Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

LWD

@LWD@lemm.ee

This profile is from a federated server and may be incomplete. Browse more on the original instance.

LWD ,

Is it though? The unusual requests were pretty obvious right from the beginning.

(Of course, this is Android not iOS, so maybe that app is cleaner, but there aren't many iOS users around to test it.)

LWD ,

It's pretty impressive that lack of privacy in a single state can create an entire stereotype about it.

LWD ,

If you dislike this, keep in mind Lemmy provides a wide-open API for free scraping from pretty much any server (including yours). And if that wasn't enough, people can also set up their own servers to pull upvote and downvote counts, all without vetting.

LWD ,

Lemmy (not for profit social media) protects your privacy less than Reddit (corporate social media)

I'd rather not throw up my hands in defeat though thanks

LWD ,

Except mod actions are capable of hiding a post and all its comments, basically giving Lemmy users the worst of both worlds. I found that out the hard way while replying to a comment in a removed thread.

Lemmy isn't offering a cohesive, open experience. It's very sloppy.

So while fixing the sloppiness they can also try making it less anti-privacy too.

LWD ,

I've been un-thrilled with SL since before it joined the Proton Family... There are less expensive options, even free ones, that offer more functionality. And I'm not sure if one should have all their services under a single banner to begin with.

LWD ,

Duckduckgo and ironvest also offer free aliases.

LWD ,

Didn't somebody make a biased AI and a laundering AI to say it wasn't biased, just to demonstrate how easy it was to do?

LWD ,

Extremely intended! They built a model to lie and a surrogate model to say the first model was being truthful.

They called it LaundryML.

[Thread, post or comment was deleted by the author]

    •
    LWD , (edited )

    Matrix isn't exactly a privacy-respecting service. Its goals are propagating data across multiple servers, linking and duplicating it to third parties like Discord and Slack and Facebook, and keeping it intact.

    Right now, if you request a GDPR compliant data deletion, they won't delete any messages you've sent*, and "your username will continue to be publicly associated with rooms in which you have participated."

    * messages intentionally remain on the server until housekeeping functions kick in, which is true for any account... But those functions only clear rooms that have no participants at all.

    LWD ,

    That's true, they can't see the contents of the messages, but the metadata is pretty considerable -- i.e. they know what rooms you were in, when you were there, how long, and what it was called, including after you've left. "Seamus joined and was immediately appointed to moderator, and sent 50,000 messages, but we don't know what they said."

    LWD ,

    I definitely could have been more specific there; bridging isn't built into their servers or rooms by default. Several use it, but definitely not all.

    Matrix' team itself calls this feature "an important idea" and they advertise it as part of their ecosystem

    LWD ,

    At best, OneRep is sucking your data through Mozilla.

    This isn't even the worst thing Mozilla has done recently: they also

    • Bought an "AI" shopping company with a trove of private data
    • Promise they will sell the data to advertisers
    • Integrated this into Firefox:

    FakeSpot collects your browsing and search history

    More info

    LWD ,

    That's the thing, Mozilla keeps talking about diversifying to avoid becoming irrelevant, but those diversification efforts seem to only involve finding a shiny new thing, chasing it, then dropping it and laying off 60 employees. And then pursuing the next shiny new thing

    LWD ,

    I did some digging into FakeSpot's history. I don't have the pages handy, but they didn't call themselves an AI company until 2022. I doubt anything changed. And at one point, they were even dabbling with NFT verification (something they've since purged from their site).

    Mozilla is chasing trends by... Buying other companies that are also chasing trends.

    LWD ,

    I really, really like the idea of paying content creators some amount of a monthly budget based on site views.

    My only critique of your really thoughtful comment is: I really want those features to be modular. Every time Mozilla drops an extension like Pocket and integrates it directly into the browser, it seems to upset two groups of people:

    • People who don't want the extension, who are now forced to tolerate or remove it
    • People who do want the extension, who tend to be disappointed with the way the integration is accomplished.

    I can guarantee after watching Brave do their crap that people generally don't want a browser installing an ad network or a VPN without their consent, especially when the browser is already considered pretty big like Firefox. Chrome might suck, but it's practically a minimalist browser compared to Firefox... If not in function, then at least in presentation.

    LWD ,

    There's an interesting conversation to be had about that. Personally, due to its for-profit beginnings, I don't think Brave would have done a good job even if they had followed through on their promises. For example, cryptocurrency has its own issues, and there are ethical problems with replacing a website owner's chosen source of income with reliance on a different, proprietary one.

    Mozilla would have to advance much further with Firefox and everything else before any of that is worthy of discussion, unfortunately.

    LWD ,

    OneRep is what Mozilla uses to remove your data from the internet, if you pay them for Monitor Plus.

    LWD ,

    How many dollars do you need to spend to get $1 worth of Bitcoin using this method?

    LWD ,

    And they didn't immediately cave like Twitter would have. Good for them.

    Although that's possibly setting the standards way too low for anybody.

    LWD ,

    I really wish I knew WTF was going on here. I don't use iOS, but from what I've heard, there are approximately two ways to enable decent content blocking on it and AdGuard has always been recommended as one of them.

    If they're stealing data intentionally, this seems like the dumbest way to go about it. And if it's not intentional, what a mess. And if you're somehow getting inaccurate data... How?

    LWD ,

    N0x0n started as a skeptic and used one piece of software to test it, I used NetGuard and was pretty skeptical myself... do you have the VPN app and can you test too?

    LWD ,

    This is way more of a self-promo blog post than an article, but it's also along the lines of Signal or Apple announcing their own successes in cryptography.

    BTW, this was my favorite part of the post

    Why encryption is even allowed?

    Daniel J Bernstein

    They're not wrong, either.

    I also appreciate their clarification that post-quantum encryption is a guess, not a sure thing. Actually, they're much more blunt than that:

    post-quantum cryptography can be compared with a remedy against the illness that nobody has, without any guarantee that it will work. The closest analogy in the history of medicine is snake oil.

    Good on them for saying that.

    But then on expounding with minimal jargon... At least, as far as explaining cryptography can be done that way.

    LWD ,

    I didn't post the part after the "snake oil" quote because my post was getting a bit long but yeah, they basically agree with you. I also get mild ESL vibes (the phrasing on the title is a little off, and I believe a couple of the developers are Russian-born) so I don't think they were trying to be too inaccurate.

    LWD ,

    Selling? Probably not.

    But I used NetGuard to see specific requests that the AdGuard VPN app made. Then I downloaded AdGuard VPN and opened it. Without even logging in, it pinged:

    • dns.google
    • dns.alidns.com (Alibaba)
    • 2400:3200:baba::1 (Alibaba again)
    • cloudflare-dns.com

    I don't know why it feels the need to ping so many DNS servers before you even type a username, but it does.

    LWD ,

    So at this point you're still not connecting the VPN or anything? This is just after you log in?

    LWD , (edited )

    Can you rewrite the question without the word "itself"? Because I am confused by it.

    PS unlike Reddit, you can edit titles on posts

    Edit: actually I wasn't too clear myself: I didn't know if you were referencing a Windows update or a KeePass update

    LWD ,

    If not Mullvad, then what? Generally the privacy community holds them up as the gold standard for private VPNs, and I wouldn't know what to switch to if I were looking for better (read: outside the 14 eyes).

    LWD ,

    I forgot about them (IVPN).

    Apparently Nord is outside the 14 eyes too, but I'm not excited about them -- they're more into KYC than other options. Decent track record (at least according to Wikipedia) though.

    LWD ,

    I understand that right now LEA can serve up a subpoena and give Signal a username and get a phone number, but they can't give them a phone number and get a username.

    Is it also possible for Signal to keep track of past usernames/associated hashes for a particular phone number?

    (For comparison, Signal could record IP addresses, but we trust they don't due to unsealed cases. Could they keep a username history?)

    Spain orders Sam Altman's Worldcoin to shut down eyeball-scanning orbs due to privacy concerns (arstechnica.com)

    Spain has moved to block Sam Altman’s cryptocurrency project Worldcoin, the latest blow to a venture that has raised controversy in multiple countries by collecting customers’ personal data using an eyeball-scanning “orb.”...

    LWD ,

    Shutting down eyeball scanning for cash worldwide would basically turn Worldcoin into yet another cryptocurrency so... Yeah.

    Edit: looks like somebody thought it was worth real money at some point though. https://coinmarketcap.com/currencies/worldcoin-org/

    Anybody remember how cryptocurrency was supposed to democratize money or something? Or am I getting the slogan confused with AI

    LWD ,

    huh?

    LWD ,

    15 years without a single hour of downtime or hack

    True, not a single hack... Just over $70 billion worth of hacks

    https://www.web3isgoinggreat.com/

    your currency

    Due to the instability of cryptocurrency, calling it currency and not something like "speculative assets" is very funny.

    It's a nightmare to use as a currency.

    There's a reason Ecuador and Argentina went in on it so hard.

    Argentina’s poverty levels hit 57% of population, a 20-year high in January

    Bitcoin is a form of energy storage in that sense.

    I want the drugs you've got. Increased interest in cryptocurrency equals higher energy usage. Adoption leads to excess straining of energy without helping anybody except for, as you see in Argentina, the rich.

    LWD ,

    Line 26:

    https://github.com/fingerprintjs/blog-look-a-like-leaks/blob/main/src/index.html#L126

    From

    https://www.ghacks.net/2023/10/21/report-this-chrome-feature-may-leak-frequently-visited-sites/

    LWD ,

    chrome:site-engagement for a slightly more accessible list

    LWD ,

    Long story short, it's a set of scripts that make Firefox better, at the potential expense of breaking some websites.

    LibreWolf comes with some of Arkenfox functionality with less pain in implementation.

    LWD ,

    > tests

    Are you talking about the man paid by Brave who chose the tests that say Brave is best? 🤔

    LWD ,

    What happened with Telegram? I'm unfamiliar with those particular rumors.

    ... But also definitely not a fan of it in general. Their app has had terrible encryption (when it's even used) for a long time.

    LWD ,

    The "no reported cracks" thing is a red herring. You can make an intentionally broken cryptography system and claim it's unbroken too.

    And even if it was sound, it doesn't really matter because the messages are decrypted by the server for all desktop and group chats, and probably most one-on-one chats too.

    LWD ,

    Telegram hasn't been secure since basically day 1. IIRC it went something like

    Security experts: Never roll your own cryptography.
    Telegram: We rolled our own cryptography!
    Security experts: Don't. And it's broken.
    Telegram: uhhhh.... We fixed it.
    Security experts: It still looks really bad. Stop it.
    Telegram: says nothing

    LWD ,

    From my first link

    The safest way to use Telegram would be not to. However, if you have no other choice, the best approach would be to use a clean burner phone to communicate with another clean burner phone. Change them regularly.

    ...

    In short, for better protection, use anything else.

    LWD ,

    At least Matrix lets you encrypt data. Telegram is hostile to that.

    And no, taking your most personal data in a decrypted state for no good reason and promising to keep it encrypted is not the same thing. If anything, it's worse

    LWD , (edited )

    Between forking Signal to make their desktop and mobile clients, and forking Monero to make their cryptocurrency... I'm surprised they came up with Lokinet.

    Edit: I'm pretty Session doesn't even use Lokinet. So much for the claimed resiliency from "hackers"

    LWD , (edited )

    The UI was also very fast and transparent -- not a lot of stuff separating somebody from the other people in their conversations, which was pretty solid even compared to other messaging apps of its day. Most people didn't feel the need to fact-check its privacy and security claims because it worked good enough for them!

    LWD ,

    I must have been thinking of their past implementations. Their FAQ says things were different:

    Proxy routing was an interim routing solution which Session used at launch while we worked to implement onion requests. When proxy routing was in use, instead of connecting directly to an Oxen Service Node to send or receive messages, Session clients connected to a service node which then connects to a second service node on behalf of the Session client... The proxy routing system has now been replaced by onion requests.

    It was even less clear to me because this is what it says in the app itself:

    Session hides your IP by bouncing your messages through several Service Nodes in Session's decentralized network.

    Not "the Oxen network" but "Session's network."

    And then it has a graph of

    • You

    • Entry Node

    • Service Node

    • Service Node

    • Destination

    LWD ,

    It's kinda funny you demanded higher journalistic standards from a Lemmy post, but you've taken a screenshot and written three replies... You could have just read beyond the first line by now

    LWD ,

    Considering the news about OneRep... Definitely steer clear of Mozilla's scrubbing service.

    LWD ,

    Go to about:config, search "shopping2023" and start switching to false

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •