Lack of rate limiting is a code vulnerability if we are talking about an API endpoint.
Not that discussion makes any sense at all...
Also, "not securing" doesn't mean much. Security is not a boolean. They probably have some controls, but they still have a gap in the lack of rate limiting.
Over nextcloud probably the e2ee. I suppose soon they will also integrate this better with email (like you can attach directly and save directly from email), so the seamless integrations with the rest of the products will probably amount to other benefits over time.
Until I can easily export the data, where is the vendor lock?
Vendor lock means that migrating away has significant cost or technical challenges.
Take this case: documents saved are first of all easily downloadable from drive (in bulk), and also exportable in markdown.
They change pricing/add features that I don't want/sell off the company (hard now that it's managed by a nonprofit but still) etc.? I make a nice bulk download and move everything in whatever other system I want. I can do the same for contacts, email (I use my own domains) and calendar. Basically, 1h + the time to download files and I am moved to another provider.
Can you elaborate in what you think the vendor lock looks like?
https://github.com/ProtonMail/WebClients/tree/main/applications
They use monorepo for the web clients, at least.
Here the mobile apps:
Public financing of the press, newspapers stopping being garbage and selling subscriptions like they have always done, pay per article (cents), donations. Just some ideas of economically viable alternatives. There are good niche newspapers which survive with such models, it's not like I am making it up.
I would say the opposite: advertising alone is not sustainable for the press because it creates wrong incentives (grab attention, clicks). This is why 90% of newspapers have the same garbage, short, generic articles. This is why you get rage baits, fake news etc. too, to some extent. So yes, you get websites online, but you get no information...
Also in Italy, but I think once the data protection agencies will get on it, it will be forbidden. It will take some time, but there is no way that's a legitimate use of consent.
The GDPR says that if you use consent as the legal basis for processing data, such consent must be free. This means that there cannot be consequences if you give or not give the consent. If there are, then the consent is not free anymore. Paying money for a service is absolutely legal, obviously, what probably is not legal is extracting your consent by offering you a discount (which is the flipside of "pay to avoid tracking").
I just wanted to specify a bit, not that you said anything incorrect.
Usually when hotels close past a certain time you can use a secondary entrance with your keys/card or at most call. Most hotels have a desk open 24h so this doesn't even apply.
Also, I really don't think Italians are generally rude. People are friendly, but also loud and warm, which often can be misunderstood. Assholes exist, obviously.
Good, let me give back the favour with all the violence threats and wishes. At least you are the only one in bad faith :)
Oh no, a comment in another context again interpreted from your US-centric view!
I mean, you think I care about your respect? A person who makes 0 effort in understanding other points of views (quite similar, ironically) and straight up insults and wishes death to others? Lol you are thinking way too much of yourself.
I also stand by every word of that comment, as the concept of white privilege doesn't apply everywhere (Italy has a completely different history and racial dynamic compared to US).
Again, you have a colonialist mindset, and you are completely incapable of accepting that the US cultural lens is not the only lens that exists and that won't apply to many. So tell whatever stories you want to yourself, shout as much as you can, but I am just explaining my views and providing cultural context (which has nothing to do with excusing or defending homophobia). You refuse to accept this context because you think that your perspective is universal. I will repeat it, colonialist mindset.
I am a security professional. I would personally not care less to make the distinction, as both are very generic terms that are used very liberally in the industry.
So I don't see any reason not to call this hacking. This was not an intended feature. It was a gap, which has been used to perform things that the application writer did not intended (not in this form). If fits with the definition of hacking as far as I can tell. In any case, this is not an academic discussion, it is a security advisory or an article that talks about it.