That depends on a lot of factors but regardless even if it's ultimately rendered on the GPU it's first generated on the CPU as in glyphs are rendered and put in a glyph cache. Those might be cached in textures and then used to render text with the GPU as appropriate.
Are they trolling? Those are just some glasses with ir light and ir reflective coating. These will make your face more visible to cameras in the dark. Also facial recognition algorithms can easily be adapted to work around the stupid glow. They only need like 10% of your face anyway.
This is just a 1% solution, which may be enough to defeat mass data collection as long as it remains niche. For a bigger effect, carry light strong enough to saturate even a HDR camera.
If you remember the old (VHS) Macrovision, it used a pulsing contrast to mess up automatic gain control circuits. A good way to defeat this is by putting a POT on the AGC so you can tune it manually.
A way to apply this to the glasses: put a IR strobe on. Pulse it at .5s, with a .05s IR led on time.
You should be able to get away with this using an array of IRleds, battery, and a 555 timer.
This is clearly a concept and not a production product — probably more about encouraging discussion regarding privacy in public than about executing on the things it talks about.
Lets hope the judge chooses the side of Lenovo, It would be devastating if windows/gnu/linux/apple gets sued every time they have a security flaw in a product.
There's a significant difference between Superfish, an intentionally installed application that deliberately mitigated security features in browsers to inject ads, and a security flaw that arose from poor design or a lack of good QA process. The latter are sloppy but ultimately an inevitable part of complex design; the former is an obnoxious lack of respect for your customer that deserves a serious penalty in damages and a complete reset of your brand's goodwill.
That said, I think there's an argument that customers being in a position to sue over security flaws might not be such a bad thing. It might push companies to make security and privacy important features rather than second-class add-ons.
Any argument you make will contradict itself, because you make it a subjective matter. So choosing superfish could be seen as a lack of good QA process.
....what? "windows/gnu/linux/apple" - what does any of these companies/products have to do with this? Lenovo put its customers at risk, if a judge sided with them it would be atrocious.
Citation Needed. I live in the Bay Area, and cannot find an x86 laptop with desktop Linux preinstalled at Central Computers, Frys or Best Buy. Is System 76 what you mean, or ordering online from Dell for the XPS 13? Because that is not my definition of easy, certainly not compared to walking into a retail store.
Ordering something online is far easier than going to a retail store. I can drive for a few minutes to get to a Best Buy, look around to see if what I want is in stock, tell the salesperson who has been hounding me for the past 10 minutes that I'd like to buy it, wait in line at the register, then drive home or I can go online and be done with it in a few clicks.
Thinking mainly of System 76 and the dozens of other similar companies around the world. Sure not quite as easy as walking into a retail store, but on the other hand I don't know anybody who bought their (non-Apple) laptop at a retail store.
I know that the author only means to give advice. But the message can easily be misinterpreted into a generalization, which kind of makes the author seem like a mean person.
This does pose the question whether these mask work in real life. I bet their software uses the fact that they can control the lightning and picture quality. Creating a direct copy of a face seems easier for real life purposes anyway.
Other than demonstrating the flaws of current facial recognition algorithms there does not seem to be any use for this.
Anyway, pretty cool use of evolutionary algorithms and nice pictures.
Well this is to be expected if they can force a hosting company to report when servers connect to public tor nodes for a considerable amount of traffic.
- The quality of their claims is directly related to the quality of their input. There is no discussion on the quality of their input.
- They by no means justify their causal relation assumption
- They make weird claims, for example they call their method a "gold standard", but there does not exist a gold standard for this kind of pseudo-science at all. And their method has the same flaws they mention other methods have.
If you don't type the https url, you start by visiting the http website. Normally the http version will redirect to https, but a man in the middle can easily prevent this.
> If you don't type the https url, you start by visiting the http website. Normally the http version will redirect to https, but a man in the middle can easily prevent this.
This is not entirely correct. HSTS[0] was designed to protect against such attacks.
It's true, however, that not every browser out there supports it yet, and you must visit the website at least once without MITM for the server to successfully communicate HSTS header. (In Chrome certain domains are included in built-in list[1], though.)
Yes! I just thought of this and was going to edit it in, but you are quicker. Many websites still don't use HSTS, and in any case this article is from a few months ago (I remember reading it) and HSTS is pretty new.
