Interesting spam/phish technique: Look for subdomains with CNAMEs or SPF records that point to abandoned domains that you can then register…and effectively take control of the subdomain or SPF.

They haven’t seen any cases where it’s been used to host a phishing site at, say, an msn.com subdomain, but they’ve seen thousands of cases where it’s been used to pass email verification checks.

The article describing “SubdoMailing” gives a detailed example of a spam that made use of an msn.com subdomain that was used for a sweepstakes way back in in 2001, with a CNAME pointing to the long-abandoned domain name for the contest, but the subdomain was never actually deleted.

Lesson: check your DNS for any dangling references to outside domains that might not exist anymore!

I’ve been meaning to disconnect from Jetpack for a while now. This seems like a good time to do it, and to finally clear out the older Tumblr and WordPress.com blogs I don’t use anymore.

Tumblr and WordPress to Sell Users’ Data to Train AI Tools404 Media

It’s the kind of thing that you expect from Google or Facebook, or from any number of start-ups, but there’s been this sense that Automattic should know better — and with Tumblr being login-walled and ad-saturated, and the push to upsell in their WordPress plugins, and now this…it’s looking like they don’t.

I don’t think they’ve hit the “trust thermocline” yet, but selling user data is a pretty clear line.

As for AI access to the Firehose: My previous understanding of the firehose is that it’s basically an aggregation of what you’d see in a bunch of blogs’ public RSS feeds. Which, OK, fine. Analyze your heart out. Display my posts in your RSS reader. Just make sure private posts and comments don’t leak.

But LLM training isn’t the same as analytics, or showing a properly attributed post in a reader. And quietly changing the terms to allow more kinds of re-use on something most people using the service don’t know about? Not cool.

And not making it clear what is and isn’t included for which purposes? That breaks down trust.

Before this, I wasn’t worried about the Firehose. But now I’m not sure I can trust Akismet, never mind Jetpack, and I’m looking for a new spam filter.

Originally posted across several threads through my GoToSocial test site.

Update: Automattic did clarify that self-hosted blogs with Jetpack are not included in the training data. Only company-hosted blogs on Tumblr and WordPress.com. But I still uninstalled Jetpack from this site, just to be sure. Like I said, I’d been meaning to for a while.

Option 1: will do some things you want, and some things you don’t.

Option 2: won’t do anything you want, will do all the same things you don’t want that option 1 will do, has promised to do more things you don’t want, undo the things you wanted that have already happened, make it more difficult for you to even have these choices in the future, and has previously demonstrated that they’re willing to go through with all of the above.

And yet I keep seeing people say they’re the same picture???

Really????

It’s like…you need to hire someone to fix your heater. One contractor will fix your heater for the advertised price, but break some of your windows in the process and stop taking your phone calls. The other will rip out your entire heating system and your plumbing, and steal the copper phone lines to make it hard for you to call someone else (I know, outdated metaphor), insist that you broke it yourself and charge extra. And they’ll break your windows too.

A bunch of reviews point out that both of them will break your windows, so they can’t be all that different, right?

It would be great to find someone who would fix your heat without breaking your windows! But there’s a glass factory in town that wants more business and gives all the local contractors kickbacks, so your best bet for that is to hire someone from out of town…but they’re booked until summer.

So you can either go with the one who’ll break things even more, or the one who will fix some things and break others, and then deal with the breakage while you still have heating, plumbing, and a working phone.

The “bipartisan” immigration bill currently in Congress is a right-winger’s dream, but since Trump wants to run on anti-immigration, the GOP is suddenly opposed to it, arguing that it’s not draconian enough.

Nothing will ever be cruel enough for them, no matter how much Democrats do to appease them. Biden could do everything they asked for, and they’d still insist he was being soft on border control. They need it as a wedge issue. Appeasing them won’t win any points with their base, and it’ll alienate those on the left who want asylum seekers and immigrants in general treated like the actual human beings they are.

This bill is probably DOA at this point. But just in case, I sent a message to my rep advocating for more protections for asylum seekers, not less.