“I want you to rebuild everything around my nerds”.

Where my nerds at!?

Users voting on whether a segment is good or bad. I always give a thumbs up to the segments that were well-defined and a thumbs-down to segments that cut off half a sentence unnecessarily etc.

Most people will tell you that it’s been made obsolete now since (1) it doesn’t use behavioural analysis to detect trackers anymore, it just uses a pre-defined list of trackers to block (2) browsers (especially firefox) now have built-in tracker blocking (3) ublock origin blocks trackers by default anyway.

I don’t think it hurts to still use it, just as a belt and braces approach, but I suppose it’s possible it makes your browser fingerprint more unique.

It’s water-resistant.

thanks, unlucky Rich

It could also be a Vignere cipher

Joined 5 hours ago

Who are you? Even a known and respected cryptographer would not release a tool with such confidence. First you need to request testing and code review before you announce to people that it is a “secure, anonymous file-sharing platform.”

This is not a community for sharing your personal programming projects for feedback. If you post here, there will be non-technical users who don’t know how to evaluate the security of tools and won’t understand they are taking a huge risk by using your unknown alpha release project.

They front a huge percentage of the internet, so you can pretty much guarantee that all of the three-letter agencies have their fingers in Cloudflare’s infrastructure, whether they cooperate willingly or not.

If you care about your privacy you should avoid these kind of infrastructure monopolies, since they are such a juicy target.

I haven’t tried it myself but I’ve seen other people say that when they go back to an old Facebook account, Facebook will require a scan of their ID in order to log in. They can be a real removed about letting people log in to accounts that have been inactive for a long time.

I once had an issue logging in to Google where they wanted to verify me some way that I couldn’t complete. I eventually got around it by going through the “Forgot Password” workflow instead of logging in normally. I have no idea if this still works or whether it will make things worse for you, but if all else fails it might be worth a try.

You need to put yourself in the shoes of a non-technical person who doesn’t know how to evaluate the relative security of all the tools that are out there available to them. If you are posting your pre-alpha untested software with a title like “Anti-forensic and secure messenger” then there are many people who will read that and think that it’s on an equal footing as the other tools they have heard of. The vast majority of people are not software engineers, and even fewer are cryptographers.

this project is still in heavy development so without it getting professional security audit i wouldn’t recommend using it for sensitive stuff.

You’ve got to lead with this.

Well a professional security audit would be at the top of the requirements for an established product that has a userbase and some kind of funding, but as a solo developer the least you can do before releasing your software to the world is to have at least one other person who has some experience in security look it over - that’s what I was asking.

If you can tell people that your software is secure and “anti-forensic” (!) then you must be pretty confident in your understanding of security systems to release that without even a single code review by a peer.

Anti-forensic and secure? Those are bold claims. If you’re the only person working on the project, have you at least had someone else look at the code to find any obvious security vulnerabilities?

tcpdump that shit

Signal explicitly doesn’t allow its files to be uploaded to iCloud. You practically will be fine using it on iOS. Unless you are in China which has its own iCloud/Apple servers, or the UK where Apple disabled advanced data protection.

What difference does ADP make if your Signal chats are never stored in iCloud? Are they stored in cloud backups?

If you can reproduce it that reliably, I would be interested in hearing the results of an experiment where you have a clean phone and install just one of your apps at a time to see exactly which apps are spying on you. We all have our suspicions about which are definitely doing this, but it’s hard to know for sure without a proper controlled test.

To test if your phone is listening to your conversations, start by openly discussing a unique topic that you’ve never searched for or discussed previously

… then see if it appears in your ads. Saved you a click.

special CSS styling so you can’t avoid seeing it

you can’t set your client to plain-text only?

In regards to all the answers in this thread, consider: If you’re not paying for it with money, then what are you paying for it with?

The most private DNS is a recursive resolver.

What ISP do you use that makes you trust Cloudflare more than your ISP? You must really be between a rock and a hard place.

The author only mentions homomorphic encryption in a footnote:

Notes:

(A quick note: some will suggest that Apple should use fully-homomorphic encryption [FHE] for this calculation, so the private data can remain encrypted. This is theoretically possible, but unlikely to be practical. The best FHE schemes we have today really only work for evaluating very tiny ML models, of the sort that would be practical to run on a weak client device. While schemes will get better and hardware will too, I suspect this barrier will exist for a long time to come.)

And yet Apple claims to be using homomorphic encryption to provide their “private server” AI compute:

Combining Machine Learning and Homomorphic Encryption in the Apple Ecosystem

Presumably the author doubts Apple’s implementation but for some reason has written a whole blog post about AI and encryption and hasn’t mentioned why Apple’s homomorphic encryption system doesn’t work.

I’d be quite interested to know what exactly is the weakness in their implementation. I imagine Apple and everyone who uses their services would be interested to know too. So why not mention it at all?

It sounds like what he was really doing was managing the relationship with upstream, and from the tone that the Arkenfox developer takes, it sounds like it was a relationship that needed managing.

After the drama around the privacy guides website(s) and the people who maintain them fighting for control, I cannot trust them.

People who seek to control something because it gives them power over a narrative should not be trusted.

This breach is worse than just a website’s database being leaked. These are info-stealer malware logs. Meaning that you had malware on one of your devices that recorded you typing your credentials into websites and then the logs of that malware were publicly leaked.

Before changing all of your passwords (and setting up a password manager if you don’t already use one) you need to identify which of your devices was compromised and wipe it.

If you change all your passwords from the compromised device then the malware will just record all of your new passwords.

blog post of the guy getting fucked by people polling his bucket due to an open source project typo

Was it this one?: https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

How do people end up finding them? Don’t they have random UUIDs in the URL? Or are they predictable?

QubesOS can be built from source code but none of the linux distros can.

lol what?

Is this concern trolling?

Yes sorry, I didn’t realize that until I posted it and saw all of the “cross-posted to:” links. It’s the first time it’s posted to this community though, and I think it’s an important topic.

Pretty sure this was described exactly in Snow Crash (Neal Stephenson, 1992).

1/r^2

Why not post your blogs to a fediverse platform? Do they need to be on a separate hosted system? You’ll probably get more people reading and engaging with your posts if you are just posting to a Mastodon instance rather than hosting on a separate web platform and hoping that people stumble across it.

the folder Music>Pictures (the regular Pictures folder… for some reason that’s where it is) is open in explorer.

This sounds like the kind of thing that might happen if you have some kind of automatic sync set up, like when you plug your phone in and it automatically copies photos, or perhaps a cloud service that’s syncing photos?

I can’t go back to a phone where I can’t re-lock my bootloader after installing a custom ROM

Is this something that only certain models of phone are capable of doing? Or is it a new Android/hardware feature that only new phones have?

Is it too long to post the article text on Lemmy? There’s some irony in posting a privacy article and putting it behind a URL-shortener.

This is a /c/Privacy thread about mobile keyboards, my guy.

Luckily, Steam has a convenient way of moving games to your Linux partition.

How do you do this? Thanks.

I’m just providing the comment for additional context.

Top comment on this video is the following:

Upon further reading and listening, I blame the source article and not Louis Rossmann.

These people had :

Returned from partisan fighting with the Kurds against ISIS

Had stuff to make explosives

Firearms and ammo

Were reportedly seen by surveillance to be practicing making explosives

And this article makes it seem like they were arrested for using encryption. They are turning a footnote into a title.

This is not a internet privacy scandal, this is a anti-far-left law enforcement overreaction scandal

The link for this post is https://piped.video/watch?v=1q1hjmwLqe4