I know this happens with some frequency, I wonder how frequently the companies update the TOS with language like this. The very idea of a self-updating TOS that will govern all usage into perpetuity feels like it should have been legally stuck down years ago. This company's current language on indistinct modification rights:
> We reserve our right to alter the terms in this Agreement and/or the pricing information and method detailed in NightOwl app's website at any time. In case the Agreement is amended as described, we will post an updated version of it in our website, at which time it becomes active and binding.
> In case NightOwl app alters the Agreement in a way which will be deemed material to the relations and/or obligations of the parties by NightOwl app's sole decision, we will inform you of these changes on our website or via our social media accounts and other established communication channels.
Great, a website update for a locally installed application. Definitely going to subscribe to your social feed to get an update.
“In case the Agreement is amended as described, we will post an updated version of it in our website, at which time it becomes active and binding”
Several years ago, a friend entered into a contract with Comcast for business internet and phone service that had similar wording and no actual URL for the site. My instinct was that would be unenforceable and unconscionable, but you’d think Comcast legal would have thought it through.
Any lawyers out there familiar with this type of wording related to contract changes being posted on a website, particularly where no notice is given?
Could maps.me also be in a similar state? It used to be a good OpenStreetsMaps frontend and it was bought (possibly twice) by some investor firm to generate profit.
I don’t know what is the state of this app now. Does anyone know? What is the profit scheme (I suspect it might be similar to this one described here) and to which app would you switch instead?
> [Safeway] reserves the right to, from time to time, with or without notice to you, in [Safeway's] sole discretion, amend the Terms and Conditions for use and purchases regarding the online shopping services. Any amendment by [Safeway] will be effective only as to orders you place after [Safeway's] revisions of these Terms and Conditions as displayed on the Web site. [Safeway] will plan to notify you of any material amendments to these Terms and Conditions; however, it is your responsibility to review the Terms and Conditions before submitting each order. [Safeway] has no responsibility to notify you of any changes before any such changes are effective.
> Defendant argues that, at the time of their safeway.com registration, Class Members agreed to give Safeway the authority to change the terms of the contract without notice to them, by indicating that they agreed to the version of the Special Terms that are in effect at the time they make their subsequent orders. Defendant's version of the Special Terms states that customers agree to the terms "and the form in which they appear at the time your online transaction is processed." ECF No. 187 at 16-17 (emphases added). In order to complete their registration, Customers were required to manifest agreement to the Special Terms shown to them by clicking a link. Defendant contends that, as a result of users' agreement to this Special Term at the time of their registration, Safeway was not required to notify customers of future changes to the terms for those changes to become effective. Safeway contends that, because Class Members read the initial registration contract, every time they opted to go forward with an online purchase after registration, they were on notice that they were assenting to a new contractual agreement, governed by the Special Terms operative elsewhere on the website at the time of that purchase.
> The Court rejects this argument. The safeway.com agreement did not give Safeway the power to bind its customers to unknown future contract terms, because consumers cannot assent to terms that do not yet exist. A user confronting a contract in which she purports to agree to terms in whatever form they may appear in the future cannot know to what she is are agreeing. At most, this term in the safeway.com agreement could be read to indicate that a customer agrees to read the terms and conditions every time she makes a purchase on the website in the future. But the Court also concludes that, even in light of their agreement to the Special Terms at the time of registration, customers' assent to the revised Terms cannot be inferred from their continued use of safeway.com when they were never given notice that the Special Terms had been altered.
Thanks for linking to these. They are certainly in the right direction although they're a bit vague on how much notice to give:
> Even if Douglas’s continued use of Talk America’s service could be considered assent, such assent can only be inferred after he received proper notice of the proposed changes. Douglas claims that no such notice was given. (Douglas v. Talk America)
> But the Court also concludes that, even in light of their agreement to the Special Terms at the time of registration, customers' assent to the revised Terms cannot be inferred from their continued use of safeway.com when they were never given notice that the Special Terms had been altered. (Rodman v. Safeway)
Both cases seem focused pretty narrowly on situations where notice was not given. Is continuing to use an app after an update notification enough? Glancing over a GDPR-like popup? An email? I'd prefer an explicit opt-in to changes once they've occurred.
TLDR: it was bought, and the new owners inserted telemetry that potentially reported all the extension's user's viewing history back to them.
What the “speculated worst” is from that depends on your paranoia about such information gathering. Most likely the information was to be fed into various marketing databases.
Obviously the same information could be used for even more nefarious purposes, particularly for users in countries with very monitor-y governments and people whose governments otherwise want human-rights abusing controls over them (women in a number of US states for instance – in fact even if their local legislature is not acting on tjhat sort of information, unpleasant groups active within the state might be).
> The application … makes a lot of connections to [site], a website that sells tickets to live music events
This is a common use for residential proxies. Ticket touts buy use of the infected users to make requests to try beat restrictions on access from data-centre hosts or high-volume access from and other hosts, to increase their charge of getting valuable tickets for later resale.
A number of backdoored (by the creator, by someone cracking into their source repositories, or in this case by buy-out) free browser extensions, VPN apps, and such, turn the user's machines into a proxy like this.
NordVPN does this as well. Google and Amazon own large blocks of IP ranges for their cloud services, so it’s fairly easy to detect bots built on AWS and Google cloud.
On the other hand, Verizon also owns a large block of IP addresses that they give out to their residential customers.
NordVPN takes advantage of the fact that people like Netflix and Amazon don’t want to block out Verizon’s ip ranges, and disguise network traffic as residential traffic.
In an interview with TechRadar Pro, Tom Okman, the co-founder of both Tesonet and Nord Security, answered some questions regarding the relationship between Tesonet, NordVPN, and the plethora of associated online services the companies offer.
The founder of the guilty party is also the founder of the company behind NordVPN. From the article it also seems like the operational practices are similar. Additionally, it is stated by the CEO of the guilty party that operational activities will resume as normal since the suit is only for damages. Assuming that NordVPN operates in a similar way, then a residential proxy service is still on the menu.
I've never noticed unusual traffic from my machine using Nord, nor have I ever heard of that being the case. This is something trivially noticeable and measurable. Two companies having the same founder =/= the two companies operate remotely alike.
I use NordVPN (and their client software), and I don't see any such option. I'd be pretty furious if that were happening. I have not seen evidence of it... apart from some small requests to a few of their own weirdly-named domains (which I assume are to sync their proxy list), it doesn't look like there's any traffic going from my box to anything other than whichever of their servers I'm tunneling to.
Do you have a link to more information somewhere? I'd like to know more about what NordVPN is doing, if true. It's certainly not what their customers expect.
I agree with you if you're talking about tech savvy users. But I think NordVPN has enough users who don't know what's going on under the hood that they might not understand the implications of forwarding potentially copyright-hostile packets.
That blog post does not say that NordVPN uses customer VPN endpoints as proxy servers without the customer's consent. It talks about the possibility of setting them up, but the implementation is left to the customer.
I hate silent takeovers so much. Chrome developer extensions are another very popular thing for bad actors to buy out and replace with malware, and it sucks.
As a maintainer of a semi-popular chrome extension[1], I receive so many buy-out offers that I started publicly collecting them[2] for everyone to see.
That's the problem with free apps. Very few people want to donate, no decent company is interested in buying the app and making it profitable, so all that's left are the worst kind of companies who buy these extensions and apps to exploit the users.
All these free apps have value but unfortunately it doesn't translate to any income for the developer so they find other ways.
And their values are what exactly? They offer something for free with no reasonable expectation of compensation then rug pull by selling out. It’s hard to be sympathetic. If you want to get paid to write code then get a job writing code.
Conversely, since it's free do they not have a right to sell their app (even if selling it to someone evil is dickish) just as they have a right to decide to "update" it to remove well-liked functionality? Or just as they have the right to update it to add ads that support the dev of the app?
People/users will complain about all of these. I've especially seen people complain about ads; the only real issue I see is when there's no alternative to ads provided (ie subscription, pay a couple dollars to buy a copy of the app, etc). It's Google's mistake, tbh, as that's the common rhetoric with Youtube, people got it for free for too long to be happy with more ads. Blame the people who're uploading "120 hours of black screen" multiple times per day.
If the developer is well paid, probably not? Why would they throw away what they built for a lump sum if they have decent side-business and recurrent revenues?
For me, StackOverflow proved that literally everyone has a price. The world is hurtling full-speed towards the corporation-citizenship cyberpunk dystopia people have been writing for years, as every company buys up everything they can in order to stay "competitive."
Sure but they probably won't offer that much. What I mean is that the value of this app, despite being free, is not zero, but that's probably what the developer was getting. So even if he got 10K for it, he's happy and moved on.
The app originally set the desktop theme to dark mode or not. That’s not worth more than a single one dollar payment, if that.
If I want to do some shady app shit I am buying install base. 100x an app that makes a few grand a year could still be worth it for my nefarious purposes.
Seems like a developer that is getting literally nothing for his app or plugin is more likely to sell it than a developer that's getting some income from it. At the least, the buyer would need to match the current value that the app provides its author.
I mean, everyone's gotta eat. I think there's plenty of instances of someone building a tool that they personally find useful and then making that tool available for free, unsure of what the reception will be and not expecting a lot of users. But if that something does very well and finds a wide audience I think it's natural to try to earn a living from it. And, if the attempts to "monetize" fail (as they often do) and someone is offering a lot of money in a lump sum to take it off their hands, well frankly I think they'd be foolish not to take it. And if that arrangement happens to turn out poorly for the userbase, well hopefully that will be another small object lesson in paying for things you find useful, when politely asked.
(And yes, I'm aware that's a lesson that really should have been learned by now, if it was going to be learned at all. Alas.)
I think it starts with passion - he created some useful software, he shares it and initially enjoy working on it. Then he puts a donate link (I saw there was a donate link in the previous site), and gets almost nothing, but he still needs to add bug fixes, maybe new features, answer to the user's emails, etc.
After a while it becomes a chore... and still getting $0 out of it. And that's when he might want to find other ways to get something out of the efforts he put in. Unfortunately the only option is to turn it into malware since nobody wants to pay for it, or turn it into a decent profitable business.
I don't have a link handy but I distinctly remember Take Two, a giant corporation with billions in revenue, saying when they removed it from Kerbal Space Program that they promised to wait a while and be more subtle next time they did that.
It's a problem with "free as in beer" apps but not with "free as in freedom" apps.
When the packages are built from source code by a trusted distributor like Debian or F-Droid [1], this kind of change is likely going to be noticed by the packager and not let through to users.
ActionDash being bought by Sensor Tower comes to mind. One of the most invasive apps requiring insane levels of permissions (rightly so to perform system level functions) being bought out by an ad and data-selling entity seamlessly is absurd
<libertarian>
What's silent about it? It's right there in the TOS, which you agreed to by using the software. Caveat Emptor, and all that.
</libertarian>
<dictionary> silent: tending to speak very little: not loquacious <dictionary>
If the buyer alone was responsible, there would be no terms of service. It's only with community protections and regulations that you get the information required to attempt to make an informed choice. The same community should be empowered to drive normal ethics without it being overtaken by the 'drivers licenses are tyranny' crowd.
>> It is an alternative to the built in macOS automatic mode which only switches when the user steps away from the computer.
Huh? Setting a schedule/location for nightshift and setting the dark mode setting to auto will always change instantly. If you use a launcher or spotlight then a simple one line applescript can change the setting as well. (tell application "System Events" to tell appearance preferences to set dark mode to not dark mode).
I have the same experience. Dark mode automatically turns on way later than I’d like it to.
From the article:
"It is an alternative to the built in macOS automatic mode which only switches when the user steps away from the computer."
If I set up night shift, it will switch to dark mode at the time I set, but it also tints my screen (even subtly, if I turn the slider all the way down), which I don't care for as someone who does art.
I have never had any issues. Every single day I get the jarring shift as all the dynamically dark-mode-aware apps shift color schemes and realize that the sun must be setting.
It looks like Apple has revoked the developer certificate. Anyone know if there's a public log somewhere showing when it was revoked?
The app was blocked from loading, but I still saw the two dylibs running. I wondered if it was because the certificate was revoked after they had already started. However, logging out and back in still showed them running. Perhaps they're persisting through log outs?
As well, I got a prompt from the macOS firewall to allow the mentioned AutoUpdate binary to listen for connections. That makes me think all of this was deployed in the last few days.
Edit: A reboot gave me the `“NightOwl” will damage your computer. You should move it to the Trash.` dialog. Allowing that did not fully clean things up (leaving a non-functional `/Users/*/Library/LaunchAgents/NightOwlUpdater.plist` in place and the usual preference files). For me, Hazel cleans those up.
I think for non-technical users who may not be familiar with the terminal would be to direct them to reboot.
XProtect is separate from Developer ID certifcate revocation. In many cases, malware is not even code signed, so certificate revocation would do nothing.
> it does look like it was revoked in response to the original article, and not the other way around.
I was trying to figure out how long I had possibly been running the infected code. I was certainly in a state today where binaries were running with revoked signatures. What I couldn’t tell is if this state was only for a few minutes or hours, or if it was days or weeks.
If Apple only revoked the dev certificate (and possibly XProtect) today, that would make sense. But if it was revoked a ways back, then it would be concerning that it would require a reboot (with no prompting) for a regular user to fully kill the running background processes.
Actually, thinking about this further, if Apple had revoked the certificates before today, others would probably have noticed it and investigated given the “Move to trash” dialog and the strong assertion of “this is malware” in it.
This option wasn't available in 2018, when NightOwl was released. I had to test our application's Dark Mode implementation and NightOwl was super-useful then. I'm glad Apple made it easier to toggle dark mode in the interim.
Another very simple way is to make your own thing with the default Automator app.
* open up Automator and create new application
* select “change system appearance” and select toggle light/dark mode.
* save the ‘app’
Now, whenever you want to toggle light/dark mode, just open up spotlight and open up whatever you named the app.
There’s probably a way to do it with Shortcuts too.
If toggling between modes is all that is needed, it can be done right through BetterTouchTool. I just assigned a right-click+option+cmd globally for it and it works like a charm
There's gotta be some law that could be passed about stuff like this. Software should have an implicit contract that it does what it says and not something wildly different than it, with harsh penalties for violations.
Common licenses specifically go out of their way not to imply such a contract. This is the start of the all-caps portion of the MIT License [0]:
> THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO […] FITNESS FOR A PARTICULAR PURPOSE
…and the GPL has nearly the same text in section 15. [1]
Yeah, but also common licenses are set by the distributor. (which they're also evidently free to secretly change?)
I want the other side of the deal: a default license implicit in the existence of software that can't be traded away without an explicit contract that involves something like an exchange of money, which a federal agency will safeguard against violations of. If an extension changes its behavior nefariously people should go to jail. If Google safeguards an extension that changes it's behavior nefariously then Google should go to company jail. (or, like, be fined and forced to comply).
(admittedly, this is hopeless idealism. But still.)
I mean, contractual terms that are implied by statute exist. In English consumer contract law—which since 2015 has been extended due to the EU Consumer Rights Directive to cover digital content—includes an implied term that the goods are of satisfactory quality, and when it's a continuing service (including something like a digital content service like Netflix or Spotify, or a software product with updates), it doesn't radically depart from what's initially offered.
Most jurisdictions have something broadly similar (albeit often not quite up-to-date around software and digital products). Everywhere in the EU will have laws that implement the EU's Consumer Rights Directive.
Which is great and would apply if you'd paid money for it. NightOwl is free (as in beer). The expectations the law sets out regulating the sale of goods and services do not apply when no money has changed hands.
Which I'd argue is pretty much right: while it sucks that companies get taken over and have spyware crap put into products, the idea that, say, a teenager who is hacking around and building stuff to learn how to code, puts up a project they've made as open source or a freeware download, does something silly like the left-pad debacle, then gets sued—potentially by a big corporate behemoth with very deep pockets and very scary lawyers—for a series of acts which involved them writing some software for no money. Regulation of technology should rest far heavier on the shoulders of Google, Microsoft, Apple and so on than it does on a hobbyist or small indie dev creating freebie menubar utilities or Chrome extensions or whatever.
The difficulty of ensuring those little freebie and open source apps don't become a vector for supply chain attacks remains difficult. Much better sandboxing and OS app-level permissioning, good network monitoring and anomaly detection on a per-app level, and building trust into packaging/distribution processes - these are all slow, grinding, incomplete ways to improve this. Lawsuits probably aren't.
I mean UPnP is a horrible spec but it’s a stop gap for restoring the fundamental capability of internet-connected devices in residential settings. All p2p apps (Tailscale for instance) need to act as a server temporarily and allow incoming traffic. Without the capability you’re a second class citizen, so to say. It’s infantilizing the user.
Now, you can of course open the ports yourself, but this is inaccessible to the vast majority of users due to undiscoverable, inconsistent and complicated UX. Most people don’t know what a port is.
Let me tell you about family members that have a mac because "they don't want the hassle of a windows laptop". They also don't want the hassle of not having uPnP, that setting is going to be turned on whether you know better or not.
> Let me tell you about family members that have a mac because "they don't want the hassle of a windows laptop".
They are not wrong. E.g. It amazes me how much pain and suffering Microsoft expects users to endure just to use a printer. It is not lost on my stepmother that her Windows machine has endless problems setting up and printing to her Brother laser printer, but her iPhone just sees it without having to be told.
Printer companies sabotage printers. If you go through the standard Windows route (Devices > Add > Printer) you'll get most printers working quickly and reliably. In fact, if you plug in a USB cable, the printer will most likely Just Work (TM) after a few seconds of driver fetching.
They want you to use their shitty apps and shitty software, though. HP is the worst at this (they cover up the USB port, and will only allow you a limited amount of prints before you need the activate the printer through an app).
Windows has plenty of printer problems (like its print spooler that needs a serious security overhaul which would break loads of printers) but the worst of it only seems to show up if you follow the manual and install the crapware, including apps, that printer manufacturers want to shovel onto your devices.
Disabling UPnP makes your system more secure, but unless you also disable all NAT ALGs in your router, you're still exposed to its dangers.
I don't think most routers have a setting for that, so if infected devices are part of your security model, it would be wise to assume NAT is entirely non-functional because of [NAT slipstream attacks](https://samy.pl/slipstream/). An infected device can modify the router's NAT table to effectively act like UPnP, except they don't provide a user interface for you to audit.
If you're NAT free (i.e. only use IPv6) disabling UPnP can be a decent security measure if you're willing to manually do all of your firewall exclusions, but honestly host firewalls are the only reliable protection method for most people these days.
+1. I also have had it disabled for ages. What features am I missing out on? When I look at the UPnP docs it talks about uses for which I have other mechanisms.
VoIP and video calls have lower quality and higher latency without UPnP since this often forces webRTC to tunnel through a TURN server. Networks that have neither IPv6 nor UPnP are just broken
Or you could use STUN and just send packets to a peer. Or use v6. Or anything from RFC6544. The reason UPnP is popular is so many home router people implemented it. If you have a real router, you have more options. As I pointed out, I have a real router and talk to people who have real routers that support things other than a 2008 version of UPnP.
Which is to say, you do not REQUIRE UPnP for webRTC. But yes, if you have a crap router given to you by your ISP (looking at you, SBC and Comcast) then UPnP may be your best bet. My point is you don't NEED UPnP if you have a real router.
I should be saying... thx for bringing me up to speed on this. UPnP is obviously not something I spend a lot of time on.
"WHEREAS, NightOwl app enables Users to share internet traffic by modifying their device’s network settings to be used as a gateway for internet traffic. Additionally, the User’s device acts as a gateway for NightOwl app’s Clients, including companies that specialize in web and market research, SEO, brand protection, content delivery, cybersecurity, etc."
Fuck that with a chainsaw. Burn it. Burn it with fire.
So, usually I associate super-shady things with hiding the fact that they're super-shady.
I'm thankful, but also genuinely curious, why they put this explicitly in their TOS.
It just kind of seems to be like the kind of person/org who would implement this shady stuff in the first place, would also actively hide that they're doing it.
Is there a legal reason that protects NightOwl by explicitly putting it in the TOS? E.g. does this prevent them from being sued for any of it, where they could have been successfully sued otherwise? Like it's technically do to all this shady stuff but only as long as it's in your TOS?
I'm not a lawyer, but the terms of service are an agreement with the user, so yes. They're not hiding anything because then they'd get sued.
If they didn't disclose "this shady stuff" then the user can try to resolve their dispute via remedies stipulated elsewhere.
Really there are several ways they could have gone about writing this agreement. This is probably the simplest for everyone. This is also how the bigger orgs write their agreements. They state their intent and you have to agree or fuck off.
The badly written agreements (what you were expecting) are less honest and try to explicitly have the user waive some rights entirely including any remedies in or out of court, but those can usually be deemed unenforceable because they violate established rights and precedent rulings.
Also not a lawyer. I'd think there's a level of interpretation to the enforceability of a given clause if it's not adequately exposed or is unconscionable in fairness. I'm guessing it's not so easy as clickwrap = rock solid contract.
Sure if a majority of users expect apps to not steal your data or misuse your internet connection.
Sadly this isn't the case anymore. The layperson is distrustful by default and can only rely on the more astute to blow a whistle. Even a judge would just say to not install apps that aren't critical to your everyday life and be done with it. Nobody has the time to swat at flies.
I'm curious to know why this is any more or less shady than an app that uses ads to monetize? Those ads use a ton of bandwidth and share a ton of information about you? If they're just passing some packets through your IP for web scraping what's the big deal?
Bright Data offers an SDK for app developers to monetize their apps this way (https://bright-sdk.com). Maybe I am naive but this seems exponentially better than monetizing by sharing every tidbit of information Google and FB can get about me as I move through the web. Genuinely curious why this is so negative?
I’m no lawyer but my guess is that the bar is so low for what’s actually legal- and no one generally reads these EULA’s- that it’s easier just to have it in there.
The bar is intentionally low "for what's actually legal".
You really don't want the government interfering with the implementation details and business models of software products. That's a really bad road to go down.
The problem is really a lack of inspiration for both the dev and user. In this case someone made a trivial tool and didn't know how else to monetize it than being a scumbag and exploiting social norms and good will. The user also decided to use something that's dumb and not worth risking making any agreement with any entity at all.
Situations like this are where free software excels. Things that are inconsequential in premise should stay that way in practice.
A lot of "free" VPN apps do the same thing and I haven't heard of any of them getting in legal trouble. It's kinda like running a tor exit node except most buyers just wanna borrow the user's IP to scrape sites that are otherwise impractical to scape with just a captcha solver due to aggressive blocking of non-residential ISPs and heavy rate limiting.
> does this prevent them from being sued for any of it, where they could have been successfully sued otherwise?
As I understand it, anyone can sue anyone for anything. What matters is convincing a judge/jury that you have been wrongfully harmed by the defendant. So if someone can make a good enough case for damages stemming from this data collection, then they can successfully sue.
This doesn't prevent them from suing, but it makes their case significantly weaker if the defendant can argue that the user agreed to have their data collected.
I guess "modifying their device’s network settings" is already covered under whatever permissions we had to give it to perform the original task of switching on/off dark mode? That's a bummer. Would be nice if app permissions were more granular if that's the case.
And this is the risk that operating system developers run when you take away features or you don't develop features that your userbase wants.
Look at the amount of Start Menu modifiers there are out there for Windows. All because Microsoft keeps on changing the start menu. Why? I don't know. I just want to get rid of the Recommended section, but I'm not allowed to.
Last night I got a notification that advertised Game Pass to me. I angrily clicked on manage notifications and there’s a notification source called “Suggested” that somehow was turned on. That was the last straw for me. I go through so much diligence setting up my browser’s ad block, only for the OS to bypass all that.
For now “Suggested” is turned off and I disabled all notifications for good measure, but I don’t know how much longer Windows will allow that. I don’t intend to find out.
> <snark>Hah! 4 downvotes! That's all you can muster! Come at me, bro!</snark>
AFAIK, 4 is the maximum number of downvotes that will be recorded for a single post. It's possible I'm wrong, but occasionally I write things that do not receive universal adulation and never has one gone below -4.
How So? I mean, NightOwl doesn't have an arrangement with your ISP, they have an arrangement with you.
I'm not sure your ISP is going to delete your account because you didn't know some app was doing something shady. If the standard is every app user has to know what each app does under the hood, then there's going to be a lot of people who won't be able to match that standard.
No but you could be SWATed because someone sold child porn through your IP.
Regardless of how you can prove your innocence, it can be traumatic for you and your family, you can say goodbye all your computers and phone, you'd have to deal with the gossip from neighbours and relative and possible social exclusion, and possibly your couple/mariage as well.
Their TOS essentially just says "Don't use the app"
> NightOwl app cannot be held responsible in any circumstances for Shared traffic fees or any other costs the User may incur in accordance with agreements with their internet service provider. The Application use might be prohibited or restricted by the User's service provider or applicable laws. The Application may not be compatible with all service providers' policies and regulations. The User should confirm the ability to use the Application with their service provider.
are you kidding? of course they will. back in the early days of the interwebs, it was not unheard of to have the ISP block your account when your machine got hacked from malware and used your box/connection as a SPAM server. From they, consumer ISPs just block that port. They've also added terms about not running servers on the consumer connection. While your server would have to be using a lot of bandwidth to get noticed, it is part of their terms that you agree to.
So yes, they will absolutely suspend your account until they are satisfied the usage is in alignment with their expectations.
> Isn't this sort of what the web is for? Service providers give you shiny objects for free and in exchange you give them complete access to your digital life.
If you made it clear you were being sarcastic, you wouldn't be getting downvoted.
Yes this is what many businesses want you to think. The web isn't for anything in particular besides general communication bound only by the laws beyond the first amendment.
Sarcastic? Not really. But I do see I am violating H. L. Mencken's rule: Never argue with a man whose job depends on not being convinced.
I sell to customers who purchase my goods. I'm not trying to sell my company to a VC whose using it to suck up ad dollars. My customers are my users, your customers are VCs.
If you're commenting on the difficulty of policing the intarwebs, I heartily agree with you.
If you're saying CD230 doesn't exist, I encourage you to rejoin consensus reality. But if you're trying to say CD 230 is in need of review, I would heartily agree.
I don't think I was attacking people, but will defer. In less inflammatory prose, let me say:
There is a problem on the net that is exacerbated by funding models which seek to use free services to do "bad" things. The Ad-Driven model has problems that the needs of the end user are often not considered paramount, but instead the needs of the advertiser are. After all, they're the ones paying the bills. Print newspapers famously had this problem, balancing the interests of editorial and advertisement.
Furthermore, there are people on HN whose enterprises are funded by ad revenue. I worry they (and their investors) err on the side of the advertisers rather than on the side of the users when there is a conflict. I doubt there are many here who would go to extremes such as enrolling customers iPhones into botnets, but there is always that temptation. What if you were a couple weeks away from laying everyone off and a shady partner sidled up to you and suggested such a move. I believe it would be a moral crisis for any entrepreneur: shaft your customers or shaft your business, its investors and its employees.
I am lucky to operate from retained earnings and (at least for the time being) could firmly reject such an offer. I appreciate that I am probably in the minority in this respect.
I bemoan the current state of affairs where so many entrepreneurs could even conceivably be tempted by such a Faustian bargain (without asserting the majority are.)
I am ensaddened that experiments like Bitcoin seem to have devolved into ponzi schemes rather than effective micropayment vehicles. Such a platform could conceivably open up new business models which would allow entrepreneurs to ignore this particular devil.
> What if you were a couple weeks away from laying everyone off and a shady partner sidled up to you and suggested such a move. I believe it would be a moral crisis for any entrepreneur: shaft your customers or shaft your business, its investors and its employees.
That is the difference between ethical and unethical operators
Kind of off topic. But is there any app/service/extension for parsing these TOS with an LLM to catch all these shady things? If not, would one be useful? (I’m also a bit surprised this is in the TOS in the first place, but theres already a thread about that.)
Could be useful. Though people might as well do it themselves? I just pasted the whole thing to chatgpt and told it to summarise it into bullet points.
Related, this just brought back the memory of the Southpark episode ‘Human centipad’ where people accept the iTunes T&C without reading them :)
If anyone is looking for an alternative, I have been using my script below for two years without any issue.
--edit--
I do not know how to format code here.
--edit--
Another attempt to format code here.
# Step 1
Save script below to your local drive. For example, `/Users/xxxx/Documents/Scripts/DarkMode/darkModeWatcher.sh`
#!/bin/zsh
# ref: https://unix.stackexchange.com/a/526097
# start time is 18:33 -> 18 * 60 * 60 + 33 * 60 = 66780
# end time is 07:33 -> 07 * 60 * 60 + 33 * 60 = 27180
# install gdate via `brew install gdate`
if [[ $(uname -m) == 'arm64' ]]; then
secsSinceMidnight=$(( $(/opt/homebrew/bin/gdate +%s) - $(/opt/homebrew/bin/gdate -d '00:00:00' +%s) ))
else
secsSinceMidnight=$(( $(/usr/local/bin/gdate +%s) - $(/usr/local/bin/gdate -d '00:00:00' +%s) ))
fi
if [[ $secsSinceMidnight -lt 27180 || $secsSinceMidnight -gt 66780 ]]; then
# turn on dark mode
osascript -e 'tell app "System Events" to tell appearance preferences to set dark mode to true'
else
# turn off dark mode
osascript -e 'tell app "System Events" to tell appearance preferences to set dark mode to false'
fi
# Step 2
run `crontab -e` and add script below
# cron job for enabling macOS dark mode periodically
# darkModeWatcher script is executed 60s after reboot. After that, it is executed at 35 mins of each hour if the display is not asleep.
# replace xxxx with your username
@reboot sleep 60 && /bin/zsh /Users/xxxx/Documents/Scripts/DarkMode/darkModeWatcher.sh >> /Users/xxxx/Library/Logs/systemDarkModeWatcher.log 2>&1
35 */1 * * * if [[ -n "$(/usr/sbin/system_profiler SPDisplaysDataType | /usr/bin/grep 'Asleep')" ]]; then newDisplayStatus=0; else newDisplayStatus=1; fi && if [[ $newDisplayStatus == 1 ]]; then /bin/zsh /Users/xxxx/Documents/Scripts/DarkMode/darkModeWatcher.sh >> /Users/xxxx/Library/Logs/systemDarkModeWatcher.log 2>&1 ; fi
FYI... last time I tried, I could get the equivalent of a HTML <PRE> block by putting two spaces at the beginning of every line. Here's an example. Each line was indented two spaces:
#include <stdio.h>
int main() {
printf( "Bonjour, totes le monde!\n" );
return( 0 );
}
Looks like it worked. It looks like it's rendering with a mono font.
Because the expansion of the wildcard needs to happen with the privileges granted by sudo. If you just ran "sudo rm ..." the expansion would be done by the current shell, which doesn't have the required privileges.
Normal users have r-x on /Users, but for that wildcard to work, they would need r-x on /Users/foo, /Users/foo/Library, and /Users/foo/Library/LaunchAgents, for every "foo" user in the system.
For that exact command, yes. But if `/Users/*` by itself can be expanded without root you can construct the list of files to delete without needing the `zsh -c`. Eg `for d in /Users/*; do sudo rm -f "$d/Library/LaunchAgents/NightOwlUpdater.plist"; done`
It's a minor point overall. I was just checking if MacOS had something else going on with its file permissions.
Apple is locking down macOS more and more, and yet there is no built in feature like Little Snitch or LuLu neither in MacOS or iOS. So basically they don’t mind apps spying on you, as long as it is approved by Apple.
In 2018, I contacted the developer and tried to purchase this app. He turned me down, and seemed like he wasn’t in it for the money. Seems like he picked the wrong buyer when he did finally sell out.
I did a small Automator action that just switches dark mode on my computer, and I activate it with the cmd-alt-shift-P hotkey; it’s truly convenient and there’s no need for a third-party :)
Nice writing style. Straight to the point because the author actually had something useful to say. A nice departure from the usual ‘pad it out’ approach that sadly you even see people take for their personal writing. So many people will lament recipe authors including 6 paragraphs of preamble, but will happily do it when they’re telling you about how they pwned their toaster or whatever.
When it gets down to brass tacks, I.e. the technical details section, it could really do with a once-over. One too many run-on sentences.
This makes me really weary of all apps more generally. How many other apps are doing this crap already and just haven’t been noticed / called out for it yet?
An interesting other-side of this, a Chrome add-on dev published how they continuously receive monetary offers from the kind of organisation that does exactly this:
"The application, at least the time of writing, and the installations I’ve been made aware of, makes a lot of connections to https://stubbs.frontgatetickets.com/, a website that sells tickets to live music events for a restaurant in Austin, TX."
Yes, the OS function works fine.
Haven't used the app in a while, just had it still installed.
I just found this by searching for "proxy-gw1-europe.squidyproxy.com" which seemed odd when I found it in my .ssh/known_hosts file.
ah, i just used squid on my own linux server recently for a weird use case. A client of mine gave me access to https://foo.com/thing only from one ip. And I didn't want to give them my normal desktop ISP ip because it changes so I gave them my static cloud linux VM ip. But it has no gui. So I wanted to use the webapp from my desktop. I installed squid and set it as my proxy server and did tail -f thelog and OMG the amount of requests just my normal browser makes to all sorts of weird stuff!
NightShift is different (but somewhat related) functionality: it adjusts the color profile to be warmer/reduce blue light. Both can be scheduled to correspond to time of day[light] however.
As a side note I want to mention that I use Night Shift on mac os and every day!!! I need to switch it back on because there is no option to leave it enabled all day long.
Are you talking about Night Shift, to change the white balance of your screen to be more yellow, or Dark Mode, which can be turned on permanently without scheduling?
It sounds like you’re trying to schedule Dark Mode to stay on all the time, which can be accomplished by choosing “Dark” in System Settings-> Appearance in Ventura or later, or in System Preferences-> General in Monterey or earlier.
Thanks for clarifying! You can modify your display so it looks that way all the time by changing the white point. Most designers use 6500K but you probably are looking for something near 3500-4000K. You can do this by calibrating your monitor to create a new custom display profile. Hope that helps!
Apparently the perpetrator who sold out their users to the highest bidder is named Benjamin Kramser and they even freely admit the deed on their homepage! (https://www.kramser.xyz/)
I’m sure an LLC named TPE.FYI is going to have good intentions with a closed sourced, free menu bar app that’s a gloried AppleScript any junior developer can build in a day.
> We reserve our right to alter the terms in this Agreement and/or the pricing information and method detailed in NightOwl app's website at any time. In case the Agreement is amended as described, we will post an updated version of it in our website, at which time it becomes active and binding.
> In case NightOwl app alters the Agreement in a way which will be deemed material to the relations and/or obligations of the parties by NightOwl app's sole decision, we will inform you of these changes on our website or via our social media accounts and other established communication channels.
Great, a website update for a locally installed application. Definitely going to subscribe to your social feed to get an update.