Musician, mechanic, writer, dreamer, techy, green thumb, emigrant, BP2, ADHD, Father, weirdo
https://www.battleforlibraries.com/
#DigitalRightsForLibraries
I’m nor a cash-only convert, but I have some anecdotal evidence for you.
I’ve visited Boston five times in the past thirty years. Every single time I used my debit card at Thanuel Hall for food, my card was later used for fraud. Always caught and never a big inconvenience beyond replacing my card, but still not ideal. I only ever use cash there now.
Online shopping, before the Amazon monopoly on e-commerce, my card would get compromised every few months.
Now I use privacy.com for all transactions that allow it, and its amazing how often those cards are stolen. Thanks to the way the service works, the stolen cards are useless to scammers or thieves, but my declined transaction filter has a few charges declined each month.
My point being that if you want to avoid fraud, and you can do it, cash is king.
Okay, I do recall that our software had a feature that could classify on "DHCP requested options’, but it was low-fidelity, unreliable. Ultimately, the software works best with known devices, and isn’t very good at reliably classing unknowns.
As you say, just the first few seconds of actual traffic from a device is so rich in terms of ID characteristics compared to DHCP.
I used to provide commercial end-user support for a network intelligence product that used as much metadata as possible to help classify endpoints, shuffling them off to the right captive portals for the right segment based on that data.
I can tell you that the things you’re saying are transmitted in a DHCP request/offer are just not. If they were, my job would’ve been a LOT easier. The only information you can count on are a MAC address.
I can’t view that link you shared, but I’ve viewed my share of packet captures diagnosing misidentified endpoints. Not only does a DHCP request/offer not include other metadata, it can’t. There’s no place for OS metrics. Clients just ask for any address, or ask to renew one they think they can use. That only requires a MAC and an IP address.
I suppose DHCP option flags could maybe lead to some kind of data gathering, but that’s usually sent by the server,not the client.
I think, at the end of the day, fighting so that random actors can’t find out who manufactured my WiFi radio just isn’t up there on my list of “worth its” to worry about.
Re: DuckDuckGo:
You can sign-up and manage your aliases from any browser on any OS
But not on the TOR or Mull browsers on Android:
ETA: I use both DDG and SimpleLogin. I recently bumped up against the ten alias limit in SL, but I prefer the ease of creating outgoing aliases in their dashboard vs the DDG method of manually typing with underscores. That said, they both come in handy and I have dozens of DDG aliases that helped me break my dependence on gmail as my single email provider. Never tried Addy.
If you’re unfamiliar with the change being implemented, Google is using every android device to detect every other device and report that location to a central database. You can then go to the Find My Device app or website and your device can be located if it’s been seen by any other device.
There’s no need for the user to access anybody else’s device.
My concern is that my privacy is now being invaded by all the scanning devices in my area, and everybody’s movements are even more transparent for the data brokers.
The email has a link to opt out too.
Here it is for anyone else interested: opt out of the network
I’ve been out of the US since late '22 and they still haven’t cut my data or sent one email about it. I expected to lose it after 90 days. I get a google play services error once in a while about Fi needing it to have all permissions, but I don’t have any problems leaving them off. My next install of lineage I’m going to try no GApps and see if it still works. I know the LOS team say you need it for Fi.
We can already tell you the age, gender, hobbies, kinks, frequently visited spots and how long they stay there, who goes with them and who they meet, what they think about, when they go to sleep, but wouldn’t you also like to know where they are and who they’re near when their devices are offline with Bluetooth on? We can do that now too! Creepy? No! They think it’s so they can [checks notes] find their device even if its offline.
-Google probably
Some AV Processors include a night mode or loudness processing that attempts to normalize the levels. In practice, the levels will lower some, but perhaps not enough to alleviate the problem.
You could try reporting the provider, but it’s likely their legal team would argue the CALM act doesn’t apply to them. Come to think of it, the FCC may not have ever formalized the rules still…
This is classic efficient market hypothesis brain worms, the kind of cognitive dead-end that you arrive at when you conceive of people in purely economic terms, without considering the power relationships between them. It’s a dead end you navigate to if you only think about things as they are today – vast numbers of indebted people who command fewer assets and lower wages than at any time since WWII – and treat this as a “natural” state: “how can these poors expect to be offered more debt unless they agree to have their all-important pocket computers booby-trapped?”
-Cory Doctorow from his blog, unintentionally addressing you
I agree that most websites don’t load without JavaScript, but you don’t need seven or more different domains with java allowed for the main site to work. Most sites have their own, plus six google domains, including tag manager, Facebook, etc. I whitelist the website and leave the analytics and tracking domains off.