The announcement blog post linked on the bottom of the linked Turnstile page has some info on that

For Turnstile, the actual act of checking a box isn’t important, it’s the background data we’re analyzing while the box is checked that matters. We find and stop bots by running a series of in-browser tests, checking browser characteristics, native browser APIs, and asking the browser to pass lightweight tests (ex: proof-of-work tests, proof-of-space tests) to prove that it’s an actual browser. The current deployment of Turnstile checks billions of visitors every day, and we are able to identify browser abnormalities that bots exhibit while attempting to pass those tests.

Since Cloudflare published Turnstile I’ve hated Captchas even more, because Turnstile does it so much better. Captchas are such a hassle. One website I occasionally visit does not keep me logged in and then presents one of the worst captcha puzzle systems. Shitty captchas are a huge barrier.

Turnstile is, in almost all cases, one checkbox to click (I’ve never been challenged beyond that). All captcha puzzles should be replaced with Turnstile or similar simple (for the user to solve) tech.

we do so via a large-scale (over 3, 600 distinct users) 13-month real-world user study and post-study survey

results indicate that the website context directly influences (with statistically significant differences) solving time between pass- word recovery and account creation.

We explore the cost and security of reCAPTCHAv2 and conclude that it has an immense cost and no security. Overall, we believe that this study’s results prompt a natural conclusion: reCAPTCHAv2 and similar reCAPTCHA technology should be deprecated.

I wonder how many software devs and admins now weigh their morals. And how many reject to implement or not.

going on the main project

Sounds more like they’re just making sure the plugin is compatible on release of GIMP 3.0. It’s still a [separate] plugin.

Ah, sorry, I must have missed that when skimming.

https://gnucash.org/

“creating and bringing value requires secrecy”

or maybe stuff leaks and finds interest because it’s questionable in the first place

Is it open source? Another article I read earlier said R1 is open weight, not open source. This article only says the org uses open source practices. No other mention of “open”.

I’m surprised there’s not an evident fork yet.

Real issues and contributions aside; creating one plugin is not contributing to Wordpress core/itself. And if they make good money over many years, I would agree that that alone is not a proportional or very significant contribution.

The plugin was evidently significant. But doesn’t necessarily indicate overall contributions or proportionality.

I don’t see any mention of an ML assistant?

and then modify these using neutral prompts to meet a business goal (e.g., “increase the likelihood of us selling our product”).

Doesn’t seem much different from pushing/pressuring a human to meet a business goal like that.

Why does the repo have a different icon than the addon? Very confusing.

I’ve been using Gesturefy for many years. I’m making heavy use of next, prev, close, reload tab actions. Sometimes I use primarily keyboard, and sometimes primarily the mouse. Left or right hand, combined, or just one of the two. I love Gesturefy.

I stumbled over this video going over what’s in the leaked data dump (14 GB of text) and potential consequences (it’s pretty good/concise) [timestamped]: https://youtu.be/j84gB2cbNps?si=msCVMyQzdCaf-VHs&t=474

Before the timestamp is more info on how their platform works and how they got hacked.

It’s bad publicity. A failure to protect their customer data and people may cancel due to it or evade them in the future. It’s also an opportunity to report on or discuss their other criticisms.

I can’t speak for them; but it still seems like viable and productive activism to me, whether they do direct or indirect [monetary or personal] damage or not.

It’s not even a blow to his pocket if monthly pay continues. They modified the chat service, not their payment operations.

If it’s only email addresses and chat logs I wouldn’t call it doxxing either.

Damn pesky nose stealers! That’ll show 'em!

Why not?

What do you mean?