• 6 Posts
  • 39 Comments
Joined 1Y ago
cake
Cake day: Jul 02, 2023

help-circle
rss


PiHole might be a different story than your local device, I think that one might be affected.


I think it doesn’t, though I’m not really a network guy.


You can always set up a MITM on your network. But yeah, DNS filtering is doomed in the not so far future.


Yeah, I thought I implied that, but that was the reason SNI started - IPv4 is a scarce resource and thus expensive and the only way to host multiple https websites was having multiple IPs (not necessarily multiple servers, you can easily have multiple IPs for one server, you just had to bind one IP per host), which was adding to the costs quite a bit and hobby projects couldn’t really afford it (well, they could, but not many people are spending hundreds of dollars for a hobby website).


It’s happening as part of the handshake. Probably not completely what it’s about, but it was the first that came to my mind.

Edit: It has to happen before the encryption is established, because otherwise the server doesn’t know which certificate to use, because it doesn’t know which host is the client requesting. There’s also ESNI (encrypted SNI) to solve this but I’m not sure on how many servers actually deploy it.


It is kinda big, previously you had to send the host unencrypted to support SNI which in turn was needed to support https for multiple sites per one IP address, which was needed because we lack IP addresses. So there were basically two options: compromise privacy a tiny bit (by sending host unencrypted), or make it impossible for most websites to have any privacy at all (by making it impossible to have a https certificate).

Now you can have the best of both worlds. Granted, you need to have DoH (which still isn’t the default on most systems AFAIK), but it’s still a step in the right direction.


You joke, but I’m 100% sure it has happened at least once before.


It has a free tier, for 12 months you can run one t3.micro for free. That’s more than enough for a single user VPN. Afterwards it costs like $9 a month for on-demand instances (in the EU, it’s cheaper in the US), at that point you can either switch to reserved instances (which brings the cost down to around $3 or create a new AWS account to enjoy the free tier again.


That really depends on who’s at power currently. I’m pretty sure almost everyone agrees with you, it’s just that people disagree on what’s considered harmful to society.

There are people who think saying two men can kiss and love each other is harmful.


TL;DR > Google’s ‘ad auctions’ face a privacy challenge in the Netherlands. Google has been accused of intrusive online surveillance by more than 82,000 people who have signed up to a class action lawsuit against the tech giant in the Netherlands. > Adobe starts paying out stock contributors for helping train AI. To train Firefly, its generative AI model, the company only uses content that it has rights to through its stock image platform Adobe Stock or that is in the public domain. Adobe has now started to make good on its promise to compensate Adobe Stock creators who may lose out from the widespread adoption of AI. > UK backs down on encryption-breaking plan. The plan was to compel service providers, including messengers, to scan encrypted chats for child porn. Although the British government promised not to force companies to use unproven technology to snoop on users, it may try to enforce the so-called “spy clause” in the future if better and more secure (in the government’s eyes) technology emerges. > WhatsApp denies it will have ads. The Financial Times has reported that WhatsApp is considering inserting ads into lists of conversations with contacts in a bid to increase its revenue. A rebuttal from WhatsApp head Will Cathcart followed. “This @FT story is false. We aren’t doing this.” Still, the FT stood by their story, claiming that before it was published they had reached out to WhatsApp, and they had not denied such conversations could have taken place. Citing sources within WhatsApp, the FT then reported that another option that was being discussed is to introduce a paid ad-free version of WhatsApp. > X unveils verification system based on govt. ID. X, formerly Twitter, has begun offering its paid subscribers a new way of verification. Now, they can upload their government-issued IDs along with their selfie, and get an “ID verified” label on their profile along with “prioritized support.”
fedilink

Huh, I don’t see any popup there. Probably blocked by my adblocker.


Google is locking down certificates in Android 14 which absolutely cannot be changed even by devs

Hopefully Firefox adds an easy way to add a certificate. They had it already, never understood why they removed it.

Google has put into place infrastructure to lock apps down as well with its App Bundles to replace APKs

I don’t think they can replace APKs with AABs as the only solution - EU wants them to have support for alternative stores. In theory they could do separate Android for EU and the rest of the world, but I don’t think they will.


The article is AdGuard centric but it sheds light on the whole process where Google suddenly decided to ban ad blockers.
fedilink

Well, Stadia is dead. To be fair, I’m surprised they even included such a tool in the first place, from Google I would’ve expected to just kinda let it die.


Google is taking down the tool for switching the mode of the controller.


Just a FYI: Humble’s stance on sharing keys is that they might cancel them if they find out.


It meets it quite well, still didn’t include it because of rule they made on-the-fly.



Desktop app never lost connection for me. How do you even manage to do that?

And what’s unintuitive there? You just click a name and chat, not sure how much more intuitive it can be.


Sure, the privacy focused company is literally the same as the one who wants to mine everything about you so much that their latest product can’t even go live in EU.


Sounds like bullshit. I’m a millennial and most people I know know shit about computers. Even those who use them every day only know how to do the few things they need to do and that’s it.

So I don’t think gen Z is any worse in that, most people suck, regardless of generation, with computers and that’s it.




I recommend Heroic Games Launcher for GOG games, it’s much nicer to use, IMO.


Any source on the claims?



I know it's not exactly hot news, but I entirely missed the article, so here you go.
fedilink


As usual with questions in title, the answer is no. ~~But IMO it's a flawed comparison because no-one is going around and picking sponsored segments by hand and disabling them. So compared to other automatic tool, I'd say it works fine.~~ Edit: I have been enlightened in the comments that indeed there are such projects.
fedilink

89% according to the tool, but should be 100%. The tool itself says it can’t detect it in some cases. I manually checked the 16 domains it flagged aa unfiltered and neither of them worked.




I’ve been using Anonaddy for three or so years (even made one small contribution to the documentation) and can really recommend it.


Apple is one of the companies you should be masking your email from.


What are Imagination GPUs exactly? Their website seems confusing. Can it be a replacement for Nvidia/AMD top GPUs? Or more for Intel? Or is it an entirely different thing?


The craziest coincidence, everyone I’ve asked was assigned the same age at birth. Small world.


I’ve been using it for close to a year because I can’t link Signal to my desktop using QR code, Molly allows to provide the link directly and thus I use it. Everything works great.



The web app, if you install it to your homescreen, it looks pretty much like an app, I have some screenshots with step by step instructions that I plan to add to the web app when I have time, but for now, here they are:

Step 1 of installing the web app to homescreen by pressing the share icon in Safari

Step 2 of installing the web app to homescreen by tapping on Add to homescreen

Final step of installing the web app to homescreen by confirming the pop-up dialog


Baby Journal - Open source app for tracking baby activities
A while ago I made an app for tracking baby activities because I became a parent and was horrified at how many permissions the existing apps required and how much tracking they contained. Both the app and the server are open source. This is a web-app which also has an Android version in the Play Store (F-Droid didn't accept it because they don't feel like web-apps should be welcome in their store). On iPhones it can be installed as a PWA to the home screen. Features: - No tracking whatsoever - End-to-end encrypted, no personal information is stored on the server unencrypted - Track baby's feeding, diaper changes, breast pumping and sleeping (more to come) Links: - https://baby-journal.app - the PWA itself - https://play.google.com/store/apps/details?id=app.baby_journal.twa - the Play Store Android wrapper - https://github.com/RikudouSage/BabyJournalApi - the server source code - https://github.com/RikudouSage/BabyJournalUi - the PWA source code
fedilink

It hasn’t been their motto for quite some time. They knew why they removed it.


Well, banks don’t sort it out very fast and they definitely won’t solve it fast if it happens to a large percentage of their clients.


Until there’s a massive leak of credit card data from a single incident, nothing will change.