I've been on hundreds of calls for both and have personally had far more issues with zoom than google. I also prefer Google's UI and security model, and Google's pricing is better for companies using gmail.
Google's advanced security is a good example of an actual implementation of fido2 where they've had to deal with real world threats and device usage. They require multiple fido2 devices (for dealing with the lost/damaged problems).
Compromise of FIDO2 devices is particularly interesting though. Specialized hardware like a yubikey rather than software based fido2 might help here, but that still leaves theft as a wide open vector. If theft is a risk for your use case, https://www.yubico.com/blog/getting-a-biometric-security-key... could be an interesting solution or using secure hardware on your phone behind a lockscreen. Also having a password (in addition to webauthn) might be good enough for you to slow down an attacker enough for you to disable your compromised device (using another fido2 device to authenticate).
Looks exciting! It is kind of disappointing the AI generated main example on their home page has what appears to be a url encoding bug in it though (in text=${text}, text should be url encoded before being passed to fetch).
~1/5 of Apple's Services revenue comes from having google be the default search ($9-10B per year), so I wonder if this new search will coincide with them ramping up their own search ads business [https://9to5mac.com/2019/11/15/apple-ad-revenue/]
Could be that contract is up for renewal? Google seemed like it was going to stop paying Mozilla this year, then changed their mind. Threat of building a search engine competitor could just be part of contract negotiation (a BATNA).
Or they could just say they'll use Bing instead. That's cheaper, provides a better experience for their users than their own search engine, and is a stronger threat to Google if they want Google to increase payment by encouraging more ad dollars chasing big spenders to go to Bing.
This seems to predate FIDO2. https://solokeys.com/ would be a better option if you prefer separate keys for each site (via FIDO2) and open source hardware.
Yeah, I've been happy with my SoloKey, but OnlyKey's integration with a software password manager + OpenPGP + SSH keys is really enticing. I'm on the same boat as a lot of others here, however, that the lack of open hardware is a deal breaker.
Just wondering, what additional security would you expect from open hardware vs. open software with transparently designed hardware? From a threat modeling perspective it seems that if the device is just using one chip onboard there are no clear security advantages of open hardware. Open hardware would only be provide a security benefit if you are planning to make your own security key, which most people won't be doing. And by being open hardware there is an additional threat model created where it is now easy for adversary to create identical clones of security key that can be used maliciously.
Ultimately, it's just a personal belief that all knowledge should be free as in freedom. SoloKey Hacker Edition in particular lets you run custom firmware, so you can at least be confident in the software side of things, and build upon it.
Open hardware has the benefit of being able to build it yourself, which is the only completely secure option. The downside is, indeed, the ability to easily create malicious clones, and the fact that you simply won't be able to build it yourself for any remotely modern hardware. So yeah, there's really no security benefit to it in terms of hardware.
Proprietary hardware has the upside of needing reverse-engineering to create a malicious clone / part, and the transparent design helps you make sure that they can't do a sloppy job at it.
It's a shame that tradeoffs have to be made once technology reaches a certain level of complexity, but alas.
I've got a few SoloKey. This project seems like a joke comparatively as solo is actually open source hardware[0] and this is not. You can look above to see how OnlyKey might be more trouble on the software side than it's worth and potentially is just a liability.
I've got a few SoloKeys too. The USB C one broke in half and looking on Amazon reviews this is an issue for lots of people. Meanwhile my OnlyKey has been running strong 3 years in and has been on my keychain the whole time. Also SoloKey doesn't manage passwords at all, while OnlyKey does.
But it's not open source. Why even bother to call it open source if it's not? Since the Solo is open source hardware if you don't like it, you can change the design and get your own boards cut on OSH Park.
I agree that short term providers will likely take in less money with a "Medicare for all" solution, but I think the problem presented by this blog post is overstated/misrepresented:
1) The "Over 65" demographic visits the hospital more than other demographics so comparing raw number of people is an apples to oranges comparison (65+ somewhere between 3-10x more likely to utilize an inpatient stay, https://www.hcup-us.ahrq.gov/reports/statbriefs/sb235-Inpati...)
2) Roughly half of all administrative costs in US hospitals are associated with billing. Administrative costs are lower in single payer systems because hospitals don't need to bargain and coordinate billing with multiple parties. Doctors will still be needed by hospitals, but hospital workers/sales people/VPs who bargain with insurance companies will be less necessary. This is a significant percentage of hospital expenditures [https://www.americanprogress.org/issues/healthcare/reports/2...] Administrative staff seem much more likely to see paycuts or staffing cuts rather than necessary staff like doctors/nurse.
ITP 2.1 also already says it will block cookies of this type if it matches Safari's completely non-transparent ML model for "tracking cookies". Also Chrome pushed back the release date of this new default from end of August 2019 to February 2020 and the bug has been "fixed in a non-yet released version" of Safari since early June (safari is really slow to release security patches).
Apple's search ads are projected to be one of the largest online advertisers in terms of ads revenue in 2020 (they have larger advertising revenue projections than both snap and twitter). Device sales in general are dropping so they are expected to continue to invest in this area of their business. Given that Apple is a large organization known for their lack of transparency, I would be very surprised if they weren't already doing shady things with user data for targeting purposes.
Can't is the wrong statement. The can be. Whether they choose not to or not is a different conversation, but technically they definitely can tie these together from IP address alone.
I get frustrated with the hoodwink that Apple seems to be playing, as they move to services based revenue I have no doubt these lines are going to get blurrier and blurrier.
The kind of experts gojomo is thinking of are still resolutely convinced that they're correct, and no facts will change their mind about that. Like the people the tobacco lobby used to wheel out to tell you that they were confident smoking was actually not dangerous, or the same handful presented as offering an "alternative" explanation for global climate change, they are fiercely resistant to the obvious conclusion from the available facts, and I don't really need to care whether that's because they're they're actually paid not to look at the obvious or they're not smart enough to see it.
Not trickle down, but Laffer (the guy the Laffer curve is named after) worked for Donald Trump in his 2016 campaign, and currently blames Barack Obama for the Great Recession.
Laffer's curve is 100% real, it's also 100% irrelevant to real world economics. It's as though after explaining about relativity and why it's impossible to accelerate an object with mass to the speed of light, a physicist turned around and told you that therefore they are confident that it's impossible to move at more than a walking pace and so Olympic sprinters don't exist. And then an entire political party pretended to believe them because it would make very wealthy people even richer. The analogy breaks down there actually I guess. Also the part where loads of people die in miserable poverty, that's not really in the physicist analogy either.
