I keep hearing this one. But at least for EU, the eCall system requires external communication to be disabled until activated during serious accident. It cannot be used for tracking the vehicle in real-time.
> 2. The personal data processed pursuant to this Regulation shall only be used for the purpose of handling the emergency situations referred to in the first subparagraph of Article 5(2).
> Manufacturers shall provide clear and comprehensive information in the owner's manual about the processing of data carried out through the 112-based eCall in-vehicle system. That information shall consist of:
> the fact that there is no constant tracking of the vehicle;
That vehicle nowadays are equipped with always-on internet and microphones is not related to remote assistance.
Your car if new enough, IS reporting its diagnostics including GPS via cell. All the time. This isn’t exactly personally identifiable so they get away with it just fine.
This is unrelated to the microphones and assistance systems.
There are two definitions: a) Personal Data and b) Emergency Situations
What is an emergency situation and how can a car determine it is one? These are "smart" cars which aren't nowadays smart enough to process all your data locally, so that data is sent to servers elsewhere which process if either points a) or b) apply.
It is your choice to believe that voice data is ever deleted once acquired by governments and entities thirsty to benefit from that information.
For security experts this is just another "I told you so" within a few years.
Emergency situations are defined by two situations: severe accidents and manual press of the button. Article 6 covers the data being sent, Article 5 covers the manufacturer's obligations. Your audio during the accident and your last three locations may leak, but the eCall system is not designed for a permanent phone-home system. If I remember correctly, you can't even use the eCall SIM for tracking as that'd encourage people to disable safety features.
All the things you are talking about, permanent phone-home, tracking of location, audio and video, driving habits, are tracked, sent and resold. That's what smart cars do. But it is not done through the eCall system. See it from the company perspective: why would they risk penalties for non-compliance when they can gather and resell all personal data with no risks using their own system instead of a safety one?
I stated that the microphone and network access installed on modern car for emergency situations can and will be used 24/7 when deemed "necessary" for your "security".
> Anyone who uses BitTorrent to transfer files automatically uploads content to other people, as it is inherent to the protocol. In other words, the uploading wasn’t a choice, it was simply how the technology works.
What an argument to make in court. It can be proved false in minutes by the plaintiffs.
Seeding is opt-out, not opt-in… but it is usually a default that has to actively manually overridden. Most users never touch those settings. The average pirate downloading a torrent is seeding whether they know it or not.
The protocol absolutely does not enforce seeding. A client can lie to the tracker, cap upload to 0k. BitTorrent has no mechanism to compel one to share. Leeching a file, downloading and sharing no forward packets is possible. While the "social contract" of seeding is entirely a norm enforced by private trackers and community shame. It is not the protocol itself.
you're uploading before seeding, and i'm willing to bet Meta weren't seeding but, as they correctly stated in that regard, they're sharing even when they try their best not to because of the way the protocol works as zero-upload is typically impractical for any significant size files
some trackers will additionally penalise you for not sharing file parts, but this depends on the tracker
If you try to download any significant file with zero-upload, you will run out of peers that will share with you much earlier than you will download the file. It's not practical.
Most people that speak of leeching or not seeding really are talking about not seeding at all after they've completed. In fact, most clients will let you set upload speeds to a trickle but not zero (zero means unlimited in most clients). From a legal standpoint, that already means you uploaded.
It’s true that most clients do not support a zero upload configuration, but it’s not inherent to the protocol, and modified clients exist.
I’m not aware of any clients that will refuse to share data with clients that are configured to not upload. I don’t even see how they could determine that, especially in situations where there are no other peers to upload to, and given that stats are entirely self-reported and clients that send bogus numbers exist.
You would need a central tracker that cares, which is what private torrent communities rely on, but not public/DHT torrents such as those discussed here.
You’re correct about seeds, but peers who are also downloading will often stop sharing with you if you stop sharing with them. Seeds generally are configured to try to give different pieces to different peers so that they can send them to each other and reduce load on the seed; they don’t want to give you the entire file directly unless you’re the only person downloading. And peers prioritize and filter which other ones they’ll send pieces to based on reciprocity.
You will probably get the data eventually, and it really depends on the composition and configuration of the swarm, but generally, you do need to upload if you want to ensure the fastest and most reliable download.
Long-running torrents are mostly populated by seeders. Bit torrent was originally designed for a lot of downloaders to get a file at the same time with limited seeding bandwidth, so leechers would need to trade with each other a lot, but that's not really the situation most torrents are in today.
You can, but you will slow down your own downloads dramatically by doing so. In some cases you will fail to finish them.
The case for doing this would be just so you can have this ridiculous legal defence Meta seem to be trying to pull out. Really no other good reason. Even for the most parasitic leeches, zero upload is a bad strategy.
"tit-for-tat" trading of chunks only happens between peers that both are actively downloading. Seeding nodes just let anybody leech.
You totally CAN disable all uploads in the torrent protocol. Just set the "upload budget" to zero in most clients. Just nobody realizes they can do that.
Bittorrent is wildly successful in part because every popular client makes it nontrivial to "opt out" of it's more socialist components (chunk trading, DHT participation, seeding by default).
Making an "leech behavior only" torrent client is straightforward and viable.
Tit-for-tat kicks in. It's fine for smaller files to just jump peers with zero upload, but i reckon Meta would have found it challenging to download very large files without sharing. It's certainly much faster if you don't get throttled or banned by many peers.
> i reckon Meta would have found it challenging to download very large files without sharing. It's certainly much faster if you don't get throttled or banned by many peers.
You're not that likely to get throttled by seeds though, and most torrents that are downloadable at all have a few seeds. Seeds have no way of verifying whether you're contributing the network, they're just there because someone (implicitly) decided to make the file available to whomever drops by and asks for it.
they'd most certainly go for very large curated collections like those of Anna's Archives, we're talking about 10s or 100s of TBs per archive
going 1 by 1 would be quite the exercise in itself considering just how much variety of formats, styles, crap added in the files, random password crapware, etc etc you find for anything other than the most trendy stuff
I can't believe that no one has ever tried that one before... So do we now roll back all of the previous copyright cases where downloading music with bittorrent has been prosecuted?
> So do we now roll back all of the previous copyright cases where downloading music with bittorrent has been prosecuted
No, because those cases were pirating-while-poor. This is pirating-while-trillion-dollar-corporation, which falls under a completely different section of the law.
At this stage, you are going to far in claiming that. So far, all that happened is that Meta's lawyers claimed it was fair use. They are paid to try every argument they can think of that might work. Just because they make the argument doesn't mean the court will find it has any merit.
Meta has so much money, even if they end up paying they’ll probably barely be affected. In that case, actually GP is wrong and it’s the same law, but still different outcomes (like “neither poor nor rich may sleep on public benches…”)
While you are correct that a decision on this specific case is still pending, your parent comment does have a point that breaking the law while rich and while poor have very different outcomes. Also, no way they’re going to roll back all previous cases. So the joke works now, no need to wait.
From my understanding, Meta's use of the pirated book was accepted as fair use and the plaintiffs admitted to no harm. In the case of pirated music and films, neither of those points are made. Copyright holders assume people who pirate would have bought the content, usually even assuming that one download is one lost sale. And I am not aware of a single case where watching or listening to pirated content was accepted as fair use.
It is interesting to follow how this plays out for Meta and how that will impact future cases.
One of the underlying issues is that punitive damages seem to be the norm in US courts.
In the UK you can only claim for the actual damages incurred, which at most will be the profit you would've made on the sale of that book. Which makes most claims for private infringement uneconomical for corporations.
Note though that the court can award more than this in some circumstances. From the Copyright, Designs and Patents Act of 1988, section 97 [1]:
(2) The court may in an action for infringement of copyright having regard to all the circumstances, and in particular to—
(a)the flagrancy of the infringement, and
(b)any benefit accruing to the defendant by reason of the infringement, award such additional damages as the justice of the case may require.
I think most copyright systems have some provision for damages beyond lost profits, because if they did not what incentive would there be to not infringe?
I don’t get that, the use of these books was instrumental and necessary for the success of the training run. The expected value of these training runs is high as the build out of 100 billion+ infrastructure demonstrates, so the book publishers should at a minimum be paid a licensing fee, a small fraction of every inference run revenue or whatever they decide. The fact that authors and publishers didn’t get any say under what conditions their intellectual property can be used is pretty outrageous.
The conclusion was they suffered no legal harm, in that their interests such as their continued publishing of books was not affected by LLMs; no one is using AI to compete with publishers, if anything "authors" might very well use those same publishers to get their generated books on shelves.
So pretty much the same as the Authors Guild, Inc. v. Google, Inc. case ruling it as fair use as a transformative work. I mean if indexing the worlds books is transformative then a neural net run on them certainly is a transformative work and fair use.
We consumers just need BiTorrent clients that come with LLM training code incorporated, as that transforms the downloads into fair use (according to the very expensive Meta legal team).
When I pull the trigger and the bullet kills an another person, it is just how technology works. Why would I be responsible if I choose to use it or not?
My client didn't "buy" illegal drugs. He received illegal drugs. But anyone who makes a drug deal automatically sends money to the drug dealer, as inherent of the protocol. In other words, "giving money for drugs" wasn't a choice, it was simply how drug deals work.
That is client dependent. On rtorrent, there is a separate "off" setting for the speed throttle that means "no throttle" with the result that "zero" actually means "no uploading".
Let's assume he does and is very successful, he makes $1T. Then what? Giving it all away won't resolve growing inequalities. Using it to influence medias and politics?
Because obviously anyone who disagrees with the system is a toddler. What shaped your mindset? Are you a temporarily embarrassed millionaire thinking that defending Bezos and the likes will put you at the table with them? You know you can respect them without simping for them, right? You’re a maggot to them, just another dust particle.
Neither will an ESP32 that needs permanent internet acccess and relies on a publicly available API usually running on Linux servers. Running on a realtime OS is not relevant for zclaw.
Can you code up a quick sqlite database of inbound emails receieved (md5 hashed sender email), subject, body + what your claw's response would have been, if any. A simple dashboard where have to enter your hashed email to display the messages and responses.
I understand not sending the reply via actual email, but the reply should be visible if you want to make this fair + an actual iterative learning experiment.
No it is not. You would need an md5 preimage attack to go from md5sum to email (what I assume you mean by 'brute force')
To prove my point, c5633e6781ede1aea59db6f76f82a365 is the md5sum of an email address. What's the email address?
If the attacker already knows a given input email ('foo@gmail.com'), then any hash algorithm will identically let them see the emails.
The problem with the above proposal isn't related to hashing, it's that the email address is being used as a password to see sent contents, which seems wrong since email addresses are effectively public.
You’re ofc technically correct about preimage resistance in the abstract, but that’s not the relevant threat model:
MD5 preimage over a uniform 128-bit space is infeasible. Emails are not uniform 128-bit values. They’re low-entropy, structured identifiers drawn from a predictable distribution.
Attackers don’t search 2^128. They search realistic candidates.
Emails are lowercase ASCII, structured as local@domain, domains come from a small known set, usernames follow common patterns, and massive breach corpora already exist. If you’ve ever used John/Hashcat, you know the whole game is shrinking the search space.
Given a large dataset of MD5(email): Precompute common emails, generate likely patterns, restrict by known domains, use leaked datasets, distributed GPU it. I.e, relatively cheap
if the attacker already suspects a specific email, MD5 gives them a perfect equality test. That alone kills privacy.
So unsalted MD5(email) is not protection. It’s a stable public identifier that enables membership testing, cross-dataset linkage, re-ID, and doxxing.
Academic preimage resistance can still hold while real-world privacy absolutely does not.
It's not about breaking MD5’s math, but more about attack economics and low-entropy inputs. To your point, this problem exists with any bare hash. Salt slows large-scale precomputation, but it doesn’t magically add entropy to predictable identifiers.
Assuming you want ID verification, why would you need a blockchain? Your identity is deeply linked to who you are and we have identity documents and trusted entities to provide them. These entities can absolutely act as a third-party to verify who you are. This can happen with several different parameters: whether your identity is provided to the site you are using, whether the site your are using is known to your identity provider, whether identities across sites are identical or only linkable by the trusted party. But in all those examples (that are currently implemented by some countries), blockchain is not a requirement.
Assuming you don't want actual ID verification, the choices are even larger but with different trade-offs.
In theory yes, in practice it requires lots of different government services to get on the same page. How do you verify a state ID? Usually the DMV. Have they released an API endpoint for that? Almost certainly no. What if instead you're using a passport? Then the federal government needs to do it. What if your passport is from a country with weak government that doesn't have a lot of capacity?
And of course governments attract hackers because they tend to not be up to date on security best practices.
A single abstraction layer on blockchains allows more developers and security experts to contribute and innovate.
If I remember correctly, EU will make chip tracking for pets mandatory by 2030 to unify laws that are currently made by individual states. France had this mandatory for over a decade.
If you want to travel within EU with your pet, you'll need a certificate for that as well.
No idea about how it is is the US but that doesn't sound crazy to register pets as they are at risk of being lost, abandonned, lacking vaccination or vets visits.
You know, I regularly lose or forget my baseball caps (at least once per Summer, and usually I go through 2 or 3). I wish there was a nationally-mandated register of headwear, with obligatory chipping at the points of sale. Not even entirely joking.
On a more serious note, it's interesting to note that some property never gets any ownership marks on it, some gets it customarily but only out of convenience, there is no legal obligation to do so, and for some property it is legally-mandated by the state but owners largely find it cumbersome.
For maybe 100 years, we’ve lived in an era of diminished hat importance. I, for one, don’t want to be caught hatless around any sharp-tongued re-enactors.
- https://www.europarl.europa.eu/doceo/document/TA-10-2026-007...
reply