I'd frankly prefer "insecure" user+pass over all of these guardrails which are 90% about control over the users and 10% about security.

With username and password, I have full control over my privacy in a very easy to understand fashion: If I randomly generate them I know I cannot be tracked (as long as I ensure my browser doesn't allow it by other means).

With those keys I have a opaque piece of hardware which transfers an opaque set of data to each website I use and I have NO idea what data that is because I do not manually type it in. I need to trust the hardware.

Sure, I could read the standard, but it very likely is complex enough that it is impossible to understand and trust for someone who has no crypto background.

And I also have no guarantee that the hardware obeys the standard. It might violate it in a way which makes tracking possible. Which is rather likely, because why else would big tech companies push this if it didn't benefit them in some way?

I have much more backups of my workstation etc., should I now buy dozens of crypto hardware key thingies and constantly switch them around to match the backup disks?

For those who do offsite backups: Is an offsite backup possible across the Internet? Or do you have to physically drive the key to the offsite location?

When I create a new account somewhere, does that mean I have to move N backup keys out of their drawer to the workstation and register each of them on the account?

And how to even create a backup and keep it in sync?

With backup disks, it is a matter of shutting down the machine, removing one disk from the RAID1, and you have a backup (the removed disk is the backup). Or doing "dd if=..." if you don't use raid.

Is something as simple possible with those fancy crypto toys? Or is some arcane magic required to copy them?

Is this perhaps all as usual: An attempt to get more control and tracking of users, disguised as "security"?

The non-"print more money" version will reject its blocks.

So even if they throw 90% of hashpower at it then it will not be the consensus because nobody uses a version of Bitcoin which accepts the blocks it mines.

Uhm, why not?

As far as I see, the price of Bitcoin has actually even hyperDEFLATED.

It started below $1! Now it is at $40000.

Solved problem: Hyperinflation caused by excessive governmental money printing.

Yes, I know you may not consider this as a "problem", but tell that to the millions of people who have had to watch their life savings being erased to zero value.

Yes, the Bitcoin price may be jumpy, but we aren't yet seeing kids playing with bricks of trillions of Bitcoins because they'd be so worthless that you can give them to your kids as toys.

That DID happen with fiat currency:

Enter "hyperinflation" into your favorite picture search engine.

I personally own a 1 billion bill of a previous currency of my country which I bought for the equivalent of $5 on eBay.

- one labeled as "2FA Authenticator permissions disclosed on Google Play"

- and the other as "2FA Authenticator permissions requested"

They even made "disclosed" and "requested" bold to stress that there'd be a difference, and in fact the former list of permissions is shorter than the latter?

You said that some permissions are "ignored". Is that the explanation?

Where is a list of all Android permissions which are "ignored", i.e. not told to the user when installing apps?

From the screenshots it looks like the permission to install software is part of whats lacking to be disclosed.

That has a rather big security impact, why does Google ignore it?

I can't believe Android is that insecure :(

Is it really possible for app developers to leave out permissions in the list of requested permissions on Google Play and then get them nevertheless when the app is actually installed?

See my other reply for a more lengthy description: https://news.ycombinator.com/item?id=30126488

I would have thought that the list on Google Play is computed from the binary so it cannot be fake.

Is it really true that you can just leave out permissions in this list and then just get them once people install your app?

That is precisely why I said Hackernews is doing itself a disservice:

This makes people leave the site, like you just proved by suggesting it.

What is the benefit for the community if a place which used to be about acquiring knowledge now spends their time on hating the same thing over and over again every day?

So what is the added value in repeating this hate-fest every day?

Include in the equation that Satoshi additionally likely is a person who puts a high value on privacy, given that they ensured to be anonymous up to now.

Bitcoin has amassed a $1T valuation in like what, 10 years?, of existing.

Who knows how popular it will be in another 10 years, 20 years? Could be gone. Or could have replaced the dollar.

If you de-anonymize the person now, they will be affected by that forever, not just now.

> but his life won't be "destroyed" -- at least not by any reasonable standard. There are plenty of well-known billionaires who are perfectly happy.

1. The person has actively signaled that they do NOT want to be known by trying to stay anonymous. You're acting against their will. It is thus false to assume that they would like it. They have basically told you that they won't.

2. Destruction, in a minimal definition, means changing something so much it is completely different from what it was.

So to prove this is not destructive, name me the aspects of their personal life which will NOT be affected by suddenly the whole planet assuming they are rich.

There are probably none. Everything of their existing life will likely change.

So this is quite destructive isn't it?

And sure, their new life afterwards (if they don't get murdered) might be likeable as well.

But is it your right to replace the whole of someone's life with something different and expect them to like it?

It's a pretty intrusive attitude.

> To put this another way: is the search for knowledge immoral, if discovering that knowledge will inadvertently harm a person?

Yes in this case, because that knowledge is completely worthless for producing any real usable thing. So there is no benefit of the knowledge to value its harm against.

You can read how Bitcoin works in the source code, and deduce all necessary financial decisions from that. No need to know about the developer is needed. Bitcoin is trust-less so they have zero power on what it does. The code is its law.

So overall, what people are seeking is not knowledge but entertainment.

And it is super cruel to hurt someone for entertainment.

The people who trying to figure out who Satoshi is and make it public should realize this:

What they're effectively doing is trying to completely destroy someone's life just for them having written a piece of software.

Because then everyone will assume (EDIT: not *know*, see the comments) that the person is insanely rich. And beyond the glorification of being rich everyone forgets what it actually means:

You're a prisoner of your money.

Want to go to a pub and have a beer? Not possible, you might get kidnapped or at least harassed by paparazzi.

Want to go outside for a walk? Same as above.

Want friends? Nope, how are you gonna find them if you cannot go outside? How can you trust anyone? Maybe they just want your money?

Of course, the rich can mingle among each other. But this very much limits your possible circle of social contacts, and there's no law of nature which says that someone like Sathoshi might even want to be friends with Justin Bieber etc., or vice versa.

Hobbies? Only those you can do alone.

Want a girlfriend/boyfriend/spouse? See above.

Also as a bonus a large portion of the public will HATE you, no matter what you do. Just see how much HN hates crypto.

You might get tortured for money, lynched or whatever cruel imagination you can come up with. Enough people know you = anything is possible.

Satoshi apparently wants to be left alone so you should do just that.

They gave you a software for free which spawned a whole industry, they don't deserve to be harassed for that. If you don't like it then don't use it, but don't destroy the developer's life. Nobody forces you to use it - and even if someone did then go harass them, not the developer.

Because Java supports naked sockets [1], so that is what you would have to do to block the network traffic from containing .class files.

(Or remove the capability of real networking. I suppose we can agree that a language which doesn't support networking is quite limited in its use nowadays?)

[1] https://docs.oracle.com/en/java/javase/16/docs/api/java.base...