• 6 Posts
  • 147 Comments
Joined 6Y ago
cake
Cake day: Apr 17, 2019

help-circle
rss

Even with a dumb phone, they have

  • Your identity, IE real name and address.
  • Location history
  • Contacts (since you’re forced to use SMS)
  • Message history in plain text

So I don’t doubt that they’re at least aggregating message history and selling data/trends about certain topics to advertisers and anyone who will buy it.

Plus if they know that your most contacted person is also texting/searching about certain things, they can safely sell that also and present ads to you based on their interests.


100% agree. Browsers don’t need to, and shouldn’t be reporting all Javascript attributes that make us unique, especially things like canvas.

You can test this out here, but nowadays its rare for any out of the box browser to be anonymous.

https://www.amiunique.org/fingerprint


“Authoritarianism” is usually just coded language to demonize anti-colonial countries. It’s almost never used to refer to the “civilized” capitalist metropoles like the US and Europe, who have done their best to strangle every country that dares to exist outside their orbit.


Which country? Plenty of countries have at least a nominal right to privacy, but it doesn’t end up meaning much when US companies own your country’s communications platforms.


Snowden doesn’t even think the NSA is evil:

The lesson of 2013 is not that the NSA is evil. It’s that the path is dangerous. The network path is something that we need to help users get across safely. Our job as technologists, our job as engineers, our job as anybody who cares about the internet in any way, who has any kind of personal or commercial involvement is literally to armor the user, to protect the user and to make it that they can get from one end of the path to the other safely without interference,” he told an auditorium filled with the world’s foremost computer and network engineers at a 2015 meeting of the Internet Engineering Task Force in Prague.

He reaffirmed his view a year later at Fusion’s 2016 Real Future Fair in Oakland, California. “If you want to build a better future, you’re going to have to do it yourself. Politics will take us only so far and if history is any guide, they are the least reliable means of achieving the effective change.… They’re not gonna jump up and protect your rights,” he said. “Technology works differently than law. Technology knows no jurisdiction.”


Snowden is a brave guy in some ways, but even in spite of his leaks, he’s remained a naive US-supremacist libertarian, who evangangelizes tech over political action, defends the OTF, silicon valley, and US-DoD funded crypto tools and privacy apps.

The lesson of 2013 is not that the NSA is evil. It’s that the path is dangerous. The network path is something that we need to help users get across safely. Our job as technologists, our job as engineers, our job as anybody who cares about the internet in any way, who has any kind of personal or commercial involvement is literally to armor the user, to protect the user and to make it that they can get from one end of the path to the other safely without interference,” he told an auditorium filled with the world’s foremost computer and network engineers at a 2015 meeting of the Internet Engineering Task Force in Prague. He reaffirmed his view a year later at Fusion’s 2016 Real Future Fair in Oakland, California. “If you want to build a better future, you’re going to have to do it yourself. Politics will take us only so far and if history is any guide, they are the least reliable means of achieving the effective change.… They’re not gonna jump up and protect your rights,” he said. “Technology works differently than law. Technology knows no jurisdiction.”


I do this too, keepassdx form filling works really well on android.


Same. It’s so hard to get ppl to switche



  1. With a long enough passphrase, your keepass db is uncrackable by any current tech.
  2. If you have 50 accounts using the same password, if any one of those websites get hacked, they now have access to every other account.

dev here, glad you like!


Not just lemmy, but every fediverse platform can and should be trying to do better than centralized social media when it comes to mentally harmful / addictive patterns in our apps. I’ve tried to do some things to minimize addiction, but there’s a lot more we could be doing.

If you were to rank the things about lemmy that are most addictive, what would they be? Then we can think of ways to minimize or subvert them, where feasible.

IMO infinite scrolling, seeing the same things over again, and wanting to check like your own content likes / dislikes, are the worst offenders.


And signal, considering its a centralized US company that has your phone number.


I’d really love an open-source WYSIWYG for android, but I’m stuck with obsidian currently.



Matrix, xmpp, simplex. Do not use Signal or any service with centralized servers hosted in a 5 eyes country.


Chinese company uses servers located in China. More news at 11.


Lemmy has nothing in its code that blocks VPNs. Unfortunately a lot of instances use cloudflare and other man-in-the-middle services that do block VPNs.


Syncthing, its a self-run dropbox. Apps for every platform.

Then you can use whatever editors on any device you like. Markor is a good open source one for android.


I don’t doubt it. Those NSLs would have returned zero information from Signal because, as Signal has repeatedly demonstrated, and I have repeatedly stated, they don’t have any information to share.

Part of the stipulation of NSL’s, is that its illegal to disclose that you’ve been issued one. You are gagged, and you can’t even criticize that gagging publicly, or you will face criminal charges. You can read more about that here: https://www.eff.org/issues/national-security-letters

Not my name, email, birthdate, nothing.

Your phone number is already linked to all that info. I, even as a private person, could type in your phone number right now and get all that information about you in seconds. So you can stop saying “my phone number doesn’t have that information”, because it 100% does. And signal stores it as their primary identifier.

Again, if you really believe what you’re saying, you’ll give me your phone number, and the phone numbers of your friends. If this is a secure identifier, that contains none of the information above, then why not? Put up or shut up.


They still require a phone number to sign up, and its a US domiciled company (5-eyes country), so its inherently unsafe. The obama administration issued an average of 60 national security letters every single day of his administration.

If your answer is “I don’t think signal is giving my phone number to the US government”, then why do you have to “trust” signal to not do that? Actually private chat apps don’t ask for identifying information like phone numbers, then say “trust us”, like apple or something.


Lets use your favorite privacy app to communicate. Give me your phone number.


That doesn’t make much sense. With a single piece of info, your phone number, I can learn hundreds of things about you. It’s one of the most linkable identifiers out there.

Every chat platform has some sort of unique identifier, other than SimpleX.

Of course, which is why its super-important that the id not be linked to your real identity.

Here’s a test: I’ll give you my matrix id, and you give me your phone number. Deal?


zero information connected to your phone number.

A phone number is tied to your real identity in most countries, especially the US. This is why phone number leaks are so dangerous, I can probably find your current and past addresses, friends, family, social media, all with just your phone number.



I don’t know enough about grapeneOS to comment on it.

Any signal app forks still have to use signals main servers, so they still got your phone number and identity.

Matrix was originally funded by an Israeli company until it spun off, but unlike signal, it’s entirely open source, self-hostable, and can be run in a private manner. Phone numbers and identifiers are not required, so even if you connect to a malicious server, the most they get is your matrix id, and things you’ve explicitly leaked about your identity.

The most we could say is that specific servers are compromised, but its also possible to host it outside a five-eyes country, unlike signal.


What’s funny is this is pretty out in the open, and ppl don’t realize it. When Yasha Levine criticized signal, the president of Radio Free Asia (a US government propaganda org), sent this out, openly pushing Signal to european internet freedom communities:

Our primary interest is to make sure the extended OTF network and the Internet Freedom community are not spooked by the [Yasha Levine’s] article (no pun intended). Fortunately all the major players in the community are together in Valencia this week - and report out from there indicates they remain comfortable with OTF/RFA.

And I remember you mentioned before, Meredith Whittaker, president of the Signal Foundation, holds interviews with US defense-department think tanks.



I wrote a longer one here: https://dessalines.github.io/essays/why_not_signal.html

The short version is, that it’s a centralized, US hosted service. All of those are subject to National Security Letters, and so are inherently compromised. Even if we accept that the message content is secure, then signal’s reliance on phone numbers (and in the US, a phone number is connected to your real identity and even current address), means that the US government has social connection graphs: everyone who uses signal, who they talk to, and when.


  • He couldn’t possibly know they’d go for that.
  • Grifters don’t always think things like this through.
  • A surprising # of people would probably willingly take the death penalty to get 15 minutes of fame, especially for an action as popular as this was.

I personally don’t think he did it. He could easily be a grifter trying to take credit for a very popular act. There’s no shortage of those. All you’d need to do:

  • Walk into a public place with a bag of somewhat incriminating items, but nothing that’s linked to the actual crime scene.
  • Arouse enough suspicion to get the cops called on you. Being a white guy with black hair and a hoodie is not enough for someone to call the cops on you, I have no idea why people believe that was enough for a McD’s employee to call the cops.
  • Claim credit for the shooting to the cops.
  • Bonus points - Have a social media history praising similar actions.

The altoona cops then forwarded this to the NYPD, who were desperate to pin this on someone, after they messed up and let the shooter slip through their fingers. Out of the all the tips, this was the best one they’d gotten so far, so they’re running with it now.

This also explains why Luigi’s taking credit for some, but not all of the claims the police made (especially about the money he was supposedly carrying).


Your word against theirs, and they can easily say they saw something suspicious. That’s how it works with every stop and search.



At least in most US cities, it’s also illegal to sleep in your car. You’re pry fine in the netherlands.


I read through the whole list, and monero was the only decent privacy recomendation I could find. Everything else was US-hosted. A lot of it was just recommendations from Apple and Google on “privacy” services they offer.

No mention of syncthing, matrix, xmpp, even with sections dedicated to those categories.


Yes, I believe all the messages are in plain text, and it’s up to the server not to log it.

It is possible to e2ee the message content yourself tho.

Edit: it looks like ntfy.sh specifically keeps messages cached in memory for a few hours befor discarding them. https://docs.ntfy.sh/config/


One feature that genuinely is cool that keeps getting better (at least on lots of android models) : battery life and charging speed.

My OnePlus 12r has a 2 day battery life, and can charge from 0-50% in like 10 minutes.

Its so good that I use the 80% max charge setting to preserve the battery for a few extra years.

At this rate I could totally see a future where we can fully charge phones by plugging them in for less than a minute.


I really wanted this, but couldn’t find anything than worked well. I ended up using tasks.org, an open source todo list that has great calendar functionality and syncing, and moved all my calendar events to it.



That rabbit hole goes very deep, but I’m not knowledgeable enough to speak on it. It could very well be a crypto AG style honey-pot, or already cracked tech, that we might not know about for years to come.


Question for those knowledgeable about alternative web protocols (gopher, gemini, etc): Would it be
We all know how awful most modern websites are in terms of bloat, javascript and tracking. Not only that, but designing and maintaining web-browsers has become such a gigantic undertaking (almost the size of an operating system), that only a few companies have the resources to do it (google and mozilla, and mozilla might not hold on for much longer). These alternative protocols offer a minimal set of features, and are trying to get back to what the web should've been: static content with images, text, and links, with local applications filling the void for anything more complicated than that. Lets say I wanted a privacy-friendly way to view a page on a news site. I could: - Copy the URL of the page - Open some tool, (or website, anything), paste that url. - It converts the content in the url to the necessary privacy-friendly alternative format, and I can view it with my gopher/gemini browser (or even maybe a markdown viewer). I know there are a few html -> markdown converters that can do the last step. Does anyone know if this would work?
fedilink





Reddit just added a default on “presence” indicator. You have to go into settings to turn it off.
[thread on /r/privacy](https://www.reddit.com/r/privacy/comments/lx1s8y/reddit_now_shows_if_you_are_online_by_default/)
fedilink