photo in public in Germany! Should your photo include people, or even buildings, as seen from the street, chances are that someone caught in your shot, or the owner of the building will aggress you at least verbally! (There’s also a debate in Germany as to whether police officers can be filmed while on duty and abusing people. The police says you shouldn’t, claiming that your phone also records what they’re saying, which is “private”—but that only means that cops can be bastards even here in Germany, and the Bundestag doesn’t want to legislate on that.)

No logical answers can be given to the above questions. No, don’t bother. Today’s society is regulated by utter morons. “Let’s forbid everything” is their motto.

The more ridiculous implication is however this: blurring a car’s license plate. Since when is a car part of one’s “personal image”?! I tried to find a law, a single law, that specifically includes a car’s license plate as having the right to “dignity”—and I failed. Cars are required to bear license plates that unambiguously ties them to their owner, but not directly (the directory is not public), so I fail to see what’s private in a photo of a piece of machinery on a public road! And how come this was NEVER a problem before the age of the Internet and of the “data protection” / “privacy protection” / “image protection” / “dignity protection” / “retarded snowflakes protection” laws and regulations?

Here’s a proof of the mental retard of some German judges:

A look at Bavaria shows how absurd the application of the GDPR sometimes is. The local State Office for Data Protection (LDA) warned Heiner Fuhrmann from Munich because he had taken photos of illegal parkers on sidewalks and cycle paths and handed them over to the police.

LDA President Michael Will accuses him of violating the GDPR. Currently, however, the authority has to refrain from charging the fee because, among other things, the German Environmental Aid is suing against their actions.

Well, I’d rather trust a judge from Rwanda.

Oh, something from 2021. If you didn’t know, faxes were a legal requirement in Germany, for “privacy reasons”; e.g. your GP couldn’t send your blood test results by mail, but only by fax. But then… kaboom! In 2021, the Landesbeauftragte für Datenschutz (the data protection commissioner in Bremen) decided: fax machines do not transmit in compliance with the GDPR, so their use for sending personal data is not permitted.

And don’t start me on dashcams! They’re legal to use in some EU countries as long as you don’t upload people’s faces and license plates on the Internet (if I’m not wrong, such restrictions are not imposed in Italy and Spain), they’re not clearly regulated in some other countries, but it’s illegal to own one in Portugal (even in the original packaging in one’s car trunk!), and completely illegal to use one in Luxembourg, Belgium, Austria! Fucking retards.

■ The GDPR parasites. Let’s start with a GDPR-compliant joke:

— Do you know a good GDPR consultant?

— Yes.

— Can you give me his e-mail address?

— No.

As for the parasites, the other day I happened to run over a Twitter thread that at some point involved a second person. The two of them are:

  • Associate Professor in Technology Law. All about Digital Rights, Personal Data, Privacy, AI & Open Data.
  • Assistant professor in civil law and technology. PhD in Damage(s) and Data Protection.

Nice field(s). Making money out of a failed ideology! Oh, but the thread:

Very nice indeed, and professional, but treating of imaginary and non-enforceable rights, this is pure intellectual masturbation. Also, such people have Bullshit Jobs, yet they are ecstatically happy with them!

Don’t misunderstand me. 40 years ago, I was reading the Criminal Code and the Code of Criminal Procedure. A few years later, some civil jurisprudence regarding the succession. Having so many interests, I’ve read in all these years legal theory and practice relative to the legal and judicial systems of: “socialist” Romania, “democratic” Romania, France (3rd, 4th, and the various changes in the 5th Republic), Belgium, the UK (England, Scotland, Wales), the US (Federal Law, SCOTUS, California, NY, FL, TX, AZ, NV, GA, UT), and I’m struggling with the German law. I’m curious, you see. The problem is that I became increasingly annoyed with the ever-increasing (there is no other word for it) complexity of such legal systems, and their total lack of celerity and efficacy. I’m sick of this world that increased the number of the Bullshit Jobs first and foremost in the judiciary, but not by increasing the number of judges!

So, back to the GDPR case involving the Austrian Post (Österreichische Post AG, should have been referred to as “OP” instead of “AG”—but try to find common sense in law experts!), I don’t give a rat’s ass! (Still, as a small side reading, I’d suggest Liability Exclusions under German Law, which tangentially hints to the Austrian law, of which I literally know nothing.)

Still, should you be curious, a relevant excerpt:

II.    Facts, dispute and questions referred for a preliminary ruling

8.        From 2017 onwards, Österreichische Post AG, an undertaking which publishes address directories, collected information on the political party affinities of the Austrian population. With the assistance of an algorithm, it defined ‘target group addresses’ according to certain socio-demographic features.

9.        UI is a natural person in respect of whom Österreichische Post carried out an extrapolation, by means of statistical calculation, in order to determine his classification within the possible target groups for election advertising from various political parties. From that extrapolation it emerged that UI had a high affinity with one of those political parties. Those data were not transferred to third parties.

10.      UI, who had not consented to the processing of his personal data, was upset by the storage of his party affinity data and angered and offended by the affinity specifically attributed to him by Österreichische Post.

11.      UI has claimed compensation of EUR 1 000 in respect of non-material damage (inner discomfort). UI claims that the political affinity attributed to him is insulting and shameful, as well as extremely damaging to his reputation. In addition, Österreichische Post’s conduct caused him great upset and a loss of confidence, and also a feeling of public exposure.

12.      The first-instance court dismissed UI’s claim for compensation. (7)

13.      The appellate court confirmed the first-instance judgment. It ruled that compensation for non-material damage does not automatically accompany every breach of the GDPR and that:

—      since Austrian law is applicable as a supplement to the GDPR, only damage that goes beyond the upset or the feelings (‘Gefühlsschaden’) caused by the breach of the applicant’s rights is eligible for compensation;

—      the principle underlying Austrian law must be adhered to, namely that mere discomfort and feelings of unpleasantness must be borne by everyone without any consequence in terms of compensation. To put it another way, the right to compensation requires that the damage claimed must be of a certain significance.

14.      An appeal against the judgment of the appellate court was lodged with the Oberster Gerichtshof (Supreme Court, Austria), which has referred the following questions to the Court of Justice for a preliminary ruling:

‘(1)      Does the award of compensation under Article 82 of [the GDPR] also require, in addition to infringement of provisions of the GDPR, that an applicant must have suffered harm, or is the infringement of provisions of the GDPR in itself sufficient for the award of compensation?

(2)      Does the assessment of the compensation depend on further EU-law requirements in addition to the principles of effectiveness and equivalence?

(3)      Is it compatible with EU law to take the view that the award of compensation for non-material damage presupposes the existence of a consequence of the infringement of at least some weight that goes beyond the upset caused by that infringement?’

Both disquieting and frivolous (not necessarily juridically speaking). Such situations most surely happen all the time, not only with entities you have a commercial contract with, but also with the various websites you’re visiting! Strictly from a legal standpoint, I fully agree with the first instance that awarded NOTHING to the plaintiff. No data has been transferred to third parties, so I’m not even sure that there is infringement of the GDPR. On the other hand, the general provisions of the Austrian law are applicable as a supplement to the GDPR, because the GDPR, while being “supranational,” cannot contradict the Austrian law (or the German law, etc.). Still, as I said, it’s a frivolous case in my opinion.

■ To close this post: what is the only thing the EU should care and regulate about? COOKIES, specifically third-party cookies (of which some are called supercookies), which are definitely NOT NECESSARY, and are only used to target the user with “more relevant” ads, since a user’s behavior is shared between different websites! Then, FINGERPRINTING.

Unfortunately, third-party cookies and fingerprinting are NOT ILLEGAL under the GDPR! Ironically, only Google’s Chrome and Mozilla’s Firefox are committed to block them, not the EU! (Chrome, only in Incognito Mode; Firefox, by default.) The GDPR remains useless, annoying, dumb, and harmful, as previously shown.

I don’t know of any single individual to consider that such things provide them with “choice” and “freedom”:

Most people just click on whatever is green! If one really wanted to protect the users, they should have imposed by law to web browsers to have a default mode that blocks the unnecessary cookies and other tracking mechanisms such as the fingerprinting!

If the GDPR is about letting the users make their choices, even if they don’t understand what they agree on (this was never of concern to any lawmaker!), then it should also allow non-GDPR compliant sites to exist if they inform their users about that! This way, all the havoc created by the GDPR would go away: forums shouldn’t need to close, websites wouldn’t need to refuse visitors from the EU.

But there are so many Bullshit Jobs that have been created by the GDPR, so this isn’t going to happen.

Vanity Fair: EU-DSGVO means GDPR

Also, the user will continue being “the product,” for the simple reason that this is the only way so many websites and online services are free. Would you pay €5/mo to be able to use GMail? Would you pay €10/mo to be able to access YouTube? Would you pay another €5/mo to be able to perform a Web search?

BONUS·Special case of paranoia and mental retard regarding the “privacy”

I forgot about this short blog post: Stop using DICT dictionary apps (such as GNOME/MATE Dictionary) | Ctrl blog. Excerpt:

With the apps’ default configuration, your word queries are looked up online via an arcane old internet protocol called DICT (RFC 2229). The protocol was standardized in 1997 and it doesn’t include any encryption or other privacy protections.

So, why is this a problem for dictionary lookups?, you might ask. Some knowledge is forbidden knowledge, depending on your local authorities. For example, it is inadvisable to look up information about abortion from within some U.S. states, war crime in Russia, or democracy and human rights in China.

The apps don’t warn you about their privacy implications when you launch them. They’re technically required to inform you about whom they share data with (the dictionary server providers) under the General Data Protection Regulation (GDPR) in the E.U.

Fuck. GDPR again. Plus paranoia.

No, dear retard, it’s not risky to search for the definition of “abortion” in the US, and even if it were, what ISP would log your DICT or HTTP query to a dictionary, only to show it to some “pro-life” groups? Think about it: supposing you’re a pro-life, anti-abortion retard, how would you know what you’re against, if you don’t know what an abortion is? All things considered, the only potentially risky thing were to look for an abortion clinic! But even so, what kind of citizen are you if you’re terrified even by such small things?

Even in China, I expect them to have dictionaries that define “democracy,” even if in a twisted form, and in Chinese, not as given by the (relatively useless) MATE dictionary.

All in all, such chicken-hearted individuals should hide behind a proxy server or behind a VPN, to reduce the chances that their Web queries be used by the local authorities. Alternatively, they could hide under a rock. Oh, wait, even in China, Russia, and the US, the GDPR protects them, but some nasty developers are ignoring THE EUROPEAN LAW!

BONUS 2·A case of “a 21st-century mindset”

Not really on any of the discussed topics, but a solution waiting for a problem… and for hacking!

Here: California legalizes digital license plates for all vehicles. In brief:

  • A private company is authorized to produce E-Ink-based digital license plates called Rplates.
  • Rplates are managed via Bluetooth using a smartphone app. (Vulnerabilities, anyone?)
  • Rplates also have an LTE antenna, “used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.”
  • An Rplate for a personal vehicle costs $19.95 a month, or $215.40/yr if paid anually; plates for commercial vehicles run $24.95/month, and $275.40 if paid yearly.
  • Privacy risks?
  • Hacking risks?
  • $19.95/month FOR WHAT? What was wrong with a metal plate? Automatic number-plate recognition cameras can also recognize “old-style” plates!
  • An Rplate “can reportedly function in extreme temperatures”: really? A metal (or plastic) plate can do much better, and for no recurrent costs!

Selected comments from the readers of The Reg:

■ Your metal plate is clearly unfit for purpose and inadequate; for the very simple reason that someone can’t charge you $20+ per month for it. You’re just not thinking in a 21st-century mindset.

■ The DVLA approved font is designed with OCR in mind. Given that the registration number isn’t supposed to change, I don’t understand what an electronic plate could do that would be useful. If you want tracking on your vehicle, get a different device for that. The cheapest option is probably to put an AirTag in it somewhere.

■ Yet another IoT hole for no reason? Here we go: what’s the betting someone figures out a way into these (after all, they’re hardly likely to get updates that often) and we find half of the plates in CA start displaying nothing at all….or suitably rude/advertorial messages. Again, this is putting tech in places just for the sake of it. I can’t imagine the license plate needs to change so often that having the ability to vary the display will be a major advantage – certainly not when you look at the cost of having one. Also, e-paper will have issues in the temp range / lighting conditions that a metal plate copes rather well with: this is a problem that didn’t need solving, surely.

■ A license plate you rent? No thanks.

■ For just $20 a month, we’ll ensure your plate remains visible. Isn’t that how a protection racket works?

■ This sounds like a bad idea. How do you keep a person from changing the number on their e-ink plate? The device is in complete control of the end user, even if they use some kind of key to verify operations, this is ripe for exploitation. E-ink doesn’t need constant voltage and as far as I know doesn’t provide feedback of what is displayed. Just disconnect the screen, ‘flash’ the display to a fake reg number. Even if there is cryptographic information on the plate, you might be able to selectively flash the screen.

■ Handy if you want to display a false number, I guess.

■ It’s the modern implementation of the James Bond rotating-numberplate thing that every single driver everywhere has, at some point, fantasized about having.

■ I’d make it look like it did a factory reset. Always good to have some plausible deniability. It would be interesting to hack this and make it show another number when near a speed camera – at present speed cameras and ANPRs are not really analysing for registration discrepancies.

■ I’m looking forward to e-ink numberplates which can change what they display when around speed cameras. BMT216A to 4711-EA-62 to LU6789 in a fraction of a second.

■ The DMV isn’t trying to correct a problem, they just want more money. They won’t care about fake plates unless a high profile case make the news. Then they will probably dole out a grant to the company to cover the fix. Yes, this is probably going to be easier to hack then it is to stamp a convincing metal plate. Also going to be a magnet for theft and vandalism I suspect. DMV only cares about taking as much of your money as possible and giving it to other people. So for them it makes perfect sense.

There are two different ways to look at it:

  1. California’s DMV, while being as “communist” as the European Union in imposing shit on people, is as corrupt as the European Union in guaranteeing profits to the companies that manage to legislate their wishes, so to speak.
  2. The digitalization aka “digital transformation” of everything only creates more vulnerabilities! It’s like continuously creating ticking time bombs, or disasters waiting to happen! As if cars weren’t already vulnerable to hacking, now their license plates too!