I am a security professional. I would personally not care less to make the distinction, as both are very generic terms that are used very liberally in the industry.

So I don’t see any reason not to call this hacking. This was not an intended feature. It was a gap, which has been used to perform things that the application writer did not intended (not in this form). If fits with the definition of hacking as far as I can tell. In any case, this is not an academic discussion, it is a security advisory or an article that talks about it.

Lack of rate limiting is a code vulnerability if we are talking about an API endpoint.

Not that discussion makes any sense at all…

Also, “not securing” doesn’t mean much. Security is not a boolean. They probably have some controls, but they still have a gap in the lack of rate limiting.

There are almost 30 different countries in Europe. They also have quite different cultures and policies around immigration (for example).

Who are you talking about, specifically?

Over nextcloud probably the e2ee. I suppose soon they will also integrate this better with email (like you can attach directly and save directly from email), so the seamless integrations with the rest of the products will probably amount to other benefits over time.

Until I can easily export the data, where is the vendor lock?

Vendor lock means that migrating away has significant cost or technical challenges.

Take this case: documents saved are first of all easily downloadable from drive (in bulk), and also exportable in markdown.

They change pricing/add features that I don’t want/sell off the company (hard now that it’s managed by a nonprofit but still) etc.? I make a nice bulk download and move everything in whatever other system I want. I can do the same for contacts, email (I use my own domains) and calendar. Basically, 1h + the time to download files and I am moved to another provider.

Can you elaborate in what you think the vendor lock looks like?

https://github.com/ProtonMail/WebClients/tree/main/applications

They use monorepo for the web clients, at least.

Here the mobile apps:

https://github.com/ProtonDriveApps

Public financing of the press, newspapers stopping being garbage and selling subscriptions like they have always done, pay per article (cents), donations. Just some ideas of economically viable alternatives. There are good niche newspapers which survive with such models, it’s not like I am making it up.

I would say the opposite: advertising alone is not sustainable for the press because it creates wrong incentives (grab attention, clicks). This is why 90% of newspapers have the same garbage, short, generic articles. This is why you get rage baits, fake news etc. too, to some extent. So yes, you get websites online, but you get no information…

Also in Italy, but I think once the data protection agencies will get on it, it will be forbidden. It will take some time, but there is no way that’s a legitimate use of consent.

The GDPR says that if you use consent as the legal basis for processing data, such consent must be free. This means that there cannot be consequences if you give or not give the consent. If there are, then the consent is not free anymore. Paying money for a service is absolutely legal, obviously, what probably is not legal is extracting your consent by offering you a discount (which is the flipside of “pay to avoid tracking”).

I just wanted to specify a bit, not that you said anything incorrect.

Usually when hotels close past a certain time you can use a secondary entrance with your keys/card or at most call. Most hotels have a desk open 24h so this doesn’t even apply.

Also, I really don’t think Italians are generally rude. People are friendly, but also loud and warm, which often can be misunderstood. Assholes exist, obviously.

In cities car sharing works OK (no time for paperwork etc.), but it still is relatively expensive.

At least in Europe is quite common I believe.

To be honest, I have never even heard of anybody who sued a service provider for failing to mitigate DDoS, or for letting an attack through a WAF, etc. I am quite positive that the contracts/T&C you sign when you subscribe to the services are rock solid, otherwise cloudflare would be under extreme liability. Also, usually you have the ability to customize the DDoS settings, choose thresholds etc. I really can’t imagine a company having any real chance of getting the provider to reimburse you. The only service that usually has SLA is the uptime of the CDN, which if breached should be compensated. I am quite sure that in the cheap plans the SLA is probably not very high.

Also, what you say about a customer that someone might want to take down is true for all customers that require DDoS protection. If they didn’t, they wouldn’t pay for the service on the first place. Cloudflare serves a bazillion customers who are much bigger targets than a casino, I don’t think they were afraid of the exposure. Also, when cloudflare receives a high DDoS attack, for them is awesome marketing. Imperva, Akamai, Cloudflare are basically identical and the selling point is exactly “how big can they tolerate?”.

Honestly rather than speculating on what we don’t know, I propose a simpler option: cloudflare plans are designed to get customers one foot in the door with a super cheap plan, to them each individual customer has basically no marginal cost. However, once the customers are in they can identify the ones they can squueze and find reasons to push more expensive plans. If they bump 1/30 of them, even if they other 29 will leave, they are in plus (250x29 < 10000 x 1).

To me this seems simply a business strategy. They specifically say “Unlimited & unmetered DDoS attack mitigation” in the cheapest plan, afterall.

I am in no way using this definition right now, I am using the definition you provided (established businesses) and I generally use it interchangeably with “licensed”, because to operate you need at least a license.

So it’s not a tautology.

There are enough illegitimate online casinos to create a problem for the whole industry.

Incorrect. Also creating a problem for is not defining the industry itself. There are phishing bank sites to create a problem for the banking industry, but only an idiot would answer “they steal your identity/card details” to the question “why are online banks bad”.

They don’t have enough users so they need to squeeze their regular punters harder.

Incorrect. You forgot to address “how”. I will also add another item to the “you have no idea what you are talking about”. Players losing is a sure way to lose even more customers. In fact if you knew something about the industry you would know that new companies operate on much lower margins that established ones. Bet365 might operate on a 7-9% margin, a new company operates on 1,2,3%. The idea that squeezing more existing customers, besides being technically impossible, is absurd. It’s a huge business risk (you lose your license and then you will have 0 customers).

Even your beloved “legitimate” casinos do “rig” games by offering different odds at different times to different people.

First, I don’t like casinos, despite having worked for one, I have played on less sites than you did. I like even less bullshit though, hence my pleasure in clearing the world from yours. Second, that is not rigging at all. You know it, I know it, it is absolutely not what you meant, and I am embarrassed for you for trying to use this terrible rethorical trick to now bend the word rigging. Rigging means that you expect the odds to win are X but instead behind the scene are Y (<X). Offering odds first of all is not a casino thing, it’s a sportsbook thing, and second of all is transparent to the user. Finally, odds obviously change over time, as estimated probability does…

Listen, you are just a guy on the internet with a big mouth and a family supply of bad faith. I showed you multiple times that your claim are bullshit and that much smarter people than you took care of the problems you claim affect casinos (rigged games and money laundering).

You failed to provide any argument from any of your claims and now you proved to argue in bad faith. As promised, I will make you a favour and block you, so you don’t have to keep embarrassing yourself. Take this as a chance to reflect on maybe not arguing on something you don’t understand fully, and maybe to learn from someone who knows more than you, as I try to do in the many occasions where I make mistakes or know little about something. Your claim at the moment is false. It’s a conspiracy theory that you repeat and might believe, but it’s false. Deal with it. You can use the very real and many reasons to consider casinos bad, do that.

Indeed I want to make a distinction. Because thinking legitimate casinos rig games is completely different from thinking scammy ones do.

In fact, you had no argument whatsoever to prove those do, including your external sources that recommended basically in all cases to stick to licensed sites, proving that there is a difference (duh). On the other hand, having worked in the industry and understanding both how casinos integrate games and how compliance works, I have explained to you why there are generally not technical means AND no economic incentive for legitimate casinos to rig games.

I will repeat the points for you:

• legitimate casinos undergo certification and audits. Every piece of code change is analyzed periodically and so does the functionality of basically everything on the sites.
• most importantly, casinos don’t develop games, they purchase them from providers. They don’t have access to the code, as games are served directly by the maker, so they can’t change the code to tweak odds.
• the game makers don’t have any incentive of jeopardizing their whole business to let a customer earn more money illegally.

The above applies to essentially every licensed casino, every legitimate casino.

You failed to acknowledge any of these points, and you argued for 15 comments about scammy websites, bringing now the conversation back to where we started.

The reason why I want an agreement that legitimate (not some!) casinos don’t rig games is specifically because I provided arguments (technical and economical) for why that’s the case. So your refusal to make any distinction while also refusing to provide any proof to support your claim just results in a vague and messy discussion, exactly like your insane definition of “online casinos” that includes scam websites. You refuse to be accurate :)

But a problem very much related to “what’s wrong with online casinos”.

It’s not. It’s something casinos (real ones) can’t do anything about, the same way banks or shops can’t do anything about. This is an extremely tiny problem because official means exist to recognize legitimate ones since there are trusted authorities that certify them. In fact, given the existence of central national authorities it is much easy to be sure that a casino is legitimate than a shop, for example. I will tell you more: rigged games (and therefore fake casinos) are a MINOR problem in the industry in general. It is absolutely a terrible argument to say what’s wrong with casinos, because it’s something the vast majority of the people will never even encounter in a life of gambling. However, there are plenty of reasons why casinos can be considered bad based on the regular operations of legitimate casinos, not based on your fairytales.

So yes, I am stuck on wanting an acknowledgement that legitimate casinos don’t rig games because I know how that works, unlike you. Here is how I conclude this conversation, since we are at a moot point:

If you fail to acknowledge tha rigging games is very very unlikely (I will keep the theoretical possibility in case there are suicidal CEOs) in legitimate casinos, then I will call your argument bullshit until you have any proof. Specifically, you should explain what economic incentive do legitimate casinos (licensed) to rig games, and how do you think they can do that. If you fail to provide any argument in support of this while also refusing to make a distinction in your original claim, then I know you are arguing in bad faith, so I will simply block you and move on.

I give up. You refuse to engage in good faith.

What user can tell is irrelevant, we are talking about your “taxonomy” and the properties that carries being in one or other category.

You might not be able to distinguish a legitimate casinos by a fake one, but if in your opinion legitimate ones also rig games, this is irrelevant. If they don’t, then what users can tell is a completely separate problem.

Yes, but I am asking to answer according to your own definition! I specified it, I quotes it, I wrote YOUR in caps, I can’t add flashing lights or I would.

You provided a definition, I am asking a simple question with that definition in mind.

According to YOUR definition, do legitimate casinos rig games?

Come on, how many more comments do you need to answer this simple query?

Your quote:

Here’s the definition I’m happy with. Legitimate casinos = established businesses in the casino industry Fake casinos = scammers Online casinos = legitimate casinos + fake casinos

You forgot already? A link to your own comment.

You have defined legitimate casinos as ones that don’t rig games.

I didn’t define shit, you defined legitimate casino as a partition of online casino.

Look what triple jump you are making to avoid saying a very simple thing: legitimate casinos, defined as YOU did (established businesses in the casino industry) don’t rig games. All because you can’t admit to be wrong :)

So, I will ask once again:

• do legitimate casinos, as in YOUR definition, rig games, according to you?

Yes or no question.

Yes. Not necessarily knowingly. Income from internet gambling is tainted.

I would argue with this point, but I won’t. It doesn’t matter, I accept the theoretical possibility of money laundering. For some reason I was mistakenly taking the top comment of this thread as your comment. I even quoted it several times and you didn’t note that that’s not your comment… my bad.

It’s YOUR definition ahahah I literally took what you said and I am asking a question.

YOU said, legitimate + fake = online. I asked to which you applied the answer and you said online. Now you are saying it doesn’t?

So, do we agree that legitimate casinos don’t rig games?

Also, you mentioned taking a cut to help laundering money, now you are retracting saying “are exposed”. No dude, taking a cut has intentionality behind, being exposed is a natural risk for any business which moves money. You claimed the first.

So, one last time:

• do legitimate casinos rig games?
• do legitimate casinos help laundering money?

So both legitimate and fake? In other words you believe that both legitimate and fake casinos rig games, both help laundering money and both fight against regulations?

It’s a simple question, show a tiny bit of good faith :)

P.s., have you read your own link?

The blacklisting reasons have to do with scammy customer support, lack of license, stealing money. They don’t even mention rigging games or laundering money, which is what you claimed :)

Answer the question, your definition doesn’t add much.

To which ones does your initial answer apply? Both legitimate and fake casinos?

It’s not a hard question.

P.s. I bet you wouldn’t be able to show me a fake casino if I asked. That’s because they are not a common problem. You are overinflating it to make your absurd definition more reasonable. But let’s not get into this…