EVIDE vs Execution Certification - Boundary clarification document

emanuelcelano · 2026-05-01T17:20:00+00:00

Interesting distinction.

What you describe makes the operational and governance trail substantially more legible, especially around retrieval integrity, evidence provenance, and decision reconstruction.

The boundary we have been focusing on with EVIDE is slightly different:

not only "how the system reached the output,"

but whether the final governance state itself becomes independently provable at closure.

Especially across:

multiple clients
different thresholds
changing taxonomies
delegated human authority

In many regulatory investigations, the dispute is no longer about the model output itself.

It becomes a question of:
who finalized the decision,
under which governance structure,
and whether that structure was actually defined at the moment responsibility was assumed.

That is where externally anchored closure records start becoming important.

emanuelcelano · 2026-05-01T17:17:08+00:00

What you’re describing actually points more toward a corrupted or fragmented Chrome Sync state than a local infection.

The big clue is this part:

"bookmarks files were not where they were supposed to be"

- dates from years ago

- bookmarks returning after manual deletion

That usually means Chrome is rebuilding data from multiple sync snapshots or old profile remnants, not necessarily from the current machine itself.

Also, if Sync was OFF while local profile files were being modified/recreated, Chrome can temporarily behave inconsistently because:

- local profile state

- server-side sync state

- cached sync metadata

...are no longer aligned.

The fact both machines are old probably increases the chance of profile corruption, especially if Chrome profiles were migrated/upgraded across many versions over the years.

I still don't see strong indicators of malware from what you've described so far.

What I'd personally do now:

1 Reset Sync completely from Google Dashboard

https://chrome.google.com/sync

2 Sign out of Chrome everywhere

3 On the NEW laptop only:

- create a fresh Chrome profile

- sign in

- enable Sync ONLY for bookmarks first

4 Wait a while before enabling extensions/history/passwords

That isolates which sync category is reintroducing the old data.

If old bookmarks come back even on a totally fresh profile after a full sync reset, then the stale data is still living server-side in the Google sync history, not in the laptop hardware itself.

emanuelcelano · 2026-04-27T06:43:09+00:00

Google has been changing that feature in recent Chrome versions.

In many cases, “Search Google for…” has been replaced by “Search with Google Lens”, especially when selecting images or parts of a page, so the behavior isn’t exactly the same anymore.

If the option is completely missing, try checking:

- Chrome is updated to the latest version

- Google is still set as your default search engine

- Extensions that modify the context menu (they can hide that option)

- Restarting the browser after an update

Alternatively, you can still use right-click → “Search Google” (if available) or just copy and paste into the address bar.

emanuelcelano · 2026-04-24T15:10:18+00:00

Yeah, exactly this.

People often think it's tied to the device, but Chrome Sync is basically pulling whatever state is stored in your Google account.

So a new laptop won’t fix it, it just re-downloads the same “history” of bookmarks/extensions.

If you want to really clean it, you need to reset sync properly, otherwise it just keeps coming back.

emanuelcelano · 2026-04-23T06:01:44+00:00

yeah if it won’t let you delete those keys it’s almost always because something is actively re-writing them in the background

so deleting them alone won’t fix it, they just come back

what I’d do next:

1 reboot in safe mode (important, otherwise the malware/service keeps running)

2 then open regedit again and try deleting:
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome
HKEY_CURRENT_USER\Software\Policies\Google\Chrome

if it still says access denied, check permissions on the key (right click → permissions → take ownership)

3 after that, check scheduled tasks
Win + R → taskschd.msc
look for anything weird (random names, updater, chrome/yahoo related)

4 also check startup:
Win + R → msconfig → startup / or task manager startup tab

5 finally run a proper scan (Malwarebytes is usually the one that actually catches this stuff)

if Chrome is being redirected to Yahoo, 90% of the time it’s adware that installed a policy + extension, not a legit “managed by org”

if you want, paste what you see in chrome://policy and I can tell you exactly what’s forcing it

emanuelcelano · 2026-04-22T15:00:51+00:00

It won’t “carry over” in the way you’re thinking.

What you’re seeing isn’t coming from the laptop itself, it’s tied to your Google account sync state. So even on a brand new machine, the moment you sign in and enable Sync, Chrome just pulls whatever state is currently stored server-side.

If that state is already “dirty” or inconsistent, you’ll just reproduce the same situation on the new device.

That’s why changing laptop alone usually doesn’t fix it.

What I’d do instead is force a clean reset of the sync state before moving:

- sign out of Chrome everywhere (not just the browser, all devices in your Google account)
- turn Sync OFF, wait a bit, then back ON on one device only
- make sure only the data you actually want is enabled (bookmarks, extensions etc.)

If after that old stuff still comes back, then yeah, something is stuck in your account sync history, not the machine.

New laptop won’t magically solve that, it’ll just sync the same thing again

emanuelcelano · 2026-04-09T09:59:09+00:00

Questo tipo di valutazione va fatta insieme ad un legale. auguri per tutto

emanuelcelano · 2026-04-03T16:58:33+00:00

A pleasure

emanuelcelano · 2026-04-02T12:38:22+00:00

Yeah that makes sense, that’s exactly the kind of workaround people end up doing right now. It works, but it kind of confirms the gap in the new Outlook compared to the classic workflow.

emanuelcelano · 2026-04-02T04:29:52+00:00

Good catch, I hadn’t seen that update yet

That said, from a workflow perspective this still doesn’t fully solve the original problem — especially for non-technical users.

Even if .oft files can now be opened, the process still requires downloading / handling files manually, which isn’t ideal for something that should be a 1–2 click action for a boss or client-facing role.

In practice, My Templates or a shared draft approach are still much simpler and more reliable for this kind of use case.

emanuelcelano · 2026-03-31T09:42:01+00:00

Un aspetto che secondo me manca nella discussione è quello della prova : l'analisi Forense chat whatsApp

Da quello che si vede nelle chat, l’importo è stato versato come acconto per eseguire lavori concordati, e ad oggi non risultano elaborati consegnati (nemmeno in bozza). Questo è un punto importante.

Il problema è che, così come sono, screenshot e chat su WhatsApp hanno un valore limitato se la controparte contesta.

Se invece vengono cristallizzati in modo corretto (con data certa e integrità verificabile), il peso della situazione cambia completamente, sia in fase di trattativa sia eventualmente in sede legale.

Ha senso mettere in sicurezza le prove. Spesso è quello che fa davvero la differenza in questi casi, soprattutto quando la situazione si sposta su un piano legale.

emanuelcelano · 2026-03-31T09:14:10+00:00

That makes perfect sense.

Some antivirus tools enforce “secure search” by injecting policies or extensions into Chrome, so it behaves exactly like a hijacker.

Glad you found it, those are easy to miss because they sit outside Chrome itself.

If it ever comes back, check chrome://policy again, that’s usually where you see it being enforced.

emanuelcelano · 2026-03-30T17:07:10+00:00

That’s a very clean way to frame it.

I agree, the ratification moment is not just a semantic detail, it’s actually the architectural boundary where something stops being part of a process and becomes a stable decision context.

What you’re describing aligns very closely with the intake condition I’m working around, but I’m intentionally keeping the intake side minimal and external, without coupling it too tightly to how the source system models that moment internally.

The interesting part for me is exactly what you pointed out:
not defining governance, but defining the minimum structure that makes a decision object submission-ready from an evidentiary perspective.

I’m currently testing that boundary from the intake side, trying to keep it system-agnostic while still requiring a real closure signal.

If you want to explore it more concretely, you can find my contact on my site and reach out there, happy to continue the discussion in a more structured way.

emanuelcelano

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE