惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

Hacker News: Front Page

SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads GitHub - GainSec/AutoProber: Hardware hacker’s flying probe automation stack for agent-driven target discovery, microscope mapping, safety-monitored CNC motion, probe review, and controlled pin probing. Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Virginia Bans Sale of Geolocation Data Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Ancient DNA reveals pervasive directional selection across West Eurasia [pdf] AI cybersecurity is not proof of work Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. A Better Ludum Dare; Or, How to Ruin a Legacy GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent Codex Hacked a Samsung TV Tech Valuations Back to Pre-AI Boom Levels A perfectable programming language — Soter GitHub - halfwhey/claudraband: Claude Code for the Power User Partnership through Play: Investigating How Long-Distance Couples Use Digital Games to Facilitate Intimacy Textbooks and Methods of Note-Taking in Early Modern Europe (2008) Eternity in six hours: Intergalactic spreading of intelligent life (2013) Seven countries now generate 100% of their electricity from renewable energy Tell HN: OpenAI silently removed Study Mode from ChatGPT Pro Max 5x Quota Exhausted in 1.5 Hours Despite Moderate Usage Show HN: Oberon System 3 runs natively on Raspberry Pi 3 (with ready SD card) Tell HN: docker pull fails in spain due to football cloudflare block Bring Back Idiomatic Design No one owes you supply-chain security GitHub - xsawyerx/curl-doom: DOOM, played over cURL Apple update turns Czech mate for locked-out iPhone user The Grand Line Cache TTL silently regressed from 1h to 5m around early March 2026, causing quota and cost inflation Building a Z-Machine in the worst possible language The peril of laziness lost Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda AI Will Be Met With Violence, and Nothing Good Will Come of It GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The disturbing white paper Red Hat is trying to erase from the internet – OSnews NetBlocks (@netblocks@mastodon.social) The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong The FAA wants gamers to apply for air traffic control jobs Artemis II crew splashes down near San Diego after historic moon mission Why weekends are under threat We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Keeping a Postgres queue healthy — PlanetScale Serenity Forge (@serenityforge.com) Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? Uncharted island soon to appear on nautical charts The Problem That Built an Industry Fragments: April 2 Python Release Python install manager 26.1 Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Harness engineering: leveraging Codex in an agent-first world Apple Silicon and Virtual Machines: Beating the 2 VM Limit What have been the greatest intellectual achievements? The APL Programming Language Source Code
The United Nations runs Google
Alexander Hanff · 2026-06-25 · via Hacker News: Front Page

I have spent the better part of my life fighting for privacy - for the right of a person to control what is known about them, by whom, and to what end. It is a right the United Nations itself gave the world, in Article 12 of the Universal Declaration of Human Rights in 1948, and restated in binding terms in Article 17 of the International Covenant on Civil and Political Rights. I am a supporter of the UN, and of the architecture of rights it built across the last seventy-five years. I want to be very clear about that before I say anything else, because what follows is written out of respect for what the organisation is supposed to stand for, not out of any wish to see it diminished.

On AI accountability, the UN is right

The Secretary-General has been right to raise the environmental cost of artificial intelligence - the electricity these systems burn, the water their data centres consume, the carbon they put into an atmosphere we all share. I agree with the position completely. If anything I would like the UN to go further, to treat the whole of corporate environmental, social and governance accountability with the seriousness it deserves, and to hold the companies building these systems to a standard that matches their scale and their power. On the substance of what the UN is asking of industry, I do not disagree with a single word.

The problem is the hypocrisy

My problem is not the message. My problem is that the organisation delivering it does the very thing it condemns - on its own website, at enormous scale, using the very vendors it is demanding the rest of the world hold to account - and it does not so much as acknowledge that the harm exists.

I ran a forensic capture of the United Nations English-language homepage, https://www.un.org/en/, from an EU vantage point. The capture is cryptographically signed and RFC 3161 timestamped, so every figure below can be independently verified rather than taken on my word. What it shows is that the page loads Google Tag Manager, Google DoubleClick advertising infrastructure, YouTube tracking, and Google-hosted fonts and APIs - third-party services that profile the people who visit - and it does so with no consent banner of any kind. There is no consent mechanism on the page at all. Nothing is asked. Nothing is offered. The tracking simply runs, on every visitor, the moment the page loads.

Not bound by the law is not the same as free to ignore it

The UN is an international organisation. That is a specific thing in law - a body created by treaty between states, with its own legal personality, and with immunities from national jurisdiction set out in the Charter itself (Article 105) and in the 1946 Convention on the Privileges and Immunities of the United Nations. In practice that means a national data protection authority cannot serve the UN with an enforcement notice or a fine. The General Data Protection Regulation and the ePrivacy Directive, as instruments of national and EU enforcement, do not reach the UN in the way they reach other data controllers.

That immunity is a reason to hold a higher standard, not a licence to hold a lower one. An organisation that exists to create, maintain and champion human rights, and that lectures industry on responsibility, should be setting the bar for everyone else - not quietly availing itself of the very surveillance technologies that erode the rights it was built to defend. These technologies should not be on the UN's estate at all. They do real and documented harm to fundamental rights, and, as the figures below show, real and avoidable harm to the environment. By ignoring its own conduct while demanding accountability from others, the UN brings its entire moral authority into disrepute - and it does so at the expense of the rights it created and, given the context of the Secretary-General's own remarks, at a measurable cost to the climate.

The environmental impact

The method here is the same one my WebSentinel platform applies to any site, and the same one I have already set out in a formal environmental complaint filed in another matter. I measure the bytes actually transferred to load the page, separate the first-party content from the third-party tracking, and convert that tracking to electrical energy and carbon. By "the tracking" I mean the third-party services that, for any data controller the law actually binds, would require the visitor's freely given consent before they were allowed to load - consent the UN, as an international organisation, is not obliged to obtain, and here did not seek. The energy intensity of network transfer is taken as 0.06 kWh per gigabyte, the mid-band of Parssinen et al. (2018); the grid factor is 0.25 kg CO2e per kWh, the EEA / IEA EU-27 composite for 2024. I use a thirty-day month, and I extrapolate across the English-language site's traffic, which public estimators place in the region of 20 to 25 million visits per month.

Per single visit the page transfers about 6.29 MB, of which about 2.06 MB is third-party tracking of the kind that would otherwise require consent.

The avoidable footprint - that would-otherwise-require-consent portion alone:

English-site visits / month Energy (annual) Carbon (annual)
20 million 29,599 kWh 7.40 tonnes CO2e
25 million 36,999 kWh 9.25 tonnes CO2e

For reference, the full page weight across the same traffic runs to roughly 22.6 to 28.3 tonnes CO2e a year. The numbers above are deliberately conservative: they count only the third-party portion, they exclude end-user device energy, and they use the mid-point of the published range. The true figure is higher, and that is before a single one of the UN's many other pages, languages and subdomains is counted.

The privacy impact

The capture is unambiguous about what the page does to the people who load it, and it does all of it with no consent and no means to refuse.

The page reaches out to thirteen distinct third-party hosts, and loads executable third-party script from five of them - 160 third-party script requests in a single page load. The third parties are, almost without exception, Google: Google Tag Manager, Google Analytics (region1.google-analytics.com), Google's DoubleClick advertising infrastructure across three separate endpoints (googleads.g.doubleclick.net, static.doubleclick.net, ad.doubleclick.net), YouTube, Google Fonts and Google APIs - alongside Libsyn, a podcast and advertising platform, and a UN media CDN. This is an advertising and analytics stack, running on the website of the body that wrote the right to privacy into international law.

While that code runs, it interrogates the visitor's device. The capture records 342 fingerprinting events across roughly twenty distinct surfaces. Among them: the device's graphics hardware (WebGL), its battery status - an API browsers have been removing precisely because it was abused for tracking - its network connection information, its media devices, that is the cameras and microphones attached to the machine, its timezone, keyboard layout, client hints, permissions state, and the full navigator and screen profile. These are the building blocks of a device fingerprint - a way to recognise the same person again even when they have taken deliberate steps to stay anonymous.

The page also writes and reads storage relentlessly: 437 storage operations, including 44 cookies set and 228 cookies sent, plus localStorage, sessionStorage, IndexedDB, the Cache Storage API, and even window.name, a long-standing cross-context tracking trick. The third parties doing most of this are YouTube, with 140 storage operations, and Google Tag Manager with 23 - third-party code, writing and reading identifiers on the device of every UN visitor, who was never asked.

I want to address one surface specifically, because of who visits this site. WebRTC is a browser technology that can be made to reveal a visitor's true network endpoints even when they are behind a VPN. For an ordinary website that is a privacy problem. For a site visited by human rights defenders, journalists, and people reporting from hostile territory, it could be a matter of physical safety - the unmasking of a VPN could place a real person in real danger, and if the script doing it is a third party, the UN has no control over where that data goes. I checked for it specifically. On this page I found no WebRTC endpoint probing, and no service worker quietly running in the background after the visitor has left, and I am glad to be able to say so. But the deeper problem does not go away: the UN does not control any of the thirteen third parties on this page. It cannot read their code, it cannot vet their updates, and it cannot guarantee that none of them adds exactly that capability tomorrow. When you hand your visitors to third-party scripts, you hand over the people behind the screens - and not all of the UN's visitors are ordinary people, many are in a vulnerable class of one form or another.

What I am asking the Secretary-General to do

I call on the Secretary-General to pledge that, within 180 days, the United Nations will remove all third-party tracking, analytics, testing and advertising scripts, and all tracking beacons, from its websites - the entire online estate, not a single flagship page. At the scale the UN operates, this is not a cosmetic change. It is the difference between an organisation that practises the rights it preaches and one that erodes them, continuously, across millions of visitors a month, at significant and entirely avoidable cost to the environment the Secretary-General has rightly asked us all to protect.

Because the Charter demands it

I am not singling out the United Nations, and I have the record to prove it. In 2018, on the very day the European Data Protection Board's website went live, I filed a formal complaint against the Board, because its own site did not comply with the ePrivacy Directive or the GDPR - while openly acknowledging that the Board was not itself bound by the GDPR, but owed a duty of responsibility precisely because it is the body telling every company in the EU how important it is to protect personal data. It took several weeks, and the Board's first plenary meeting, before the matter was resolved and the Board accepted that it had to lead by example. On 1 October 2019, within two minutes of the Court of Justice handing down its judgment in Planet49 (Case C-673/17), I filed a complaint, because the Court's own website did not comply with the judgment the Court had just issued. I hold the institutions I admire to the standard they set for everyone else, and I always have.

Just because the rules might not apply does not mean the rules should not be applied. The United Nations Charter, in Article 1(3), sets as a founding purpose of the organisation "promoting and encouraging respect for human rights and for fundamental freedoms for all", and its preamble reaffirms "faith in fundamental human rights, in the dignity and worth of the human person". Privacy is one of those rights - the UN said so itself in 1948, and again in the Covenant. Convenience is no excuse for a corporate entity that loads these technologies without consent, and it is no excuse for an international organisation either - least of all one whose own founding document demands that it respect the very rights its technical choices are quietly undermining.