2. It says "for everyone" but looks like it might be Linux-specific, and it doesn't say anything about which OSes are supported.

Considering that I'm gaming on Linux, the number of competitors is pretty small and close to zero, I'm not sure why I should be forced to switch operating systems to support the "better platform".

I say this as someone who's been running Vortex/Skyrim modding on Linux years before there was official support for it and I'm kind of shocked honestly to hear that people are cheering for something I did so long ago (5 years to be precise) I hardly remember the time doing it.

This must apply to Firefox itself, right?

Why do you think google buys the rights to firefox's search bar (as a default setting)?

"The service is free. Am I the product?"

That is a valid thing to ask. Even with FOSS sometimes.

Some FOSS projects are backed by companies, then yes, plausible to ask.

Otherwise, I would answer with a clear no.

(Projects can still collect telemetry and other data and sell that, though the sell part should be very rare, imo...)

Edit: Was that a bad faith argument or a honest question?

Sometimes I can't tell, maybe because of old or ESL...

Crowd sourced Development and Quality Assurance for something multiple companies, governments and the military are using.

To give you an example. Try to use Google Search without sending your data to Google. You cannot use the product without it, you cannot opt out. Firefox, you can use just fine with Google not being your search engine.

It's not a binary toggle - firefox is selling you as a source of revenue for themselves. They're just not making it as extreme as it is possible to be - in the hopes that you don't switch away.

You can compare same situation with safari in iOS. Except google pays a lot more, since you cannot switch away in iOS as easily, and culturally there's more reluctance compared to firefox users. This makes google pay more for iOS traffic, as those users are worth more.

The sense in which you are the product on Firefox is that they want to maintain a large enough user base that search licensing is valuable enough to sell to Google.

Because I can change that default and still use the thing. That's how it's very different.

Typically when people say that when something is free you are the product. They mean that it's free because your data is being sold, implying that without telemetry it wouldn't be free. That's not the case here as far as I know

Google is paying Mozilla to be the default search engine. Google is only paying Mozilla because Firefox has users, regardless if they use the default search engine or not. So, indirectly everyone is the 'product'.

I'm sure if 95% of people did swap to ddg, then google may change their mind.

Also I believe there is the possibility Google also pays Mozilla to offer competition so Chrome isn't considered a monopoly (but maybe Edge has changed that to some extent?)

well, a benefit is a benefit. It doesn't really matter how it manifests does it? It's not a donation, as it is not altruistic.

I didn't say you being a product is bad - but it does not align customer with software company. You may be OK with being sold as a product to google, as this relationship currently isn't damaging. But what if a future offer which would damage you is taken by mozilla because it's profitable?

It's about giving up freedoms you might never get back, because it's not your decision anymore after giving them up.

Moral: don't give up freedoms for temporary gains. It never balances out in the end.

People do not generally believe a seat belt limits your liberty, but you're not exactly wrong either. But maybe in order to understand what they mean it's better to not play devil's advocate. So try an example like the NSA's mass surveillance. This was instituted under the pretext of keeping Americans safe. It was a temporary liberty people were willing to sacrifice for safety. But not only did find the pretext was wrong (no WMDs were found...) but we never were returned that liberty either, now were we?

That's the meaning. Or what people use it to mean. But if you try to tear down any saying it's not going to be hard to. Natural languages utility isn't in their precision, it's their flexibility. If you want precision, well I for one am not going to take all the time necessary to write this in a formal language like math and I'd doubt you'd have the patience for it either (who would?). So let's operate in good faith instead. It's far more convenient and far less taxing

1) Do they really? I honestly don't know, are there independent polls about this?

2) What makes them think they have any right to decide for other people's children? I would be OK with them genuinely thinking they need to surveil their own children but if 1) is true then there is this underlying need of people to control others and I am not OK with that. This is how minorities are suppressed and harassed - same mechanism, different target.

Sounds like they were asking authors for fiction, so probably plenty of them are.

If they had direct evidence that some author's instructions failed to ask for the case study to be fictionalized, I think they would have specifically said that. It's more definitive, and catches the journal in a lie.

I'm pretty sure what happened here is that:

1) The journal always asked for and thought they received fictionalized case studies.

2) It never occurred to them that they were presenting the case studies in a way that could be misinterpreted. (This is indefensible negligence, but I also understand how it could have happened "innocently".)

3) Once the issue came to light, they issues blanket corrections to every case study study to describe them as fiction because they asked for fiction and edited them all as fiction. (I.e., Didn't do any fact checking or independent confirmation, beyond medical broad strokes.)

4) At least one author didn't read the instructions carefully enough and sent in a real case study, which as the article says, wasn't caught by the editors during the review process. (And really, how would they catch it? If they thought they asked for fiction, they wouldn't be fact checking it.)

I actually think the disclaimer may be appropriate, even on the article that was written as a true story, if it wasn't reviewed as one.

Which they do. They specifically say that. “Neither the instructions for authors from 2010 — when Koren and his coauthor Michael Rieder would have written their article — nor the linked list of article types — state the cases are fictionalized, or fictional.”

“An archived version from September stated, ‘Each highlight is a teaching tool that presents a short clinical example, from one of the studies or one-time surveys,’ with no mention of fiction.”

These are direct quotes from the article. The exact kind you are asking for. With inline links to the archived documents. And yes it is very definitive.

> I'm pretty sure what happened here is that:

No need to speculate. Just read the article.

> 1) The journal always asked for […] fictionalized case studies.

This is false. As evidenced by the article.

But is it a security issue on copilot that the user explicitly giving AI permission and instructed it to curl a url?

Regardless of the coding agent, I suspect eventually all of the coding agents will behave the same with enough prompting regardless if it's a curl command to a malicious or legitimate site.

> Copilot also has an external URL access check that requires user approval when commands like curl, wget, or Copilot’s built-in web-fetch tool request access to external domains [1].

> This article demonstrates how attackers can craft malicious commands that go entirely undetected by the validator - executing immediately on the victim’s computer with no human-in-the-loop approval whatsoever.

This is the claim by the article: "Vulnerabilities in the GitHub Copilot CLI expose users to the risk of arbitrary shell command execution via indirect prompt injection without any user approval"

But this is not true, the author gave explicit permission on copilot startup to trust and execute code in the folder.

Here's the exact starting screen on copilot:

│ Confirm folder trust │ │ │ │ ╭─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮ │ │ │ /Users/me/Documents │ │ │ ╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ │ │ │ │ Copilot may read files in this folder. Reading untrusted files may lead Copilot to behave in unexpected ways. With your permission, Copilot may execute │ │ code or bash commands in this folder. Executing untrusted code is unsafe. │ │ │ │ Do you trust the files in this folder? │ │ │ │ 1. Yes │ │ 2. Yes, and remember this folder for future sessions │ │ 3. No (Esc) │

And `The injection is stored in a README file from the cloned repository, which is an untrusted codebase.`

The risk isn't solely that there might be a prompt injection, Copilot could just discover `env sh` doesn't need a user prompt and just start using that spontaneously and bypassing user confirmation. If you haven't started Copilot in yolo mode that would be very surprising and risky.

If it usually asks for user confirmation before running bash commands then there should, ideally, not be a secret yolo mode that the agent can just start using without asking. That's obviously a bad idea!

"Actually copilot is always secretly in yolo mode, that's working as designed" seems like a pretty serious violation of expectations. Why even have any user confirmations at all?

I think it's a valid observation that we can bypass the coding AI's user prompting gate with the right prompt. That is a valid limitation of LLM supported agentic workflows today.

But that's not what this article claims. The article claims that there was no user approval and no user interaction beyond initial query and that the copilot is downloading + executing malware.

I'm saying this is sensationalized and not a novel technical vulnerability write up.

The author explicitly gave approval for copilot to trust "untrusted repository". Crafted a file which had instructions to do a curl command despite the warnings on copilot start up. It is not operating secretly in yolo mode.

If the claim of the article is "Copilot doesn't gate tool calls with env", I'd have a different response. But I also have to mention, you can tune approved tool calls.