There were two different scenarios called out in the article, and the summary:

1. Information which Facebook has on people who are Facebook users, which they have not provided to Facebook and is not shown on their profile (but which Facebook may have gathered as part of a shadow profile for the user) but is targetable by advertisements

2. Information which users have provided to Facebook for purposes other than updating their profile, which is not shown on their profile, but is still targetable by advertisements

Actually, no, "Google Authenticator" is just an app which implements the OATH TOTP protocol (a.k.a. RFC 6238). There are several other implementations out there, and they're pretty much all compatible.

It's possible (although I don't know if Google's app does so) for the generator application to be a purely offline app with no external access whatsoever.

It functions essentially like one of the old RSA SecurID tokens - an offline token generating 6 or 8 digit time-based id numbers.

I think we're missing the key point of TFA - Facebook knows stuff that it claims not to know.

Here's the scenario they played out:

Alice and Bob have an offline transaction, and as some part of it, Alice gives Bob her landline phone number.

Alice has a Facebook profile, but never links her landline phone number to it.

Bob buys a Facebook ad, targeted to Alice's landline.

Alice sees the ad.

Except there's a difference between not being paid for your time off, and your salary going down permanently due to taking time off. If you lose x% of your future salary (because you lose y% of your customer base) every time you took a couple of days off, then you're going to be in a very different place than someone who loses two days of pay for two days off.

Failure to even speak with recruiters can lead to an employer hiring only friends of staff, via word of mouth networking.

Or, you know, advertising the jobs and selecting candidates based on the CVs submitted by the applicants themselves. Online job sites, newspaper classifieds for jobs, and community support agencies for the unemployed all allow an employer to find potential new hires from outside their immediate network.

Assuming that any of what you said was true, how would anti-Russian propaganda which does not mention your president hurt your president?

Good clarification.

• At a minimum, you are only obliged to give it to users who get the binaries from you, at the time of binary distribution, BUT
• if you choose to distribute it via a separate offer instead of at the time of binary distribution, then that adds an extra obligation to make it available to any third party (for gpl2) or any third party who has the binaries (for gpl3).

Umm, a "spectrometer" measures the radiation "spectrum".

Source code does have to be distributed with only minimal genuine costs of distribution to anyone who has received the binaries from you .

Important distinction.

As the grandparent pointed out, you haven't solved anything.

Even if the plugin is only allowed to insert valid css into the page, it can send information back to any site on the internet, by using css properties which take url values, including background. The ability to send data to an arbitrary server is implicit in the ability to inject css into a page.

Like the iPhone?

Unsurprisingly, the technology focuses on security more than anything else.

The way things are in this industry at the moment, that is incedibly surprising to me...

Sounds good.

What unit of length would you use for a right triangle with the two shorter sides of length 1 metre (or 1 yard, if you prefer)?

I can't scale sqrt(2) metres to make it an integer...

Solar power won't work in the arctic circle, so it's doomed?

So you're saying he's gambling 2.6 billion dollars on the notion that the company won't be bankrupt in ten years?