Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

LWD

@LWD@lemm.ee

This profile is from a federated server and may be incomplete. Browse more on the original instance.

LWD ,

There's not much to prevent it from happening. They could lose standing in the community. They could be given legal trouble, and they could be attacked in return by people who knew which server owner was responsible. But that's pretty much it.

There's also a much lower bar for entry when it comes to running a server. All you need to "be" is technically competent. You don't need to be very good at security, and you don't need the temperament of a reasonable person.

And when that's the case, data might be leaked even indirectly.

Two Mastodon examples come to mind.

  • One administrator shut down their servers after being accused of transphobia. They could have done anything after having a bit of a public meltdown, so that was the best case scenario.
  • Another server administrator was raided by police, and all the contents on the server were made accessible to them.
LWD , (edited )

Can't you simply wait for a complaint to actually make that call?

From a privacy perspective, owning a federated server doesn't really do much for your data except for providing a "home base" that's a little more under your control.

A little.

AFAIK if you get banned from a community, you lose the ability to delete your content on it. If your post on a community gets removed, it also seems to vanish (so I'm not sure how deleting it works)...

Edit: apparently this answer is wrong, now if people could reply with reasons, that would be more helpful.

LWD ,

GnuNet has applications that work, if you're willing to compile from source code in Linux,

Veilid has been on the verge of releasing a chat app "in weeks" for several months now.

To the average Joe, neither is ready to be used.

LWD , (edited )

I assume steering too, right?

i.e. a "If you brick your car's firmware, at least you can keep driving without unreasonable levels of difficulty or distraction" situation.

LWD ,

There's already something like this and it's called SimpleX. Messages are sent through relays and a very familiar form of ratcheting encryption is used.

It's still in its infancy, but anyone can run and use their own relay.

LWD , (edited )

How's that keep people's info private? Every Signal-Matrix integration I've seen decrypts the data and just holds it unencrypted on a (Matrix) server.

LWD ,

IMO a better example is Matrix bridging - in order for an app like Signal to work on your Matrix account, you do have to compromise your Signal messages on it.

But otherwise, yeah, I definitely agree with your assessment. Even if Signal and SimpleX used an identical protocol, the nature of sealed sender messages would make spam prevention and server abuse more difficult to handle IMO. SimpleX is still relatively obscure, and I'm not sure what scaling up will look like for it.

LWD ,

Maybe. If you communicate on Matrix with someone who is bridged from Discord, you have now given Matrix data to Discord and Discord data to Matrix. Which isn't great for privacy at all.

Granted, I guess you don't have to use the Discord app at that point, but the extra data is a server-side treasure trove regardless.

LWD ,

Well, it's not all your Matrix data, but if you don't trust Discord with writing an app that runs client-side, I'm not sure why it's helpful to trust them with holding onto your conversions with other Discord users either...

I've also run a Matrix server and I can tell you from experience... You shouldn't trust me with your conversations. Even if I was a good friend, I'm definitely not a security professional!

LWD ,

You can't keep the admin out of your Matrix chats and bridge them to Signal (or Discord) though. Either they sit around effectively unencrypted on a server that's built to hold data and especially metadata forever (which is one data breach away from being everybody's data) or the user has to just not use Signal bridges.

I guess if you're comfortable with that it's fine, but I'm really not.

LWD ,

Which gets right back around to my point. If you use Signal, but you stick a Matrix server onto it, you have made your data less private.

It's not choosing between "your phone could get hacked" OR "another admin can see or accidentally leak your data"...

It's choosing between "your phone could get hacked" or "your phone could get hacked and extra points of failure are added too."

Matrix bridging is a convenience service, like Beeper was... Definitely not a privacy one.

LWD ,

Unfortunately, even if you're okay with accepting the sunk cost of purchasing a cloud camera with the foreknowledge that it might stop working in the future, there are still huge privacy and security concerns. Just recently, SwitchBot announced people were accidentally accessing each other's cameras. Whoops.

If you're looking for something that doesn't need the cloud to work, I would recommend IP cameras. That's the term you would look for. There's open source software to manage them too. Of course, you need to be decent at security yourself. Unfortunately. So perhaps those cloud companies still have a little bit of a leg up on the average person.

LWD ,

Oh, where to begin. Telegram is wild. It may not be spyware in the traditional sense, but they've already handed over data to the Indian government, left a telephone number scraping vulnerability open for the Iranian government, and gotten caught with "the most backdoor looking bug" with their unwisely handmade encryption algorithm.

LWD ,

Shelter is a nice FOSS app.

Samsungs also have Secure Folder...

LWD ,

Kind of ironic considering that with Matrix...

  • Forward secrecy is kinda hosed
  • they store metadata permanently on their servers by design
  • A ton of stuff that would otherwise be invisible and signal is visible in your Matrix homeserver, including permanent history of all group membership
  • Your data does not belong to you, and that's how the server is built to treat it, e.g.
  • GDPR deletion is nonexistent (it won't delete your username or your messages, making it less effective than on Discord, let alone Signal)

... Etc.

Ironically, older federated messaging systems like XMPP might be better by coincidence. Message archiving was an optional addition and some servers, such as the popular Riseup one, do not implement it.

LWD ,

In the meme, yeah. There are others though:

https://www.privacyguides.org/en/real-time-communication/

LWD ,

Oh yeah, you can do that too. I just never have it for apps I want to clone.

LWD ,

All those points are about how one server communicates with itself. Federation doesn't factor into it

LWD ,

Note that this is attempts: any app that fails to reach a target server might just keep trying repeatedly, even upon failure.

If the app was something besides Google, I might even wager it would probably make fewer successful connections if it weren't blocked to begin with.

LWD ,

You hear that? That's the sound of your dental insurance rates increasing.

Whats the purpose for usernames on signal?

Been using signal for years and love it and got the majority of my contacts on to it. My question is how are usernames useful now? You still need to register with a phone number with signal to limit spam and bots afaik and I'm assuming you should protect your username just like you do your phone number anyways because spam,...

LWD ,

FWIW if Signal did cooperate with law enforcement for any reason, they could be given the RndoUsr.40 account name and return a phone number, as long as that user was still rocking the username by the time they started looking... Or, I suppose, if Signal servers log those histories somehow.

Importantly, though, phone numbers cannot be queried for usernames. The data returned from a phone number will be the same as seen on previous FOIA requests.

From their blog (hard to find because it's hidden behind ellipsis):

Usernames in Signal are protected using a custom Ristretto 25519 hashing algorithm and zero-knowledge proofs. Signal can’t easily see or produce the username if given the phone number of a Signal account. Note that if provided with the plaintext of a username known to be in use, Signal can connect that username to the Signal account that the username is currently associated with. However, once a username has been changed or deleted, it can no longer be associated with a Signal account. 

Copilot misses the question, elaborates on topic I was speaking aloud instead. (lemmy.world)

Was using my SO's laptop, I had been talking (not searching, or otherwise typing) about some VPN solutions for my homelab, and had the curiosity to use the new big copilot button and ask what it can do. The beginning of this context was actually me asking if it can turn off my computer for me (it cannot) and I ask this....

LWD ,

ChatGPT has a short but distinct history of encouraging paranoia in people who use it.

Asked for help with a coding issue, ChatGPT wrote a long, rambling and largely nonsensical answer that included the phrase “Let’s keep the line as if AI in the room”.

LWD ,

I think AI is humanized and otherwise designed so that people will feel encouraged to give private data to it. The Kagi Corporation wrote about this in their manifesto. In reality, giving your data to open AI is just as unsafe as typing in a personal search query into Google or Bing. But by changing the context, it feels like you're talking to a friend or a person you met at a bus stop.

AI Bros always say "it's just a tool" as a sort of thought terminating cliche (note: this wasn't intended to be a dig at your comment). Guns are a tool too. I wouldn't want the richest corporations in the United States to personally own the most powerful missile systems, and in terms of AI, that's kind of where we are.

Which privacy services would you donate to?

Due to financial problems, throughout my privacy journey I have only used free tools to enhance my privacy. I was recently thinking about the question: If I had the money to give back to the services I've used, which ones would I donate to? Here is my personal list, which is still a WIP:...

LWD ,

I would encourage people to withhold donations from Mozilla. They have plenty of money rolling in, and in the past year they used it to overpay their CEO disproportionately, and to buy an AdTech company with private data that they sell.

https://en.wikipedia.org/wiki/Mitchell_Baker#Negative_salary-performance_correlation

https://www.fakespot.com/privacy-policy (search "personal information is sold")

LWD ,

I don't think Mozilla should be deprived of money, and Firefox (or a lightly modified fork like Librewolf) is and probably always will be my default browser... But they're getting plenty of money from elsewhere, so they probably don't need ours.

LWD ,

I want Mozilla to make a browser that preserves privacy. They keep making it worse. And I don't see how giving them money is helping them improve.

And my comment won't cost them any money either, as @Matt pointed out:

Plus donations to Mozilla cannot even be used for Firefox development due to the structure of the foundation and corporation.

LWD ,

Vaultwarden is a great piece of self hosted server software, which meshes with Bitwarden software perfectly. And for people who can't self host, IMO Bitwarden gives you more than enough bang for your buck with their own hosting plans.

It's one of the few examples of software being open source and ethically making money regardless. (For comparison, Standard Notes has tried pretty hard to make sure non-paying users have an inferior experience even if they self-host literally everything.)

LWD ,

Yeah, the value of buying a hosted service should be the fact you don't have to worry about hosting it yourself. Not a tiny piece of Javascript that was grabbed from a third party developer anyway.

I can see what they're trying to do, but the experience leaves a really bad taste in my mouth.

LWD ,

Between the hardware Rob sells, the software he's written (a social network that uses some very rudimentary end to end encryption... Which only runs on the server) and the Odysee URL all would have made me reach the same conclusion about his advice that the people who watched the video are saying:

No thanks, yeah

Android Microphone Snooping (lemmy.world)

So I had a verbal conversation with a coworker yesterday and now I'm getting fed very specific ads. No possible way it's accidental. I have most of the microphone access to apps limited, I have Google assistant turned off and no VPA setup in my home. I use a Oneplus 9 pro, does anyone have recommendations on how to further root...

LWD ,

I didn't know there was a such thing as FUTO Voice Input. It's really good. Shame the "Open" nature of Google Android was rejected by Google Keyboard and other Google things...

LWD ,

This only works up to a point, and that's a little concerning IMO. It'll be true for longer than, say, cellphones, but no car lasts forever and at some point they could be prohibitively expensive.

LWD , (edited )

You can put your phone in a Faraday bag.

How am I going to do that to my car :(

LWD ,

Too late

LWD ,

"Espionage" - Ed Snowden leaking PRISM docs
"Paranoia" - reading about it on Wikipedia

LWD ,

Why are taxes evil, I like roads

LWD ,

You're right, I mentioned it because it seemed like a good counterexample to your reasoning.

... Apparently you agree?

LWD ,

What did Edward Snowden do, if not technically espionage? Some other crime?

Sometimes, it's good to do crimes. The more oppressive the government, generally speaking, then more good things might get turned into crimes. Criticism of the government. Protest. Etc.

LWD ,

I think some people missed the joke

LWD ,

I don't like Julian Assange, but I think that if he were found guilty of his crimes of espionage, that he has already served out more than a proportional sentence in exile.

LWD ,

"Connect none" is right there, though.

But I kinda glossed over it the first time I saw it.

Usually two opposing buttons will be next to each other, not be one on top of the other, won't they?

LWD ,

That gray text right above the buttons suggests there there won't really be any negative impact, despite their desperate pleas right above it. I don't know, if this was me, I would definitely click Reject All and then see how messed up the resulting website ended up for me.

The psychological profiling that went into making equivalently styled Accept and Reject buttons look different to a reader is almost certainly intentional, though. Reminds me of the Redact app and how they would show you a crying kitten if you didn't share using their (previously free, now expensive) app on your Twitter profile.

LWD ,

Large language model training is based on more than one model at a time, if that's the right term for it. One of them is the amalgam of answers from the internet (just imagine feeding Reddit into a Markov bot). The other is handcrafted responses by the corporation that runs the robot, which allow it to create (for lack of a better term) "politically correct" responses that will do everything from keeping things g-rated, remaining civil, preventing suggesting acts of terrorism, and protecting the good name of the corporation itself from being questioned.

Both of these models run on your question at the same time.

LWD ,

So by "different system prompts", you mean Microsoft injects something more akin to their own modifiers into the prompt before passing it over to OpenAI?

(The same way somebody might modify their own prompt, "explain metaphysics" with their own modifiers like "in the tone of a redneck"?)

I assumed OpenAI could slot in extra training data as a whole extra component, but that also makes sense to me... And would probably require less effort.

Any LLM chat bot or image generator that is open source, privacy based and doesn't need an account or app to use it ?

I found one but after a limit you cannot use it anymore without making an account now i can surpass it by using different ip but the conversation wouldn't go in a flow and it will get tiresome fast so if anyone know one which meets these criteria do comment ....

LWD ,

https://duckduckgo.com/

LWD ,

> privacy community
> "give me free LLM"
> gets free LLMs
> "I'm not concerned with privacy"

Then depart

LWD , (edited )

I've learned something from the other people here and I don't even want an LLM. There was even some degree of handholding here, despite you being in the privacy community but apparently not caring about privacy.

LWD ,

It's pretty multifaceted. I've got a half dozen on-device blocklists enabled, along with some app-specific filters.

Due to some Android quirk I've also been unable to use their DNS

LWD , (edited )

I don't mind SimpleX. I use it myself, sometimes. But it is also currently a very obscure service, and it's not exactly easy to find people to communicate with. Phone numbers, and now usernames, provide a jumping-off point for that.

How do you find people on SimpleX and then make sure you're talking to them in a group later on? Right now, that's really hard.

And right now, SimpleX is pretty small, so if it starts expanding in that first area, how would it prevent spam?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •