For security reasons
neatchee @ neatchee @lemmy.world Posts 3Comments 480Joined 2 yr. ago
neatchee @ neatchee @lemmy.world
Posts
3
Comments
480
Joined
2 yr. ago
You're not wrong, but this isn't really a security matter, it's an "apparent uniqueness" matter. Their goal, I assume, is to satisfy critics enough that a given petition's participants are sufficiently unique while keeping the barrier to filling out the form as low as possible. So they end up in a situation where neither of perfect, but they're both "good enough" for what the business needs.
I dealt with this in the anti-cheat space: my goal was never to remove all cheating, because that's too expensive (insanely so). My goal was to make the public believe they weren't playing against cheaters too often. If the solution was forcing the cheaters to perform at a level that was just below the most skilled human players, that was actually a success, because if the players can't differentiate between cheaters and pro players, then they can't effectively determine how prevalent cheating actually is.
Part of me hated that we had to treat it that way, but another part of me understood that if I pushed too hard on "eliminating cheating" my department would become more costly than it was worth and they'd pivot away from gameplay that needed anti-cheat at all
Requiring SMS validation is a massive barrier to entry and not a viable option for a service like Change.org that relies on a certain level of participation.
There's literally another comment made at almost the same time as yours complaining blocking the use of + and such is too high a barrier to entry and just the devs being lazy. Meanwhile your suggestion is raise the barrier to entry even higher if you care about uniqueness of submissions
It's a no-win situation for Change.org so they went with something that meets their business needs. Can't really expect much else from them tbh
I don't think the reason they're being used is relevant to their problem though. "Think like an attacker" wins the day here: as an attacker, I don't care what it's meant for, only how I can use it to my advantage. If it's something they observed as a problem, I understand why they would want to stop it.
As for "-", yeah, I don't have a particularly good explanation for that one except the assumption that it's something similar to + addressing on a different service.
I imagine because it can't be used to add additional junk characters to the address, they probably just strip them out before doing their string comparison
Yeah I agree that one seems silly on the surface but for their specific situation I understand why: services like Gmail allow using a + to create faux-labels. So for example foo@gmail, foo+bar@gmail, and foo+baz@gmail all get delivered to the same account. For change.org that's a problem because it allows a single email account to fill out the form many times.
Ideally, they would simply truncate everything after and including those symbols but it's possible other services have different rules (maybe yahoo let's you prepend faux-tags instead of appending them, or something like that) so simply blocking their use altogether could be the more robust solution
You're still not listening and it's obvious you don't want to. You seem incapable of stepping outside of your own lived experience and considering the experience of others. You take everything personally, rather than looking at why the generalization might be valid even if you consider yourself an exception.
I'm a 6'1" burly, hairy, white guy with a deep voice. My wife knows I couldn't hurt anyone. The stranger on the street does not. So I don't take it personally when women get startled in public if I'm unexpectedly boisterous near them. And I wouldn't take it personally if, given the chance, a woman chose to create space between us on an empty street at night.
The fact is, other men have made the world harder for us. And that sucks. But not nearly as hard as they make it for women. So if you're going to be pissy with anyone, aim your disdain at the shithead men who created this situation instead of the women who just want to feel safe.
It's easy to demand women "don't discriminate" against you. It's hard to demand men behave better. That's the difference between punching up and punching down. Learn to punch up instead of taking the easy way.
And to head off the obvious counter argument: it's different than race because men actually, demonstrably hold positions of power and privilege over women simply by being men. The same is not true of skin color, etc. Again, punching up vs punching down.
Security professional here. This is legit a good call on their part. It's because those types of addresses won't bounce emails but aren't necessarily in your control; it's very, very easy to spam those petition forms with mail@ for a million real domains without bouncing the emails, making them seem legit.
You own your domain, obviously, so it's really as simple as creating a forwarding/alias address of "changeorg@domain.tld". If creating a forwarding/alias address is that much of a problem for you I suggest that you likely shouldn't be hosting your own email in the first place.
Your laziness isn't a good reason to be upset with a company taking steps to reduce their security overhead significantly
I don't normally upvote flagrant trash talk but gotdam this is so on the nose for the issue at hand that I can't help it. Can't unilaterally condone the tone but if there were ever a time, place, and subject, this is it
You're not listening. YOU are not portrayed as a predator. YOU need to take a backseat for the betterment of the lives of the victims of injustice. Just because something isn't your fault doesn't mean it's not your responsibility to deal with it when you are in the class of people benefitting from the injustice.
As the other commentor said: punching up is very, very different than punching down.
When a specific person treats you, specifically, poorly because you're a man, THEN you can talk about how you are not a threat, and try to convey that you are actually an ally (which is questionable based on your reactions here). But when there is a conversation about average behavior and expectations, side with the victims. You are not a victim. You do not lose more than you gain from being a man. Maybe you get weird looks when you're solo-parenting but you still make $1 to a woman's $0.79 or whatever the number is today for soemeone in the same job.
So please, stop focusing on yourself. It's selfish. Try to think about the bigger picture. And yeah, take one for the team when it comes to memes about bears
Gee, I wonder if there are other groups of people who have been painted with one brush. Perhaps the is a group that is assumed to be less skilled at STEM jobs. Or another group assumed to be more prone to criminal behavior. Wouldn't that just be something? /s
We men, especially we white men, get a fraction of the same treatment women and minorities have been getting for hundreds of years and freak out over how unfair it is. And that's an excuse to demand everyone use kid gloves when talking about these issues?
If you're only doing the right thing because people recognize you for it, I suggest you may not really be doing the right thing. If you're a good person, then you should understand why the average woman may show fear and caution when encountering an unknown man.
Things like the bear meme aren't asking about YOU. When people say "I'd rather choose the bear than a man" they aren't saying every man. Yes, the generalization stings when you think about it being applied to yourself. But if you truly understand the issues and the hypothetical you understand that the answer isn't about you. It's about what women have learned to expect when encountering a man they don't already know well enough based on prior experience
Yeah I'm a big music nerd and the soundtrack definitely contributes to it being my favorite :D
"popular media that is actually bad" typically involves a formula that panders or a franchise that has hit a critical mass where people start wanting to be part of the "in group". I don't feel like Makoto Shinkai's films fit that type of pattern. That's all I was trying to say (poorly)
Wait you actually thought Boy and the Heron had a plot?
My wife literally has multiple limbs covered in Miyazaki tattoos and even she walked out of that movie going "WTF was that mess?"
We'll just have to agree to disagree here. Clearly we have different opinions of what makes for a good story
Castle in the sky is definitely one of his better ones. Wasn't trying to talk shit either. I know people love them and with good reason. I just don't think they're all that. Except Howl's. That movie rocks.
HARD disagree. You don't have to enjoy it, everyone is free to like what they like, but all three films are critically acclaimed and adored by fans worldwide for a reason. And no, not all popular media is good media, but these are not popular enough to fall into that category.
Miyazaki's movies are more in the "visually stunning but mid" status IMO. Like, Howl's was great, everything else is meh to me. But I also know that many people love them - including my wife - so I respect that they are good movies.
Or I just want to be super fucking clear that this guy is a piece of shit criminal and children being exploited is never, ever okay, despite my recognition of the factual context?
But whatever, chief, you assume what you want 👍
I was so salty when they gave the Emmy for Best Animated Film to Boy and the Heron instead of Suzume. Absolute travesty and so clearly only because of Miyazaki's name and art style.
Suzume is honestly my favorite of the three and one of my favorite films of all time. I adore how well all of the fantasy and imagery connects with real human experiences. It comes so close to providing perfectly clear, direct metaphor without actually arriving at it and to me that is the most beautiful type of storytelling: where you can see characters, themes, etc and feel deeply how they connect to your own life but never with a concrete "this thing specifically represents that thing". You can get really close with Suzume, but it never quite coalesces, leaving you with a powerful story, intense emotions, and a sense of wonder that sticks around long after viewing.
preface: I am not in any way condoning or promoting sex with minors, nor am I blaming the minor. The assailant is a criminal, deserves punishment, and the victim is just that: a victim
With regards to the discussion specifically about cost and availability there are a few important things to note:
- The victims were not trafficked, pimped, or otherwise "sold" by a third party. The transactions were all 1-to-1 between the victim and assailant
- The victims ranged from age 15 to 17, and had a comparatively high degree of self determination and autonomy, including typical societal pressures and desires for money, popularity, etc
- Japan has a long history of acceptable prostitution. Brothels are still much more common than in the West and you will find lots of references to "compensated dating" including among teens.
- Sex and sexuality is not as stigmatized in Japan the way it is in the West. From idol culture to advertisement, women (and to a lesser extent men) are comparatively more frequently compensated for their sexuality, even if not for sex outright.
Combined with the fame and access to industry contacts that the perpetrator had in this case, these factors all serve to create a much different environment than westerners are used to and drives the prices for these kinds of interactions down.
Again, I do not condone or support sexual relationships with minors, nor do I place any blame on the victims. I seek only to inform about factors that may have impacted the amount of money exchanged
Not at all! Your Name, Weathering With You, and Suzume are all extremely thoughtful, heartfelt stories with moving characters and deep messages. They are some of the best anime has to offer and I highly recommend them
The closest thing is in Your Name, a movie about two teenagers who body-swap over long distance. They are different genders and so there is a scene in which the movie explores the awkwardness of the situation. It's handled tastefully and accurately for what you would expect from a couple of teenagers. (It's important to note that in Japanese culture the sexuality of teenagers is something that is not stigmatized the way it is in Western culture, and contextually appropriate explanations of that subject are not considered overtly lewd). They do become romantically interested in each other so you can imagine it's not exactly simple, but I never felt it crossed the line into perverted. You can see a series of screenshots that include a few frames from this scene here: https://screenmusings.org/movie/blu-ray/Your-Name/
That's why I posted it multiple times (3 to be precise, not exactly spam IMO, in response to misleading comments). These are genuinely masterful works of art and I hate to see them tainted by slander.
Good info! Sounds like a nightmare :x
Yeah, I can't say their solution is the most elegant but it certainly makes a kind of sense when their criteria for success is "maximize participation while satisfying 'uniqueness' critics"