Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Synnr

@Synnr@sopuli.xyz

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Synnr , (edited )

Then maybe you're okay.

A number of people can see your IP, people will chime in and add to ane remove from this list:

Can't see it:

  • Random people you personal message with
  • Random people you chat with in rooms

CAN see it:

  • Server admins
  • People you share (send/rcv files with) // this may have been fixed
  • People who send you links and you click them, but this isn't specific to Matrix, it's a tale as old as time.
  • You voice call with someone (may have been fixed)

Some info may be wrong. But having someone's IP in the days of routers and all filtered ports means little, unless you piss off someone who knows some low level customer support person @ your ISP to pay to get your account info. Or you're dealing drugs in which case use TAILS and stop fucking with technologies you don't know the specifics of.

If they knock you offline and you can't access anything at all, unplug your router AND MODEM (most importantly your modem) for an hour. Go touch grass for an hour. Widdle a wee branch. Plus your boxes back in and you'll be bright as new.

@possiblylinux127 this isn't meant to be a dig at you, although last time you didn't care to correct or learn if I recall,but often times you leave out the "if so," "possibly, what and XYZ?'" and it ends up spreading misinformation because you didn't know enough or care enough to type enough.

I love Matrix but we need to be open about what the fish is before skinning it..

https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0

https://blog.erethon.com/blog/2022/07/13/what-a-malicious-matrix-homeserver-admin-can-do/

https://www.reddit.com/r/PrivacyGuides/comments/q7qsty/is_matrix_still_a_metadata_disaster/

Synnr ,

Do a lot of reading. Get a cyber informations systems basics overview on your own self-teaching before you try to understand it all.

Stay away from session and matrix. Signal, Nostr, SimpleX (nvm if you use Apple products) and the like are okay, but they are all hobbyist influencable products besides Signal which gets fat government grants and just happens to use the same encryption standards as all other huge name E2EE tools.

Stuff is fun to learn on, but get a good VPN (debates about.... mullvad, ivpn, cryptostorm seem okay). here's something fun for you and free: https://www.thc.org/segfault/

Synnr ,

Good stuff. Not thought about enough. GPS spoofing random routes also.

Drones trespassing in my property

Idk if anyone had a similar problem before, but I live in EU by the countryside, at first there were only a few but now it happens more and more often to see drones passing over my house, I am sure they are civilian drones because law enforcement has no reason to use them since the area is quiet (and honestly I doubt they would...

Synnr , (edited )

Just to confirm the obvious. Downvotes are expected but OP you should read this.

They are close enough to see that they are quad copters, and they make a buzzing noise, correct?

There have been a lot of UAP flaps where the objects (not quad copter looking) will fly low over the countryside, just above the tree-lines to much higher. They usually make no noise aside from reports of static or screeching or electronic interference.

Unlikely to be the case but if so, report to your countries MUFON type department and get as much evidence (video with sound, drawings, time and date, etc) as you can.

There is something else out there, whether it's military black projects mapping areas or what have you, and it needs to be documented.

If it is for sure quad copter drones, you can get a device to blast the 2.4Ghz spectrum for a short time and make them 'phone home' and the operators will stop flying them over your property once they realize something wrong keeps happening when they do. Legality varies.

Many tutorials available to DIY. You can also buy them pre-built, just more expensive.

Synnr ,

Can any late teen-early 20s armchair philosophers once-over this for me?

I have a theory. Never before on the internet (going on 30 years of it) have I seen so many curses used but not fully spelled out ('f*ck' for example).

I believe the change has to do with social media and specifically short-form video apps (Tiktok, IG Reels, Youtube Shorts) - not all of which I am familiar with, but I know at least YT and I believe TT does as well. When curse words or words like rape and murder are used in text (or 'subtitle' text on screen) the video reach can be penalized in some way. I assume it's similar in comments.

So you have a ton of the younger generation consuming hours each day of censored curse words, and in their mind it becomes just what you're supposed to do, socially. They end up doing it with each other over text, and consequently in comments. I have a younger co-worker who will gladly say "F*ck that dude hes a b*tch" in group chat, and when I asked him why he doesn't just say the words he's using, he said "I just don't like to curse." Which makes no sense to me, as it's the same word and intent.

I know some Lemmy instances will remove words, but generally only 'bitch' and derogatory slur words.

So I hypothesise it's simply unexamined social conditioning, where they see their peers doing it so they do it too, never questioning why.

Synnr ,

That's true, there is the Scunthorpe problem. I guess we're just doing another 20 year cycle like we have for all of civilization. If someone centuries in the future finds this comment chain, please name the solution to your 20 year repeating fractal math problem something like the CockSyn Solution. I want to be like Shadow from American Gods. Or more accurately like Pythagoras with his stealing murder cult.

Synnr ,

I have no idea what this is but I don't like it and you should feel bad.

This is both a primally philosophical and a pointed statement, but I mean the latter.

How to randomly pad files before encryption to prevent file fingerprinting?

Hi, I was planning to encrypt my files with GPG for safety before uploading them to the cloud. However, from what I understand GPG doesn't pad files/do much to prevent file fingerprinting. I was looking around for a way to reliably pad files and encrypt metadata for them but couldn't find anything. Haven't found any...

Synnr ,

GPG/PGP turns takes the file and turns it into random bits that only someone with the private key can unrandomize. There is no file metadata left. There is no nothing left. I believe the sizes are even consistent (0-1024kB files will be the same output size.)

Synnr ,

You can't with privacy.com or other big services, but there are other services that let you either generate a no-KYC reloadable credit card, or buy a prepaid international card that works for almost everything.

Synnr ,

His YouTube shorts (500/day goal) is videos of Elon musk saying things, with the background music alternating between the sigma male tune and the movie clip tune.

Did you see how ELON MUSK OWNED💯 DON LEMON by getting flustered at the question of "half your advertisers have left the platform, if X fails, isn't that on you?" so he told Don he should choose his words carefully because the interview clock only had 5 minutes left? And then Don was OWNED because he rephrased the question?

LMAO. SUCK IT CNN. OWNED!

Synnr ,

Yeah but he's just a temporarily inconvenienced billionaire, the rest of these welfare queens are out here collecting rent and sitting around all day. They don't need the money like he does. As soon as he gets a job, he'll hustle that first billion in no time.

Synnr ,

They started also blocking OLD.reddit.com this week. I made a comment a couple months ago alluding to old.reddit.com still working even though they were blocking tor and known VPNs on www.reddit.com. I'm sure about 10,000 other people figured it out at the same time as me, since it was such a simple bypass, and I'm surprised it took this long to fix.

There are still at least 2 other unpatched ways.

Synnr ,

It's not about anti-censorship (making your VPN traffic look like regular traffic) it's about the IP address at the end of the VPN connection. They have a list of known VPN provider IP ranges and block those. If you run a proxy server or VPN on a your own private VPS for example, then it won't be detected.

Synnr ,

This only works if you don't want the privacy enhancing aspect of advertisers not tying your activity to an IP address.

Beyond more safely using open Wi-Fi or bypassing a censoring ISP, there isn't much reason there.

Synnr ,

Is that better or worse than giving advertisers the data point that you're high-tech knowledgable and browse personal accounts from a server in a datacenter?

Synnr ,

That's true. I'd only use a VPN service that's been audited (either by a security company or, preferably, law enforcement) not to keep logs. There are only a small handful of those however. It really all depends on your needs. There are far more VPN services that do log and sell the data, and/or turn your host device into a proxy for other users/services.

Synnr ,

I think it's being framed wrongly for the narrative by the guy posting the screenshot.

A friend sent me MRI brain scan results

Without more context I have to assume guy was still convinced of his brain tumor, knew a friend who knew and talked about Claude, had said friend run results through Claude and told guy who's brain was scanned that Claude gave a positive result, and friend went to multiple doctors for a second, third, fourth opinion.

In America we have to advocate hard when there is an ongoing, still unsolved issue, and that includes using all tools at your disposal.

Synnr ,

Huh?

We're just curious behind the causation for the tweet. Why won't Apple and Microsoft allow them to update? Is it DRM? Security? Fear?

Synnr ,

See also: NSA PRISM

Member when all the companies listed released a PR statement within 24 hours of each other, all very basic and denied allowing the NSA direct access to their users?

I member.

Synnr ,

You know that ?si= at the end of the YouTube URL that is copied when you share a video from within the YouTube app?

That's an individual tracking ID specific to you. So if you've ever shared a YouTube video on lemmy, reddit, Facebook, tiktok, or anywhere else without removing that code one time, anyone at Google with access to the ID system can now link you to that account with your real name, IP address and time accessed, device name, etc.

Synnr ,

As a google user, what... what am I doing wrong right?

Using a browser instead of the YouTube app?

Unless you're talking about Google links then yes. Amazon too, along with many other services. There's a ClearURLs Firefox add-on to remove them automatically.

But it's insidious with YouTube because people are much more likely to share YouTube videos on a public forum, and they just randomly started doing it one day.

Synnr ,

User asked why they never see &si= on their links on Android. @Synnr said they may be copying the link from the browser, which suggests they don't even have the YouTube app installed, as it 'never happens to them.'

Synnr ,

Me here waiting for the autys to miss the sarcasm and spread some weaponized autism about the most secure ways to chat..
Just no EncroChat or Session, please.

Synnr ,

I didn't agree with their decision at all at the time, but now that I realize they made it a little while after it gained widespread adoption and people stopped using it because "Signal isn't actually secure!" ... seems like people were expecting a secure messenger to be, well, secure. So they would chat about anything and everything thinking "I am using a secure messenger, these messages can't be read..." and tech ignorance is a dangerous thing if you're trying to be secure. I would've preferred a colored window and un-closable message for SMS chats, but oh well. I like that they've introduced usernames so you don't have to give out your real number.

Synnr ,

I automatically read it as private key, good catch

Synnr , (edited )

Session was at first a fork of Signal without usernames.

Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.

Regarding Australia's 2018 bill...

The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.

Regarding the 'vulnerability or cracking them later' bit...

Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.

From Session's own FAQ:

Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.

I wouldn't touch it with a 12ft ladder.

Synnr ,

I posted this down below in a comment thread but I'm afraid it won't be seen and not enough people know about this.

Session was at first a fork of Signal without usernames.

Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.

Regarding Australia's 2018 bill...

The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.

Regarding the 'vulnerability or cracking them later' bit...

Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.

From Session's own FAQ:

Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.

I wouldn't touch it with a 12ft ladder.

Synnr ,

Session does use the Oxen network which is the renamed Lokinet, unless they made a change I'm wholly unaware of.

Synnr ,

You're not wrong. Lokinet and Session are both products from the same parent company. Lokinet was renamed to the Oxen protocol, and they run all the servers AFAIK, so it would be like tor, if tor ran every guard, entry, and exit node. AKA worthless. So you're spot on, it's a joy to the intelligence community and after the Encrochat debacle and Session stopped using Signal's encryption algorithms and code, I would suggest no one use it for anything sensitive.

Linux market share passes 4% for first time (arstechnica.com)

We see the nearly 33-year-old OS’s market share growing 31.3 percent from June 2023, when we last reported on Linux market share, to February. Since June, Linux usage has mostly increased gradually. Overall, there's been a big leap in usage compared to five years ago. In February 2019, Linux was reportedly on 1.58 percent of...

Synnr ,

Year of the Linux Desktop! 1999-2035!

Synnr , (edited )

The Y2K38 Epochalypse bug hit 2 years early due to Microsoft's rushed implementation of Windows Subsystem for Linux under CEO Elon Musk, causing all newer systems running Windows to combust due to a combination of the bug, and a cyberattack on Musk's new chip fab plant in the state of Mexas. The only widespread choices after that are WacOS and Ubuntrue, both parent companies owned by Elon Musk after winning in his presidential prelection in 2026 and removing all antitrust legislation. However there is a hobbyist Unix distribution still being passed around called Briarch that fixed the 2038 problem in 2025 when development started, but you have to be in close proximity to someone with it to get it, which is easy in the country of California but not as easy east of the Nutah border, you really have to trust someone to even ask if they have it.

Synnr ,

I'm not sure where you live, but our XYZ (USPS, Amazon, UPS) drivers almost never knock or ring the bell. FedEx is the only one that does, and they don't come very often. Maybe all the drivers know our house and don't want to hear the dogs. Honestly it's appreciated, I don't care to answer the door without prior notice, doubly so if no one is actually there when I do.

USPS drivers just want to get done for the day and go home, but Amazon (definitely) and UPS (I think) get docked for taking over X time per delivery. If someone comes to the door to talk to you and ask you something, that could really mess with your times.

Synnr ,

Perhaps change 'by' for 'next to' and put an empty weather-resistant container by them? Put it before the bins, so it's the first thing they physically walk to.

Synnr ,

Yup, I wouldn't be knocking either. Thank you for your service. Amazon?

Synnr , (edited )

First sentence of the article:

NSO Group, the maker of one the world’s most sophisticated cyber weapons, has been ordered by a US court to hand its code for Pegasus and other spyware products to WhatsApp as part of the company’s ongoing litigation.

NSO Group has been ordered to hand over the Pegasus malware code that allows them to silently infect phones via WhatsApp, so Meta can fix it. This isn't NSO Group being forced to hand over WhatsApp source code.

There will be at most 5 software developers who have access to the code, on a non-networked machine, surrounded by a group of lawyers the entire time. No one will have the ability to leak the Pegasus code. After that, it will probably be handed to the random mormon-looking plainclothes guy nobody in the room can figure out, who will take it back to the NSA so they can scour it for any non-WhatsApp 0days they don't already have.

It's worth noting that NSO Group is an Israeli company, as are many 'legal' entities of hacking software and hardware used by many nations.

Synnr ,

Exactly this. There's a massive difference between providing a product and laying it all out plainly in the terms of service, and providing a product to remotely hack phones through said service with no prior agreement by the user to be hacked.

How responsive is your Nextcloud?

My Nextcloud has always been sluggish — navigating and interacting isn't snappy/responsive, changing between apps is very slow, loading tasks is horrible, etc. I'm curious what the experience is like for other people. I'd also be curious to know how you have your Nextcloud set up (install method, server hardware, any other...

Synnr ,

That would make sense if the cause is some looping from hanging DNS lookups. Someone should (and likely has) notified the devs about this.

Another possible solution, from https://help.nextcloud.com/t/server-hangs-and-then-is-fine-for-a-bit-then-hangs-again/153917/16

https://sopuli.xyz/pictrs/image/840d78c7-9386-496a-818b-b59c66992c41.webp

Synnr ,

Is docker virtualized or otherwise emulating something? It's just a way to package things, like an installer? Then it's bare metal.

I had to look this up too, I thought docker containers were virtualized.

There's still room for improvement, but Linux gaming has come a long way in a short time. (lemmy.world)

I remember when Proton launched it was like magic playing games like Doom and Nier Automata straight from the Linux Steam client with excellent performance. I do not miss the days of having the Windows version of Steam installed separately.

Synnr ,

That's crazy! When I was last trying to run Linux full time in ~2014, you had WINE and then a commercial version of WINE (not by the WINE devs, but because WINE is licensed the way it is and is open source...) that would run a few more things, but I don't remember what it was called.

So glad to hear it's progressing this quickly and far.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • incremental_games
  • meta
  • All magazines
    •