permabrisa

.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…

A federal jury just found Live Nation has operated as a monopoly and broken antitrust rules. Potential remedy is divesture of Ticketmaster (argument is Live Nation forces venues to use its ticketing service or else lose concert tours). Ticketing is cash cow: while only 12% of sales ($3B of $25.2B), it is 37% of operating profits ($1.1B) in 2025. Conversely, the concert division — which is world’s largest promoter and producer of live events (booking, marketing, logistics etc.) — does 83% revenue ($20.9B) but operating margin is tiny at 3% ($687m). The company dominates right now. In 2025, it put on 55,000 events and sold 646 million tickets (Ticketmaster sold 10x more than #2 service AEG). Live Nation will try to fight the breakup but industry will almost certainly end up more free-flowing. Fewer exclusive events and concert venues can shop other ticketing services. Just chill on the fees, dude. *** NYT on court case: nytimes.com/2026/04/15/art… Sherwood on business model: sherwood.news/business/the-d…