DNSSEC always causes errors on my pihole set up and end up disabling it. The upstream is DoH though (via dnscrypt) so it’s technically DNSSEC but without the clients seeing the authentication. That’s enough for me.

At some point, I fully expect apps and websites to begin resolving DNS directly instead of relying on the OS to provide resolution services. At that point our options will be to wholesale block IP addresses at the router.

There is a point of diminishing returns. Like most things, you have to evaluate what you are willing to live with and let go.

I know someone who only browses incognito because they don’t want cookies tracking them. They log into everything every day. Which, imo, is worse because those cookies are still tracking you but you now have to log in everyday.

But for them they like the control.

I’ve moved most of my incidental link on my phone clicking to Firefox Focus (thanks to URL Checker) which has upped my privacy. I wouldn’t have made that change without the prompt that URL Checker provides though.

I use a VPN outside of my house and I use pihole at home. I am tempted to switch my DNS to unbound but the juice doesn’t seem to be worth the squeeze. We’ll see the next time I need to rebuild my pi.

Signal is a messenger service. You can expire messages after a certain amount of time.

They ask for a phone number to limit bots. I used my Google voice number and it worked fine. I like Telegram which banned me after a day of use for using Google Voice.

Messages are e2e encrypted. Metadata is not encrypted.

Edit: I feel the need to qualify this statement. Metadata about your connection may be encrypted at rest but is decryptable given that signal is released metadata to authorities with a warrant/subpoena.

Yeah but it’s a corporation. They get more rights than us humans.

I wish PGP was easier to use. The barrier to entry is way too high for everyday use.

Here’s my response to this line of thinking:

“Would you be okay if I fucked your spouse/partner/etc? No? Why not? You’re already having sex with them. What’s the difference?”

Consent. That’s the difference.

In my early days of Linux, I royally fucked up a USB thumb drive (back when they were expensive) using dd and as a result do not trust myself with it.

I would use Hannah Montana Linux if it was the only GUI option to burn a USB ISO.

While yes adding your birth year to your username is common (but terrible OpSec), adding 88 or HH or other Nazi symbolism is also common among their community. Especially in an open setting.

It serves as a shibboleth for the alt-right that you are one of them.

Doing the Lord’s work right here. I absolutely cannot stand screenshots of desktop apps.

Mobile screenshots will be readable on both mobile and desktop.

But desktop screenshots are only readable on desktop.

I say something similar when people say, “But your phone tracks you! Why are you worried about [privacy issue here]?”

“Well, I’m just going to go to your place and fuck your wife. Why are you worried? You’re already fucking her. What’s the difference?”

Consent. Consent is the difference.

You could secure it using an IAM user with credentials but then those credentials would be available on all vehicles.

If the vehicles had direct access to S3, maybe that’s why the bucket was public? But you could also just leave it available to the public.

But if that was the design, you should sweep the bucket on a regular basis to make sure there aren’t any objects over x hours old or something like that.

Bucket names are often committed to GitHub. It used to be that bucket names could be published but ever since the blog post of the guy getting fucked by people polling his bucket due to an open source project typo made others realize that bucket names should probably be secrets.

There are bots that will just monitor all public commits to github, gitlab, etc. for AWS credentials and other strings like that. And as soon as they are found they will start to abuse them.

The default for net new buckets is actually very strict.

But it’s that strictness that makes devs just to open it up to everyone and not learn proper IAM syntax.

The unfortunate part is that AWS made rules and privileges so nuanced and detailed that it makes people want to make everything public and deal with it “later”.

When Meta acquired GIPHY

TIL…

The trick that the Government has learned is that it’s easier and cheaper to buy your location data from a third party.

No warrant necessarily since the data is available to anyone who wants to buy it.

Oh this 100% is the government backdoor that they’ve been begging for. “If you can innovate your way into it, you can innovate a way out of it.”

That was in regards to Apple phones belonging to Boston bombers being encrypted and locked.

It’s no surprise that behind closed doors, the government asked these companies to create backdoors for them to spy on people.

Part of the problem is that the government is all for this, especially law enforcement.

Iirc the bar is much lower to get a subpoena for data on someone versus getting a warrant for that same person.

This is why privacy is so important. It’s not just ads you need to worry about.

I thought audacity was purchased by some Venture Capital bros and was being enshittified.

Or am I remembering something else? Didn’t they put some sort of tracker or something in their code, causing a fork?

Pornhub.

They have the technology and many of the features in place.

Damn then you got lucky.

Fwiw your domain registrar has to hold the domain I believe for 90 days or something before it can be resold.

Differentiators? The idea behind the tor browser specifically is to make it harder to fingerprint you by giving trackers the exact same information for each browser session across all its users, making it harder to differentiate between one user and another.

It might depend on the VPN provider. If it’s someone like Google, no way.

But Mullivad that has a proven track record of not keeping logs, that might be worth it.

I’ve also heard tor over i2p but don’t know enough about the latter to have an opinion

The government is cagey about how, exactly, this criminal activity was unearthed, noting only that Herrera “tried to access a link containing apparent CSAM.” Presumably, this “apparent” CSAM was a government honeypot file or web-based redirect that logged the IP address and any other relevant information of anyone who clicked on it.

It looks like a combination of bad opsec and clicking on a download link.

I know there has been some back and forth whether it’s good to use a VPN with tor and feel like this is just going to open up that conversation again.

You need a line break between your paragraph and your list.

Depending on the car you might be able to physically disable telemetry. Here are some thoughts/ideas I’ve been collecting:

• Hit “SOS” button and opt-out of all services through customer service. This of course requires trusting the company to actually do it.
  • It’s possible that the info could be stored locally and then uploaded when it gets serviced though
• Remove the fuse to the modem/data communication module (DCM)
• Disconnect wiring to the LTE antennas
• A number of people have mentioned that they can get the dealer to disconnect the telemetry as a precondition to buying. For instance, here.
• Jump the data communication module (DCM) cable with a ~$70 dongle to bypass just the telematics components
• Disconnect the DCM cable, which will likely gimp the infotainment if not other systems, or remove the entire DCM unit