undefined
@catsalad what's bananas to me is there's a way to do this totally legally. Make it incentive-based instead of punitive.
Create some criteria to certify an operating system as California Family-Friendly. Say the state will only buy such operating systems.
Apple, Microsoft, and Google would absolutely do it and get certified. But the open source stuff could continue not giving a shit.
Not the most ideal - still a privacy issue but at least it's not mandated, we'd have a choice to opt out.
@catsalad funny enough I think the laws mandating all of this might be illegal.
Bernstein v. United States determined that writing software is an expressive act and protected by the first amendment.
We generally say the government can't coerce speech - can't make kids say the pledge of allegiance, for example.
Punishing a volunteer software dev for not writing age verification code? Sure sounds like coerced speech to me!
Dude had my phone number, my name, sounded really nice and everything. Spoke professionally, no crackly audio from being in a cheap data center, nothing.
But also - since when does Google call you? And over trying to add a recovery address? The email itself says "if this doesn't look familiar just ignore it."
Scary stuff.
So then I say look, the caller ID shows you're calling from a toll-free number and that's all it shows - I can't really verify if you're Google or not. I'll handle it. End the call.
So then I sit down and look at that email that came in while I was on the phone. It was an authorization code to add my account as a recovery to somebody else's account.
I'm guessing the next steps would have involved me giving that code to add my account as a recovery to somebody else's account (4/?)
That kind of set off alarm bells because I know from administrating Google Workspace that you absolutely can see what app did what. So red flag.
So then he says something about he can reset my OAuth token. Like it sounded like my account has 1 OAuth token, the way he presented it. Which isn't right.
So I say "ok well listen I can log into my account and disconnect from apps" and he said something about how it's better if they do it? (3/?)
The guy says it looks like an OAuth app may have tried to do it and I think ok, yeah. I use "sign in with Google" all the time, there could be some rogue thing out there where maybe I granted more permissions than I should have or something.
The guy asks if I'm familiar with OAuth and I tell them I am, I've written apps that use OAuth before. He proceeds to give me a brief spiel anyway which I found odd.
So then I ask ok well can you tell me what app did it? He couldn't. (2/?)
I think I was just the target of a fairly sophisticated phishing attempt.
Got a call from a toll-free number, answered it, it was somebody claiming to be from Google.
Said they were calling about a recent attempt to sign in to my account and a ticket to change my recovery address. I said that didn't sound right, guy on the phone said he was going to send me what they received.
I get an email, I don't look closely at it but it's an actual email from Google (1/?)
@codinghorror I served on grand jury with a libertarian.
It's a philosophy embraced by people that have never worked a day in their life.