Referral source is a built in feature in browsers that analytics tools can utilize. It does not require any special links.

It just means that a website (almost) always knows the previous page you came from.

Well the “sources say” implicates that they actually don’t know. They’ve just heard someone say it. So it’s definitely necessary.

This was definitely a fuckup from Slack but as I’ve understood it, the “AI training” means that they’re able to suggest emoji reactions to messages.

Not sure how to think about this, but here’s some additional info from slack: https://slack.engineering/how-we-built-slack-ai-to-be-secure-and-private/

Edit: Just to pick main point from the article:

Slack AI principles to guide us.

• Customer data never leaves Slack.
• We do not train large language models (LLMs) on customer data.
• Slack AI only operates on the data that the user can already see.
• Slack AI upholds all of Slack’s enterprise-grade security and compliance requirements.

Likely not, but definitely depends on the situation.

And how do you know the backup is not compromised?

I think it’s not as clear cut. It’s always a risk assessment and depends on context.

I have to say that I’m not a security expert, just an amateur with conceptual understanding of the topic and some opinions.

I think that’s rather odd comment. Naturally nobody wants ransomware. And there are good reasons.

Backups may exist, but do they work properly? Or are the backups encrypted too?

How old are the backups? They might be less than a day old. But less than a day might still mean a lot of extra work and financial loss.

There might be a lot of work restoring the backups. You might have a lot of different systems.

In one of the largest ransomware cases in history, Maersk worked for months to get systems back up and running and data up to date. The insurance payout for it was 1,4 billions. Which is at least indicative of the cost.

And Maersk had recent and working backups.

That’s generally a good idea, however, there can be reasons not to do it.

The device could be infected in a way that it won’t turn on again.

You might have an isolated management network that allows you to monitor the device and traffic (naturally ripping all cables also disconnects the management network).

And whatnot. But generally I agree.

Depends. If you’re at home with a single endpoint, maybe.

But in cases like the image there’s a lot of internal traffic and you’d want to stop the malware spreading internally. There might not even be internet connection at all.

Most serious infections are able to work within isolated internal network. You can stop data breaches by cutting external traffic but if you have ransomware you might want to cut internal connections too.

You might be able to stop the ransomware from triggering on some devices. That of course depends on the type of ransomware and whether it’s triggered based on time, external command or something else.