Only 63%?

Whatever brother printer is on sale

Even in your example above, with only two letters, no numbers / special characters allowed, requiring a capital letter decreases the possibilities back to the original 676 possible passwords - not less.

No it doesn’t. It reduces the possibilities to less than the 52x52 possibilities that would exist if you allowed all possible combinations of upper and lower case letters.

You are confused because you only see the two options of enforcing or not allowing certain characters. All characters need to be allowed but none should be enforced. That maximizes the number of possible combinations.

that passwords should all require certain complexity, but without broadcasting the password requirements publicly?

No, because that’s still the same. An attacker can find out the rules by creating accounts and testing.

By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords.

You don’t add them, you enforce at least one. That eliminates all combinations without upper case letters.

So, without this rule you would indeed have the 52x52 possible passwords, but with it you have (52x52)-(26x26) possible passwords (the second bracket is all combinations of 2 lowercase letters), which is obviously less.

The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase

Wrong. In your example, for any given try, if you have put a lowercase letter in spot 1, you don’t need to try any lowercase in spot 2.

Any information you give the attacker eliminates possible combinations.

Which is funny because those strict rules reduce the number of combinations an attacker has to guess from, thereby reducing security.

Yes, they had no other choice than to come up with their own story in this case. Still, it went downhill hard once there were no more books to cling to. Either their writers or the people directing them weren’t up to the task.

Normal people have friends and family and would like to use social media to stay in touch with them.

Normal people stay in touch with their loved ones even if they are not on the same platform. You do not need everyday group chat noise for that.

Oh come on, that’s like “all politicians lie”. There is “I record every millisecond of your private life to sell to anybody with a fat enough wallet” evil and there is “I am raising prices this year because I can” evil. The two are not the same.

Nope. You cannot.

Of course they are. You can pay or consent to tracking.

You called bullshit on it being common on the continent, I provided examples from the continent.

At least one German outlet has been shown to still track you after paying. Just a bit less. So they use a rubber with a few holes poked in.

the user can simply choose not to read the article, so there’s an option where they don’t get fucked.

We are rapidly nearing a point where you can’t read online news from any major (ergo “widely considered somewhat credible”) source without one of those schemes. So I’d argue that the alternative is to just not get access to online news, and that may be considered too much pressure to still consider consent as voluntary.

Sadly, newspapers are not considered “platforms”. A platform is a site that publishes user generated content, so lemmy or facebook. And not all platforms are large platforms too.

So while this is a good first step, it doesn’t cover all online services.

www.spiegel.de

www.faz.net

www.sueddeutsche.de

www.heise.de

www.golem.de

www.derstandard.at

www.repubblica.it/

It’s not a grey area, it’s clearly illegal (consent has to be given voluntarily. If you can’t use the site without paying, that’s not voluntary). Agencies so far just decided to look the other way and play dumb. There are lawsuits ongoing.

German news outlets all do it. The data protection agencies have sadly so far ruled it’s ok (there are still ongoing lawsuits afaik).

“I didn’t ask how big the room was, I said I cast fireball!”

Wear earplugs at loud concerts and parties and at work if you have a noisy job.

People will make fun about you, but believe me, permanent tinnitus really sucks.

People should know basic concepts about tools without which they can’t do any part of their job.

Your colleague will learn this terminology at some point. I’m sure her job isn’t litterally juggling these three terms all day every day, otherwise I’d expect her to already have come in with that knowledge too.