He/him. Chinese born, Canadian citizen. University student studying environmental science, hobbyist programmer. Marxist-Leninist.
- 23 Posts
- 11 Comments
Joined 5Y ago
Cake day: Oct 03, 2019
https://web.archive.org/web/20230624162729/https://tutanota.com/blog/snowden-leaks-nsa-surveillance-ten-years
How else are they going to track you?
No, seriously. Even if the messages are encrypted, the metadata including your account info and the account info of everyone you talk to are not. In a lot of these cases, they don’t have to have the actual contents of the messages to have a pretty clear picture of what you might be talking about!
With a phone number that’s almost certainly registered to your real identity, it makes it trivial to track what you as a person is doing even without breaking the encryption! An encrypted messenger that requires anything related to your real identity to get an account is security theatre.
For example: if you suddenly start messaging back and fourth with an account, and that account happens to have the same phone number as the one on the business card and website of an out of state abortion clinic worker, and your own phone number’s area code just so happens to fall in a state that banned abortions after Roe v Wade got trashed, it juuuust might imply a few things about you. They can’t definitively prove what the messages were, but if your state criminalizes any and all attempts to get an abortion anywhere, it’s probably enough to get a warrant against you.
Microsoft to introduce chip to cloud “security” with ‘remote attestation’ based on Xbox DRM, deliver
[Mirrored from /r/privacy](https://teddit.net/r/privacy/comments/rwrz0x/microsoft_to_introduce_chip_to_cloud_security/)
Today at CES, Microsoft announced some of the most serious threats to modern computing in the past two decades, with all future CPUs from Ryzen (6000 series), Intel, and Qualcomm to feature 'Microsoft Pluton'.
[What is Microsoft Pluton?](https://blogs.windows.com/windowsexperience/2022/01/04/ces-2022-chip-to-cloud-security-pluton-powered-windows-11-pcs-are-coming/)
1. It is a CPU inside your CPU, that is upgradable by Windows Update (yes, you read that right), and operated by Microsoft.
2. It allows Microsoft and their software partners to 'remotely attest' that you are running 'genuine' and 'trusted' software. The idea is that code running on Microsoft's cloud will be able to remotely take a complete snapshot of your system, and run any validation checks necessary on YOUR hardware and your data. Because it is a 'CPU inside a CPU', you will have no ability to monitor, block, or stop this intrusion.
3. It is developed based on Xbox DRM, which prevents end-users from running their own unsigned software.
4. It is able to access everything you do on your computer, including local files and local programs. This access is remote, and it is monitored through Windows Update.
We have a family Samsung smart TV that is configured to use my Pihole instance as its DNS. When it was first set up, it looked up a blocked Samsung domain every few seconds whenever it was on (this is with ACR tracking "disabled" in the settings). Now it doesn't anymore, but I still get activity from its IP address looking domains for NTP and looking up Samsung domains not blocked by my blocklists, but much less often now. Weirdly, it isn't looking up domains for YouTube anymore despite us watching videos on the included app. Could it have found a way to bypass my DNS server (maybe a hard coded Samsung DNS?)
(The TV is my parents' and they want to keep using the smart features. If it were up to me, it'd be barred from our Wi-Fi by now.)
Presumably so you'll be forced to use their DNS, which lets them know what sites you go to. So thanks for that [Shaw](https://www.shaw.ca/).
Here are all the infographics in the article:
Direct links:
Cloudflare DNS has DoH, but it's Cloudflare so... ew. Is there one that is more privacy respecting and also has DNS over HTTPS?
Lenovo is shipping laptops with Linux, which is a major win for the Linux community because it's a major tier-1 OEM, and I'm personally thinking of getting a Lenovo for my next laptop. But what are the privacy implications of this since Lenovo hasn't had that great of a privacy track record (superfish being a major stain), and being a Chinese company (not that American companies are any better, IMO). Assuming one wipes the default Linux installation and installs their own (though proprietary Lenovo drivers will probably still be required to take full advantage of the hardware), how well does that bode for user privacy and security compared to other OEMs offering full Linux compatibility, like Dell?
I do appreciate Lenovo laptops having a built-in webcam cover though. That really stood out to me when I was playing around with a Lenovo laptop in an electronics store.
I have zero sympathy for Facebook and neither should you.
I found this video and I will admit that the title definitely triggered me when I saw it. However, it talks about how studies and surveys can reveal information about a group of people, and thus if someone knows that you're apart of that given group, they can infer information about you.
I'd move to hear what you all think. Do you agree with him?
**This was originally posted on Reddit /r/privacy, but I saw fit to post it here since these issues seem to apply to privacy-oriented communities as a whole.**
> This sub is about privacy. Every day we get people who are just realizing for the first time just how much of their information is out there beyond their control. They come here looking for help and advice and sometimes to share their successes. Often times they have little or no technical knowledge, let alone an advanced understanding of information security or how to compile their own apps from source, but they want to learn.
>
> So it absolutely fucking pains me when I see gatekeepers shitposting all over newbies. People get downvoted into oblivion for suggesting that it might be difficult for grandma to compile her own Android app instead of installing from the Play store. Comments like "you're a slave if you have a Facebook account" get circle-jerked. Within the past week I've witnessed:
>
> OP: "Where can I find a privacy-respecting news app?"
Redditor: "Ugh, why would you even want an app? That's so stupid."
>
> OP: "I'm so happy, I just deleted my Google data!"
Redditor: "You're cute, you think they actually deleted it? Guess again, moron."
>
> OP: "I'm leaving Gmail. What do you think of ProtonMail?"
Redditor: "Anything less than self-hosted is a waste of time. Why don't you just go back to AOL?"
>
> This attitude does nothing to further privacy. It just makes the redditor look like a jackass gatekeeper. Worse, it makes the community toxic. People come here to learn about privacy. Everyday, regular, not-tech-savvy people. Instead of mocking them for being a "noob", let's welcome them into the fray and help them improve their privacy posture.
>
> Every "noob" we scare off runs back to Google. Report gatekeeping and shitposting when you see it.
Jeez is this why my torrents slowed down to a crawl lately? I’m on Mullvad and wasn’t aware they removed port forwarding, or even really what port forwarding is until now.