>Do we want, at a time when Russia is considering the UK as an enemy, to be providing all our personal details to a server in Moscow?<p>Depends how good the search is. Google doesn’t seem to want to provide me proper results anymore, even very basic image search tasks on google now net you only about 20 results all of which are wrong or useless. Yandex image search actually works.<p>If you don’t want me to use the Russian tech that helps me get my job done then roll back the Google Search codebase 10 years to when it worked as well as Yandex does today. (Only partially joking)
Folks are focussing on the Russian part of this. But Yandex just happens to be the one whose source code got analyzed; you can safely substitute "Google" or "Facebook" or any of the other various behavior advertising companies here. They're all doing similar things and it's terrific to have such a detailed analysis of how it works.<p>Wired has a good summary if you want something more like a mainstream press article: <a href="https://www.wired.com/story/yandex-leaks-crypta-ads/" rel="nofollow noreferrer">https://www.wired.com/story/yandex-leaks-crypta-ads/</a>
Context: Yandex is in the news right now because a couple of days ago its cofounder and former CEO Arkady Volozh was caught trying to hide his Russian past [0], and today he finally issued a public statement condemning the war [1], almost 1.5 years after the full-scale invasion began.<p>[0] <a href="https://kz.kursiv.media/en/2023-08-07/co-founder-of-yandex-erases-russia-from-his-biography-and-reflects-on-kazakhstan/" rel="nofollow noreferrer">https://kz.kursiv.media/en/2023-08-07/co-founder-of-yandex-e...</a><p>[1] <a href="https://www.reuters.com/article/ukraine-crisis-yandex-volozh/yandex-co-founder-volozh-slams-russias-barbaric-invasion-of-ukraine-idINR4N36T02J" rel="nofollow noreferrer">https://www.reuters.com/article/ukraine-crisis-yandex-volozh...</a>
Another example of political language from the article, in addition to what was described in a sibling comment:<p>> Do we want, at a time when Russia is considering the UK as an enemy, to be providing all our personal details to a server in Moscow?<p>Not "at a time when the UK considers Russia as an enemy". There is something of a Russell conjugation here.
> jdangu
> co-founder Confiant
> Kaileigh McCrea, Privacy Engineer<p>> jdangu on Aug 4, 2015
> We (ClarityAd) do this for major ad platforms. We use a mix of static and dynamic analysis to assess risk.<p>Fuck off. And since you here, you might tell us all how much you get incentive by aligning with U.S. owned Ad platforms, that also align with U.S. national interest to smear foreign tech giant Ad business?
>what I’ve found is both fascinating and deeply unsettling.<p>I see nothing unsettling, unless one considers Google, Microsoft, Meta, Apple.... unsettling too (which I do, but then I don't act surprised and unsettled by a non-US company doing what everyone else is doing).
> Do we want, at a time when Russia is considering the UK as an enemy, to be providing all our personal details to a server in Moscow?<p>I think I am safer with Russian govt having access to my data vs my local govt having access to my data.
The name of the Yandex taxi service that shares data with Russian FSB is Yango: <a href="https://en.wikipedia.org/wiki/Yango_(ride_sharing)" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/Yango_(ride_sharing)</a><p>In EU, it's registered in Amsterdam so the responsible authority is Dutch data protection authority, who should force the service to shut down.
I would also be quite worried of Telegram, with their lack of default encryption, and a bit suspicious unblocking in Russia in 2020[0].<p>[0] <a href="https://www.independent.co.uk/tech/telegram-russia-ban-lift-messaging-app-encryption-download-a9573181.html" rel="nofollow noreferrer">https://www.independent.co.uk/tech/telegram-russia-ban-lift-...</a>
I feel like this whole neo-cold war against China & Russia was never put up for a vote. Where can I vote against it?<p>Please, let's all just get rich together. Governments democratize over time - the UK wasn't a democracy when it started out but over 1000 years of governance transitioned into being one. I suspect it will be much faster nowadays, but in the meantime - please no war.
> but they’re still going to be very unique and therefore uniquely identifying (likely more so than before because of the entropy the hashing algorithm adds).<p>Surely hashing something can't add entropy? Assuming the hash output is smaller than its input, in the general case I'd expect the hash to have less entropy than its input.
Kind of funny to see how quickly authoritarianism can destroy something that was profitable and usable. I used to use the image search sometimes when google was failing miserably and it worked pretty well. I'm afraid to visit there now as it's not unlikely they could inject a virus into your system.
Great content. Just some feedback for the webmaster: it’s annoying when you scroll up one line of text and the header nav inserts itself into your view frame on mobile. I wish the header nav was not sticky / popup!
So what's the action items? How do we identify apps that include that Yandex SDK (apart, obviously, from those that have Yandex in their name)? How can we block sending any data to Yandex or to Ruzzia in general?
Since this is taking off, Confiant is hiring in engineering and security to work alongside Kaileigh on projects like this. jerome at confiant. Pardon the plug.
Funny how news loves to refer to russian companies as "giants". Russian oil "giant", search "giant", etc. Just an amusing fact.