1,804 Matching Annotations
  1. May 2020
    1. sadness.js will not load, however, as document.write() produces script elements which are "parser-inserted".
    1. Endpoint policies are currently supported by CodeBuild, CodeCommit, ELB API, SQS, SNS, CloudWatch Logs, API Gateway, SageMaker notebooks, SageMaker API, SageMaker Runtime, Cloudwatch Events and Kinesis Firehose.
    1. Using VPC endpoint policies A VPC endpoint policy is an IAM resource policy that you attach to an endpoint when you create or modify the endpoint. If you do not attach a policy when you create an endpoint, we attach a default policy for you that allows full access to the service. If a service does not support endpoint policies, the endpoint allows full access to the service. An endpoint policy does not override or replace IAM user policies or service-specific policies (such as S3 bucket policies). It is a separate policy for controlling access from the endpoint to the specified service.
  2. developer.chrome.com developer.chrome.com
    1. If a user clicks on that button, the onclick script will not execute. This is because the script did not immediately execute and code not interpreted until the click event occurs is not considered part of the content script, so the CSP of the page (not of the extension) restricts its behavior. And since that CSP does not specify unsafe-inline, the inline event handler is blocked.
    1. As we add new features and functionality to our Sites, we may need to update or revise this Privacy Policy. We reserve the right to do so, at any time and without prior notice, by posting the revised version on our Sites. These changes will be effective as of the date we post the revised version on our Sites.
    1. In the US, there is no one national law in regards to returns/refunds for purchases made online as in most cases, this is implemented on a state-by-state basis, however, under several state-laws, if no refund or return notice was made visible to consumers before purchase, consumers are automatically granted extended return/refund rights. In cases where the item purchased is defective, an implied warranty may apply in lieu of a written warranty
    1. Shouldn't I be adding the names of the cookies my site/app is using? The specific names of cookies don't provide users with information they can understand. Regarding cookies installed by third parties: the site owner is not in direct control of these cookies. This results in the naming and future changes to naming conventions also being outside of the owner's control and therefore also duty for disclosure. Due to this, we describe the cookies by their purpose and we give users all the instructions they need in order to understand cookies and manage them in their browsers. Then we link to the privacy/cookie policies of any third parties used by your site and we reference their opt-out pages, when available. This concept is the result from consultations with countless privacy attorneys, feedback from privacy authorities and the interpretation of the law itself.

      This sounds like a reasonable compromise.

      Like they say, listing specific names of cookies isn't helpful or practical/maintainable for perpetuity:

      The specific names of cookies don't provide users with information they can understand. Regarding cookies installed by third parties: the site owner is not in direct control of these cookies. This results in the naming and future changes to naming conventions also being outside of the owner's control and therefore also duty for disclosure.

  3. Apr 2020
    1. the cost of reading consent formats or privacy notices is still too high.
    2. Finally, from a practical point of view, we suggest the adoption of "privacy label," food-like notices, that provide the required information in an easily understandable manner, making the privacy policies easier to read.
    3. Third, the focus should be centered on improving transparency rather than requesting systematic consents. Lack of transparency and clarity doesn’t allow informed and unambiguous consent (in particular, where privacy policies are lengthy, complex, vague and difficult to navigate). This ambiguity creates a risk of invalidating the consent.

      systematic consents

    4. the authority found that each digital platform’s privacy policies, which include the consent format, were between 2,500 and 4,500 words and would take an average reader between 10 and 20 minutes to read.
    1. Q. I would like a copy of my data from a breach, can you please send it to me? A. No, I cannot Q. I have a breach I would like to give you in exchange for “your” breach, can you please send it to me? A. No, I cannot Q. I’m a security researcher who wants to do some analysis on the breach, can you please send it to me? A. No, I cannot Q. I’m making a searchable database of breaches; can you please send it to me? A. No, I cannot Q. I have another reason for wanting the data not already covered above, can you please send it to me? A. No, I cannot
    1. There is a forum for discussing CommonMark; you should use it instead of github issues for questions and possibly open-ended discussions. Use the github issue tracker only for simple, clear, actionable issues.
    1. more than three-quarters support the stimulus plans that have already passed and “77% of the public thinks it will be necessary for the president and Congress to pass another bill to provide more economic assistance for the country.” That includes 66 percent of Republicans. We are all Keynesians now.
    1. So, on April 9, 2020 the US central government (the president and Congress) and the US central bank (the Fed) announced a massive money and credit creation program that included all the classic MP3 techniques, including helicopter money (direct payments from the government to citizens). It was essentially the same announcement that Roosevelt made on March 5, 1933. 
    1. Will Fithian en Twitter: “The authors said by email that they used a built-in Stata function and aren’t sure themselves how the software used the input weights. I suspect they misapplied that function (too complicated to tweet why) but I don’t know Stata well enough to be sure; it seems neither do they.” / Twitter. (n.d.). Twitter. Retrieved April 27, 2020, from https://twitter.com/wfithian/status/1252692362037362693

    1. Dorison, C., Lerner, J. S., Heller, B. H., Rothman, A., Kawachi, I. I., Wang, K., … Coles, N. A. (2020, April 16). A global test of message framing on behavioural intentions, policy support, information seeking, and experienced anxiety during the COVID-19 pandemic. https://doi.org/10.31234/osf.io/sevkf

    1. it reminds me of IT security best practices. Based on experience and the lessons we have learned in the history of IT security, we have come up with some basic rules that, when followed, go a long way to preventing serious problems later.
    2. The fact is that it doesn’t matter if you can see the threat or not, and it doesn’t matter if the flaw ever leads to a vulnerability. You just always follow the core rules and everything else seems to fall into place.
    1. You can change your browser settings to refuse cookies and delete them at any time. If you continue to use this site without taking action to prevent the storage of this information, you are effectively agreeing to this use.
    1. Having visibility to the prevalence means, for example, you might outright block every password that's appeared 100 times or more and force the user to choose another one (there are 1,858,690 of those in the data set), strongly recommend they choose a different password where it's appeared between 20 and 99 times (there's a further 9,985,150 of those), and merely flag the record if it's in the source data less than 20 times.
    2. trim off a bunch of excessive headers such as the content security policy HIBP uses (that's of no use to a lone API endpoint).
    1. à une politique d’entreprise

      lorsque cette politique d'entreprise s'étend à un public extrêmement large, cela représente-t-il un nouveau gouvernement, lequel se surajoute à l'État en place (ex. la politique d'Apple s'ajoute à la politique de l'État américain)?

  4. Mar 2020
    1. "users are not able to fully understand the extent of the processing operations carried out by Google and that ‘the information on processing operations for the ads personalization is diluted in several documents and does not enable the user to be aware of their extent."
    1. The cookie policy is a section of the privacy policy dedicated to cookies
    2. If a website/app collects personal data, the Data Owner must inform users of this fact by way of a privacy policy. All that is required to trigger this obligation is the presence of a simple contact form, Google Analytics, a cookie or even a social widget; if you’re processing any kind of personal data, you definitely need one.
    1. In general, the directive does not specifically require that you list and name individual third-party cookies, however, you are required to clearly state their categories and purpose. This decision by the Authority is likely deliberate as to require such would mean that individual website/app owners would bear the burden of constantly watching over every single third-party cookie, looking for changes that are outside of their control; this would be largely unreasonable, inefficient and likely unhelpful to users.
    2. a broader explanation of the way cookies operate and of the categories of cookies used will be helpful. A description of the types of things analytical cookies are used for on the site will be more likely to satisfy the requirements than simply listing all the cookies you use with basic references to their function.
    3. The cookie policy must: indicate the type of the cookies installed (e.g. statistical, advertising etc.);describe in detail the purpose of installation of cookies;indicate all third-parties that install or that could install cookies, with a link to their respective policies, and any opt-out forms (where available);be available in all languages in which the service is provided.
    1. provide users with information regarding how to update their browser settings. Many sites provide detailed information for most browsers. You could either link to one of these sites, or create a similar guide of your own. Your guide can either appear in a pop up after a user declines consent, or it can be part of your Privacy Policy, Cookie Information page, or its own separate page.
    1. What information is being collected? Who is collecting it? How is it collected? Why is it being collected? How will it be used? Who will it be shared with? What will be the effect of this on the individuals concerned? Is the intended use likely to cause individuals to object or complain?
    1. If your agreement with Google incorporates this policy, or you otherwise use a Google product that incorporates this policy, you must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area along with the UK. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement.
    1. expect to see more support from Democrats, Republicans, academics and diplomats for the notion that government has a much bigger role to play in creating adequate redundancy in supply chains
    1. Vimeo We use Vimeo for video display. Read more Name Retention Function Statistics __utmt_player 10 minutes Track audience reach vuid 2 years Store the user's usage history Sharing For more information, please read the Vimeo Privacy Policy.

      I like how it groups cookies by the site/service that sets them, and has links to more information and privacy policy for each of those services.

    1. I enjoy dissent and debate among commenters, and criticism of my views is also always welcome; you are even free to call me an assclown, a dupe, a partisan ignoramus — whatever you like, as long as you don't insult other commenters.
    2. And since any commenter who only wants to drop taunts at others rather than engage on an intellectual level is a waste of everyone's time, I'll tolerate him or her for a while, a short while, hoping for unearthed maturity; but if this fails, that commenter is gone. Thanks for listening. 
    1. I've been meaning to remind readers that I do read the comments. Some time ago, one disappointed commenter mused that others' reflections seemed to go (as I recall) "into a void," because I remained silent to each. Perhaps I was ignoring readers' remarks? I assure you that is not the case. I read them all — although on this site, for some reason, "all" means somewhat sparse — and I find them nearly all remarkable in their perceptiveness. I especially welcome, and enjoy, intelligent disagreement. I choose not to respond, however, only because of my editorial philosophy, which holds that the comment section is, rightfully, for commenters — and commenters alone. I've already had my say, and it seems to me rather rude to take another whack in reply. Whenever I'm so substantively shaky or incoherent as to make my case unpersuasively the first time around, I figure I should live with the consequences. And whenever I find criticism flawed, I figure readers — perceptive as they are — will see the flaw as well, therefore there's no need for me to rub it in. So, I beg you not to take my silence personally.
    1. Because humans hate being bored or confused and there are countless ways to make decisions look off-puttingly boring or complex — be it presenting reams of impenetrable legalese in tiny greyscale lettering so no-one will bother reading
    1. "I have read and agree to the terms and conditions” may well be the most common lie in the history of civilization. How many times do you scroll and click accept without a second thought? You’re not alone. Not only they go unread, but they also include a self-updating clause requiring you to go back and review those documents for changes. You’re agreeing to any changes, and their consequences, indefinitely. 
    1. And, frankly, we’re abetting this behavior. Most users just click or tap “okay” to clear the pop-up and get where they’re going. They rarely opt to learn more about what they’re agreeing to. Research shows that the vast majority of internet users don’t read terms of service or privacy policies — so they’re probably not reading cookie policies, either. They’re many pages long, and they’re not written in language that’s simple enough for the average person to understand.
    2. But in the end, they’re not doing much: Most of us just tediously click “yes” and move on.
    3. The site invites you to read its “cookie policy,” (which, let’s be honest, you’re not going to do), and it may tell you the tracking is to “enhance” your experience — even though it feels like it’s doing the opposite.
  5. Feb 2020
    1. hook and line

      The quintessential fishing method, which uses a hook with a lure or bait attached to entice fish to bite on to the hook. Ensnared fish are then pulled to the surface for capture or release. This targeted fishing method allows scientists to minimize the impact of their research on other non-target fish that could end up as by-catch in nets, cages, and other gear. Also called "pole and line" fishing, this method can be used to make commercial fishing more sustainable, as in the case of tuna-fishing in the maldives, which you can read more about at The Guardian: https://www.theguardian.com/sustainable-business/pole-line-fishing-sustainability-tuna-market

    2. US National Fish and Wildlife Refuge

      This network was established in 1903 and has since grown to include over 150,000,000 acres of land that are dedicated to wildlife conservation.

      Read more at the website of the U.S. Fish and Wildlife Service: https://www.fws.gov/refuges/?ref=topbar

    3. We used bio-logging to quantify the daily activity cycles

      Many of the news articles written about this study compare the methods used here to study sharks to the black-box flight recorder technology that is used to continuously collect in-flight data on airplanes--information that becomes particularly important in the event of a plane malfunction/crash.

      Although no mention of 'black-box technology' is made in this paper, interviews with the author typically relied on this comparison to communicate the methods of the study to the public. Read one such example at Engineering and Technology: https://eandt.theiet.org/content/articles/2015/06/black-box-technology-shines-light-on-shark-behaviour/

    4. therefore never truly rest

      It is a common misconception that all sharks must constantly be in motion in order to breathe. While this is not true for all sharks, this is the case for the blacktip reef sharks at the center of this particular study!

      There are several different methods that sharks can use for breathing, which you can read more about at How Stuff Works: https://animals.howstuffworks.com/fish/sharks/shark-drown.htm

  6. Jan 2020
  7. Dec 2019
    1. broaden the definition of a ‘researcher’ to include a molecular biologist and basic science researcher, and to widen the scope of research ethics

      In order to adapt to new contexts, policy diffusion often triggers such semantic drift of key concepts.

      Would be great to see that linked to the policy learning framework.

    2. CIOMS Guidelines serve as a helpful reference in the drafting of a new regulation

      Good example of policy diffusion

    3. based on the recommendations and standards set out by international organisations like the World Medical Association and CIOMS

      Reference to policy diffusion

    4. Regarding recommended practices in international ethical policy documents, these are not sufficiently disseminated or internalized, hence gaps still exist in relation to best practices and critical aspects of data practices. To address this challenge, it is not only essential to disseminate and promote these policies, but to also adapt them to the contexts and situations where they are applicable through training and capacity building.

      Given that the article is framed as being about policy diffusion and using a policy learning framework, I would have expected more details here.

    1. What rural Ohio makes of Turkey-Syria crisis

      This could be about really any town in the US. Except for some college towns and big cities, most Americans live in mostly remote places -- in an actual sense or in an intellectual sense. Let's read this warm-up article together. Please leave your actual name in the responses unless your ID is the school ID (for me, that would be Baekk).

  8. Nov 2019
    1. It needs to be fully repealed, because the first step out of the gate for Obamacare is a step in the wrong direction and that is for government control over every aspect of health care, so it’s hard to fix the system that they have put in place without ending that premise that government ought to be running and controlling health care.
    1. Disinformation in Contemporary U.S. ForeignPolicy: Impacts and Ethics in an Era of Fake News,Social Media, and Artificial Intelligence

      The authors examine the implications of fake news (aka disinformation campaigns). Before we start reading the article, I would like you to go out into the internet (preferably the reliable and credible sources on the net) and find more about American disinformation campaigns abroad. Please share the cases you found here.

    Tags

    Annotators

    1. Why can't I keep using script whitelists in CSP? The traditional approach of whitelisting domains from which scripts can be loaded is based on the assumption that all responses coming from a trusted domain are safe, and can be executed as scripts. However, this assumption does not hold for modern applications; some common, benign patterns such exposing JSONP interfaces and hosting copies of the AngularJS library allow attackers to escape the confines of CSP.
    1. However, a broader problem is that your script-src whitelist includes domains that host Javascript which can be used by an attacker who finds a markup injection bug in your application to bypass your CSP. For example, https://cdnjs.cloudflare.com hosts Angular (https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.7.2/angular.min.js) which can be used by an attacker to convert an HTML injection into arbitrary script execution (here is a paper about this).
    1. How you use our services and your devicesThis includes: call records containing phone numbers you call and receive calls from, websites you visit, text records, wireless location, application and feature usage, product and device-specific information and identifiers, router connections, service options you choose, mobile and device numbers, video streaming and video packages and usage, movie rental and purchase data, TV and video viewership, and other similar information.
    2. Demographic and interest dataFor example, this information could include gender, age range, education level, sports enthusiast, frequent diner and other demographics and interests.
    3. Information from social media platformsThis may include interests, "likes" and similar information you permit social media companies to share in this way.
    4. Information from Verizon MediaFor example, we may receive information from Verizon Media to help us understand your interests to help make our advertising more relevant to you.
    5. Learn about the information Verizon collects about you, your devices and your use of products and services we provide. We collect information when you interact with us and use our products and services. The types of information we collect depends on your use of our products and services and the ways that you interact with us. This may include information about: Contact, billing and other information you provide 1 How you use our services and your devices 2 How you use our websites and apps 3 How our network and your devices are working 4 Location of your wireless devices

      Verizon Privacy Policy

    1. Disinformation in Contemporary U.S. Foreign Policy: Impacts and Ethics in an Era of Fake News, Social Media, and Artificial Intelligence

      The authors examine the implications of fake news (aka disinformation campaigns). Before we start reading the article, I would like you to go out into the internet (preferably the reliable and credible sources on the net) and find more about American disinformation campaigns abroad. Please share the cases you found here.

    1. Private post-secondary institutions that provide educational services in the State of New Mexico are subject to either the New Mexico Post-Secondary Educational Institution Act (Section 21-23-1 et seq. NMSA 1978) or the Interstate Distance Education Act (Section 21-23B-1 et seq. NMSA 1978) and can use this site to apply for State Authorization or submit other required applications to comply with State regulations. Students may request transcripts of closed schools where the New Mexico Higher Education Department is the designated custodian of records or may file complaints against any post-secondary institution that provides educational services in our State.

      The NMHE website is about providing academic, financial and policies to new mexico public higher education institutions and community.

  9. Sep 2019
    1. Abstract

      Abstract is a sales pitch and a guide; the authors summarize their entire paper into less than 100~200 words to draw you in and guide you throughout the rest of the paper.

      This is a literature review on the relationship between the public opinion and foreign policy. The American public is, largely, regarded as uninterested and unaware of foreign policy. However, here the authors survey the literature and conclude that the public is able to hold a nuanced and coherent view on foreign policy and is able to make a voting decision based on this view.

    2. FOREIGNPOLICY AND THEELECTORALCONNECTION