GitHub Spark – a new tool in Copilot that turns your ideas into full-stack apps (githubnext.com)

1 points by Garbage 9m ago 0 comments

SSL and Domain Monitor Feedback Requested – What do you think of this app? (statusnow.dev)

1 points by nkruger 12m ago 0 comments

Is anyone building a voice agent for runners?

1 points by vietthangif 16m ago 0 comments

Restaurants, Salons and Workouts Are Free for Hot People–If They Post (wsj.com)

2 points by paulpauper 19m ago 0 comments

Four-day work week benefits workers, employers, study says (medicalxpress.com)

2 points by OutOfHere 21m ago 1 comments

Deep Film Inc. Back End/AI Engineer and UI/UX Engineer (berlinstartupjobs.com)

1 points by CharlesRP 21m ago 0 comments

"Destroy the web": Sam Altman on AI concerns for economy and finance (youtube.com)

1 points by Brysonbw 24m ago 0 comments

How to Catch a Wily Poacher in a Sting: A Thermal Robotic Deer (wsj.com)

2 points by Element_ 26m ago 0 comments

Notes on Rewriting JSX as Astro (carlosn.com.br)

2 points by carlosneves 32m ago 0 comments

Addressing Privacy Fatigue (fastmail.com)

4 points by billybuckwheat 33m ago 0 comments

Troubled SPAC to buy iRocket for $400M but it returned most of its cash (techcrunch.com)

2 points by pseudolus 33m ago 1 comments

Vibe coding turned this Swedish AI unicorn into the fastest growing startup ever (forbes.com)

2 points by myth_drannon 45m ago 0 comments

I Eat (taylor.town)

4 points by paulpauper 45m ago 0 comments

Show HN: Voice-First AI Code Review Platform (Looking for OSS Beta testers) (lightlayer.dev)

3 points by changisaac 53m ago 0 comments

Ask HN: Has anyone deployed LLMs to production?

3 points by saaspirant 55m ago 0 comments

Surprising Science: How Electric Cars Transform Urban Air (modernengineeringmarvels.com)

4 points by tzs 58m ago 0 comments

What is X-Forwarded-For and when can you trust it? (httptoolkit.com)

3 points by thunderbong 59m ago 1 comments

Spaghetti All'assassina (en.wikipedia.org)

3 points by jameslk 1h ago 0 comments

Show HN: Marchat – Terminal-based chat app written in Go (github.com)

3 points by Cod-e-Codes 1h ago 0 comments

Donald Trump Is Fairy-Godmothering AI (theatlantic.com)

5 points by CharlesW 1h ago 0 comments

Could you swap your mouse and keyboard for a smart bracelet? (scimex.org)

2 points by geox 1h ago 0 comments

Anyone building P2P alternatives to capitalism? (github.com)

3 points by mzk_pi 1h ago 1 comments

Ending 'woke AI' isn't enough: fight the 'monster' within it (nypost.com)

3 points by kvee 1h ago 1 comments

Show HN: Synthetic Users that test your app, catch bugs, and provide feedback (synthetic.usejina.com)

2 points by fearlessboi 1h ago 1 comments

What's That Splatter on Your Windshield? (nytimes.com)

3 points by avalys 1h ago 1 comments

When photography was born, fascination, obsession, and danger followed (washingtonpost.com)

2 points by prismatic 1h ago 0 comments

Cluely Paying $1M Salaries (twitter.com)

9 points by thisismytest 1h ago 0 comments

The Largest Ever Solar Storm Detected In 14,300-year-old Tree Rings (2023) (astrobiology.com)

3 points by georgecmu 1h ago 0 comments

Contextual.ai (contextual.ai)

3 points by handfuloflight 1h ago 0 comments

Guide to PDF security (unicornforms.com)

3 points by waldopat 1h ago 0 comments

A small web July (smallcypress.bearblog.dev)

40 points by debo_ 1h ago 12 comments

Low cost mmWave 60GHz radar sensor for advanced sensing (infineon.com)

3 points by teleforce 1h ago 0 comments

Why Are We Pretending AI Is Going to Take All the Jobs? (thebignewsletter.com)

21 points by pseudolus 1h ago 0 comments

BYD Bets on Budget EV Boom with Atto 1 Debut in Indonesia (jakartaglobe.id)

4 points by breve 1h ago 0 comments

Ask HN: Does an RSS-based Read-It-Later service exist?

3 points by fargoth 1h ago 1 comments

At Victoria Park Model Boat Club (spitalfieldslife.com)

3 points by zeristor 1h ago 0 comments

Don't Use External CSS (maurycyz.com)

3 points by LorenDB 1h ago 3 comments

Ask HN: WASM Profiling Icache vs. Dcache

1 points by dapperdrake 1h ago 0 comments

A 1995 IC Program Helped Invent Google's Surveillance-Scale Search Engine (keystoneweb.dev)

1 points by aubreyhayes47 1h ago 1 comments

Discovering and recovering from PostgreSQL corruption on Matrix.org (matrix.org)

2 points by pabs3 1h ago 0 comments

Superchargers are the only part of Tesla's business seeing growth (electrek.co)

6 points by breve 1h ago 0 comments

ELPiS: Small-Web Zine (elpis.ws)

2 points by debo_ 1h ago 0 comments

Is This the End of Google as We Know It? (gizmodo.com)

3 points by uladzislau 1h ago 1 comments

Ask HN: Why do so many people think AI will continue to improve exponentially?

1 points by AbstractH24 1h ago 2 comments

Tesla Q2 2025 Update [pdf] (tesla.com)

44 points by bratao 1h ago 27 comments

A generic non-invasive neuromotor interface for human-computer interaction (nature.com)

1 points by twalichiewicz 1h ago 0 comments

Show HN: Your Startup Needs a Better Name (domaingen.app)

2 points by Areibman 1h ago 0 comments

16colo.rs: ANSI/ASCII art archive (16colo.rs)

2 points by debo_ 1h ago 1 comments

BGP.Tools: Browse the Internet Ecosystem (bgp.tools)

32 points by RGBCube 1h ago 8 comments

We Built an Auto-Aiming Trash Can [video] (youtube.com)

1 points by Armic 1h ago 0 comments

Jitsi privacy flaw enables one-click stealth audio and video capture

59 zielmicha 7 7/23/2025, 8:31:16 PM zimzi.substack.com ↗

Comments (7)

Telemakhos · 1h ago

Maybe my Mac is set to be paranoid, but can you share video without being asked to give the mic and camera permission to operate? I chat with jitsi all the time and have to give jitsi explicit permission to use the mic/camera each time.

spaceport · 1h ago

Where do I pay to read security research writeups with only cats used in explainer images and examples? This exploit is cute.

3eb7988a1663 · 3h ago

Not that I use Jitsi, but I suddenly feel more embarrassed about my number of open tabs. Some other exploit could have silently been launched long ago.

firefax · 2h ago

Is this understood to be new? I think I got hit with this quite a long time ago.

(As in during the pandemic -- long ago in vuln times.)

I am willing to discuss it, off the record, if someone provides their signal information.

No comments yet

unsnap_biceps · 2h ago

Can someone describe the feature that this is used for? I struggle to think of any valid reason for automatic joining with audio/video like that.

o11c · 3h ago

Does this apply even for iframes, or not?

zimzi · 3h ago

Generally no - cross origin iframes don't allow camera/audio by default. Even if the toplevel site allows it (via https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameE...), user still needs to grant permissions to toplevel site. Of course you can still use window.open and top.location.href in the iframe and use the same trick as in the article.