This looks like it was a timing analysis attack. Basically, they’re trying to figure out which user did something specific. They match the timing of the event with the traffic from the user, and now they know which user did the thing.

It can be fuzzed by streaming something at the same time, because now your traffic is way harder to time analyze when you have a semi-constant stream of data running. But streaming something over Tor is an exercise in patience, (and it’s not something the typical user will just always have running in the background) so timing analysis attacks are gaining popularity.

I have had major issues with exFAT across a variety of platforms. But I also work with a bunch of niche gear. But my point is simply that being widely compatible isn’t the same as being fully compatible. And OP was asking for the best way to reach the widest compatibility. That calls for FAT32, even if it has issues with things like file size.

This was my immediate thought as well. Portable launchers for the various OS’es on a tiny (just large enough to store the launchers) FAT32 partition, then a large FAT32 partition (the majority of the drive) encrypted by VeraCrypt. As long as it can read FAT32 and run VeraCrypt, it’ll be compatible. And that covers Windows, Linux, Raspberry Pi, and Mac ecosystems. It’s not as simple as just plugging it in and getting a password prompt, but it’s going to be the most compatible while still allowing for (nearly) the entire drive to be encrypted.

Yeah, it’s currently 101° outside, with zero cloud cover and 50% humidity. Walking a mile to the gym would require approximately six gallons of Gatorade, just to replace the water and electrolytes I’d lose along the way.

Their argument towards fair use wasn’t ignored. It was inapplicable.

It’s ridiculous to assume that an organization whose main purpose is data archival would knowingly and blatantly ignore copyright law

Except that’s exactly what they did. They knowingly and blatantly violated copyright law. They had a system in place to ensure fair use compliance. They intentionally disabled that system, in violation of fair use, to allow unlimited free downloads of the books they had archived.

IA’s entire argument was basically “but we’re a library” and totally missed the part where even public libraries need to comply with copyright law. Even with ebooks, they can’t simply distribute an unlimited number of copies; They have licensing agreements in place, for a specific number of specific ebooks to be checked out at any one time. And they have to use time-locked DRM to ensure compliance, by automatically revoking users’ reading ability when their check-out time is up. IA did precisely none of that.

Yeah, pretty much everyone who understands copyright agreed that this was the dumbest idea imaginable. But IA stupidly proceeded anyways, and now they’re finding out that the long studded dildo of justice rarely arrives lubed.

I love IA. I use it all the time. But this was just a blatantly stupid move. No amount of crying about it is going to change the fact that they seriously fucked up and angered the most well-established copyright holders in the world.

Sadly, many ASUS routers use Broadcom chipsets, which has major compatibility issues with openwrt. Notably, Broadcom has refused to allow open source drivers, and OpenWRT only uses open source. So installing any kind of OpenWRT on a Broadcom router will effectively cripple it, because even basic functions like WiFi will be unavailable due to the lack of drivers.

Unfortunately, lots of ASUS routers (especially the “gamer” oriented ones) use Broadcom chipsets. Broadcom support is severely lacking, (because Broadcom has refused to allow open source drivers) so in many cases switching to openwrt will severely cripple the router. Even basic shit like WiFi will stop working, because there isn’t a WiFi driver available.

That depends on how the product is marketed. If the product has any of those disabled features on the box and doesn’t outright say you need to send them telemetry data to use it, then you could argue that you bought it for that feature and can’t use it.

For instance, maybe I want to use the VPN feature, so I bought a router that supports that. And now I’m locked out of that feature unless I agree to a miles long privacy policy and sharing my telemetry data.

Plus, the lack of security updates is, at best, extremely concerning. The firewall’s primary function is to act as a first line of defense against attacks coming in via WAN. They have locked those security updates behind the telemetry sharing, and therefore it can’t even be used as a proper firewall.

Good point but most people do have a good networking background.

Relevant xkcd

I know the target demographic for a privacy community will likely have a good networking background. But “most” is likely an overstatement. I think most people don’t even know what a router does, much less how to configure one.

Because of inertia. There are entire industries that were built around Twitter. For years, it was an incredible networking opportunity that you were missing out on if you weren’t active. For example, many artists used twitter for discoverability; They could post their art on Twitter, and it would get much broader reach than on other social networks.

This is why substitutes like Mastodon have struggled to take off, and it’s why even the early adopters still crosspost everything to both twitter and Mastodon. Mastodon simply doesn’t have the user base required to have that same kind of discoverability. It would need to reach a critical mass level where it’s able to sustain itself without twitter. And it’s unfortunately not there.

Whether it will ever reach that point is up for debate; The same way Reddit’s scummy practices were a huge boon for lemmy, only time will tell if the same will happen to twitter. The issue is that the vast majority of users simply don’t care about a negative experience on the site. Sure, there are vocal critics, but those are often the minority who are extremely incensed and will be the most likely to change. But once those critics have fled, the vast majority still remains on twitter and now there aren’t any critics pushing for change.

You should, but it specifically doesn’t work for YouTube. PiHole works by blocking DNS requests to known ad servers. But YouTube hosts their own ads on the same servers that host the videos. So if your pihole blocks the ads, it also blocks the videos you’re trying to watch.

Yup. There’s a cause-and-effect chain that the anti-car crowd likes to ignore. The reality is that we need widely available alternative transport before restricting cars. If you start by restricting cars, all you’re doing is making it impossible for struggling people to get and keep a job. And that’s not good for anyone.

Give us cities that are walkable, with no point less than a 10 minute walk away from a train station.

Give us trains that are affordable and run regularly, not $10 per ride and only run every 45-60 minutes.

Give us actual separated sidewalks and prioritized pedestrian traffic, instead of roads without sidewalks and intersections that make pedestrians wait 2-4 cycles before giving them a crossing signal. Give us busses that actually run on time and run regularly.

Give us public transport that doesn’t shut down at 2AM, when all of the drunks are leaving the bars and are pushed into driving home because there is no public transport available after the bars close.

My daily commute by car is 13 minutes. Via public transport, it is nearly three hours. Without a car, I need to go 20 miles north to a connecting city, wait roughly hour for the next train, then go 20 miles south to get near my work. Then it’s another 20-30 minutes of waiting for the bus (if it’s even running on time) for another 5 miles. Or I can just fucking drive the 10 miles and be there in 13 minutes. No, I can’t walk because it’s nearly all highway driving and there are no sidewalks. No, I can’t ride a bike because no bikes are allowed on the highway.

Fix public transport. Make it usable. And then start restricting cars. If my commute was a 13 minute drive or a 15 minute train ride, I’d pick the train ride every time. But it’s not.

Worth noting that there is a strong correlation between neurodivergence and falsely getting flagged for using AI. Apparently AI sounds autistic, so lots of autistic kids were getting flagged for AI use even when they wrote it themselves.

But if it helps, even ChatGPT has had to admit that AI detection is inaccurate and schools shouldn’t be relying on them.

It was never supposed to be confidential. That need arose as a direct result of using it as an ID. If the SSA was the only organization using the number, (as originally intended,) then it wouldn’t need to be kept confidential.

But when the SSA gave every single person a unique number, other organizations went “hmm this sure would be convenient for differentiating individuals with similar names and DOBs.” So other organizations started using it for identification, and suddenly you needed to keep the number secret because anyone with your number could ID themselves as you.

The SSA needs to publish a public database of every single name, DOB, and SSN. Force organizations to figure out a new system of identification, instead of relying on an insecure and outdated system.

The SSA should just set a time limit, (let’s say 3 years,) and then publish a database of every single name, DOB, and SSN. Force the banks to figure out a new system of identification, by making the current system useless.

The current system is already insecure; SSNs were never intended to be secure. So why has the SSA tolerated this for so long? Just make the “in three years we’ll publish this live database for anyone to search” announcement, so banks are forced to develop a better system. It gives them the time to work on a new system, eliminates the need to keep SSNs secret, and the SSA can keep operating as normal.

Your point was that it’s scolding users for using a VPN. It’s explicitly not doing that. Yes, they’re actively working against VPN usage, but your original statement was still incorrect.

It doesn’t actually mention VPNs at all. It simply says you were blocked due to a network policy, and offers potential solutions ranging from “try logging in” to “if you’re doing fucky things with your user agent, maybe try not doing fucky things with your user agent.”

Then Reddit’s notice should say that instead of scolding sbout VPNs.

It-… Uhh… It does say that. It’s literally the second sentence in the body of the notice, and even has a link to create an account. Did you even read past the title?

You can still use the site via VPN if you’re logged in. Which is really the entire point. They don’t actually care if you’re using a VPN; It’s just another method to force people to make an account, so the “active accounts” number looks good to shareholders.

Hotels are often cheaper in destination areas, and you get the convenience of fucking room service. In a lot of destination areas, home ownership has rapidly declined in favor of permanent AirBnB rentals. Because why charge $3000 in rent per month to a tenant, when you can charge $350 per night and have AirBnB guests for 20 nights a month?

But it also means Airbnb has landlords getting even more greedy. Cleaning fees are often used as a way to directly increase the rental cost. Requirements for guests are increasingly restrictive. And the nightly rent is often so exorbitant that you can literally get a hotel and room service for cheaper.

I’d suggest a simpler setup of Firefox, uBlock Origin, and a container extension to keep Facebook isolated from your regular browsing. Facebook Fences is a decent one, which also blocks the “Share on Facebook” buttons (which have embedded trackers) on sites.

Unfortunately if you want to use the marketplace, you will need to make an account. Some people have suggested a fake account, and there may be some merit to that. But in reality, Facebook does so much tracking across the web that they’ll already have a phantom account for you. Basically, they track traffic across the web (with their various share buttons, like counters, etc,) and will build a phantom account for you based on your browsing habits.

Then when you make your account, (regardless of whether or not it’s a real name or email,) they’ll simply link that phantom account to your created account. So even when you first make an account, they already have a really good idea of who you are based on your traffic patterns. Hell, they probably even know right away that it’s a fake account.

Using a privacy oriented browser is great, but it ironically makes you easy to fingerprint when signing into accounts, because very few people are cruising around the web with librewolf as their daily driver.

Take the opportunity to switch to a password manager, which will allow for unique passwords.

Yup, ZippoApps just bought this one. It’s a company that basically buys apps then pumps them full of invasive (bordering on spyware) bloat to capture the data from existing users. It’s a typical corporate strategy, where they buy a popular app, extract every single cent they can from it, then discard it once it’s a shell of its former self, for the next popular app.

The most noisy devices on my network are my smart TVs. The last time I bothered to look, it wasn’t even close to comparable.

My phone is my most used device. It had something in the ballpark of 800 blocked requests in a day, after an entire day of doomscrolling and heavy use. It was the third most blocked device on my network, behind both of my smart TVs. The “better” TV had ~2400 blocked requests in that same day. The worse one had nearly 3000.

I hadn’t even used my TVs that day.

Crypto mining would be symmetrical up/down though. This is only a small amount of data downloaded, and a huge amount uploaded. That looks more like a botnet attack, where an attacker hacked the machine and pointed it at a target, then just left it to run.

Exactly. The only reason I still have analog controls in my 10 year old car is because it’s a Toyota; Toyota is infamous for lagging behind other auto manufacturers, because they prize reliability over function. So they’ll only add something to a vehicle once they’re sure it’ll survive a decade of regular use. Back in the 2010’s, they were still refusing to add integrated head units with massive screens, because they weren’t fully time-tested yet. But if you get a current Toyota, you’ll find that enough time has passed for them to have integrated head units.

Well… No. Head units are pretty much integrated units nowadays. That transition started back in the 2000’s, and pretty much any car after like 2012-2015 is going to have a fully integrated head unit. Unless the FOSS unit is custom made for the car, replacing the head unit would severely impact the car’s functionality. It’s not as easy as just wiring a power and audio cable in, and it hasn’t been for about a decade.

Ironically, I don’t even think that was the reason for making integrated head units. I think auto manufacturers realized that touch screens and PCBs were cheaper to mass produce and install. Analog control systems fell out of favor because they require a team of techs sitting on a manufacturing line wiring them together. But a PCB and touch screen can just be plugged in and screwed in by a single tech.

I think it also has a little bit of shock factor. Everyone expects Google to be spying on you, so nobody is surprised when a report is released about a Google Home speaker being bad for privacy. When you’re buying the speaker, you’re making an active choice to trade privacy for convenience.

But the average person probably doesn’t expect that from their vehicle. I think lots of people are shocked to find out how much info their car has been collecting about them. Especially since cars aren’t usually considered a luxury in the US. To make the same comparison, a smart speaker is a luxury. You can opt out of the data collection by refusing to purchase one. You can do without it. But in most of the US, a car is a necessity, and this means that you can’t opt out of the data collection because you need a car to survive.