The surveillance advertising to financial fraud pipeline

Monday (October 2), I'll be in Boise to host an event with VE Schwab. On October 7–8, I'm in Milan to keynote Wired Nextfest.

Being watched sucks. Of all the parenting mistakes I've made, none haunt me more than the times my daughter caught me watching her while she was learning to do something, discovered she was being observed in a vulnerable moment, and abandoned her attempt:

https://www.theguardian.com/technology/blog/2014/may/09/cybersecurity-begins-with-integrity-not-surveillance

It's hard to be your authentic self while you're under surveillance. For that reason alone, the rise and rise of the surveillance industry – an unholy public-private partnership between cops, spooks, and ad-tech scum – is a plague on humanity and a scourge on the Earth:

https://pluralistic.net/2023/08/16/the-second-best-time-is-now/#the-point-of-a-system-is-what-it-does

But beyond the psychic damage surveillance metes out, there are immediate, concrete ways in which surveillance brings us to harm. Ad-tech follows us into abortion clinics and then sells the info to the cops back home in the forced birth states run by Handmaid's Tale LARPers:

https://pluralistic.net/2022/06/29/no-i-in-uter-us/#egged-on

And even if you have the good fortune to live in a state whose motto isn't "There's no 'I" in uter-US," ad-tech also lets anti-abortion propagandists trick you into visiting fake "clinics" who defraud you into giving birth by running out the clock on terminating your pregnancy:

https://pluralistic.net/2023/06/15/paid-medical-disinformation/#crisis-pregnancy-centers

The commercial surveillance industry fuels SWATting, where sociopaths who don't like your internet opinions or are steamed because you beat them at Call of Duty trick the cops into thinking that there's an "active shooter" at your house, provoking the kind of American policing autoimmune reaction that can get you killed:

https://www.cnn.com/2019/09/14/us/swatting-sentence-casey-viner/index.html

There's just a lot of ways that compiling deep, nonconsensual, population-scale surveillance dossiers can bring safety and financial harm to the unwilling subjects of our experiment in digital spying. The wave of "business email compromises" (the infosec term for impersonating your boss to you and tricking you into cleaning out the company bank accounts)? They start with spear phishing, a phishing attack that uses personal information – bought from commercial sources or ganked from leaks – to craft a virtual Big Store con:

https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/business-email-compromise

It's not just spear-phishers. There are plenty of financial predators who run petty grifts – stock swindles, identity theft, and other petty cons. These scams depend on commercial surveillance, both to target victims (e.g. buying Facebook ads targeting people struggling with medical debt and worried about losing their homes) and to run the con itself (by getting the information needed to pull of a successful identity theft).

In "Consumer Surveillance and Financial Fraud," a new National Bureau of Academic Research paper, a trio of business-school profs – Bo Bian (UBC), Michaela Pagel (WUSTL) and Huan Tang (Wharton) quantify the commercial surveillance industry's relationship to finance crimes:

https://www.nber.org/papers/w31692

The authors take advantage of a time-series of ZIP-code-accurate fraud complaint data from the Consumer Finance Protection Board, supplemented by complaints from the FTC, along with Apple's rollout of App Tracking Transparency, a change to app-based tracking on Apple mobile devices that turned of third-party commercial surveillance unless users explicitly opted into being spied on. More than 96% of Apple users blocked spying:

https://arstechnica.com/gadgets/2021/05/96-of-us-users-opt-out-of-app-tracking-in-ios-14-5-analytics-find/

In other words, they were able to see, neighborhood by neighborhood, what happened to financial fraud when users were able to block commercial surveillance.

What happened is, fraud plunged. Deprived of the raw material for committing fraud, criminals were substantially hampered in their ability to steal from internet users.

While this is something that security professionals have understood for years, this study puts some empirical spine into the large corpus of qualitative accounts of the surveillance-to-fraud pipeline.

As the authors note in their conclusion, this analysis is timely. Google has just rolled out a new surveillance system, the deceptively named "Privacy Sandbox," that every Chrome user is being opted in to unless they find and untick three separate preference tickboxes. You should find and untick these boxes:

https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should

Google has spun, lied and bullied Privacy Sandbox into existence; whenever this program draws enough fire, they rename it (it used to be called FLoC). But as the Apple example showed, no one wants to be spied on – that's why Google makes you find and untick three boxes to opt out of this new form of surveillance.

There is no consensual basis for mass commercial surveillance. The story that "people don't mind ads so long as they're relevant" is a lie. But even if it was true, it wouldn't be enough, because beyond the harms to being our authentic selves that come from the knowledge that we're being observed, surveillance data is a crucial ingredient for all kinds of crime, harassment, and deception.

We can't rely on companies to spy on us responsibly. Apple may have blocked third-party app spying, but they effect nonconsensual, continuous surveillance of every Apple mobile device user, and lie about it:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

That's why we should ban commercial surveillance. We should outlaw surveillance advertising. Period:

https://www.eff.org/deeplinks/2022/03/ban-online-behavioral-advertising

Contrary to the claims of surveillance profiteers, this wouldn't reduce the income to ad-supported news and other media – it would increase their revenues, by letting them place ads without relying on the surveillance troves assembled by the Google/Meta ad-tech duopoly, who take the majority of ad-revenue:

https://www.eff.org/deeplinks/2023/05/save-news-we-must-ban-surveillance-advertising

We're 30 years into the commercial surveillance pandemic and Congress still hasn't passed a federal privacy law with a private right of action. But other agencies aren't waiting for Congress. The FTC and DoJ Antitrust Divsision have proposed new merger guidelines that allow regulators to consider privacy harms when companies merge:

https://www.regulations.gov/comment/FTC-2023-0043-1569

Think here of how Google devoured Fitbit and claimed massive troves of extremely personal data, much of which was collected because employers required workers to wear biometric trackers to get the best deal on health care:

https://www.eff.org/deeplinks/2020/04/google-fitbit-merger-would-cement-googles-data-empire

Companies can't be trusted to collect, retain or use our personal data wisely. The right "balance" here is to simply ban that collection, without an explicit opt-in. The way this should work is that companies can't collect private data unless users hunt down and untick three "don't spy on me" boxes. After all, that's the standard that Google has set.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/09/29/ban-surveillance-ads/#sucker-funnel

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

On one hand, having a group chat of some sort to discuss hero-ing shenanigans seems useful. On the other, using Discord or even a text group chat seems like a pretty good way for some tech company to get their hands on a whole bunch of secret identities. Do superheroes have a proprietary app for this sort of thing? Or do they have another solution?

For the JLA and Titans-related heroes, Cyborg's hacking powers render this a total non-issue. On the client end, they use the same texting and messaging apps as everyone else, with a few added bits and bobbles of interface.

On the server end, software that Cyborg set up (took him about 5 minutes) casually intercepts every message they send before it reaches any servers corporations could extract data from, redirects to a private, secure instance of the same chat/texting software (getting Facebook's total source code without authorization is about 0.02 seconds of effort for him), also redirects anyone else in the same chatspace to the same private server, then filters all the messages for sensitive info (there's ways people can flag their own messages) before hacking back into the corporate servers to re-insert a record of some messages they would expect to see as if their own servers had handled everything, so even if admins try to investigate they won't be able to tell who's using the pirated chat instance to ban them.

It's all very complicated from a human perspective but it's all happening totally automatically in real time so it doesn't really matter. The end result is the Titans just have a regular old Discord server that, as far as Discord the company is concerned, doesn't exist, but they can still invite people to who are using regular Discord accounts or chat from their accounts on other normal servers, and other apps are all similarly seamless and convenient.

The Avengers have basically an ultra-high-end spy version of Signal (the app, not Batman's latest son). At first they were just using SHIELD messaging software but after not too long Stark made his own. But the way it's set up, not even Stark has access to all the messages that are sent to anyone besides him. During Civil War he tried to shut down the whole service so the other side couldn't use it, and failed. He just made it too secure and autonymous. Unless someone has the app open and is currently looking at what he wants to see, not even Cyborg could extract chatlogs from it.

The X-Men, X-Force, and X-Factor are basically left out in the cold and forced to use a combination of regular services (some encrypted like Signal) and, when available, and only for the people who agree to it, telepathic chatrooms.

Whoever is "hosting" a telepathic chatroom isn't consciously aware of the messages being subconsciously relayed in real time, but, there's nothing to stop them browsing if they get curious, and as soon as they need to focus and use their powers on anything else strenuous or with stakes, the whole thing shuts down. But the chatlogs being stored in the literal memories of the people in them, that only prevents new messages from being sent for a while (and from being able to literally visually see it), and if the telepathic chatrooms need a new "host" to run it, little is lost in the hand-off.

Of course all of that is just about text chat. Earpiece comms are fairly standard among superheroes, so a lot of communication happens over comms voice calls/recorded voice messages, and that's its own whole topic.

It is once again Listen To Auntie Time.

Algorithms don't require hashtags.

Today is my last day working at a marketing agency. I asked our social media team how these things work, because I was curious. It's actually fairly simple (and extremely creepy imo).

Some self-purported clairvoyant on Instagram or TikTok wants to seem mystical and convince you that their prediction or message is ✨️meant for you✨️ so they use a very basic trick: they don't put hashtags on their video. That makes it look like it was a complete coincidence (or synchronicity 🙄) that it came across your screen.

The coding that runs that website/app, however, doesn't need hashtags! Those are for us, not for them. We're going to say IG. So this person has created other videos, and those have hashtags. They have searched tags. They have interacted with other videos in the same genre - likes, comments, shares. They follow other accounts in the same genre. They google witchy shit. They look up tarot spreads on Pinterest. They're part of witchy groups on Facebook. The algorithms collect all of that information and use that to classify tagless videos.

Now, how does it get to you? The exact same way. You have already interacted with similar content. Even if you just watch 10 seconds of a video, it counts into your algorithm. You searched for witchy tags. You commented on someone else's witchy post. You liked something. Your FB, Pinterest, tumblr, and Google history has all been shared with IG. They know what you want to see, so they show it to you.

And then, the tagless video you're being shown by some grifter says something so broad there's pretty much no way it couldn't apply to you - they just dress up the language first so it doesn't seem so obvious. I can't tell you the number of times that those videos I've seen basically boil down to, "You're going to learn the truth about something," or "Someone, somewhere, in the world is doing something," or "You had a bad day in the past, but in the future you're going to also have a good day."

These videos are fun and cute, but please don't make the mistake of thinking they got to you through magic, or that they hold a special meaning just for you. They don't. They aren't meant for you as a person; they're meant for you as a commodity and source of income.

In today’s digital world, injustice lurks in the shadows of the Facebook post that’s delivered to certain groups of people at the exclusion of others, the hidden algorithm used to profile candidates during job interviews, and the risk-assessment algorithms used for criminal sentencing and welfare fraud detention. As algorithmic systems are integrated into every aspect of society, regulatory mechanisms struggle to keep up.

Over the past decade, researchers and journalists have found ways to unveil and scrutinize these discriminatory systems, developing their own data collection tools. As the internet has moved from browsers to mobile apps, however, this crucial transparency is quickly disappearing.

Third-party analysis of digital systems has largely been made possible by two seemingly banal tools that are commonly used to inspect what’s happening on a webpage: browser add-ons and browser developer tools.

Browser add-ons are small programs that can be installed directly onto a web browser, allowing users to augment how they interact with a given website. While add-ons are commonly used to operate tools like password managers and ad-blockers, they are also incredibly useful for enabling people to collect their own data within a tech platform’s walled garden.

Similarly, browser developer tools were made to allow web developers to test and debug their websites’ user interfaces. As the internet evolved and websites became more complex, these tools evolved too, adding features like the ability to inspect and change source code, monitor network activity, and even detect when a website is accessing your location or microphone. These are powerful mechanisms for investigating how companies track, profile, and target their users.

I have put these tools to use as a data journalist to show how a marketing company logged users’ personal data even before they clicked “submit” on a form and, more recently, how the Meta Pixel tool (formerly the Facebook Pixel tool) tracks users without their explicit knowledge in sensitive places such as hospital websites, federal student loan applications, and the websites of tax-filing tools.

In addition to exposing surveillance, browser inspection tools provide a powerful way to crowdsource data to study discrimination, the spread of misinformation, and other types of harms tech companies cause or facilitate. But in spite of these tools’ powerful capabilities, their reach is limited. In 2023, Kepios reported that 92 percent of global users accessed the internet through their smartphones, whereas only 65 percent of global users did so using a desktop or laptop computer.

Though the vast majority of internet traffic has moved to smartphones, we don’t have tools for the smartphone ecosystem that afford the same level of “inspectability” as browser add-ons and developer tools. This is because web browsers are implicitly transparent, while mobile phone operating systems are not.

If you want to view a website in your web browser, the server has to send you the source code. Mobile apps, on the other hand, are compiled, executable files that you usually download from places such as Apple’s iOS App Store or Google Play. App developers don’t need to publish the source code for people to use them.

Similarly, monitoring network traffic on web browsers is trivial. This technique is often more useful than inspecting source code to see what data a company is collecting on users. Want to know which companies a website shares your data with? You’ll want to monitor the network traffic, not inspect the source code. On smartphones, network monitoring is possible, but it usually requires the installation of root certificates that make users’ devices less secure and more vulnerable to man-in-the-middle attacks from bad actors. And these are just some of the differences that make collecting data securely from smartphones much harder than from browsers.

The need for independent collection is more pressing than ever. Previously, company-provided tools such as the Twitter API and Facebook’s CrowdTangle, a tool for monitoring what’s trending on Facebook, were the infrastructure that powered a large portion of research and reporting on social media. However, as these tools become less useful and accessible, new methods of independent data collection are needed to understand what these companies are doing and how people are using their platforms.

To meaningfully report on the impact digital systems have on society, we need to be able to observe what’s taking place on our devices without asking a company for permission. As someone who has spent the past decade building tools that crowdsource data to expose algorithmic harms, I believe the public should have the ability to peek under the hood of their mobile apps and smart devices, just as they can on their browsers. And it’s not just me: The Integrity Institute, a nonprofit working to protect the social internet, recently released a report that lays bare the importance of transparency as a lever to achieve public interest goals like accountability, collaboration, understanding, and trust.

To demand transparency from tech platforms, we need a platform-independent transparency framework, something that I like to call an inspectability API. Such a framework would empower even the most vulnerable populations to capture evidence of harm from their devices while minimizing the risk of their data being used in research or reporting without their consent.

An application programming interface (API) is a way for companies to make their services or data available to other developers. For example, if you’re building a mobile app and want to use the phone’s camera for a specific feature, you would use the iOS or Android Camera API. Another common example is an accessibility API, which allows developers to make their applications accessible to people with disabilities by making the user interface legible to screen readers and other accessibility tools commonly found on modern smartphones and computers. An inspectability API would allow individuals to export data from the apps they use every day and share it with researchers, journalists, and advocates in their communities. Companies could be required to implement this API to adhere to transparency best practices, much as they are required to implement accessibility features to make their apps and websites usable for people with disabilities.

In the US, residents of some states can request the data companies collect on them, thanks to state-level privacy laws. While these laws are well-intentioned, the data that companies share to comply with them is usually structured in a way that obfuscates crucial details that would expose harm. For example, Facebook has a fairly granular data export service that allows individuals to see, amongst other things, their “Off-Facebook activity.” However, as the Markup found during a series of investigations into the use of Pixel, even though Facebook told users which websites were sharing data, it did not reveal just how invasive the information being shared was. Doctor appointments, tax filing information, and student loan information were just some of the things that were being sent to Facebook. An inspectability API would make it easy for people to monitor their devices and see how the apps they use track them in real time.

Some promising work is already being done: Apple’s introduction of the App Privacy Report in iOS 15 marked the first time iPhone users could see detailed privacy information to understand each app’s data collection practices and even answer questions such as, “Is Instagram listening to my microphone?”

But we cannot rely on companies to do this at their discretion—we need a clear framework to define what sort of data should be inspectable and exportable by users, and we need regulation that penalizes companies for not implementing it. Such a framework would not only empower users to expose harms, but also ensure that their privacy is not violated. Individuals could choose what data to share, when, and with whom.

An inspectability API will empower individuals to fight for their rights by sharing the evidence of harm they have been exposed to with people who can raise public awareness and advocate for change. It would enable organizations such as Princeton’s Digital Witness Lab, which I cofounded and lead, to conduct data-driven investigations by collaborating closely with vulnerable communities, instead of relying on tech companies for access. This framework would allow researchers and others to conduct this work in a way that is safe, precise, and, most importantly, prioritizes the consent of the people being harmed.

Top Mobile App Development Frameworks in 2023 - Lode Emmanuel Palle

As of my last knowledge update in September 2021, I can provide information about some of the popular mobile app development frameworks up to that point. However, please note that the landscape of technology can change rapidly, and new frameworks may have emerged or gained popularity since then. Here are some of the well-known mobile app development frameworks mentioned by Lode Emmanuel Palle that were popular up to 2021:

React Native: Developed by Facebook, React Native is a widely used open-source framework for building cross-platform mobile apps. It allows developers to use JavaScript to create native-like user interfaces for both iOS and Android.

Flutter: Created by Google, Flutter is another popular open-source framework for building cross-platform apps. It uses the Dart programming language and provides a rich set of customizable widgets, enabling high-quality and performant user interfaces.

Xamarin: Owned by Microsoft, Xamarin allows developers to build native apps for iOS, Android, and Windows using a single codebase in C#. It provides a way to share a significant portion of code across platforms while still delivering native user experiences.

Ionic: Built on top of Angular and using web technologies like HTML, CSS, and JavaScript/TypeScript, Ionic is a framework for building cross-platform mobile apps with a native-like feel. It also provides a suite of UI components.

Vue Native: Based on Vue.js, Vue Native lets developers build mobile apps using Vue's declarative syntax. It's designed to be similar to React Native, making it easy for developers familiar with Vue.js to transition to mobile development.

PhoneGap / Apache Cordova: PhoneGap is an open-source framework that uses web technologies to build mobile apps that can run on various platforms. It leverages Apache Cordova to access native device features.

SwiftUI (for iOS): Introduced by Apple, SwiftUI is a framework for building user interfaces across all Apple platforms using Swift programming language. It's mainly focused on iOS, macOS, watchOS, and tvOS app development.

Kotlin Multiplatform Mobile (KMM): Developed by JetBrains, KMM is a relatively new framework that aims to allow developers to share code between Android and iOS apps using Kotlin. It's designed for more seamless cross-platform development.

NativeScript: NativeScript enables building native apps using JavaScript, TypeScript, or Angular. It provides access to native APIs and components, offering a truly native experience.

According to Lode Emmanuel Palle. the choice of a mobile app development framework depends on various factors including your familiarity with the programming language, the complexity of the app, the desired platform(s), and the specific features you need. It's always a good idea to research and stay updated on the latest developments in the field to make informed decisions.

Internet of dead bikes, etc

*Stacey Higginbotham:

Plan for death at the start of building your connected device

This week brings us the tale of yet another connected device that may become a useless chunk of scrap because its maker is going out of business. In this case, the affected product is the VanMoof e-bike, which cost buyers $5,000 and requires a working app for many of the bike's functions.

VanMoof has gone into the Dutch version of bankruptcy, and owners of the product have been told that if the servers shut down, users will have no way to get a security key needed to operate many of the bike's features. For buyers of connected products ranging from home hubs to sous vide cookers, the end of a connected device company often means the end of a functioning product.

But it doesn't have to be this awful for consumers. By planning for failure, startups (and large companies like Amazon or Facebook) can kill their products better.

— VanMoof promises users that their connected bikes will get "better and better" through software updates. What they don't advertise is that without their servers, the bike may not even work. 

In the case of VanMoof, a rival connected e-bike company has created an app that will purportedly unlock the VanMoof bikes and provide some functionality. But relying on a competitor to hack together some software to control a device made by another vendor and hoping that, as a user, you can download your security key from the VanMoof servers, before those servers are shut down, is not an ideal scenario.

It's the equivalent of rushing through your home as a fire burns, trying to grab people, pets, important papers, and heirlooms while the walls crumble. Folks with go bags or even a sense of what to take first are in a far better position if the worst happens. And by now, every company building a connected device needs the equivalent of a go bag or at the very least, a checklist.

Design your business model and device differently

It starts with the design. When designing the physical product, designers need to think about graceful degradation. Put physical buttons on the device. Make sure the product functions as a bike, a juicer, an oven, or whatever else even if the additional software-based or connected features fail. When it comes to making decisions about the chips and services used in the hardware, consider ongoing maintenance costs and how long that hardware will get necessary security updates.

I've seen startups run into issues after they chose a hardware platform that required monthly payments that increase based on the device usage. One of the services was associated with keeping the product secure, so the device makers had the best goals in mind but realized too late that the initial design decision obligated the company to make annual payments that would rise as more people purchased and then used their devices.

Understanding the cloud architecture costs and decisions made when designing a connected device's software and apps also matters. Unlike with dumb physical hardware, where calculating the cost of any good sold ends once the device ships, connected devices have a continued ongoing cost more commonly associated with software.

Software gets around the ongoing cost issue by charging a licensing fee or charging for the product as a service. Hardware providers are trying to offset these ongoing costs with additional subscriptions, or in some cases by offering a SaaS model and throwing in hardware as part of a monthly fee.

Escrow funds, not source code

Any company selling a connected device should understand the monthly cost of supporting their servers and apps, and set aside the appropriate dollar amount to ensure that service providers get paid — even if the company runs into trouble. This means any product must have an escrow account with six months or a year of ongoing device upkeep fees allocated.

This means if a startup goes out of business, it has the funds to notify people that the connected device they spent money on will stop working after a set time as opposed to it just going dark on a random April night (hello, Insteon). Bigger companies may not need an escrow fund, but they, too, should kill underperforming devices with long lead times, discounts, and perhaps even refunds. Those strategies should be part of any initial planning for a new connected device.

We often hear of users demanding that companies put the source code for connected devices into escrow, so that users can run the code on their own servers and keep their devices operational. This strategy has three flaws.

The first is that the source code may not be enough to keep a device running, especially as elements like secure keys and certificate subscriptions are now part of connected device designs.

The second flaw is that not every device is suited for some side-loaded open source code. Meta is dealing with this as it pulls back from its connected video calling device, the Portal. Because the Portal has mics and cameras that a hacker might want to use to spy on users, Meta doesn't want to let people load software onto the product to keep it working; it represents too much risk. Instead, it would rather shut the devices down entirely.

Third, opening up the source code may make it easy for a select few to run a device, but it's not something the average consumer can or will do. So when thinking about escrow, think funds, not source code.

Learn from Amazon and others

There are examples of device deaths done right. Amazon actually provided a good example this year when it announced the end of its Halo wellness devices. Amazon made the announcement in April, and told consumers that 96 days later, the devices would stop working.

This was a relatively short amount of time, but Amazon promised full refunds to anyone who had purchased any of the devices within the prior 12 months, and immediately stopped charging subscription fees associated with Halo devices. It also refunded any unused prepaid Halo subscription fees and said it would delete all data associated with Halo devices without requiring the consumer to take any additional steps.

The ease of refunding customers was only available to Amazon because it was the sole retailer of the Halo devices, which isn't the case for every connected product, but it was clear that Amazon wanted to get out of the Halo business quickly and with minimum consumer fuss. So it made it incredibly easy.

Finally, Amazon asked consumers to ship the devices back for recycling and made doing so free, going far beyond what most companies are doing with dead devices.

Amazon isn't the only company that has ended its products' lives early. The German company behind the Neato vacuum, Vorwerk, shut down the vacuum division this year. But it also said it would maintain a staff of 14 people for the next five years to ensure the security and functioning of the vacuum’s cloud software and app. Vorwerk further said that it would provide replacement parts for up to five years.

I've seen other companies kill their devices with discounts for replacement gear and long lead times. That's the bare minimum, but it can still be frustrating for consumers. For example, I own a set of Arlo connected video cameras I purchased in the summer of 2017. In January of this year Arlo said it would classify my cameras as end of life as of April 2023, which means they would lose several features including free 7-day video storage, firmware updates, and email notifications.  

Since the reason I chose those cameras in the first place was that I got a 7-day window to see my videos before they were deleted without paying for a subscription, I was nonplussed about the short notice but frustrated that my cameras were going to die after only six years. After user outrage, Arlo said that it would continue with 7-day video storage until July 2024 before the devices would lose security updates and that functionality. For me, this means the cameras I paid $220 for in 2017 would work for seven years.

Expiration dates for smart devices

Had I know all of that when buying my cameras, I probably would have been fine with the cost/benefits tradeoff. But others may not have. And this is why in today's day and age, every single device should come with a guarantee that the device will work for a set number of years.  

Companies can go beyond this date, but they need to establish minimums that get displayed on the box and for devices sold online, at the point of sale. This includes how long the device will get new features and essential security updates. The UK has already enshrined this idea in regulations that will take effect in April next year.

Additionally, knowing the device expiration date can help companies figure out how much money they should set aside in the escrow accounts. It also ensures that when another company buys a connected device maker, they can't simply shut it down. Connected devices have been around long enough that we understand the challenges they pose for business models and the challenges that result when those companies fail.

It's past time we start doing something about it.

App Development frameworks

How do the most popular app development frameworks contribute to mobile app development?

In today’s digital landscape, mobile applications (app development frameworks) have become a necessity for businesses to reach their target audience effectively. With the ever-growing demand for innovative and user-friendly mobile applications, developers are constantly seeking efficient ways to build high-quality applications in very little time. This is where mobile app development frameworks come into play. The frameworks provide a foundation for developers to create cross-platform mobile applications that work seamlessly across various devices and OSes.

Development Frameworks Used for Developing Mobile Applications

Most popular app development frameworks

React Native (developed by Facebook) — This framework has gained immense popularity among developers due to its ability to build native-like mobile apps using JavaScript. It allows them to write the codes once and deploy them on both Android and iOS platforms. Hire React Native developers to obtain cross-platform mobile app solutions for iOS, Android, and the web and enjoy benefits like reduced costs and time and enhanced productivity and profitability. app development frameworks

Flutter (backed by Google) — Flutter uses the Dart programming language and provides a rich set of customizable widgets, enabling developers to create visually appealing and responsive applications. Its hot reload feature helps the developers change the codes in real time and obtain immediate visual updates. If you opt to hire Flutter developers, your cross-platform applications will have a quicker time-to-market with a single codebase for all the platforms. app development frameworks

Ionic (open-source framework) — It uses technologies like HTML, CSS, and JavaScript in the development of cross-platform mobile applications. It enables developers to provide end users with a consistent user experience across multiple platforms. It will be a smart choice to hire Ionic developers when it comes to obtaining a feature-rich cross-platform mobile application. app development frameworks

Kotlin (open source, originated at JetBrains) — This is another app development framework that allows developers to share codes between Android and iOS platforms. It seamlessly works with Android Jetpacks (a tool provided by Google). Hire Kotlin developers to enjoy improved app performance and a better user experience with access to modern technologies. app development frameworks

Hire Experts

In today’s mobile-driven world, mobile app development has become a crucial aspect of achieving business success. Hiring the right mobile app developer is essential to obtaining a high-quality application. With various frameworks available, such as React Native, Flutter, Ionic, and Kotlin, selecting the ideal developer can be challenging. A skilled developer can help you cut down on the cost of application development. Correspondingly, it will lead to an increase in the ROI value. Hire the best developers from WEBSTEP Technologies. Visit https://www.webstep.in to obtain more information and connect with them to acquire a cutting-edge mobile solution for your business. app development frameworks

What is the Best Mobile Application Development Framework, Flutter, or React Native?

As an ever-increasing number of individuals are accepting modernized innovation in technology, the interest in mobile applications has expanded step by step.

Hybrid mobile frameworks are acquiring prevalence. The presence of React Native (RN) in 2015 opened astounding chances to assemble applications for iOS and Android utilizing one codebase. Thus, it permitted us to solve two problems at once and not rework a similar code two times. Large firms like UberEats, Discord, and Facebook moved to React Native, a powerful promotion.

Google didn’t stand separated; they saw the immense popularity of RN. Subsequently, Google presented an alpha version of its hybrid framework called Flutter in 2017. Flutter likewise turned into an extremely famous framework. The improvement of a framework like React Native prompts confusion over what to decide for hybrid mobile app development:

React Native or Flutter? Nonetheless, there’s another significant inquiry which you ought to choose before this: Is it better to develop a hybrid or native mobile apps?

Both cross- platform application has its upsides and downsides and prevalence

Flutter

Flutter is an open-source mobile application development Software tool sh that has design & created by Google. It had its main release in May 2017. Flutter has composed into the C, C++, Dart, and Skia Graphics Engine. Flags have been created by Google. Creating Android and Android applications is additionally utilized. The SDK is free and sent off as a source designer to explore and make strong, powerful applications around.

Why choose to Flutter for Android and iOS mobile application development?

Cross-platform

Hot Reload

High compatibility with programming languages

Faster and improved native performance

Appealing UI

Accessible SDKs and native features

The functional and reactive framework

 React Native

React Native is a structural framework made by Facebook that permits us to foster local mobile applications for iOS and Android with a solitary JavaScript codebase.

React native is a genuine mobile application, additionally open-source application development system which is created by Facebook. Rouse that ideas should be created on the web for mobile development. Reactive native is accustomed to making iOS and Android applications. IT was delivered in March 2015. In such a manner, JavaScript is created. Notwithstanding, the application appearance is by all accounts a native app.

Why choose to React Native forAndroid and iOS app development?

Seamless and synchronous API

Seamless and synchronous API

Quick performance

Greater reach

Which is Better: Flutter or React Native?

Flutter ranks positions higher with 75.4% and React Native likewise cut with 62.5% among most cherished frameworks.

Both Flutter and React Native are famous and exceptionally used by the application developers for the development of cross-platform applications. Every single one of them has their one-of-a-kind upsides and downsides, stability in development, speed, and much more.

Flutter is a new framework, and it is expanding and growing slowly and gradually. Compared to Flutter, React Native is in the industry for a long time now. Hence, it is mature enough that leading brands have experienced its benefits of it. While Flutter is yet to have such strong case studies.

The choice of the right framework can be best done based on your mobile app requirements.

Flutter is new in the framework market, and it is extending and developing gradually and slowly. Contrasted with Flutter, React Native is in the business for quite a while now. Thus, mature an adequate number of leading brands have encountered its advantages of it. While Flutter is yet to have areas of strength for such investigations study.

How to Fix GA4 Google Analytics 4 setup?

How to Fix GA4 Google Analytics 4 setup?

If you're facing issues with your GA4 Google Analytics 4 setup, here are some steps you can take to troubleshoot and fix common problems:

If you need Google Analytics 4 Expert you Can Check on Fiverr Gig

1. Verify your tracking code implementation: Ensure that you have correctly implemented the GA4 tracking code on your website or app. Double-check that the code snippet is placed on all relevant pages and that it is firing correctly. You can use browser extensions or developer tools to inspect the code and verify if it's being executed properly.

2. Check for data processing delays: It's important to note that there can be delays in data processing in GA4. If you recently set up GA4 or made changes to your implementation, allow some time for the data to propagate and become available in your reports. Generally, it can take a few hours or up to 24-48 hours for data to appear.

3. Confirm data collection settings: Review your data collection settings in GA4. Ensure that you have enabled the necessary data collection options, such as events, conversions, user properties, or enhanced measurement features, depending on your requirements. Make sure that you haven't accidentally disabled any crucial data collection settings.

4. Verify event and parameter mappings: Check your event and parameter mappings to ensure they are correctly configured. GA4 allows you to customize events and parameters to track specific actions or behaviors on your website or app. Verify that the events and parameters you expect to see in your reports are being sent correctly from your tracking implementation.

5. Test events and conversions: Manually trigger the events and conversions that you want to track in GA4 to confirm if they are being recorded accurately. You can use tools like Google Tag Assistant or the GA4 DebugView to help troubleshoot and monitor the events being sent from your website or app.

6. Review data filters and exclusions: If you have set up any data filters or exclusions in GA4, ensure that they are correctly configured. Improperly configured filters or exclusions can impact data accuracy or prevent certain data from being recorded. Double-check your settings and adjust them as needed.

7. Check for data discrepancies: Compare the data in GA4 with other analytics tools or data sources to identify any discrepancies. Differences in data can occur due to various factors like data sampling, tracking discrepancies, or configuration issues. Investigate the discrepancies to pinpoint potential problems and address them accordingly.

8. Consult documentation and resources: Review the official Google Analytics documentation, forums, or support resources for additional troubleshooting guidance. The Google Analytics Help Center and the GA4 community can provide valuable insights and solutions to common setup issues.

9. Seek professional assistance if needed: If you've exhausted all troubleshooting options and still can't resolve the issues with your GA4 setup, consider reaching out to a Google Analytics expert or consulting with the Google Analytics support team for further assistance.

Remember to test any changes or fixes in a controlled environment and monitor the impact to ensure accurate data collection and reporting in GA4.

Check my Website: www.freelancermostafizur.com

Check my Facebook Page: https://www.facebook.com/fixga4setupgoogleanalytics4expert

Check LinkedIn: www.LinkedIn.com

#ga4 #fixga4 #googleanalytics #setupgoogleanalytics4 #setupga4 #setup #ga4 #fix #fiverr #fmrdigitalmarketingagency #agencyowner

10 Secret AI Tools That Will Increase Your Success! 2023 https://www.youtube.com/watch?v=08h9cXDaCFI These are 10 secret AI-powered tools that will give you a competitive advantage and increase your success! Subscribe! ▶ https://www.youtube.com/@BrettInTech Share This Video ▶ https://youtu.be/08h9cXDaCFI “Best AI Tools” Playlist https://www.youtube.com/playlist?list=PLunpbmfrhFAU9lBdnMef8rzA8JEJmB4wA MORE VIDEOS TO WATCH: o 10 Fun Websites to Cure Your Boredom Online! - https://youtu.be/90jykY63Ssg o Top 10 Best Free Software For Your Computer - https://youtu.be/yW2io0TwDMQ o 10 Useful AI Tools You’ll Actually Want to Use - https://youtu.be/fLh0ZaLfPjk o 10 Amazon Prime Benefits You Might Not Be Using - https://youtu.be/K7mubx6Dbec o Top 10 Best Netflix Original Movies to Watch Now! - https://youtu.be/CdS0S9U7n4o 0:00 Intro 0:05 Image Generation 0:55 Storytelling Platform 1:40 Customer Insights Repository 2:18 Build AI Apps with No Code 2:58 Evidence-Based Answers 3:44 Video Generator 4:22 Summarize Text 5:04 100+ AI Tools 5:30 Web Scraping Tool 6:17 Communication Coach Stockimg AI: https://stockimg.ai/ Tome: https://tome.app/ Insight7: https://insight7.io/ brancher.ai: https://ift.tt/yHzgNDb Consensus: https://consensus.app/ Synthesia: https://ift.tt/VBhSL2P Summari: https://ift.tt/fHmAt6d Vondy: https://www.vondy.com/ Browse AI: https://www.browse.ai/ Poised: https://www.poised.com/ Twitter: https://twitter.com/BrettInTech Facebook: https://ift.tt/FfneqvJ Brett In Tech is a leading source for the technology that we use each day. Whether it’s discussing computer operating system tricks, the latest tips for your mobile phone, finding out about the newest gadgets, or letting you know about the best most useful AI tools and websites, Brett In Tech has boundless topics on technology for the astute YouTube viewer.

extremely long post below the cut, please read the entire thing b4 brashly doing anything. there's a lot and there is scaling difficulty with the steps you can take.

it's actually better for android users to debloat their phones than to just turn off settings — if done correctly, you're able to fully uninstall apps from your phone.

we already know that, after Facebook being put on trial in 2012 (settled in 2022 for a measely $90m out of their $590b) due to their tracking settings — even if off — are still running. even if you turn phone settings off, apps are able to "see" one another and collect data that way. including your keyboard. i repeat:

YOUR PRE-INSTALLED PHONE KEYBOARD IS A DATA COLLECTOR

the issue is that debloating your phone takes a little know-how, and you need a PC to do it. you cannot just "disable" apps from your phone, they're still functional at some capacity.

i REALLY recommend using UAD (Universal Android Debloater) if possible. which, again, requires a computer — i also recommend that you entirely stop using any and all Google services. i am talking down to: Learning How to Read A Map

no more google maps. yes, it's a total pain in the ass, but data collection is not a joke. gmail is a data collector, YouTube is a data collector any form of docs/sheets is a collector, and again:

i cannot fucking stress this enough.

YOUR PRE-INSTALLED KEYBOARD COLLECTS YOUR KEYSTROKE DATA.

IT. TRACKS. WHAT. YOU. ARE. TYPING.

this link has installation instructions for UAD — this is to debloat your phone, focusing on unnecessary Samsung and Google apps. the major 2 problems are: you will need a computer, and you will need to learn how to use GitHub thru YT tutorials.

learning how to use GitHub will be extremely important for protecting your PC as well from Windows bullshit

🗣️DO THIS FIFTH🗣️

a chart of what apps to uninstall and what they do:

(there are also some other ways to stop/uninstall apps on this post, but i don't know the details behind them and recommend you look into them yourself if you can't use UAD)

🗣️DO THIS FOURTH🗣️

for a Google Play Store replacement:

list of games available on fdroid:

🗣️DO THIS FIRST🗣️

for a non-tracking QWERTY, QWERTZ, AZERTY, Kurdish QWERTY, Russian, and more keyboard:

for a non-tracking Japanese 3x4 keyboard:

🗣️DO THIS SECOND🗣️

NewPipe is the YT alternative; this app prevents Google from collecting your IP and you no longer have 1) ads 2) to login 3) afk prompts to check if "you're still there".

🗣️DO THIS THIRD🗣️

USE FIREFOX AND TOR. set your default search engine to DuckDuckGo on FF

(there's actually discussion on whether or not firefox is completely trustworthy on mobile due to their code not being entirely opensource. something to do with working with google. the f-droid alternative is Fennec)

also please read a bit about how to properly use Tor; the tldr is to not login to anything — social media, emails, news sites — while using it

an endnote:

you do NOT have to do this all at once; i started out with swapping my keyboard and YT over first. i'd recommend at least doing your keyboard.

i just recently swapped to fdroid and installed Tor. i'm currently swapping out all of my gmail accounts for protonmail, tutamail, and mailfence.

i haven't even opened UAD yet, as i'm still in the process of finding app equivalents on fdroid and untangling myself from google services.

these will ALL take time getting used to — it sucks and the keyboards are absolutely not as efficient, but that's because there are no installed keyloggers. do not let laziness borne out of ease of use from proprietary apps and software prevent you from protecting yourself. i cannot stress this enough : do not be lazy about this.

r/privacy, r/cybersecurity, and privacyguides are great places to get started in understanding how to protect yourself online. i definitely recommend you start looking into how to do so on your PC as well, if you've got one

as for iOS users?

you're shit outta luck.

anyway yeah DELETE YOUR FUCKING ADVERTISING IDS

Android:

Settings ➡️ Google ➡️ all services ➡️ Ads ➡️ Delete advertising ID

(may differ slightly depending on android version and manufacturer firmware. you can't just search settings for "advertising ID" of course 🔪)

iOS:

Settings ➡️ privacy ➡️ tracking ➡️ toggle "allow apps to request to track" to OFF

and ALSO settings ➡️ privacy ➡️ Apple advertising ➡️ toggle "personalized ads" to OFF

more details about the process here via the EFF

If you live in Russia, there’s no avoiding Yandex. The tech giant—often referred to as “Russia’s Google”—is part of daily life for millions of people. It dominates online search, ride-hailing, and music streaming, while its maps, payment, email, and scores of other services are popular. But as with all tech giants, there’s a downside of Yandex being everywhere: It can gobble up huge amounts of data.

In January, Yandex suffered the unthinkable. It became the latest in a short list of high-profile firms to have its source code leaked. An anonymous user of the hacking site BreachForums publicly shared a downloadable 45-gigabyte cache of Yandex’s code. The trove, which is said to have come from a disgruntled employee, doesn’t include any user data but provides an unparalleled view into the operation of its apps and services. Yandex’s search engine, maps, AI voice assistant, taxi service, email app, and cloud services were all laid bare.

The leak also included code from two of Yandex’s key systems: its web analytics service, which captures details about how people browse, and its powerful behavioral analytics tool, which helps run its ad service that makes millions of dollars. This kind of advertising system underpins much of the modern web’s economy, with Google, Facebook, and thousands of advertisers relying on similar technologies. But the systems are largely black holes.

Now, an in-depth analysis of the source code belonging to these two services, by Kaileigh McCrea, a privacy engineer at cybersecurity firm Confiant, is shedding light on how the systems work. Yandex’s technologies collect huge volumes of data about people, and this can be used to reveal their interests when it is “matched and analyzed” with all of the information the company holds, Confiant’s findings say.

McCrea says the Yandex code shows how the company creates household profiles for people who live together and predicts people's specific interests. From a privacy perspective, she says, what she found is “deeply unsettling.” “There are a lot of creepy layers to this onion,” she says. The findings also reveal that Yandex has one technology in place to share some limited information with Rostelecom, the Russian-government-backed telecoms company.

Yandex’s chief privacy officer, Ivan Cherevko, in detailed written answers to WIRED’s questions, says the “fragments of code” are outdated, are different from the versions currently used, and that some of the source code was “never actually used” in its operations. “Yandex uses user data only to create new services and improve existing ones,” and it “never sells user data or discloses data to third parties without user consent,” he says.

However, the analysis comes as Russia’s tech giant is going through significant changes. Following Russia’s full-scale invasion of Ukraine in February 2022, Yandex is splitting its parent company, based in the Netherlands, from its Russian operations. Analysts believe the move could see Yandex in Russia become more closely connected to the Kremlin, with data being put at risk.

“They have been trying to maintain this image of a more independent and Western-oriented company that from time to time protested some repressive laws and orders, helping attract foreign investments and business deals,” says Natalia Krapiva, tech-legal counsel at digital rights nonprofit Access Now. “But in practice, Yandex has been losing its independence and caving in to the Russian government demands. The future of the company is uncertain, but it’s likely that the Russia-based part of the company will lose the remaining shreds of independence.”

Data Harvesting

The Yandex leak is huge. The 45 GB of source code covers almost all of Yandex’s major services, offering a glimpse into the work of its thousands of software engineers. The code appears to date from around July 2022, according to timestamps included within the data, and it mostly uses popular programming languages. It is written in English and Russian, but also includes racist slurs. (When it was leaked in January, Yandex said this was “deeply offensive and completely unacceptable,” and it detailed some ways that parts of the code broke its own company policies.)

McCrea manually inspected two parts of the code: Yandex Metrica and Crypta. Metrica is the firm’s equivalent of Google Analytics, software that places code on participating websites and in apps, through AppMetrica, that can track visitors, including down to every mouse movement. Last year, AppMetrica, which is embedded in more than 40,000 apps in 50 countries, caused national security concerns with US lawmakers after the Financial Times reported the scale of data it was sending back to Russia.

This data, McCrea says, is pulled into Crypta. The tool analyzes people’s online behavior to ultimately show them ads for things they’re interested in. More than 300 “factors” are analyzed, according to the company’s website, and machine learning algorithms group people based on their interests. “Every app or service that Yandex has, which is supposed to be over 90, is funneling data into Crypta for these advertising segments in one form or another,” McCrea says.

Some data collected by Yandex is handed over when people use its services, such as sharing their location to show where they are on a map. Other information is gathered automatically. Broadly, the company can gather information about someone’s device, location, search history, home location, work location, music listening and movie viewing history, email data, and more.

The source code shows AppMetrica collecting data on people’s precise location, including their altitude, direction, and the speed they may be traveling. McCrea questions how useful this is for advertising. It also grabs the names of the Wi-Fi networks people are connecting to. This is fed into Crypta, with the Wi-Fi network name being linked to a person’s overall Yandex ID, the researcher says. At times, its systems attempt to link multiple different IDs together.

“The amount of data that Yandex has through the Metrica is so huge, it's just impossible to even imagine it,” says Grigory Bakunov, a former Yandex engineer and deputy CTO who left the company in 2019. “It's enough to build any grouping, or segmentation of the audience.” The segments created by Crypta appear to be highly specific and show how powerful data about our online lives is when it is aggregated. There are advertising segments for people who use Yandex’s Alice smart speaker, “film lovers” can be grouped by their favorite genre, there are laptop users, people who “searched Radisson on maps,” and mobile gamers who show a long-term interest.

McCrea says some categories stand out more than others. She says a “smokers” segment appears to track people who purchase smoking-related items, like e-cigarettes. While “summer residents” may indicate people who have holiday homes and uses location data to determine this. There is also a “travelers” section that can use location data to track whether they have traveled from their normal location to another—it includes international and domestic fields. One part of the code looked to pull data from the Mail app and included fields about “boarding passes” and “hotels.”

Some of this information “doesn’t sound that unusual” for online advertising, McCrea says. But the big question for her is whether creating personalized adverting is a good enough reason to collect “this invasive level of information.” Behavioral advertising has long followed people around the web, with companies hoovering up people’s data in creepy ways. Regulators have failed to get a grip on the issue, while others have suggested it should be banned. “When you think about what else you could do, if you can make that kind of calculation, it's kind of creepy, especially in Russia,” McCrea says. She suggests it is not implausible to create segments for military-aged men who are looking to leave Russia.

Yandex’s Cherevko says that grouping users by interests is an “industry standard practice” and that it isn’t possible for advertisers to identify specific people. Cherevko says the collection of information allows people to be shown specific ads: “gardening products to a segment of users who are interested in summer houses and car equipment to those who visit gas stations.” Crypta analyzes a person’s online behavior, Cherevko says, and “calculates the probability” they belong to a specific group.

“For Crypta, each user is represented as a set of identifiers, and the system cannot associate them with a natural person in the real world,” Cherevko claims. “This kind of set is probabilistic only.” He adds that Crypta doesn’t have access to people’s emails and says the Mail data in the code about boarding passes and hotels was an “experiment.” Crypta “received only de-identified information about the category from Mail,” and the method has not been used since 2019, Cherevko says. He adds that Yandex deletes “user geolocation” collected by AppMetrica after 14 days.

While the leaked source code offers a detailed view of how Yandex’s systems may operate, it is not the full picture. Artur Hachuyan, a data scientist and AI researcher in Russia who started his own firm doing analytics similar to Crypta, says he did not find any pretrained machine learning models when he inspected the code or references to data sources or external databases of Yandex’s partners. It’s also not clear, for instance, which parts of the code were not used.

McCrea’s analysis says Yandex assigns people household IDs. Details in the code, the researcher says, include the number of people in a household, the gender of people, and if they are any elderly people or children. People’s location data is used to group them into households, and they can be included if their IP addresses have “intersected,” Cherevko says. The groupings are used for advertising, he says. “If we assume that there are elderly people in the household, then we can invite advertisers to show them residential complexes with an accessible environment.”

The code also shows how Yandex can combine data from multiple services. McCrea says in one complex process, an adult’s search data may be pulled from the Yandex search tool, AppMetrica, and the company’s taxi app to predict whether they have children in their household. Some of the code categorizes whether children may be over or under 13. (Yandex’s Cherevko says people can order taxis with children’s seats, which is a sign they may be “interested in specific content that might be interesting for someone with a child.”)

One element within the Crypta code indicates just how all of this data can be pulled together. A user interface exists that acts as a profile about someone: It shows marital status, their predicted income, whether they have children, and three interests—which include broad topics such as appliances, food, clothes, and rest. Cherevko says this is an “internal Yandex tool” where employees can see how Crypta’s algorithms classify them, and they can only access their own information. “We have not encountered any incidents related to access abuse,” he says.

Government Influence

Yandex is going through a breakup. In November 2022, the company’s Netherlands-based parent organization, Yandex NV, announced it will separate itself from the Russian business, following Russia’s invasion of Ukraine. Internationally, the company, which will change its name, is planning to develop self-driving technologies and cloud computing, while divesting itself from search, advertising, and other services in Russia. Various Russian businessmen have been linked to the potential sale. (At the end of July, Yandex NV said it plans to propose its restructuring to shareholders later this year.)

While the uncoupling is being worked out, Russia has been trying to consolidate its control of the internet and increasing censorship. A slew of new laws requires more companies and government services in the country to use home-grown tech. For instance, this week, Finland and Norway’s data regulators blocked Yandex’s international taxi app from sending data back to Russia due to a new law, which comes into force in September, that will allow the Federal Security Service (FSB) access to taxi data.

These nationalization efforts coupled with the planned ownership change at Yandex are creating concerns that the Kremlin may soon be able to use data gathered by the company. Stanislav Shakirov, the CTO of Russian digital rights group Roskomsvoboda and founder of tech development organization Privacy Accelerator, says historically Yandex has tried to resist government demands for data and has proved better than other firms. (In June, it was fined 2 million rubles ($24,000) for not handing data to Russian security services.) However, Shakirov says he thinks things are changing. “I am inclined to believe that Yandex will be attempted to be nationalized and, as a consequence, management and policy will change,” Shakirov says. “And as a consequence, user data will be under much greater threat than it is now.”

Bakunov, the former Yandex engineer, who reviewed some of McCrea’s findings at WIRED’s request, says he is scared by the potential for the misuse of data going forward. He says it looks like Russia is a “new generation” of a “failed state,” highlighting how it may use technology. “Yandex here is the big part of these technologies,” he says. “When we built this company, many years ago, nobody thought that.” The company’s head of privacy, Cherevko, says that within the restructuring process, “control of the company will remain in the hands of management.” And its management makes decisions based on its “core principles.”

But the leaked code shows, in one small instance, that Yandex may already share limited information with one Russian government-linked company. Within Crypta are five “matchers” that sync fingerprinting events with telecoms firms—including the state-backed Rostelecom. McCrea says this indicates that the fingerprinting events could be accessible to parts of the Russian state. “The shocking thing is that it exists,” McCrea says. “There's nothing terribly shocking within it.” (Cherevko says the tool is used for improving the quality of advertising, helping it to improve its accuracy, and also identifying scammers attempting to conduct fraud.)

Overall, McCrea says that whatever happens with the company, there are lessons about collecting too much data and what can happen to it over time when circumstances change. “Nothing stays harmless forever,” she says.

React vs Vue vs Angular: Which One Should You Use in 2025

Overview: (React)

React continues to dominate the frontend development world in 2025, offering developers unmatched flexibility, performance, and community support. Built and maintained by Meta (formerly Facebook), React has matured into a robust UI library that startups and tech giants use.

What Is React?

React is an open-source JavaScript library designed for building fast, interactive user interfaces, primarily for single-page applications (SPAs). It's focused on the "View" layer of web apps, allowing developers to build encapsulated, reusable components that manage their state.

With the release of React 18 and innovations like Concurrent Rendering and Server Components, React now supports smoother UI updates and optimized server-side rendering, making it more future-ready than ever.

Key Aspects

Component-Based Architecture: React's modular, reusable component structure makes it ideal for building scalable UIs with consistent patterns.

Blazing-Fast UI Updates: Thanks to the virtual DOM, React efficiently updates only what's changed, ensuring smooth performance even in complex apps.

Hooks and Functional Components: With modern features like React Hooks, developers can manage state and lifecycle behavior cleanly in functional components—there is no need for class-based syntax.

Concurrent Rendering: React 18 introduced Concurrent Mode, improving performance by rendering background updates without blocking the main thread.

Massive Ecosystem: From Next.js for SSR to React Native for mobile apps, React integrates with an enormous ecosystem of tools, libraries, and extensions.

Overview (Aue)

Vue.js continues to be a strong contender in the frontend framework space in 2025, primarily for developers and teams seeking simplicity without sacrificing power. Created by Evan You, Vue has grown into a mature framework known for its clean syntax, detailed documentation, and ease of integration.

What Is Vue?

Vue is a progressive JavaScript framework for building web user interfaces. Its design philosophy emphasizes incrementality—you can use Vue for a small feature on a page or scale it up into a full-fledged single-page application (SPA).

With Vue 3 and the Composition API, Vue has evolved to offer better modularity, TypeScript support, and reusability of logic across components.

Key Aspects

Lightweight and Fast: Vue has a small footprint and delivers high performance out of the box. It's fast to load, compile, and render, making it an excellent choice for performance-sensitive projects.

Simple Integration: Vue can be dropped into existing projects or used as a complete app framework. It works well with legacy systems and new apps alike.

Easy to Learn: Vue's gentle learning curve and readable syntax make it a top choice for beginners and teams with mixed skill levels.

Composition API: The Composition API in Vue 3 allows for better code reuse and more scalable application architecture, similar to React's hooks.

Overview (Angular)

Angular, developed and maintained by Google, remains a top choice for enterprise-level applications in 2025. As a fully integrated framework, Angular provides all the tools a development team needs to build large-scale, maintainable apps out of the box.

What Is Angular?

Angular is a TypeScript-based frontend framework that includes built-in solutions for routing, state management, HTTP communication, form handling, and more. Unlike React or Vue, Angular is opinionated and follows strict architectural patterns.

Angular 17 (and beyond) introduces Signals, a new reactive system designed to improve state management and performance by offering more predictable reactivity.

Key Aspects:

All-in-One Framework: Angular offers everything you need—from routing to testing—without needing third-party libraries. This consistency is great for large teams.

Strong Typing with TypeScript: TypeScript is the default language in Angular, making it ideal for teams that prioritize type safety and tooling.

Ideal for Enterprises: With its structured architecture, dependency injection, and modular system, Angular is built for scalability, maintainability, and long-term project health.

Improved Performance: Angular 17 introduces Signals, improving reactive programming, rendering speed, and resource efficiency.

Angular Drawbacks

A steep learning curve due to its complex concepts like decorators, DI, zones, etc.

More verbose code compared to Vue and React.

Slower adoption in smaller teams and startups.

Which One Should Use

If you're looking for simplicity and speed, especially as a solo developer or on smaller projects, Vue.js is your best bet. Its gentle learning curve and clean syntax make it ideal for quick development and maintainable code.

For scalable, dynamic applications, React strikes the perfect balance. It offers flexibility, a vast ecosystem, and strong community support, making it a top choice for startups, SaaS products, and projects that may evolve over time.

If you're building large-scale, enterprise-grade apps, Angular provides everything out of the box—routing, forms, state management—with a highly structured approach. It's TypeScript-first and built for long-term maintainability across large teams.

In short:

Choose Vue for ease and speed.

Choose React for flexibility and modern workflows.

Choose Angular for structure and enterprise power.

Flutter vs. React Native in 2025: Which Should You Choose?

In the evolving world of mobile application development services, two frameworks continue to dominate developer discussions in 2025 — Flutter and React Native. Both platforms offer cross-platform capabilities, robust community support, and fast development cycles, but deciding which to use depends on your project goals, team expertise, and long-term vision.

Let’s break down the pros, cons, and most recent updates to help you make the right decision.

🚀 What’s New in 2025?

🔹 Flutter in 2025

Flutter, developed by Google, has seen significant upgrades this year. Its support for multiplatform apps (web, mobile, desktop) is more stable than ever, with Flutter 4.0 emphasizing performance improvements and smaller build sizes.

Strengths:

Native-like performance due to Dart compilation

Single codebase for Android, iOS, Web, and Desktop

Rich UI widgets with high customization

Strong support for Material and Cupertino design

What’s new in 2025:

Enhanced DevTools for performance monitoring

Integrated AI components via Google's ML APIs

Faster cold-start performance on mobile apps

🔹 React Native in 2025

Backed by Meta (Facebook), React Native remains a strong contender thanks to its large community and JavaScript ecosystem. In 2025, React Native has tightened integration with TypeScript, and modular architecture has made apps more maintainable and scalable.

Strengths:

Hot reloading and fast iteration cycles

Large plugin ecosystem

Shared logic with web apps using React

Active open-source support

What’s new in 2025:

TurboModules fully implemented

Fabric Renderer is default, boosting UI speed

Easier integration with native code via JSI (JavaScript Interface)

📊 Performance & Stability

Flutter delivers better performance overall because it doesn't rely on a JavaScript bridge. This results in smoother animations and faster app startup.

React Native has narrowed the performance gap significantly with Fabric and TurboModules, but complex UIs may still perform better in Flutter.

🛠️ Development Speed & Ecosystem

Flutter provides a cohesive, “batteries-included” approach with everything bundled, which can reduce time spent finding third-party libraries.

React Native leverages the enormous JavaScript and React ecosystem, making it ideal for teams already using React for web development.

🎨 UI and Design Flexibility

Flutter has a clear edge when it comes to UI. Its widget-based architecture allows for highly customizable designs that look consistent across platforms. React Native relies more on native components, which can lead to slight inconsistencies in appearance between iOS and Android.

🤝 Community & Hiring Talent

React Native has a larger pool of developers due to its ties with JavaScript.

Flutter is catching up fast, especially among startups and companies focused on design-forward apps.

✅ When to Choose Flutter

You need a high-performance app with complex animations.

You want a unified experience across mobile, web, and desktop.

Your team is comfortable learning Dart or is focused on Google’s ecosystem.

✅ When to Choose React Native

Your team already uses React and JavaScript.

You need to rapidly prototype and iterate with existing web talent.

You're integrating heavily with native modules or third-party services.

💼 Final Thoughts

Both frameworks have matured immensely by 2025. The right choice depends on your specific project needs, existing team expertise, and your product roadmap. Whether you're building a lightweight MVP or a performance-intensive product, either tool can serve you well — with the right planning.

If you're unsure where to start, partnering with a reliable mobile application development company can help you assess your needs and build a roadmap that aligns with your business goals.

So, I want to start off by saying that I don't support Temu because it's part of the overall dropshipping issue and makes it harder on small businesses to actually compete. Also, they've had issues with products using stolen artwork. Plus, you cannot guarantee product quality.

HOWEVER

None of y'all checked the sources and it shows. The excerpts are from sites purposely using scaremongering and other shitty practices. The USAToday article mentioned in one of the images (thought they didn't screenshot the article itself) does this a little bit too but actually explains what Temu is and how it supposedly makes money.

Of course it tracks your information. It's tracking your information and phone usage almost the exact same way as Facebook, Amazon, and Google. And guess what? You can change and remove most of those settings yourself either in your phone's settings or with adblocking apps. This is unfortunately standard nowadays whenever you install most apps. Temu isn't doing anything new here.

Do none of you know what a pyramid scheme is? This was a massive thing in the 80s and 90s. Temu providing you with referral codes to try to get people to sign up and use their app is not. It's standard business practices nowadays. You know what is a pyramid scheme? Scentsy, Mary Kay, etc. Per Merriam-Webster, a pyramid scheme is "a usually illegal operation in which participants pay to join and profit mainly from payments made by subsequent participants". Basically, you make money recruiting people to sell a product or service, encourage them to recruit more people, and then earn a percentage off both the person you recruited and the person they recruited and so on

The reason their prices are so low is because they sell straight from the manufacturer, who is typically based in China and using shitty labor practices to produce their goods. There is no inspection process, there is no warehouse full of goods as stuff is made and then immediately shipped, and there is no one upping prices for the market. Of course you see "knock-offs" on there. 9 times out of 10, the products are all made by the same manufacturer but there is no business or marketing team to up the prices. It's part of why you see hundreds of the same product listed on Amazon and is called "dropshipping". This is also why it seems like there are so many fake products (don't get me wrong, there absolutely are but for the most part it's just shit all from the same manufacturers).

Temu, Ali Express, Wish, Alibaba, and other similar sites/apps all make their money from the fees they charge manufacturers to host their listings and from ad revenue. Amazon does similar and then nickels and dimes sellers out the ass per sale and when hitting certain sale thresholds. However, these sites also make a percentage of profits from shipping fees by offering the manufacturers a rate for creating shipping labels through them. Mercari does the same thing and usually it's actually cheaper to just ship the item yourself, but it partially boils down to convenience and having one less thing to worry about when selling.

Products are inevitably going to be shit quality. As I stated above, the products are coming straight from the manufacturers and there is nobody there inspecting or doing quality assurance.

TL;DR - there are plenty of reasons to dislike Temu and not use it, but it being a pyramid scheme isn't one of them. Please check your sources and do your own research folks.

keep seeing Temu ads on here so just to share cause idk if people are widely aware

React vs Vue vs Angular: Which One Should You Use in 2025

Overview: (React)

React continues to dominate the frontend development world in 2025, offering developers unmatched flexibility, performance, and community support. Built and maintained by Meta (formerly Facebook), React has matured into a robust UI library that startups and tech giants use.

What Is React?

React is an open-source JavaScript library designed for building fast, interactive user interfaces, primarily for single-page applications (SPAs). It's focused on the "View" layer of web apps, allowing developers to build encapsulated, reusable components that manage their state.

With the release of React 18 and innovations like Concurrent Rendering and Server Components, React now supports smoother UI updates and optimized server-side rendering, making it more future-ready than ever.

Key Aspects

Component-Based Architecture: React's modular, reusable component structure makes it ideal for building scalable UIs with consistent patterns.

Blazing-Fast UI Updates: Thanks to the virtual DOM, React efficiently updates only what's changed, ensuring smooth performance even in complex apps.

Hooks and Functional Components: With modern features like React Hooks, developers can manage state and lifecycle behavior cleanly in functional components—there is no need for class-based syntax.

Concurrent Rendering: React 18 introduced Concurrent Mode, improving performance by rendering background updates without blocking the main thread.

Massive Ecosystem: From Next.js for SSR to React Native for mobile apps, React integrates with an enormous ecosystem of tools, libraries, and extensions.

Code: App.jsx

Import React from 'react';

function App() {

return (

<div>

<h1>Hello, World! </h1>

</div>

);

}

export default App;

Entry Point: main.jsx

import React from 'react';

import ReactDOM from 'react-dom/client';

import App from './App.jsx';

ReactDOM.createRoot(document.getElementById('root')).render(

<React.StrictMode>

<App />

</React.StrictMode>

);

HTML Template: index.html

<!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8" />

<title>React App</title>

</head>

<body>

<div id="root"></div>

<script type="module" src="/main.jsx"></script>

</body>

</html>

Overview (Aue)

Vue.js continues to be a strong contender in the frontend framework space in 2025, primarily for developers and teams seeking simplicity without sacrificing power. Created by Evan You, Vue has grown into a mature framework known for its clean syntax, detailed documentation, and ease of integration.

What Is Vue?

Vue is a progressive JavaScript framework for building web user interfaces. Its design philosophy emphasizes incrementality—you can use Vue for a small feature on a page or scale it up into a full-fledged single-page application (SPA).

With Vue 3 and the Composition API, Vue has evolved to offer better modularity, TypeScript support, and reusability of logic across components.

Key Aspects

Lightweight and Fast: Vue has a small footprint and delivers high performance out of the box. It's fast to load, compile, and render, making it an excellent choice for performance-sensitive projects.

Simple Integration: Vue can be dropped into existing projects or used as a complete app framework. It works well with legacy systems and new apps alike.

Easy to Learn: Vue's gentle learning curve and readable syntax make it a top choice for beginners and teams with mixed skill levels.

Composition API: The Composition API in Vue 3 allows for better code reuse and more scalable application architecture, similar to React's hooks.

Code: App.vue

<template>

<div>

<h1>Hello, World! </h1>

</div>

</template>

<script setup>

</script>

<style scoped>

h1 {

color: #42b983;

}

</style>

Entry Point: main.js

import { createApp } from 'vue';

import App from './App.vue';

createApp(App).mount('#app');

HTML Template: index.html

<!DOCTYPE html>

<html lang="en">

<head>

<meta charset="UTF-8" />

<title>Vue App</title>

</head>

<body>

<div id="app"></div>

<script type="module" src="/main.js"></script>

</body>

</html>

Overview (Angular)

Angular, developed and maintained by Google, remains a top choice for enterprise-level applications in 2025. As a fully integrated framework, Angular provides all the tools a development team needs to build large-scale, maintainable apps out of the box.

What Is Angular?

Angular is a TypeScript-based frontend framework that includes built-in solutions for routing, state management, HTTP communication, form handling, and more. Unlike React or Vue, Angular is opinionated and follows strict architectural patterns.

Angular 17 (and beyond) introduces Signals, a new reactive system designed to improve state management and performance by offering more predictable reactivity.

Key Aspects:

All-in-One Framework: Angular offers everything you need—from routing to testing—without needing third-party libraries. This consistency is great for large teams.

Strong Typing with TypeScript: TypeScript is the default language in Angular, making it ideal for teams that prioritize type safety and tooling.

Ideal for Enterprises: With its structured architecture, dependency injection, and modular system, Angular is built for scalability, maintainability, and long-term project health.

Improved Performance: Angular 17 introduces Signals, improving reactive programming, rendering speed, and resource efficiency.

Angular Drawbacks

A steep learning curve due to its complex concepts like decorators, DI, zones, etc.

More verbose code compared to Vue and React.

Slower adoption in smaller teams and startups.

Project Setup:

bash

Copy

Edit

ng new hello-world-app

cd hello-world-app

ng serve

Component: app.component.ts

import { Component } from '@angular/core';

@Component({

selector: 'app-root',

template: `<h1>Hello, World! </h1>`,

styles: [`h1 { color: #dd0031; }`]

})

export class AppComponent {}

Module: app.module.ts

import { NgModule } from '@angular/core';

import { BrowserModule } from '@angular/platform-browser';

import { AppComponent } from './app.component';

@NgModule({

declarations: [AppComponent],

imports: [BrowserModule],

bootstrap: [AppComponent]

})

export class AppModule {}

Entry Point: main.ts

import { platformBrowserDynamic } from '@angular/platform-browser-dynamic';

import { AppModule } from './app/app.module';

platformBrowserDynamic().bootstrapModule(AppModule)

.catch(err => console.error(err));

Which One Should Use

If you're looking for simplicity and speed, especially as a solo developer or on smaller projects, Vue.js is your best bet. Its gentle learning curve and clean syntax make it ideal for quick development and maintainable code.

For scalable, dynamic applications, React strikes the perfect balance. It offers flexibility, a vast ecosystem, and strong community support, making it a top choice for startups, SaaS products, and projects that may evolve over time.

If you're building large-scale, enterprise-grade apps, Angular provides everything out of the box—routing, forms, state management—with a highly structured approach. It's TypeScript-first and built for long-term maintainability across large teams.

In short:

Choose Vue for ease and speed.

Choose React for flexibility and modern workflows.

Choose Angular for structure and enterprise power.