Companies now block older browser versions

Now? This has been happening since the dawn of the web. At least the screenshot you pasted represents all of the big three rendering engines - it used to be common to see “Internet Explorer version XYZ required”, sometimes with javascript to prevent you from using the site with any other browser (even if in some cases it would actually work fine if you simply spoofed your user agent string).

I have used kinda retro devices to surf the web at times

Most websites became HTTPS-only sometime after the snowden disclosures in 2013.

Over time old versions of TLS have been deprecated and eventually support for them is dropped from browsers and web servers alike. So, a browser from even 15 years ago literally cannot connect to most webservers today.

Planned obsolescence is terrible but it’s a minor factor here: it’s actually dangerous to use even (especially?) a slightly-out-of-date web browser because every new release fixes vulnerabilities which can be exploited to run malicious code on your computer. The planned obsolescence which prevents people from being able to have an up-to-date browser comes mostly from proprietary operating system vendors; to have up-to-date software while continuing to use somewhat older computers you need to use free/libre software.

The 2021 paper OSRM-CCTV: Open-source CCTV-aware routing and navigation system for privacy, anonymity and safety says they published source code at https://github.com/Fuziih but I don’t see it there now (though there is a related project called cctv-exposure).

The final published version of the paper seems to be paywalled; it’s probably on scihub but there is also a preprint of it here on arxiv.

https://github.com/FNBIP/ghost-route (just 3 commits, from February this year) says it is inspired by the paper and “extended to a production-grade multi-mode threat routing system”. It’s a node app you run locally (there doesn’t appear to be a public instance currently) which would be nice if it could work offline but unfortunately “Offline mode with pre-downloaded OSM tiles” is still on the roadmap and it currently lists “A Mapbox GL JS token (free tier works)” as a requirement (which is probably why there isn’t a public instance - someone would need to pay mapbox if they wanted to run it for other people).

I have not tried it; if anyone reading this has or does please post here about how it works!

Is this something that websites opt into and add to their own site?

Yes.

reCAPTCHA is google’s “anti-abuse” service which many websites use to prevent slightly increase the cost of operating automated crawlers (which somewhat ironically google operates one of the largest of itself, for their search engine).

Before neural networks could solve CAPTCHAs reliably, spammers were solving them with human labor; solving services like anti-captcha.com (intentionally not a clickable link…) today use a mixture of automated and human solvers.

In the future google is apparently building, solving services will need farms of able-to-run-a-recent-android-release mobile devices with some kind of trusted computing hardware, each one of which they’ll have to use sparingly enough to keep usage of its unique ID under some plausibly-human threshold.

And even if you do have a phone and are willing to identify yourself with it, if it is too old to run a recent enough Android you also will sometimes be denied services for being unable to pass a robots’ “human” test.

🤮

I would guess not, given the other recent news about degoogled Android devices also being unable to pass reCAPTCHA.

Yep. But just providing a list of millions of URLs and saying “we trained on this” as some models in the past have done also didn’t make it possible to replicate; by the time anyone re-fetches them all, many of the URLs will inevitably have changed or disappeared.

identify AI that has used copyrighted material

but, that is basically all modern “AI”.

(the only LLM i’ve heard of which actually claims that its training corpus is freely licensed is Apertus…)

By the end of long workflows

Yes, this has been known for 10 years.

huh? the kind of “long workflows” this paper is discussing didn’t exist two years ago much less 10

some more coverage of this:

• https://www.independent.co.uk/arts-entertainment/tv/news/baftas-gaza-doctors-under-attack-speech-b2973944.html
• https://www.presstv.ir/Detail/2026/05/11/768412/‘We-refuse-to-be-silenced’--Gaza-doctors-documentary-team-denounces-BBC-After-BAFTA-win
• excerpt of the acceptance speech: https://www.youtube.com/watch?v=Vq90Tzwmpxo

Yep, Fastly the CDN company (doing HTTPS mitm-as-a-service for millions of websites) which Apple also uses (along with CloudFlare) for their similar iCloud Private Relay feature.

Unlike Apple though, Firefox’s new “built-in VPN” does not claim (falsely) to use different providers for ingress and egress.

iiuc Firefox uses Mullvad for original paid VPN service but their new freemium one is through Fastly (?)

Sadly there are none I can recommend wholeheartedly, all have various problems 😢

There are some controversial picks in there like Proton Mail or Brave. They do have a pretty wide adoption but have severe downsides. I’ll probably remove them again. What do you think?

here is a comment i wrote recently listing some of the reasons not to use proton. i’d also recommend against vivaldi (proprietary), brave (so many reasons), and everything in your messaging category besides matrix (and matrix also has lots of problems but it is the least bad of the ones you’re recommending). sorry that i don’t have time to elaborate right now (it’s a lot), but for the inevitable “what about signal” question see my comment here and more here.

ps. if you do use signal, consider adjusting your Who Can Find Me By Number setting (see that link for a fun implementation of the attack against signal users who leave it as it is by default). note that the same thing could technically be done in matrix too, albeit by matrix ID instead of phone number. 😬

pps: here are my comments about tuta 🙄

Funny that blog calls it a “failed attempt at a backdoor” while neglecting to mention that the grsec post (which it does link to and acknowledges is the source of the story) had been updated months prior to explicitly refute that characterization:

5/22/2020 Update: This kind of update should not have been necessary, but due to irresponsible journalists and the nature of social media, it is important to make some things perfectly clear:

Nowhere did we claim this was anything more than a trivially exploitable vulnerability. It is not a backdoor or an attempted backdoor, the term does not appear elsewhere in this blog at all; any suggestion of the sort was fabricated by irresponsible journalists who did not contact us and do not speak for us.

There is no chance this code would have passed review and be merged. No one can push or force code upstream.

This code is not characteristic of the quality of other code contributed upstream by Huawei. Contrary to baseless assertions from some journalists, this is not Huawei’s first attempt at contributing to the kernel, in fact they’ve been a frequent contributor for some time.

Wasn’t Huawei trying to put a Backdoor into linux?

as far as i know, that has not happened.

what makes you think it did?