zlacker

[parent] [thread] 2 comments
1. TheDon+(OP)[view] [source] 2020-04-22 03:07:36
Your feigned "maybe you can help me?" reads more like sealioning than like a genuine lack of understanding.

However, sure, I'll humour you. A "signed and expiring token" is not sufficient because then a single attacker could use that token to try 1000s of cards before it expires.

Thus, you need a unique token, and wherever you store that unique token (to invalidate it, akin to a database session), you can optionally store the mouse movements or not. The association still exists. A unique token isn't functionally different from just sending the data along in the first place.

replies(1): >>snowwr+K7
2. snowwr+K7[view] [source] 2020-04-22 04:21:12
>>TheDon+(OP)
I think he/she is being very patient with people who don't seem to have a good understanding of the law they're citing.
replies(1): >>lucb1e+6E1
◧◩
3. lucb1e+6E1[view] [source] [discussion] 2020-04-22 17:25:47
>>snowwr+K7
Really, you read that as being patient? To me it seems to be an obvious attempt to rub the person they're replying to entirely the wrong way while feigning ignorance.

I would flag it as attempting to trigger others if each reply did not also contain one or two constructive sentences.

> with people who don't seem to have a good understanding of the law

"People" had a fine understanding of applicable PII law, but the person clarified (in between a bunch of bullshit about how godforsaken sorry they are) that they were talking about some USA thing specifically and not the broader definition.

[go to top]