In 2024, the Competition Commission of India had imposed Rs. 213 Crore penalty on Meta, for sharing WhatsApp users' data with its parent company to monetise it through advertisements.
> As Solicitor General Tushar Mehta criticised the “exploitative" policy for sharing user data for commercial purposes, Chief Justice Surya Kant responded: “If you can’t follow our Constitution, then leave India. We won’t allow the privacy of any citizen to be compromised. You can’t play with privacy… we will not allow you to share a single digit of our data". Solicitor General Mehta and counsel for the Competition Commission of India (CCI) said that user data was being commercially exploited, even if encrypted, and that the Digital Personal Data Protection (DPDP) Act must be considered to protect metadata and ensure user consent, India Today reported.
> As the tech giants claimed informed consent, the SC said that millions of users, including street vendors and rural citizens, cannot understand complex privacy policies ... The court also emphasised that behavioural and commercial exploitation of user data, including targeted advertising based on chat trends, violates users’ rights. The bench took note of instances where users received targeted ads for medicines shortly after private chats with doctors, raising questions about the extent of data monetisation.
They can't afford to, or they would have. With ads in the browser, telemetry that doesn't really switch off, etc. etc. their brand value has really fallen.
I don’t think they’re worried about “my business.”
Open source is notorious for being implemented in $$$ COTS and commerce and then contributing $0 in money and then even less in contribs bug fixes or sharing in house tweaks,isn’t this what Wordpress has been melting down over for a year or two now?
And I’m sure many more projects are pissed off or resenting their chains but not making an ugly scene about it.
Something has to give here.
I don’t have a dog in this fight other than to say that what mattermost went with here “is a choice” , and I have “a choice” whether to accept these terms.
I’m interested in watching how it plays out though. They cast their die. Problems have solutions. We could all get into whether this solution is viable or not — doesn’t matter this is what they went with and they made it clear they’re not taking user input on it. I’m not even a user so I expect them to care even less about my thoughts.
Im supportive of anyone trying to find an equitable balance but maybe that’s a situation where they could roll their own license with these clauses and exclusions.
Its not like Microsoft or iTunes user agreements aren’t complete bullshit, yet people click okay and use all that.
Is the bad publicity worth it with this kind of rug pull to "we are opensource, but not really"? I get that an open source product can get you some free (word of mouth) and good publicity. But in general, open source is also strongly associated with "free" (as in you don't have to pay money for it). So if you do want to make money from a software product, weigh the pros and cons carefully - commercial open source products do tend to be less profitable than commercial closed-source versions. If you are ok with that, go with the open source business model. Otherwise, stick to the closed-source business model from the get go. Be honest from the start - brand damage is really costly to repair.
The TLDR is that until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which was available in the Github source code. The author enabled this by not following best practices.
The "good news" is that the attacks were very targeted and seemed to involve hands on keyboard attacks against folks in Asia.
Blaming the hosting company is kind of shady, as the author should own at least some level of the blame for this.
If the attackers did limit themselves to a small number of Asian machines they gave up an absolute goldmine. I would venture to say a lot of technical people use notepad++ at work in jobs that would be very lucrative for an attacker to exploit. I know I definitely had an 'oh shit' moment when I read this and thought about where I have notepad++ installed.
out of curiosity, why is a self signed cert bad for this case? Can't the updater check the validity of the cert just as well regardless? Or did the attackers get access to the signing key as well?
> Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code. This made it possible to create manipulated updates and push them onto victims, as binaries signed this way cause a warning „Unknown Publisher“
It also mentions "installing a root certificate". I suspect that it means that users who installed the root cert could check that a downloaded binary was legit but everyone else (i.e. the majority of users) were trained to blindly click through the warning.
Notepad++ has way too many updates for a text editor. I purposely decline most of the nags to update for precisely this reason. It is too juicy of a target and was bound to get compromised.
My first thought was - must be an Indian or Chinese. And it is indeed a Chinese. (I am an Indian by the way, and the reason I jumped to that conclusion was Indians and Chinese don't have much respect for IP. Especially if they have worked on it and contributed to it too.)
I don't how it was when Apple was a start-up, but I have never considered macOS or Apple Office suites as "free" or cheap - the way I rationalised purchasing an Apple device was by telling myself that Apple hardwares are overpriced because it includes the price of the accompanying software. Of course, now, as Apple slowly shifts to a hybrid subscription model, you will of course be continually paying for Apple software ...
I shared a thought that I felt was relevant to the discussion. Some have upvoted it too. If you didn't find my comment helpful / useful, ignore or downvote or flag it and move on. It just makes for a better community than confronting people on why they post here.
Macromedia Flash was indeed a beautiful, innovative piece of software. HTML 5 still doesn't match its features vis the ease and usability that Flash offered in creating and deploying content online. But after its acquisition by Adobe, it just ever so slowly went downhill. It should have been open sourced.
> As Solicitor General Tushar Mehta criticised the “exploitative" policy for sharing user data for commercial purposes, Chief Justice Surya Kant responded: “If you can’t follow our Constitution, then leave India. We won’t allow the privacy of any citizen to be compromised. You can’t play with privacy… we will not allow you to share a single digit of our data". Solicitor General Mehta and counsel for the Competition Commission of India (CCI) said that user data was being commercially exploited, even if encrypted, and that the Digital Personal Data Protection (DPDP) Act must be considered to protect metadata and ensure user consent, India Today reported.
> As the tech giants claimed informed consent, the SC said that millions of users, including street vendors and rural citizens, cannot understand complex privacy policies ... The court also emphasised that behavioural and commercial exploitation of user data, including targeted advertising based on chat trends, violates users’ rights. The bench took note of instances where users received targeted ads for medicines shortly after private chats with doctors, raising questions about the extent of data monetisation.
Source: https://www.news18.com/india/leave-india-if-you-cant-follow-...
reply