0xtero

0xtero , 11 hours ago to Privacy in "Privacy" for normies is... Weird.

TLDR in text please. Not going to spend 16 minutes watching that.

0xtero , 13 days ago to Privacy in YouTube is testing server-side ad injection to counteract ad blockers

Been using Nebula for a while now. Going to miss some YouTube creators, but I'll expect to get over it.

0xtero , 18 days ago to Technology in Spotify Premium User Slams App Over Audiobook Feature

So, is this the type of SLAM you'd typically see in a moshpit? Or are we talking about wrestling slams?

0xtero , 1 month ago to Privacy in Is it impossible to be private online?

Ah, well. Maybe that saves a click and 10 minutes of someones life.

0xtero , 1 month ago to Privacy in Is it impossible to be private online?

I notice you quoted the sentence from the description - did you watch the video itself?

No, I'm afraid I didn't.

0xtero , 1 month ago (edited 1 month ago) to Privacy in Is it impossible to be private online?

Every time I talk about privacy online, the pessimists always come out. "It's impossible to have any online privacy.

My experience is actually completely opposite. While mainstream "normies" don't seem to care, most of them are using readily available privacy tools in their communication daily. Things like WhatsApp, Signal and iMessage. Most websites these days are HTTPS enabled. Governments are so concerned about this loss of monitoring capability, they're trying to craft laws which allow them to backdoor devices before encryption happens. And they're meeting resistance, despite all the lobbying (see Chat Control2.0). We've never had as widely adopted privacy tools as we have today.

Big tech and advertising are two problems that still create trouble. A lot of this stems from completely different, non-privacy related reasons (the lax US policies concerning anti-consumer and monopoly laws) but even here policies around the world are slowly catching up. GDPR gives Europeans quite a bit of control over our data and while this is still just one baby step - it's much better than it used to be. There's a lot of global inequality here though. Facebook/Meta is synonymous to Internet in the developing world, because they've used their monopoly money to exploit the situation. Digital imperialism is still strong.

I'm not going to harp too much on SMTP privacy, Proton has a bunch of nice services. If that's where your MX happens to point at is, then great, but we do also need to slowly move away from these old protocols that offer no privacy choice (yeah I know, SMTP is here to stay).

What I'd like to see more, is talk about threat modeling in this space. Because that's where it all starts and threat models are quite personal. There's no "one size fits all" privacy, because our needs vary. Political dissident living in exile from hostile government has completely different needs for privacy compared to a person who doesn't like YouTube ads. We should try to foster easily digestible discussion around personal threat modeling - right now we (the privacy crowd) come across as loonies since lot of the advice we give starts from the wrong end of the model.

I don't see digital privacy as a pessimistic space. But what do I know, I'm not a content creator.

0xtero , 1 month ago to Privacy in [Resolved] Is anybody else having issues with DuckDuckGo and StartPage?

This is the moment in Scooby-Doo where the gang unmasks the person they've just caught and underneath is just the Microsoft Bing logo

0xtero , 1 month ago to Privacy in Is Privacy Worth It?

Well, that was extremely long winded way to say "depends on your threat model".
Which it does.

So nothing new under the sun.

0xtero , 1 month ago to Fediverse in Jack Dorsey says he quit Bluesky because it was becoming another Twitter

Why?

0xtero , 1 month ago (edited 1 month ago) to Technology in I would maybe like a smart watch, can you help me decide?

So your requirement with cellular calling (eSIM) is already fairly restrictive and depends on which market we're talking about. Where I live (.se) you get to choose between Apple and Samsung and since Apple was out of the question, you're stuck with Samsung.

Not entirely sure if your second requirement with long battery life can be fulfilled. You'll be charging the watch every day, probably more often if you take calls on it.

There's some rumors that Garmin Forerunner/epix will get eSIM support, but that will be also carrier dependent.

These wearables are pretty complicated high end devices, I wouldn't really give them to elderly parents who stuggle using a normal mobile.

I think it might be better to look into other tyoe of devices like pager systems from caregivers, if you're worried about health issues.

0xtero OP , 1 month ago (edited 1 month ago) to Privacy in Novel attack against virtually all VPN apps neuters their entire purpose

I also don’t get much value out of the statement that “every” OS except Android is vulnerable. Do they really mean all other OSes, or just what would come to mind for most people, i.e. Windows, macOS, Linux, iOS? What about the various BSDs for example?

It's a DHCP manipulation attack, so every RFC 3442 compliant DHCP implementation implementing option 121 would be "vulnerable" (it's not vulnerability though). Android apparently doesn't implement it, so it's technically impossible to pull off against Android device. There might be others, but I'd guess most serious server/desktop OS'es implement it.

The title isn't misleading at all, even though the "neutering their entire purpose" is a bit of a click-bait. This doesn't affect ingress VPN at all.

It's an attack that uses DHCP features (according to RFC).

It's a clever way to uncloak egress VPN users, therefore it does have privacy impact since most of us use VPN for purposes of hiding out traffic from the local network and provider and there's no "easy" fix since it's just a clever use of existing RFC.

0xtero , 2 months ago (edited 2 months ago) to Free and Open Source Software in Which are the F-Droid apps everyone should download?

Ente Photos - Google Photos replacement with encryption and privacy
Ente Auth - Good multiplatform authenticator.
^^ These are paid for service (you get both with same sub), but extremely good.

AntennaPod - Podcatcher
K-9 email

0xtero , 2 months ago to Technology in What do you personally use AI for?

I don't and the energy consumption of public AI services is a stopper for "testing and playing around". I think I'll just wait until it takes over the world as advertised.

0xtero , 2 months ago to Privacy in Ask: How do you handle your résumés?

I'm a consultant so whenever I'm applying for a new gig I need to provide a consultant profile, which is very similar to resume.

Over the years I've learned that most customers are not very interested in the "personal stuff" sections - they just want to know you have the skills required, so try to minimize the amount of personal data and concentrate on skills and past gigs (anonymizing customers/companies) etc.

But - unfortunately you have to tell something about yourself and your ability to work together with others, there's really no way around it. It's also more and more customary that (for some reason) they want your photo. Stuff like education, certifications need to be there, but keep it very short. Think about "social media profile page".

Provide stuff like contact info, address, phone, date of birth (if required) and references separately - don't put them into your resume. You can add something like "Personal information and references provided separately by request" in there, that way, even if the document is shared, all they get is something resembling a LinkedIn profile.

You can also try to add "confidential" to the document header, but I've noticed it's not respected very often.

0xtero , 2 months ago to Technology in New Discord TOS binds you to forced arbitration - Opt-Out Now

I meant NL is one of the top 10 tax havens in the world due to their exemptions that allow corporate tax evasion.