Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Syn_Attck

@Syn_Attck@lemmy.today

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Syn_Attck ,

Gonna assume South Korea (angry kpop fan noises) or maybe Saskatchewan.

Syn_Attck ,

There are many things you can do with JavaScript, and tor can only protect against so many without completely breaking many sites. Set your slider all the way to maximum and it will no longer detect windows, but it will very likely also no longer run.

Syn_Attck , (edited )

Tor browser from the arch repos is not stock torbrowser. Add repos for torproject/guardian project/whatever it's called now, or use the torproject.org installer.

Syn_Attck ,

I believe that is the case, if you inspected the HTTP headers and found if to show Linux instead of Windows. my last experience with that would have been years ago. Arch does like to compile things from source instead of using binary blobs, and compilers and configs can undo a lot of the work the torproject has done to combat fingerprinting, which is why it's recommended to run the pre-built binary and install no plugins. However it's important to note that it ALSO gives you a unique JavaScript fingerprint every time, when tools use as much information as possible to generate a fingerprint, because it generates new information on every reload. That's why OPSEC is important and for can't help you if you use it wrong. If you login to 2 different unlinked sites in the same session, and you don't want them to be linked, too bad now they're linked via JS fingerprinting. JavaScript is more or less a programming language within the browser, and you'll never escape JavaScript fingerprinting. Which is why it's important to learn how to use tor properly, and leave JS disabled as much as you can.

One thing you can do with your arch build is use the fingerprinting tool to see how unique you are, then get a new identity, then go back and do it again. Does it now say you're one of 2 people who have used the tool, or does it show you're (again) unique? If the latter, then it's working (at least enough) properly.

Syn_Attck ,

Thanks for the correction.

Syn_Attck ,

They make it a whole lot harder, asking for photos of ID and selfies and bank statements directly from your bank, etc.

Amazon specifically. Unsure about other sites.

Paedophiles create nude AI images of children to extort from them, says charity | Internet safety | The Guardian (www.theguardian.com)

Internet Watch Foundation has found a manual on dark web encouraging criminals to use software tools that remove clothing. The manipulated image could then be used against the child to blackmail them into sending more graphic content, the IWF said.

Syn_Attck ,

you never had any dark thoughts? Never did anything bad?

Yes, you might not be doing this particular bad thing.

You: Yeah sure, but I never did this particular bad thing.

Welcome to the species, bud. We're all a little mad here.

Syn_Attck ,

Every wild dog will chase and eat prey and their own poop, and attack any dog that challenges them or their pack.

Every wild cat will chase and catch their prey, and then play with it while keeping it alive for a while until it ultimately dies.

Humans are basically dogs or cats that have 1000's of societal incentives not to chase and play with prey, drilled into most of us from the beginning, but everyone still has that innate ability that will come out under the right circumstances. If civilization ended today, who you think you are, and what you think you are not capable of today, ends today.

Syn_Attck ,

He's not being cloak and dagger. He's an old guy (double spacer spotted) who works in the military or private sector under NDA and can't talk about it.

Or he's LARPing. But the double spaces make me believe him.

Syn_Attck ,

A not-so-secret dirty little secret is that many of the reputation management agencies also own many of the public records websites that publish mug shots, court records, and so on. When you hire them to remove that information from the internet it puts you into a cycle of being removed from one or two of their website and added to something else.
You end up in a never-ending game of whack-a-mole. Complete with monthly fees.

It's much better to go through the list of data brokers manually and submit your information twice a year, if you have the time. Like doing taxes, but for privacy.

Syn_Attck ,

New features get released into the developer preview. It's basically beta test windows. It's what the tech sites watch to see what new features/etc have been added/removed/changed. Usually they end up making it into the release builds, but sometimes they end up not doing it, or the change doesn't apply to certain regions.

Syn_Attck ,

Source: his arse?

Even then, in his arse, they'd have to prove the person locked it.

But what's worse, getting a tampering with evidence charge, or giving them everything?

Still would like to see his source.

Syn_Attck ,

That's not completely true. In most states if they are knocking down your door with a search warrant and you flush a kilo of heroin down the toilet, you're getting an evidence tampering charge that will hold up in court.

Syn_Attck ,

There's a whole lot of caselaw surrounding this, and they will get someone to destroy the pipes to find out when they were flushed (their word goes, good luck finding someone impartial to say that wasn't what happened). I wish court cases were built on 1's and 0's like computer code but that's just not the way the world works.

https://www.augustachronicle.com/story/news/2011/05/27/evidence-recovery-can-be-dirty-job-police/14540952007/

Syn_Attck ,

Once this bill passes, there is absolutely nothing stopping the NSA from doing an IP lookup on this comment/my account, and putting me into a "potential domestic terrorist - watch closer" list. A list that will eventually be used later, for some reason or another, so let's just hope we never get an authoritarian in the White House with stacked courts! That could never happen here, could it?

P.S. If you live in the US, just part of your connection going to another country (be it a CDN or server hosted in Canada, or US server gets overwhelmed and switches to Canada) - full content logs for you.

Cointelegraph is (was at least?) a reputable source for national security news. It's mainly for OSINT and national security interested folks who know better than to do the majority of their research on a smartphone, so it may not be great on mobile, I don't know.

Snowden chose Russia because the other option was life as a political prisoner without a chance at a fair trial. Egotist, sure, but at least we know what we know now. Can you imagine how fucked we'd be if he never leaked them?

And regardless of the source, (site or person quoted), what he's saying is absolutely true. The NSA is about to be able to gather ALL mass communications and look at them whenever, without a warrant which was the only safeguard before.

I'm legitimately about to throw my tech into a fucking dumpster and get a dumbphone and a smartphone with all hardware removed besides what's required by Briar.

Most will read this and think I'm being overly paranoid. When I talked about the FVEY (now 14EYES) surveillance dragnet before the Snowdon leaks, everyone thought the same.

https://lemmy.today/pictrs/image/3729ed0b-95b9-4b6f-af04-47dcfd7879ef.jpeg

Since some people are having issues with the site, here it is from the ACLU:

https://www.aclu.org/press-releases/congress-passing-bill-that-massively-expands-the-governments-power-to-spy-on-americans-without-a-warrant

ACLU Statement on Congress Passing Bill that Massively Expands the Government’s Power to Spy on Americans Without a Warrant

This bill would reauthorize Section 702 surveillance for two more years without any of the necessary reforms to protect Americans’ civil liberties

WASHINGTON — The House of Representatives passed a bill today that will reauthorize Section 702 of the Foreign Intelligence Surveillance Act for two years, expand the federal government’s power to secretly spy on Americans without a warrant, and create a new form of “extreme vetting” of people traveling to the United States.

When the government wants to obtain Americans’ private information, the Fourth Amendment requires it to go to court and obtain a warrant. The government has claimed that the purpose of Section 702 is to allow the government to warrantlessly surveil non-U.S. citizens abroad for foreign intelligence purposes, even as Americans’ communications are routinely swept up. In recent years, the law has morphed into a domestic surveillance tool, with FBI agents using Section 702 databases to conduct millions of invasive searches for Americans’ communications — including those of protestersracial justice activists, 19,000 donors to a congressional campaign, journalists, and even members of Congress — without a warrant.

“Despite what some members would like the public to believe, Section 702 has been abused under presidents from both political parties and it has been used to unlawfully surveil the communications of Americans across the political spectrum,” said Kia Hamadanchy, senior policy counsel at the American Civil Liberties Union. “By expanding the government’s surveillance powers without adding a warrant requirement that would protect Americans, the House has voted to allow the intelligence agencies to violate the civil rights and liberties of Americans for years to come. The Senate must add a warrant requirement and rein in this out-of-control government spying.”

In the last year alone, the FBI conducted over 200,000 warrantless “backdoor” searches of Americans’ communications. The standard for conducting these backdoor searches is so low that, without any clear connection to national security or foreign intelligence, an FBI agent can type in an American’s name, email address, or phone number, and pull up whatever communications the FBI’s Section 702 surveillance has collected over the past five years.

The House passed all the amendments to expand this invasive surveillance that were pushed by leaders of the House Permanent Select Committee on Intelligence (HPSCI), the committee closest to the intelligence agencies asking for this power. The bipartisan amendment that would have required the government to obtain a warrant before searching Section 702 data for Americans’ communications failed 212-212.

Syn_Attck ,

They don't. They actively work with them to bypass all legal anti-mass-surveillance frameworks in place.

If you think you're safe from the global internet surveillance dragnet just because you don't live in the US, then boy do I have some news for you.

Syn_Attck ,

Another day, another database.

Syn_Attck ,

They can, but before (we learned from the Snowden docs) they had to have a legal reason and request a warrant if it was an American citizen, unless there was imminent harm. Now they don't require that warrant.

Syn_Attck ,

They're saying don't read the manual that tells you how things work, just copypasta sudo command lists from some random blog like a normal person.

Syn_Attck ,

Signal is a great example of this but I don't think you'll find any ways to do it non-VoIP.

Syn_Attck ,

Is hCAPTCHA not acceptable? There are other privacy-respecting CAPTCHA solutions available as well.

Syn_Attck ,

Um, why does it matter? He matured and changed. It's a positive attribute, not a negative one.

Syn_Attck ,

I see. Textual communication has a pesky habit of not conveying tone unless you intentionally craft it to. It bugs me that there are so many people who negatively judge someone for decades-old attitudes and worldviews, when positive change should be commended.

Not you, since your comment was in jest, but I question the motives of those think that way unironically.

Syn_Attck ,

I manage a large network and ads are blocked at the edge of the network.

You must MITM all traffic and do some magic with stripping/injecting JavaScript then? Because every time I've tried with pihole, its just threads and threads of people saying its not possible with DNS blocking because the ads are served from the video servers.

Syn_Attck ,

Not to mention getting her kids put on a list before they're born.

https://lemmy.today/pictrs/image/d003d651-beff-43ac-8968-adac8d8e3ea3.webm

Syn_Attck ,

https://lemmy.today/pictrs/image/20b10b08-eaf1-4084-b58e-ba2aeb0302c0.webm

https://lemmy.today/pictrs/image/7ad9939a-da3c-474f-9026-d3a370edf428.png

https://lemmy.today/pictrs/image/196dc7dc-7623-43c8-be2e-5d68d3f8d422.png

memories

Syn_Attck ,

If everyone gets busted all at once (2022-2024 market takedowns is as close to that as it could come IMO) then everyone immediately stops using tor and starts using i2p or freenet or whatever system they may not have broken yet. That's baaahd for business, said the wolf in sheep's clothing.

Although they did run a cp site for months before shutting it down, so they're clearly not opposed to the long-game, especially if it involves national security (it does.)

Syn_Attck ,

What I'm talking about wrt tor is traffic shaping or node DoS leading to a Sybil attack. When the (state)actor has the ability to drop all packets from you to NON attacker-controlled guard nodes, and then once you're connected to a dirty guard, drop all connections to non-controlled relay and exit nodes, it's done. There's also an ongoing DoS attack that is able to make any guard/entry/relay/exit use 100% CPU making them unusable and it's been going on for months now. You can see it on the tor forums (relay-operators) and someone posted about it in more detail on the monero subreddit the other day.

Syn_Attck ,

It's not even a matter of gaining control of nodes, they can simply blackhole your access to good nodes so you end up with nodes controlled by them. Easy but loud, although it seems to be what's going on in a number of cases, and not many people are talking about it. Tor used to alert you to this, but now it's quietly tucked away into a log file. There are other vulnerabilities present in tor and the tor project devs don't seem particularly interested in them, with the DoS attacks requiring the community itself to step in with hacky solutions. I'm of the mind (never would have found myself saying this) that the tor project at large is compromised.

Monero is currently being hit by a (likely) black marble attack which is why it's so slow. They're basically flooding transactions (1/3 to 2/3 of all transactions able to be processed at any given time) so that the anonymity that makes monero work is severely degraded. Whether it breaks past transactions remains to be seen, but it absolutely weakens the anonymity of transactions done during (possibly shortly before and after) the attacks.

Syn_Attck ,

referrer, meet referer.

probably the easiest way to spot someone that's spent a decent amount of time messing with HTTP/1.x headers.

Syn_Attck ,

ok

Syn_Attck , (edited )

Friendly reminder that Bluetooth has a larger network stack than Wi-Fi. Much more code, much larger available attack base. There have been many numerous Bluetooth vulnerabilities that allow remote code execution or theft of files.

This is truly becoming a surveillance state, in no way that can be debated. That want to be able to access everyone's innermost thoughts (texts, notes, recordings, calendars, contacts, photos, you get it) without any chance of someone being able to protect against it.

Reminder that Google was the 2nd or 3rd company to commit to NSA's PRISM program of feeding American's data for future analysis.

Syn_Attck ,

Find a good girl that doesn't mind. Mine doesn't care at all, she has her interests and I have mine. I'll sit there and listen to her 5 minute lectures on makeup and perfumes, and every once in a while I'll tell her about a vulnerability or something cool I found, and I know she's paying as much attention as I do about makeup, but at least I can understand the basics of makeup without years of experimentation and learning.

True, it makes it harder to stay secure when people around you don't care or don't know how, but its still possible. Just have to set some solid boundaries sometimes.

Syn_Attck ,

This comes right on the heels of a bill to ban Kaspersky antivirus, which may simply be an interesting coincidence.

As unfortunate as it is, because Kaspersky is IMO the best AV for power users including detection for every type of attack under the sun (if you enable and configure it in the settings, you can set applications on a per-permission basis, so only apps that need network access, or user directory access, or system file access, or registry access can use it, and it can alert you to any changes or ask for permission.

Anyone else have recommendations for power users? Ideally I'd like to have access to a security network service that allows me to get scores for known hashes, while being able to disallow submission of unknown executables on my own machine for their service. I don't want all my custom programs to be sent and distributed.

Syn_Attck ,

Mass centralization. Old school forums like phpBB and SMF and vBulletin and new-school forums like self-hosted discourse are also centralized, but by one small user calling the shots, and it's very clear immediately which forums are well-run. If a forum isn't well-run with a good community, a 'competitor' will quickly pop up that is, and people will go to it. Sure, you have to have some tech skills but there are easy guides for all of it. Discourse is a simple docker image and it's the best for features and engagement IMO.

Sure you have to sorry about DDoS attacks and staying patched, but you can use OVH or another host with a large infrastructure that had DDoS resistant servers. Or, god forbid, cloudflare.

Syn_Attck ,

In essence, when the growth rate slows to a certain point, people are dying faster than they're being replaced, and the trend can only continue unless everyone starts having 10 kids.

It's a matter of job replacement. Maybe AI will partly help, or maybe we'll open our borders so immigrants can come end masse and do all the jobs we don't have enough people for, but unless extreme measures are taken once it gets to that point, civilization as we know it will collapse.

I'm by no means pro-forced birth. But birth rate decline is a serious issue.

The U.S. population grew at the slowest pace in history in 2021, according to census data released last week. That news sounds extreme, but it’s on trend. First came 2020, which saw one of the lowest U.S. population-growth rates ever. And now we have 2021 officially setting the all-time record.

U.S. growth didn’t slowly fade away: It slipped, and slipped, and then fell off a cliff. The 2010s were already demographically stagnant; every year from 2011 to 2017, the U.S. grew by only 2 million people. In 2020, the U.S. grew by just 1.1 million. Last year, we added only 393,000 people.

https://www.theatlantic.com/newsletters/archive/2022/03/american-population-growth-rate-slow/629392/

Syn_Attck , (edited )

As long as you either have many tens of millions, or you don't care about electricity, water, food, and you're extremely physically isolated and/or hidden very well and armed to the teeth, it shouldn't affect you much.

For the rest of us it's something to worry about. Infrastructure needs a lot of trained people to operate. Once the train gets going it doesn't stop, and that means as time goes on it gets worse and worse until it reaches a point of stability some X years after collapse. And you won't be able to freely and adaquetely hunt/pick your food if you're anywhere near a city until point X, because everyone else will be doing the same. Also some idiots will be bathing in the only still good stream near you with whatever leftover chemicals they can find.

Your country can open the immigration floodgates and become a country without borders (i.e. become whatever country is currently your neighbor) but that comes with similar problems listed above.

So as you can see, it's not an issue for a small privileged few. For the rest of us, its a big fucking deal. I would encourage you to look into it.

Syn_Attck , (edited )

I also liked this bit:

[Reporter] But again, you think that’s unfair because of who your mom is. Because she suffers. Something about her suffering catalyzed in you the desire to end suffering in other people. Does that make sense?

No, that doesn’t make sense. Unfortunately, not all disease is genetic. There will still be disease and suffering. We are not that much of an optimistic fantasy.

Like she knows it's partly optimistic fantasy that will eventually work if she just keeps it going, but let it slip. E. Holmes thought the same thing... just a little more time and we'll have it.

I'm very glad I found the link to read the full article. She really does come off just like Elizabeth Holmes. When there isn't a viable product to sell, you really have to sell yourself. There are plenty female tech CEOs that stay out of the media, just like the majority don't know the names of most male tech CEOs, besides the few largest.

The way she reacted to the question of "your company is basically using exactly the same style of claimed technology as Theranos" as "Ugh. You're a meanie. Women shouldn't only be slaves!" is really quite telling.

Syn_Attck ,

She knew full well, she was just playing ignorant since she knew it would be printed. better to play dumb while you think of something to say than to give ammunition to your opponents

Syn_Attck ,

I agree that a Phoenix will rise from the ashes, but make no mistake, there will be many ashes, you and I and most of us posting here likely included.

But we are long overdue for a reset. Maybe this time we can just skip the internet infrastructure during rebuild, and develop near-peer networks instead.

Syn_Attck , (edited )

ETA: The 4 billion people in the 80s was still growth. Infrastructure has been scaled up, and it will take a ton of work to scale down - work which we will be hard-pressed to find enough skilled laborers for. Also overpopulation isn't the main driver behind climate change, overconsumption is. We are a society of consumers, we buy convenience, and evil corporations force planned obsolescence on us to make us buy more. Many of us will scoff at high-priced long-lasting items yet still buy a new iPhone every 3 years.

If you reduce the population as fast as its decreasing now, lower than replacement rates, all modern conveniences including infrastructure and faith in the economy are going to take a hit. That includes the internet and hospitals and all internet-dependant companies. Public utilities like trash, shipping - we already saw how many products were discontinued and companies went out if business because of the inability to get parts, over a 6 month (at first) brief shortage of truck drivers, which is still recovering 4 years later. If you think the economy is bad now, wait until faith in the market completely collapses and we have a full-on crash, not just a recession. It's been showing signs for years now, and things aren't improving.

Throw in experienced power plant operators, people that install and maintain pipes and lines, water treatment plants, public transit, the people that make parts for the machines that installs the infrastructure, the vehicles, etc. Everything you can think of will be affected, along with many things most people never think about.

Immigration is a way to slow it down, but almost every country on Earth has falling birth rates at the moment. Immigrants coming from, say, Mexico and Canada to US will only delay the problem, and cause a larger problem for those allied countries we rely so much on.

You can find pros and cons, and it's been a while since I did heavy research into the subject, but my takeaway was that once we reach a certain point, mass deaths will start to occur, especially in population centers. Rural communities won't be affected as much provided they have plenty of weapons and systems for defense, livestock, agriculture and close community. Knowledge will need to be retained - on disease, birth complications, fixing nuts and bolts technology, etc. Authoritarian countries who decide to force birth (whether by force or accommodations - see USSR support and metals for mothers with greater than X number of children) will become a serious threat.

There are many variables and moving parts, but one thing is for certain: there will not be mass population decline without major hurt for everyone.

Anyone know exactly what info Youtube captures from you from its browser version (and by what means)?

I know the prevailing sentiment for a long time in the privacy community has been "DAE Youtube bad?" though I have always thought that it is kinda overblown. Besides, I am using Firefox which is supposed to isolate tabs so they can't speak to each other, so I felt a small amount safer using Youtube....

Syn_Attck ,

No you're not being paranoid its how it works. No browser isolates tabs like you're talking about unless you use containers. Google owns the largest ad company on the internet, so any site that embeds their tracking scripts (most of the Western internet) will send the page you visited to Google, so they know what pages you're going to, and highly likely use that information to inform the YouTube algorithm about you. Even if you have a tracker blocker installed, like unlock Origin, if you use Google they still know which link you clicked and what you searched.

Syn_Attck ,

Hot take: if you have so little free time that the best you can do is phone time, maybe you need to work on priorities or time management.

I get it. I also have shit time management and spend too much free time on my phone, when I could be replacing an hour spent on my phone with an hour at a nearby coffee shop reading a book, or participating in an hour social club once per week.

Syn_Attck ,

not this again.

it's ketchup mfer, 57 varieties of tomatoes!

Syn_Attck ,

Mmm Hollywood Accounting... Misappropriate my residuals harder daddy!! 💦💦💦

Syn_Attck ,

CBaaS

Censorship Bypass as a Service, where your new updates are your [unique user ID].com

Let us manage your bypass for you! Payable in crypto or cash.

Syn_Attck ,

Interesting thumbnail strategy on this ad. It's hard to see it as just a seat. My mind keeps trying to make it into a human palm, so I'm seeing a tiny Polly Pocket tablet and stylus.

Syn_Attck ,

What guarantees do you have that Malus doesn't copy your key to their cloud?

I remember when I used a Samsung Galaxy as by daily driver a couple years back. I enabled full disk encryption and thought okay great, now that's done. I noticed a very small, brief popup on my screen that lasted a few seconds, and it was a notice that my key had been sent to Samsung servers. Apparently you have to disable that option that's hurried deep in the settings somewhere no one would think to look, and change your password again. If I hadn't caught that brief notification at the bottom of the screen (not the normal location for notifications), I'd never have known.

The encryption password is also a max of 15 characters.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • incremental_games
  • meta
  • All magazines
    •