AI 资讯
Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US
The ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers treated a flawed face-recognition match as a near-certain ID.
开发者
IP geolocation with zero external APIs, the Cloudflare Workers cf object
When I built whatsmy.fyi , I assumed I'd need a geolocation provider: MaxMind, ipinfo, ip-api, pick your poison. They all mean the same thing: an external dependency, an API key, a quota, added latency, and someone else's server seeing your users' IPs. Then I found out Cloudflare Workers makes the whole category unnecessary. The cf object Every request that hits a Cloudflare Worker carries a request.cf object, populated at the edge before your code even runs. No lookup, no latency, no key. Here's what's inside: { asn : 34984 , // ISP's autonomous system number asOrganization : " Superonline " , // ISP name city : " Istanbul " , region : " Istanbul " , country : " TR " , continent : " AS " , isEUCountry : undefined , // "1" if EU, undefined otherwise latitude : " 41.01380 " , // string, not number! longitude : " 28.94970 " , postalCode : " 34000 " , timezone : " Europe/Istanbul " , colo : " IST " , // which CF datacenter handled this clientTcpRtt : 12 , // user's RTT to the edge, in ms httpProtocol : " HTTP/3 " , tlsVersion : " TLSv1.3 " , tlsCipher : " AEAD-AES128-GCM-SHA256 " } That last group surprised me most: you get the user's HTTP protocol, TLS version, and actual TCP round-trip time for free. Try getting that from a geo API. A complete IP endpoint in ~30 lines export default { async fetch ( request ) { const cf = request . cf ?? {}; const ip = request . headers . get ( " CF-Connecting-IP " ); return Response . json ({ ip , city : cf . city ?? null , country : cf . country ?? null , isp : cf . asOrganization ?? null , asn : cf . asn ?? null , timezone : cf . timezone ?? null , lat : cf . latitude ? parseFloat ( cf . latitude ) : null , lng : cf . longitude ? parseFloat ( cf . longitude ) : null , protocol : cf . httpProtocol ?? null , tls : cf . tlsVersion ?? null , rttMs : cf . clientTcpRtt ?? null , }); }, }; That's the entire backend. No database, no GeoIP file to update monthly, no vendor. The gotchas (learned the hard way) 1. Coordinates are strings. lati
AI 资讯
Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations
The organization claims that the FIFA tournament could have impacts on the rights of local people and visiting soccer fans in all three host countries.
科技前沿
Mapping Every Flock License Plate Reader Near US World Cup Stadiums
Most US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? These maps will help you.
科技前沿
Soccer Fans, You’re Being Watched
From anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of surveillance tech. Here’s what you need to know.
AI 资讯
I built 50+ developer tools that run entirely in your browser — here's why privacy matters and how I did it
Every week I open a new browser tab and search for something like "json formatter online" or "jwt decoder" or "regex tester". And every week I land on a site that: Shows me three ad banners before I can see the tool Requires me to create an account to "save" my work Is quietly uploading my payload to their server That last one bothers me most. Developers paste real things into these tools — JWT tokens with live user data, passwords they're about to deploy, private keys, internal API responses. Most people assume these tools are "just a webpage" and nothing is being sent anywhere. Often that's not true. So I built SnapTxt — a collection of 50+ developer utilities that run 100% client-side. No backend. No account. No tracking. Your data never leaves your browser. What's in it The toolkit covers the things I reach for most often: Data & text JSON formatter, validator, minifier, diff, tree explorer SQL formatter XML formatter YAML → JSON, CSV → JSON converters Base64 encode/decode, URL encoder, hash generator Auth & security JWT decoder & generator RSA key generator bcrypt generator x.509 certificate decoder Password generator Images Image compressor Image format converter Image to text (OCR via Tesseract.js) SVG to PNG, favicon generator, code-to-image Frontend / CSS Regex tester CSS gradient generator, box shadow generator Color converter Mermaid live editor HTML live editor, HTML to Markdown, HTML to JSX Cron expression builder And more — word counter, text diff, unix timestamp, lorem ipsum, QR code generator, markdown to PDF, and a collection of Australian and NZ business number validators. How it's built It's a Next.js app deployed as a fully static export to Firebase Hosting. There is no server. Every tool runs in the browser using: CodeMirror 6 for editor-style inputs Tesseract.js for OCR (runs a WASM binary in a web worker) Chrome's built-in Prompt API (Gemini Nano) for the AI explain features in JSON, SQL, and JWT tools — meaning even the AI inference is on-dev
AI 资讯
Meta will use your activity on other websites to personalize your feeds
Meta is planning to use the data shared by other businesses to personalize your feed and its AI responses. In a blog post on Tuesday, Meta explains that it already uses your off-platform activity, like the games you play or your purchases on other websites, to serve you ads. But now it's expanding the scope […]
AI 资讯
Privacy by Design in Your API: How to Collect Less Data Without Breaking UX
When developers think about privacy, they often think about legal compliance, consent banners, or policy pages. But privacy starts much earlier than that, at the API layer. Every time your backend asks for a phone number, date of birth, location, or optional profile field, you are making a design decision. If you collect too much data by default, you increase risk, reduce trust, and make your system harder to maintain. The good news is that privacy by design does not have to make your product worse. In many cases, it makes your API cleaner, safer, and easier to reason about. Why collecting less data matters The more data you collect, the more you have to protect. That means more storage, more access control, more breach risk, more compliance burden, and more user distrust if something goes wrong. A developer friendly privacy approach is simple: Only collect what you need to deliver value. Bad pattern: collecting everything up front user_profile = { " name " : " Amina " , " email " : " amina@example.com " , " phone " : " 07000000000 " , " dob " : " 1995-01-01 " , " address " : " 123 Main Street " , " location " : " Lagos " , " gender " : " female " } This kind of structure is common in early stage products. The thinking is usually: let us ask for everything now, just in case we need it later. But just in case is not a good privacy strategy. Better pattern: collect only what is required def build_profile ( name , email , phone = None ): profile = { " name " : name , " email " : email } if phone is not None : profile [ " phone " ] = phone return profile user_profile = build_profile ( " Amina " , " amina@example.com " ) print ( user_profile ) This is small, but the principle matters. Optional data should stay optional unless it is truly needed. Use explicit field validation Instead of accepting a giant payload and filtering it later, validate the exact fields you expect. ALLOWED_FIELDS = { " name " , " email " , " phone " } def sanitize_payload ( payload ): return { k :
AI 资讯
Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.
创业投融资
Massachusetts votes to pass new privacy rights bill that bans sale of precise location data
The bill is expected to blanket-ban companies and startups from selling people's precise location data across the state.
AI 资讯
🚀 Rebuilding My Android App with Jetpack Compose: The Mailfo v2.0 Journey
Hey DEV community! 👋 I just completely rebuilt and launched Mailfo v2.0 , an privacy-focused temporary disposable email app for Android[cite: 1, 2]. The first version got the job done, but it lacked the fluid user experience, offline reliability, and sleek UI that modern mobile apps need. I decided to tear it down and rewrite it from scratch using Jetpack Compose , Room DB , and modern Android architecture[cite: 1]. Here is a breakdown of what went into the rebuild, why privacy tools like this are essential, and what's new[cite: 1]. 🛡️ Why Use a Temporary Disposable Email? We’ve all been there: you want to download a single source-code snippet, test a new app, or sign up for a one-time service, but you don't want your primary inbox flooded with endless marketing spam[cite: 1]. A disposable email address acts as your personal buffer[cite: 1]. It protects your personal data, prevents tracker exposure, and keeps your real inbox clean[cite: 1]. ⚠️ Pro-tip: Mailfo is designed strictly for low-risk temporary email needs[cite: 1]. Do not use disposable email addresses for banking, legal accounts, or primary account recoveries[cite: 1]! 🛠️ The Tech Stack & Architecture Upgrades Moving from version 1.0 to 2.0 meant migrating away from legacy views to a fully declarative UI workflow[cite: 1, 2]. UI/UX Architecture: Built entirely with Jetpack Compose for smooth performance, a modern look, and native Light, Dark, and System theme switching[cite: 1]. Navigation: Implemented an intuitive bottom navigation system dividing the app into distinct Home, Inbox, and Profile tabs[cite: 1]. Caching & Offline Stability: Integrated a local Room SQLite database to cache inbox summaries and message data[cite: 1]. This guarantees instantaneous screen transitions without annoying network loading spinners[cite: 1]. ✨ Key Features in Mailfo v2.0 Custom & Random Email Generator: Instantly spin up a completely randomized address or build a custom email username using multiple searchable domains[ci
AI 资讯
Why I stopped pasting into online Fake Data Generator tools
Every online Fake Data Generator tool I used had the same quiet flaw: whatever you paste gets POSTed to someone's server. For a Fake Data Generator, that paste is often exactly the sensitive thing — a token, a config, an API response. So I built Fake Data Generator to not do that. Generate fake names, emails, UUIDs, addresses — custom columns, CSV/JSON export. 100% browser-side — and it runs entirely in your browser, so there's nothing to send and nothing to breach. You don't have to take my word for it: open DevTools → Network, use the tool, and watch the tab stay empty. One HTML file, View-Source-able. https://faker.platotools.com/ It's part of platotools.com — a set of single-purpose, client-side dev tools. Feedback and edge-case bug reports very welcome.
AI 资讯
Using SSH Tunnels to make up for lack of HTTPS on LAN
If you've been running local models/apps across more than one machine for any length of time, you've probably noticed that everything is served over plain HTTP, whether its the backend llm apis, the front end sites, or whatever other stuff you've tossed in: most of it is HTTP-only out of the box, no TLS option anywhere in sight. On one machine thats usually fine since its all loopback, but the second you spread apps across a few different computers ( which some of us do ), every prompt and every response starts crossing your LAN in plaintext. Is plaintext on your own LAN a huge deal? Honestly... a lot of folks would say it's probably low risk. But the moment you've got guests, other people's phones, or random IoT junk sharing that network, your prompts and the models responses flying around in the clear are more exposure than you'd probably be comfortable with if you sat down and thought about it. So, with that said- I figured Id write up how I've dealt with that, because the textbook answer ( certs ) is annoying enough on a local network that I think a lot of folks just dont bother. This is a lot easier, especially on something like a mac where you can make sure it kicks off automatically via launchd . Why not just do TLS The "correct" answer is to put TLS on everything; HTTPS everywhere. And you can. But walk through what that actually means on a home network full of mixed machines: You stand up your own little CA, then sign a cert for each host ( unless you want to deal with some code just straight up rejecting the cert ). You install and trust that CA on every client. Every browser, every OS trust store, and ( this is the annoying one ) every app that ships its own trust store and ignores the system one. Plenty of python and node apps do that. A lot of these local LLM apps dont even expose a TLS option, so to add it you front them with something like nginx or Caddy, which is now another moving part on every box ( Setting up Caddy is what convinced me to go this
AI 资讯
Crypto-Funded Chinese Peptide Labs Are Booming
Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more.
AI 资讯
Congress still can’t decide what to do about warrantless surveillance
The deadline to reauthorize Section 702 of the Foreign Intelligence Surveillance Act is coming up a week from now on June 12th, and legislators seem no closer to reaching a deal. If this sounds like deja vu, it's because we've been here before. Congress reauthorized Section 702 in late April - but only for 45 […]
AI 资讯
What happens when your phone is confiscated at the airport
Even if you've done nothing wrong, it's never a good idea to hand your phone to the cops. But international travelers at American airports often have no choice - even if they're US citizens. When Minnesota labor organizer Janette Zahia Corcelius returned home from a three-week trip to Europe in late April, she was detained […]
AI 资讯
Your AI Vendor Says 'Trust Us' with Your Data. There's a Better Option.
Your AI vendor says "trust us" with your data. At the end of June, ByteDance's Doubao (豆包) officially ends its free tier and starts charging for API calls. The discussion in developer communities quickly shifted from pricing to a different question: all this data flowing to cloud AI services every day — where exactly does it go? Around the same time, NVIDIA spent significant stage time at GTC 2026 presenting the full-stack confidential computing capabilities of the Vera Rubin architecture. Jensen Huang's message was clear: future AI chips need to keep data encrypted throughout the computation process, making it inaccessible in plaintext to anyone — including the cloud service provider. Two signals pointing to the same trend: data security in AI services has moved from "someone mentioned it once" to "you need to answer this directly." The Data Path Through Cloud AI Is More Complex Than You Think Most developers have a simple mental model of cloud AI: I send a request, the model returns a result, and my data is gone. The actual data flow is more involved. A typical cloud AI call touches these steps: Request data travels over HTTPS to the service endpoint The service may queue the request while waiting for GPU allocation During inference, input data exists in plaintext in server memory After inference, whether inputs/outputs are cached or used for subsequent training depends on the provider's privacy policy Logging systems may record request metadata or partial content At each step, data is potentially accessible. Providers typically say "we don't look at your data" and "your data won't be used for training" in their privacy agreements. These are contractual commitments. You need to trust that they'll honor them. This is the "Trust Me" model. Trust Me vs Verify Yourself If you roughly categorize data protection approaches in AI services, two paradigms emerge: Trust Me Data leaves your device and is processed by a third party. The provider guarantees security through co
AI 资讯
Your memory, your data: read, edit, export, delete
Most AI memory features are a black box. The assistant remembers things about your users, but you...
安全
Filtr is a new privacy tool that blocks ads in almost every iPhone and Mac app
This popular ad blocker app for iPhones, iPads, and Macs can now block ads from loading inside apps, including web browsers, thanks to a new feature in the latest Apple software.
AI 资讯
Elon Musk tries again to escape FTC audits of X data handling
Musk can't be trusted to protect X user privacy, public commenters warn FTC.