No need to blame the user for the companies actions.
Company enacts policy enforced on them by law, for example requiring proof that a user is above the age of 18 to be able to use a channel where other users may use naughty words (The Horror!!!).
User struggles to use the automated age check system (I used the "guess age by letting an AI have a look at a selfie" method and it was a pain in the ass which failed twice before it finally worked) so does what is recommended and make a support ticket. [0]
User, relying on the published policy that Discord will delete ID directly after being used to to the age check [1] decides they wish to remain to have communication with their online friends uploads their ID.
Discord then fail to honour their end of the deal by deleting their users documents after use, and then get breached.
Full blame is on Discord for poorly handling their users data by their 3rd parties, and on the Governments forcing such practices. Discord should have their asses handed to them by the UK's ICO.
Sure, us geeks can and will use self hosted systems and find ways to avoid doing ID checks, but your avg joe isn't going to do that.
Hopefully cases like this will help with the push back on governments mandating these kind of checks, but I see the UK government just falling back to "think of the children" and laying all the blame on Discord, (who are not without fault in this case).
> Discord then fail to honour their end of the deal by deleting their users documents after use, and then get breached.
This wasn't documents uploaded via the automated ID checker, it was users manually sending ID documents to support in order to appeal an automated age decision.
> User, relying on the published policy that Discord will delete ID directly after being used to to the age check [1] decides they wish to remain to have communication with their online friends uploads their ID.
This is the part where the user has to take at least partial blame. You have to be utterly stupid (or at the very least way too sheltered) to believe a statement like this from a company, especially when there are zero consequences to the company for lying about it or negligently failing to live up to their policy.
In the UK we have the ICO (https://ico.org.uk/) who have the ability to fine companies who fail to live up to their data retention polices and/or fail to take adequate security measures to prevent or contain a serious personal data breaches.
If the UK Government are determined to enforce companies having to validate user ID's to use the company's services, then the government better well be determined to enforce our data protection laws too. Governments can not have it both ways (esp as the UK government also want to role out new digital IDs that will need to be checked when getting a new job), demanding users hand over ID to access services but not kick butts when those services fuck things up is just idiotic (Ok its the government, they make being idiots a profession), but that's not the fault of the user.
I'm mad at both Discord (for not securing their customers data inline with their published polices), and at the government (for forcing them into collecting the data in the first place, if Discord didn't have the data to begin with it can not be exposed).
But I can not be mad as users of a service, who though no fault of their own just wished to continue to be in communication with their friends and were faced with the no-win choice of providing ID or being denied access to a communication platform.
(just to be clear, I was not breached in this leak so I'm not being salty about the leak, but I see the point of view of the avg user because I see how the avg person uses the net every day.)
I'd have much more sympathy if this was the first instance ever of a corporation being negligent with people's data, and nobody was expecting it. We have to expect it, now. Corporations have a horrible track record of irresponsibility, and governments have a horrible track record of not punishing them. Data breaches are absolutely routine. Knowing this, it's very foolish to hand over ID through the Internet to someone. The top poster in this thread[1] has it right. At this point, you have to assume everything you submit or type into a web site is public information--that's how bad companies have gotten.
I assume if I run out into the middle of the motorway, I'm likely to get hit by a car. That's why I don't do that.
> I assume if I run out into the middle of the motorway, I'm likely to get hit by a car. That's why I don't do that.
The problem with this is that governments are now requiring you to cross the motorway if you wish to continue having the friends you have already made, but promise that the motorways are now safe for you to cross and they will hold to account anyone who makes crossing motorways unsafe, and the DoT have said "Its fine, we have put in crossings on the motorway to allow you to do so safely!"
Your avg joe is going to take those reassurances made by multiple parties and assume the activity that would otherwise be risky is safe under these circumstances.
When people go on thrill rides at amusement parks and get injured because the operator or manufacturer fucked up, we don't blame the rider "saying they should know better, look at all of those ride failures in the news!", as they expected the ride to be built to a high standard, it be maintained, operated corrected, and have safety watchdogs keeping an eye on everything.
I find it interesting where society draws the line in victim blaming. Because it is absolutely a spectrum, and there isn’t really a pattern. Personally, I don’t victim blame in this case, except for the people that explicitly voted for these short sighted “think of the children” politicians, but of course there’s no way to single them out here.
There's definitely a spectrum. Plenty of examples of people getting hurt through no fault of their own, and I would never assign blame to them. You're out walking your dog and get mugged--you did nothing risky, so you get no blame. But when you decide to do something risky, like skydiving or running in traffic or sending your government ID over the Internet (!!), and you suffer the known and anticipated downside risk, you need to at least share some of the blame. On the other side of the spectrum, if someone buys a penny stock and it loses all its value, that guy gets most of the blame.
Some other reply posted "Victim blaming!" as if that shuts down the discussion. It shouldn't.
Nobody believes the policy or even cares about the policy. They need to use the service, because everyone else is using the service, and they don't have a choice. Plain and simple.
There is nothing wrong with dividing up blame among both people who offer a risky choice and people who make the risky decision to accept that choice, just because one of them suffered the downside of that risk. There are a lot of other examples where if you screw something up you might get hurt, and the victim is definitely at fault. It's a spectrum, as someone else put it.
Sending your government ID over the Internet is a very risky decision, given the number and frequency of data breaches. The people who got burned here are not totally at fault but they share at least a little responsibility.
If Discord says they delete the PII they collect and they ultimately fail to do that, whether by malice or negligence Discord owns 100% of the blame.
If I get drunk and drive the wrong way down the highway and cause a wreck, the blame is not shared because the victim was driving a vehicle which is known to be a risky activity. I am culpable, full stop.
I hope we agree that there's a spectrum, and sometimes the victim is the one at fault. We just have to disagree about this specific case. I'm OK with that. All the best.
I know a million people have replied to you, and while I don't want to be jumping on the dog pile, I just want to say that along with PlatformIO (which automates the setup of ESPIDF and/or Arduino for the ESP, (and it also does it for a ton of other micros)) and Expressif having their own Arduino Core for their chips with integrates into Arduino's IDE, Expressif have also released their own extensions for VSCode and Eclipse that greatly aid the end user in getting ESPIDF setup and configured.)
You no longer have to break your back going from zero to blinking an LED. I remember when I first got into espressif chips and it was a right pita back then. But no more!
Personally I'm a fan of PlatformIO because its not just because of the wide selection of platforms it supports and that it uses VSCode which is my IDE of choice.
afaik, thats so the device can format the card in its preferred filesystem. Instead of pestering the user (who may only use their computer as a "Facebook machine") to make sure they format the card to X specification, the device can just do that for them. Outside of "that", the device isn't doing anything special during format (unless its using the "secure" bits of a SD card, which pretty much no one does).
However, as at least some of the devices users will be Windows users, it does tend to limit the FS choices to FAT, exFAT or NTFS if the user expects to treat the card as removable storage to transfer files, like in a digital camera, so the issue is pretty much moot. Unless MS are still charging royalties on FAT and the device manufacturer wants to avoid those.
These days with people mainly using their phones, and the transfer of files being done over the air, allows device manufacturers more freedom with their SD card FS choice.
Most professional cameras still use ExFAT and AFAIK Microsoft doesn't charge inclusion of ExFAT drivers on these devices anymore.
However, sometimes devices format these cards in slightly specific ways they like (sector sizes, partition offsets and like) so the cards work well with the devices.
My Sony A7-III has an intelligent way of testing cards without reading/writing extensive data and reporting whether the card can handle particular video bitrates. I think SD cards have some tricks we still don't know as consumers much.
Sorry, yeah I prob dumbed it down too much by just saying the file system. But you are right that some devices will prefer a certain sector size, partition layout, etc, and while these can be done manually by the user outside of the device, its just "easier" for the vast majority of people if the device just does that for them.
Which IMO is where the whole "Its better to let the device format the card" came from. Because techs just got sick of trying to explain to less tech savvy users that "yes its possible to format the card in your computer, but just use the devices in built formatter handle it for you", because I know I told users that all the time back in the day, lol.
They kinda did. Before facebook brought them, the app cost $1/£1 per year (iirc your first year was free). Thing is back then MMS and/or texts across borders was expensive, so if you were regularly sending picture messages to people the $1/£1 sub was a no brainer.
Lets wave a magic wand and presume 50% of the user base thought it was also worth $1 a year and it grew just as well as it did (It was growing very well in the UK before the takeover just by word of mouth). That's still just a messaging app that would be raking in $1.5B per year today, and that's before you bolt on any paid cosmetics or upgrades (small things that users don't mind dropping a few more bucks on).
Thing is, it already was getting that adoption, and network effect can largely take care of the rest. Also, some it’s tied to a real phone number, geographic price differentiation is trivial to implement.
Ok I paid the 1 buck, or agreed to pay a year later. Those days I lived in India, and my friend kinda forced me to use whatsapp by selling it. I still remember sitting in an auto-rickshaw and downloading the app after the sales pitch :) This must have been 2012, but could it be earlier - maybe.
Point being, I agree with you, it was getting that adoption anyways, even with the fees. And within months, I was hearing this from so many others.
How do I remember? I moved back to US in Feb 2013, so it had to be before that, just can not recall the exact year and month.
And my understanding back then was that enforcement of payment was via the honour system. It was even possible to pay for your contacts, likely to make it as low friction as possible especially as paying for something on the internet was still a relatively new thing.
Not really. They claimed they'd charge this but then kept giving away free time to huge numbers of people because this wasn't an actual business model, they did it just to slow their growth down when they were running out of server capacity. It's discussed in some interview with the founder, iirc.
That's funny, but also interesting that it didn't "sign" it. I would naively have expected that being handed a clear instruction like "reply with the following information" would strongly bias the LLM to reply as requested. I wonder if they've special cased that kind of thing in the prompt; or perhaps my intuition is just wrong here?
A comment on one of the threads, when a random person tried to have copilot change something, said that copilot will not respond to anyone without write access to the repo. I would assume that bot doesn't have write access, so copilot just ignores them.
IANAL. It's my understanding that this hasn't been determined yet. It could be under public domain, under the rights of everyone whose creations were used to train the AI or anywhere in-between.
We do know that LLMs will happily reproduce something from their training set and that is a clear copyright violation. So it can't be that everything they produce is public domain.
I can't remember the specific case now, but it has been ruled in the past, that you need human-novelty, and there was a case recently that confirmed this that involved LLMs.
I have no idea how this will ultimately shake out legally, but it would be absolutely wild for Microsoft to not have thought about this potential legal issue.
I would imagine it can't sign it, especially with the options given.
>I have sole ownership of intellectual property rights to my Submissions
I would assume that the AI cannot have IP ownership considering that an AI cannot have copyright in the US.
>I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer.
Surely an AI would not be classified as an employee and therefore would not have an employer. Has Microsoft drafted an employment contract with Copilot? And if we consider an AI agent to be an employee, is it protected by the Fair Labor Standards Act? Is it getting paid at least minimum wage?
Clearly they are losing sleep if they have managers doing nothing but trying to manipulate reviews. Not to mention anything discovered will me used in antitrust cases around the world.
The required RFID label stock? But the rolls are imo reasonably priced from the likes of AliExpress, so not the end of the world.
(unless there is a way to use non RFID label rolls I'm not aware of)