Yeah, but now you’re talking about communicating with web.archive.org and not nonesense.reputable-bank.com as in the original post. In this case you’re not even trying to hide the fact, that you aren’t affiliated with reputable-bank.com and we’re back to square one and you could also just use reputable-bank.com.some.malicious-phishing.website to host your page.

Btw: all modern browsers will warn you when you access a non-encrypted website - some immediately, some only when you try to enter data into a login form.

Checks own servers…

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

Yeah, I’d like to see that…

How do you pretend to be human, without being an asshole? Isn’t that the essence of humankind?

I don’t know the Immich API, but I’ve seen several REST APIs that used the usual pattern of

GET /api/v1/user/<id> - read user
POST /api/v1/user/ - create user
...

but also allowed

GET /api/v1/user/<id> - read user
GET /api/v1/user/?action=create - create user
...

It’s fine, the blockchain is now augmented with some AI and runs serverless in the cloud!

imagining a giant Reese’s PB cup

There’s chocolate in my peanut butter in my chocolate!

It’s not only the frequencies, but also the modulation and the protocol (“how devices talk to each other”). Your phone may support all needed frequencies and might still not be able to “talk” to the network.

Some companies just blatantly sell your data. Others get breached and you are part of the package that gets sold by the hackers.

The only “way around” is to use unique mail addresses for each signup/company so you can easily lock it and switch to another one when it gets known.

Just assume, that everything that you type in a form online (or in any other way send to a company/another person digitally), every email you send, everything that gets digitized about you, etc. will be public one day. Either because the other side of the transaction sold it or because they (or you) will be hacked eventually.

Btw: HaveIBeenPwned does not necessarily contain all breaches. I have several notifications of companies that got breached and leaked my data that are not listed in HIBP…

Depends, I’m from Europe and there are many local sites that allow that. You might need to search for a bit (e.g. not a button but a link in some fine print). But yes, there are many sites that just don’t have a “decline all” button and that ask you to deny every one of their 937.726.193.372.129 partners (most of them double, as you need to deselect the partner and their “legitimate interests” separately…

Somewhat - some site just don’t set a consent cookie if you deny cookies. First, they didn’t set Cookies as you requested - second, they can easily ask again on your next page load!

Nah, it’s at least two clicks - the first in the cookie banner to decline all cookies and tracking (which won’t save that setting and ask again on every page load/click on the page as you might want to be tracked in two minutes) and another one to cancel.

Is it pronounced Rust-L-S or Rus-T-L-S?

And if the latter, why not Rusty-L-S?

I’m not from the US, but where I live it’s either (or a combination of):

1. Your contract runs for two years. You can cancel it before, but still have to pay for the first two years. Often prices depend on which category of phone you want (say 20€/month for the service, 25€ with a “smart” phone, 30€ with a “premium” phone, 35€ with a “power” phone,…)
2. You have two separate contracts, one for your phone, one for the mobile service. In this case you might pay for your phone 24 months, or 36, or whatever you agreed on and you can cancel the mobile service independently (assuming it’s not also locked to 2 years)
3. Some carriers even allow you to only get a phone without a contract for the mobile service.
4. If you finance a phone with your carrier, they’re legally bound to tell you what you pay for your phone monthly and how much for the service - there are many ways around that, unfortunately…

In any case, you get an unlocked phone.

Well, they did it anyways, so…

Also this might work as an answer to “yeah, it’s a bug, but we won’t pay you”

I couldn’t help but find it amusing—they were now asking me to keep the report confidential, despite having initially dismissed it as out of scope.

“Sorry, but per your own guidelines this is out of scope. Because of this, this bug is not part of the agreement and guidelines on Hackerone. You can find my full disclosure, that I wrote after your dismissal here: <Link>” /s

The issue is, that you can’t easily reach the fridge so you can’t get a new can of beer without getting up

Wordle 1.204 5/6

⬛⬛⬛🟨⬛
⬛⬛🟨🟩⬛
⬛⬛🟨🟩🟩
🟨⬛🟩🟩🟩
🟩🟩🟩🟩🟩

Imagine getting a 404 or 500 error. Then archiving that on archive.org (and screenshot that dialog on steam) and accept the terms. If there’s any problem and they say you violated the EULA, point them to the terms you accepted.

Is the traffic encrypted?

If it is, look at the certificate. Which hostname is it for primarily? Which SAN (Subject Alternative Name - basically a list of all other hostnames the certificate is valid for) are set, if any? Which Certificate Authority issued the certificate or is it self signed?

Heck, I’ve heard the argument “We’re in retail [or insert other fittig market segments here] and Amazon is a direct competitor. Why the heck should we give them any money or any data*?” several times from several companies.

(*Where data not necessarily only meant giving them “company data” but e.g. also metadata about usage, etc. which cannot be avoided and which might give Amazon some insights)