You can get free profile decorations these days from watching ads (discord “orbs”). It would be interesting to know how many of those users have the nitro subscription badge next to their name
> We did a lot of experiments to try and get more people to look at the new page or new content
Is that what "best" sort is doing when browsing a specific subreddit? Occasionally I'll notice some crappy 1 minute old post on my feed that's out of place and realize the sorting was reset to "best" instead of "hot" instead
"Best" may include some new posts, I actually haven't checked, but the thing that stands out to me is how old many of the posts are. Ever since Reddit made "best" the default sort on the app I notice that any new subreddit I go to will show me at least some posts from more than two weeks ago. It's really baffling that Reddit seems to think it should be preferred over "hot".
I was going to comment I've never seen this before. Then I went to a subreddit and it hit me that I only use old reddit, which lacks the "best" feature.
I'm not sure why people tolerate the new reddit website. It is so slow, busy, and chock full of ads. When I open it on the phone you are straight up missing a lot of discussion comments, so it is broken too. You click a comment it looks like it has no subcomments under it. You click the permalink opening that comment thread in a new window, and there's still no subcomment under it. Now you prefix old. to the url, now you see the subcomments.
Makes me wonder how much discussion there is that is just not observed at all by a good fraction of the site who browses these same threads. Two universes on the same post.
I prefer the new design because the text is readable on my phone, and it has a native dark mode. I don't see any of the ads because I use an ad blocker.
Also, I have no idea what you mean about the comments thing. I can immediately see all comments other than the ones that have been collapsed due to having negative karma.
I don't know how else to describe it beyond what I've already done. Are you sure you are seeing all the comments? Have you tested with a post? I don't use the app fwiw. Only tested with the mobile website and it has been like this for years.
I still use old.reddit.com on the phone. Works fine with pinch and zoom. Super performant too, loads in a fraction of the time which is necessary with mobile connections and spotty coverage. I just saw the native reddit app for ios at least is like 450mb. WTF...
I don't use the native apps. They are bloated, disgusting messes. I just messed around with old.reddit and compared it to new reddit for around thirty minutes. I noticed no performance differences, and I noticed no discrepancy in comments. I don't know what to tell you. The only time I see fewer comments is when I use an incognito window, but that's just because it's not logged in.
I open this link on my iphone and I only see the top comment by /u/TallGreenhouseGuy. Below that comment, there is a link to "more replies" but it loads this exact same page with only the parent comment, no child comments. Below the parent comment, is just random reddit threads, absolutely random, along with ads. Top 3: post from /r/ghanacitizen (I am not in africa no clue how that is there....), ad from cerave for oil control shampoo, then a link to some thread in /r/learnprogramming.
I agree, and I previously used a 3rd party app myself (Reddit Is Fun). The sad thing is that I actually completely understand why they shut down the free API access. The AI bot scrapers are absurdly aggressive, and bandwidth isn't free.
Mostly its what you get equity from. A consumer coop you may pay a one time fee for voting rights. A demand coop gives you equity everytime you shop or buy from a coop business that you coop either owns or gets benefits from.
In this case your demand coop might buy REI using the funds your contribute to its wealth fund, while REI you might only just be able to get items for cheap from being a member and the ability to vote on new products.
> On January 3, 2022, the jury found Holmes guilty on four of the seven counts related to defrauding investors: three counts of wire fraud, and one of conspiracy to commit wire fraud. She was found not guilty on four counts related to defrauding patients
> Everything that relies on a data connection will no longer work. This includes things like over-the-air updates as well as Toyota cloud-based services and SOS functionality
I hate how this is a trade off. It’s totally possible for cars to broadcast their location only if the SOS is pressed or the crash sensor is triggered, but it feels like there’s no way to have that without also having everything else.
> In 2022, Carelon settled a lawsuit for $13 million that alleged the company, then called AIM, had used a variety of techniques to avoid approving coverage requests. Among them: The company set its fax machines to receive only 5 to 10 pages.
Who are the people who sleep at night after designing these policies?
Get 10 black market cats for free, now 11 cats own you for a total net worth of 11X.
That's even before considering the compound effect of each cat owning a human worth 11X, which means you can divest from 1 cat for 11X, and still be worth 110*X.
The system basically works like xAI shares. Don't look too close into it.
There you go, here are your 1,000 shares for $0.0001.
Everybody! Pay attention now! Only 22,999,000 share tokens are left, and due to gchamonlive's massive transaction, the liquidity pool is moving fast, and a share/token is now worth $150,000. Don't miss out, act now!
> He fueled the nonprofit’s growth partly through unorthodox fundraising. Tessellations offered parents a deal: pay half their tuition as a donation for a tax write-off. “Lawyers say, ‘Please don’t do that,’” Stanat recalled, “I’m like, ‘But is it illegal?’ ‘No, not illegal.’ ‘OK, great, we’ll do it.’”
This structure is not an unusual in education, especially in institutions where the tuition is smaller component of the cost and you are expected to give much more than that.
A donation to the trust, or even an endowment is typical for the other component . If the institution is non profit depending on the part of the world you can claim tax benefits, or even in the tuition itself .
Accounting and tax is not always black and white . At times more riskier clients may choose more aggressive practices either expecting on not being audited or be able to defend it with expensive experts if they are.
It isn’t exactly. They created a list of known extensions by their id and a file which is known to exist in that extension. The site iterates over each pair and tries to load that file, if it doesn’t error it knows the extension is installed. It’s a clever and difficult manual process, but it does bypass the security trying to prevent this kind of thing.
I read that their reasoning is it exists to block users that use known scraper extensions which bypass their terms of use. But don’t entirely buy that.
This is how I interpreted the original question and indeed it makes no sense, JavaScript from a website should not be allowed to interact with extensions like this.
It's actually the extension injecting itself into the webpage, often to interact with it. (I imagine much of this is just looking for global ExtensionName objects.)
Actually, the article is clear about what is happening technically, and it’s both. Chrome does, in fact, allow the page to make requests for resources stored in the extension bundle, and this is one of the two fingerprinting methods that the article describes.
I agree, and this is why I built 404. If you poke around the page a bit, you'll see a tool that prevents browser fingerprinting.
404 catches JS calls in JS proxies and returns mocked-up values (assigned by a profile), it also has protections against TLS fingerprinting, canvas fingerprinting, device enumeration, TCP/IP fingerprinting, HTTP header fingerprinting, and more.
The predatory practices that browser fingerprinting have enabled guised behind "fraud protection" are atrocious. Even with a VPN, even in incognito mode, a website can track me and see what I've been doing EVEN IF ITS NOT ON THEIR SITE.
Then a data broker buys all this data and uses an AI model to put it all into a pretty little package and sell it to Google, or the gov't, or something. It's scary.
Because extensions can and often do contain stuff like images or JS bundles that they inject into a target page's DOM. Not allowing a tab's context to load files from the chrome-extension:// namespace would break a lot of things.
True, but you'd expect the same CORS rules to apply for extensions.
Only pages originating from an extension are by default able to load resources from said extension.
Chrome exposes these files via a URL that you can fetch in javascript like you would any other file on a normal website. These local extension files usually contain code, styles or images that your browser needs to run the extensions.
CORS is a server setting to tell the browser not to load its data from potentially unsafe origins. If you set a server to send access-control-allow-origin: *, then your browser will happily load these resources for you regardless of where you currently are. And chrome extensions need to be loadable from everywhere to be able to inject code or images into pages, so enabling CORS for them would defeat their main purpose. The extensions themselves might even need to bypass an existing CORS setup for the website you are currently on to fetch additional data.
From the other end, yes extensions access all page data, but pages shouldn't access extension data at all; it feels like that should be the CORS violation.
You have it backwards. For an extension to work on a page, it's data/code needs to be accessible from said page. If your extension server in chrome enforced CORS to prevent access from tabs on other websites, extensions wouldn't work anywhere.
"Chrome extensions can expose internal files to web pages through the web_accessible_resources field in their manifest.json. When an extension is installed and has exposed a resource, a fetch() request to chrome-extension://{id}/{file} will succeed. When the extension is not installed, Chrome blocks the request and the promise rejects.
LinkedIn tests every extension in the list this way."
Is that information available to websites? I figured they were doing some kind of novel hackery to self-detect extensions based on behaviour that would only happen if X extension was installed.
But that would be a lot of work for 6,300 extensions. Unless someone offers that as a service?
Well, just because LinkedIn still tries to send the requests on Brave doesn't mean the blocking doesn't work. The question is whether any request will give a valid response.
That said, I can't find conclusive info on whether this is blocked exactly. Brave does block "plugins" (which is why I assumed this includes this specific kind of fingerprinting), and the getExtension() call (which is probably unrelated), according to this page: https://brave.com/privacy-updates/4-fingerprinting-defenses-...
But since they don't explicitly mention the chrome-extension URL, you might be right.
reply