2005: Don’t trust anything you see on Wikipedia.

2025: Don’t trust anything you see online unless you saw it on Wikipedia.

White man, with glasses and goatee, smiling.Jason Lefkowitz
@jalefkowit@vmst.io

About the password leak of 183 million Gmail accounts

In the same vein as the “phones that will stop running WhatsApp” beat, Brazilian news sites seem to have found a new evergreen click source for tech desks imported from Forbes’: millions of leaked Gmail passwords.

There is, in fact, a database of that type circulating online, created by an undergraduate student in the United States. Troy Hunt, who runs Have I Been Pwned, a breach repository, analyzed the data and found that “only” 8% of the passwords — about 14 million — are new. That makes sense, given the database was glued together by aggregating entries from multiple sources and prior breaches.

The main takeaway from a story like this isn’t “your Gmail password may have leaked,” but rather that “any of your passwords could leak at any time.” Not to spread alarm, but to encourage awareness of good digital security practices.

Which ones? For this situation, mostly these two:

  1. Use a password manager. It makes easy creating and retrieving strong, unique passwords for each service.
  2. Enable two‑factor authentication (or two‑step verification). It can be integrated with the very same password manager for easier adoption. In a breach, the second factor blocks unauthorized access even if someone has your password.

You can check whether your passwords have leaked by entering your email at Have I Been Pwned. If it shows up, there’s no need to panic: change the password and enable a second authentication factor. Google explains how to do this for Gmail.

Many people were surprised to learn on the 20th that Signal uses Amazon/AWS infrastructure. Signal’s president, Meredith Whittaker, had to explain why:

Instant messaging demands near-zero latency. Voice and video in particular require complex global signaling & regional relays to manage jitter and packet loss. These are things that AWS, Azure, and GCP provide at global scale that, practically speaking, others (in the western context) don’t.

It’s important to note that Signal uses end‑to‑end encryption, which means nobody at AWS can access the content.

(By the way: the “reply guys” issue on Mastodon shows up in almost every technical post Meredith makes.)

I find it fascinating that so many people fall for the fallacy that artificial intelligence is reliable enough to guide decision‑making. And sometimes I find it funny, too.

Brazilian startup Jumpad is intriguing from the pitch itself: a “self‑hosted platform, deployed on the company’s cloud” that lets you enable APIs from external services like OpenAI and Google. Hm, okay. The service “involves engagement dashboards and gamified trainings, contributing to cultural transformation.” As an example of “cultural transformation,” we’re treated to this gem:

At one client, it was found that 25% of employees’ time was spent on calls and meetings, but about 80% of them were not actively participating. In other words, it was a huge waste of time.

Imagine having to burn the planet to “discover” that most meetings could have been an e‑mail.

(The information comes from Brazil Journal [pt_BR].)

On macOS 26 Tahoe, run this command to disable Liquid Glass:

defaults write -g com.apple.SwiftUI.DisableSolarium -bool YES

Kinda shocked this is possible. Is Liquid Glass just a skin layered on top of macOS’s now‑classic UI? That would explain a lot… (Tip from Capi Etheriel, via r/MacOS.)

It’s impossible to evaluate your sleep with only one number

iOS 26 brought a new score to the Health app: sleep quality. (It’s not exclusive to the Apple Watch; any band or watch compatible with iOS can contribute to that number.)

I’m skeptical of scores like this. It’s reductive and can be misleading to assign a single score to something as complex as sleep. And, in a great irony, my numbers (!) kind of prove that.

(more…)

Sideloading is fundamental to Android and it is not going away. Our new developer identity requirements are designed to protect users and developers from bad actors, not to limit choice. We want to make sure that if you download an app, it’s truly from the developer it claims to be published from, regardless of where you get the app. Verified developers will have the same freedom to distribute their apps directly to users through sideloading or through any app store they prefer.

Liquid Glass

Major redesigns of graphical user interfaces (GUI) always provoke surprise and complaints. With Liquid Glass, Apple’s new visual language, it’s no different.

The good news is that beneath the new buttons, unreadable text blocks and modernized effects, the way you use systems like iOS and macOS hasn’t changed. People familiar with the previous versions will be able to find their way around the new ones.

That doesn’t mean Liquid Glass is a success. At the risk of contradicting myself later, I think Apple missed the mark.

(more…)

Three options to increase privacy on LinkedIn

LinkedIn changed its terms to share more data with Microsoft for advertising purposes. It’s routine — nothing dramatically new or alarming — but I liked that, in the explanatory document, LinkedIn included direct links to the three settings that, when turned off, stop that data sharing. Thanks…?

Just click the links while logged in and disable all of them:

While you’re at it, also disable sharing content to train generative AIs.