By your logic, then, you’re voting for normalizing rape, oppressive force, & slavery?

Maybe work on your logic: you’re conflating.

Your argument basically amounts to

1. Doing wrong is wrong.
2. So, pretending to do wrong (for stimulation & excitement between consenting partners & for likeminded enthusiasts) is wrong.

That’s a shit argument.

It is fantasy which isn’t support. You’re conflating.

People fantasize & act out fantasies of being abducted & raped with consenting partners: doesn’t mean they support actual rape. Some guys imagine & act out being subjected to oppressive sexual situations & others get a rush indulging their fantasies: doesn’t mean they support oppression, either.

Work on your cognitive dissonance.

A slippery slope is to argue pretense & fantasy inevitably lead to non-fantasy (such as real endorsement): a fallacy you commit.

Nope, it’s logically the same thing & and you’re doing some weird mental gymnastics pretending it’s not. It’s the basic formula of taboo + kink: not hard to understand.

You must have a sheltered existence. Kinky women in taboo, authoritarian uniforms dominating men is a genre common enough to just show up on porn sites without specifically looking: work-safe example.

i don’t want my candidates supporting nazis in any way shape or form engaging in deviant sexual fantasies

FTFY

Do other deviant sexual fantasies imply support of the fantasized subject? eg

• restraints imply support of illegal detention & coercion?
• rape-fantasy imply support of real rape?

mounting political pressure after a report tied him to a Tumblr blog that reposted Nazi-themed pornography and violent sexual content

fresh calls for his withdrawal from the race

kink-shaming

I don’t understand why you can’t read: (1) developer verification can be disabled, bypassed, or worked with, (2) you called it sideloading removal, which it isn’t.

You just don’t like the extra steps that limit the ease for ignorant users to install software known to be malicious that could have been blocked. I don’t like handholding my dumbass folks through preventable IT problems they created.

I don’t think you should comment on security if “open source” means anything to you

Anyone can look at the source, brah, and security auditors do.

For finding backdoors binary disassembly is almost as easy or hard as looking in that “open source”.

Are you in the dark ages? Beyond code review, there are all kinds of automations to catch vulnerabilities early in the development process, and static code analysis is one of the most powerful.

Analysts review the design & code, subject it to various security analyzers including those that inspect source code, analyze dependencies, check data flow, test dynamically at runtime.

There are implementations of some mechanisms from Signal.

Right, the protocol.

Can you confidently describe

Stop right there: I don’t need to. It’s wide open for review by anyone in the public including independent security analysts who’ve reviewed the system & published their findings. That suffices.

Do security researches have to say anything on DARPA that funds many of them?

They don’t. Again, anyone in the public including free agents can & do participate. The scholarly materials & training on this aren’t exactly secret.

Information security analysts aren’t exceptional people and analyzing that sort of system would be fairly unexceptional to them.

Oh, the surveillance state will be fine in any case!

Even with state-level resources, it’s pretty well understood some mathematical problems underpinning cryptography are computationally beyond the reach of current hardware to solve in any reasonable amount of time. That cryptography is straightforward to implement by any competent programmer.

Legally obligating backdoors only limits true information security to criminals while compromising the security of everyone else.

I do agree, though: the surveillance state has so many resources to surveil that it doesn’t need another one.

You misidentified your objection. It isn’t sideloading removal, which isn’t happening. It’s developer verification, which affects the sideloading that remains available.

Just because you don’t understand the value of verifying signatures doesn’t mean it lacks value.

I recall the same alarm over secureboot: there, too, we can (load our certificates into secureboot and) sign everything ourselves. This locks down the system from boot-time attacks.

I will never ever ever be able to get friends and family access to third-party applications after this change.

Then sign it: problem solved.

Developer verification should also give them a hard enough time to install trash that fucks their system and steals their information when that trash is unsigned or signed & suspended.

Even so, it’s mentioned only in regard to devices certified for and that ship with Play Protect, which I’m pretty sure can be disabled.

Google promised they would allow on-device sideloading

Promise kept.

their word means fuck-all and you know that

No, I don’t. Developers are always going to need some way to load their unfinished work.

Google will soon stop you sideloading unverified apps

unverified

ie, unsigned, so they are not

fighting tooth & nail to remove side loading too

Sideloading is still available: you can sign it yourself or bypass verification with adb as they documented.

Will Android Debug Bridge (ADB) install work without registration? As a developer, you are free to install apps without verification with ADB.

If I want to modify or hack some apk and install it on my own device, do I have to verify? Apps installed using ADB won’t require verification.

So, cool misinformation.

Are they?

I don’t think you understand anything you wrote about. Signal is open source, is publicly audited by security researchers, and publishes its protocol, which has multiple implementations in other applications. Messages are encrypted end-to-end, so the only weaknesses are the endpoints: the sender or recipients.

Security researchers generally agree that backdoors introduce vulnerabilities that render security protocols unsound. Other than create opportunities for cybercriminals to exploit, they only serve to amplify the powers of the surveillance state to invade the privacy of individuals.

For accessibility, yes.

The web can be & often is accessible. It’s a common industry requirement.

I think the blogger is more technical than they let on:

• understands how to write footnotes
• structures lists correctly
• runs their own blog with custom domain name.

I’ve known programmers struggle with markdown.