Musician, mechanic, writer, dreamer, techy, green thumb, emigrant, BP2, ADHD, Father, weirdo

https://www.battleforlibraries.com/

#DigitalRightsForLibraries

  • 1 Post
  • 39 Comments
Joined 2Y ago
cake
Cake day: Jun 13, 2023

help-circle
rss

I was wrong that it was water-themed. It was “Pacific Drive” which I guess made me think of underwater. I never got a chance to play it, and it’s no longer in my library. I think there was another one, but I can’t remember now. It was a while back that I discovered it.

EDIT: I agree with you 100% about ABZU. Boring after the first five minutes. Also, I don’t see Pacific Drive on the free games list. I need to try to remember the sequence of events. I know I never bought it, because I’ve never bought any games from EGS; all my titles were free ones.


I still have hundreds, but they do disappear like any purely digital asset.


I don’t even remember the name of the game, but it was one that was next to a title I do play often when sorted by “recent” which is based on purchase (or redemption) date. Might have been that underwater exploration title.


I’ve claimed probably 70% of the free games for the past four or five years. I’ve noticed some of the titles disappear. So one catch is, you may not get to keep the free game(s) you grab.




There only problem being that 90% of webpages fail to load properly without JS, not to mention the ones that depend on features that aren’t available LW enhanced protection enabled. Each page I visit, I have to create exceptions or they sit there blank.


I agree that I was confused at first, until I remembered that any of the coalition countries (7 eyes?) has access to anything secret, they share with others that don’t.



We see it over and over. When consequences for malfeasance are barely noticeable compared to profits, there is no incentive to comply with laws. Just pay the tiny fine is our lawyers don’t exhaust them first.


I never told anyone else the URL so no one will find it.

Who wants to tell them about DNS records and web crawlers?


My past employers have said the same, until I showed them they were already using apache, nginx, postgresql, MariaDB, and OpenWRT among other things.

A lot of shops think that using proprietary tools means they can demand fixes for critical vulnerabilities, but in my experience, even proprietary dev teams just reply that the code maintainers are aware and working on a fix.

Apache vuln? Here’s the link to their acknowledgment of that CVE and exactly what modules are affected.

That may show that the flaw is in an unused module, like node.js, but even when it is applicable, they just wait for the code maintainers to address it. They take no responsibility themselves.


that’s why I opened with “I wouldn’t call it writing on the wall.”

Damn; you’re right. My bad. I somehow missed your opener saying exactly the opposite of what you were saying.

Everything you said is true and verifiable, and worth considering when you decide which service to use. It’s a lot of reasons to favor the .onion/tor version of their service to limit what they have access to depending on your privacy stance.


In combination with tracker control, you can see who they connect to and block piecemeal, or simply block their connection completely (you don’t need an app for that, though).


These are useful data for making decisions about using their service, but not exactly indicative of support for a right wing authoritarian leader who lies more in one day than he has hairs on his entire body.

Edit: typo


A new data set obtained from a US data broker reveals for the first time about 40,000 apps from which users‘ data is being traded. The data set was obtained by a journalist from netzpolitik.org as a free preview sample for a paid subscription. It is dated to a single day in the summer of 2024.

Among other things, the data set contains 47 million “Mobile Advertising IDs”, to which 380 million location data from 137 countries are assigned. In addition, the data set contains information on devices, operating systems and telecommunication providers.

Ths investigation is part of an international cooperation by the following media: Bayerischer Rundfunk/ARD (Germany), BNR Nieuwsradio (Netherlands), Dagens Nyheter (Sweden), Le Monde (France), netzpolitik.org (Germany), NRK (Norway), SRF/RTS (Switzerland) and WIRED (USA).

Overview of our findings

  • The approximately 40,000 apps in the new dataset cover a wide range of categories, from gaming, dating and shopping to news and education. They include some of the most popular apps worldwide, with millions of downloads in some cases.
  • For a smaller number of apps, the data set contains alarmingly precise location data. This data can help to identify a person’s place of residence. These apps include the queer dating app Hornet with more than 35 million users; the messaging app Kik with more than 100 million downloads in the Google Play Store alone; Germany’s most popular weather app Wetter Online, which also has more than 100 million downloads in the Google Play Store; and the flight tracking app Flightradar24 with more than 50 million downloads in the Googles Play Store; the app of German news site Focus Online and classifieds apps for German users (Kleinanzeigen) and French users (leboncoin).
  • For a bigger number of apps, less precise locations which appear to have been derived from IP addresses can be found in the data set. This list includes popular apps such as Candy Crush, Grindr, Vinted, Happy Color, dating apps Lovoo and Jaumo, news aggregator Upday, German email apps gmx.de and web.de as well as the popular dutch weather app Buienalarm.
  • Since the sample only covers one day, it is difficult to identify people based on their locations from this data set alone. However, in combination with other data sets from the advertising industry, which the research team obtained from data brokers, it’s possible to identify and track people on a large scale. The location data might for example provide clues to their home and work addresses.
  • Location data aside, the mere information about who uses which apps can already be dangerous. For example the data set includes numerous Muslim and Christian prayer apps, health apps (blood pressure, menstruation trackers) and queer dating apps, which hint at special categories of personal data under GDPR.

Where did the data set come from?

The research team obtained the data set from US data broker Datastream Group, which now uses the name Datasys. The company did not respond to multiple requests for comment.

Contact with the data broker was established through Berlin-based data marketplace Datarade. The company states in response to inquiries that it does not host any data itself. According to a spokesperson „Data providers use Datarade to publish profiles and listings, enabling users to contact them directly“. Datarade „requires data providers to obtain valid consent in case they’re processing personal data and to aggregate or anonymize data in case they’re processing sensitive personal data“.

Where does the data originate?

According to our analysis, the data originates from Real Time Bidding (RTB), which is a process in the online advertising ecosystem. These are auctions in which advertising inventory of apps and websites is sold. In the process, apps and websites send data about their users to hundreds or thousands of companies. These data contains the information that we can see in our dataset. There have already been multiple warnings that advertising companies are collecting the data from RTB in order to sell it – often without the knowledge or explicit consent of the users or their apps.

What the apps say

None of the apps we confronted so far states they had business relations with Datastream Group / Datasys. The apps Hornet and Vinted for example wrote, that they cannot explain how their users‘ data ended up with data brokers. Queer dating app Hornet emphasizes that it does not share actual location data with third parties and announces an investigation. Other companies such as Kik, Wetter Online, Kleinanzeigen, Flightradar, Grindr and King, the company behind the game Candy Crush, did not respond to press inquiries.



You can make your own decisions, but if you just grab any random arguments, you’ll find a reason to doubt everything.

Agreed. Especially if your source is Dessalines. 🙄


Important excerpt:

“Introducing a scanning application on every mobile phone, with its associated infrastructure and management solutions, leads to an extensive and very complex system. Such a complex system grants access to a large number of mobile devices & the personal data thereon. The resulting situation is regarded by AIVD as too large a risk for our digital resilience. (…) Applying detection orders to providers of end-to-end encrypted communications entails too large a security risk for our digital resilience”.


I agree that most websites don’t load without JavaScript, but you don’t need seven or more different domains with java allowed for the main site to work. Most sites have their own, plus six google domains, including tag manager, Facebook, etc. I whitelist the website and leave the analytics and tracking domains off.


Who would of guessed

…would have guessed. You may be thinking of the sound of the contraction, “would’ve,” a joining of would and have that sounds similar to “would of.”


I’m nor a cash-only convert, but I have some anecdotal evidence for you.

I’ve visited Boston five times in the past thirty years. Every single time I used my debit card at Thanuel Hall for food, my card was later used for fraud. Always caught and never a big inconvenience beyond replacing my card, but still not ideal. I only ever use cash there now.

Online shopping, before the Amazon monopoly on e-commerce, my card would get compromised every few months.

Now I use privacy.com for all transactions that allow it, and its amazing how often those cards are stolen. Thanks to the way the service works, the stolen cards are useless to scammers or thieves, but my declined transaction filter has a few charges declined each month.

My point being that if you want to avoid fraud, and you can do it, cash is king.



Okay, I do recall that our software had a feature that could classify on "DHCP requested options’, but it was low-fidelity, unreliable. Ultimately, the software works best with known devices, and isn’t very good at reliably classing unknowns.

As you say, just the first few seconds of actual traffic from a device is so rich in terms of ID characteristics compared to DHCP.


I used to provide commercial end-user support for a network intelligence product that used as much metadata as possible to help classify endpoints, shuffling them off to the right captive portals for the right segment based on that data.

I can tell you that the things you’re saying are transmitted in a DHCP request/offer are just not. If they were, my job would’ve been a LOT easier. The only information you can count on are a MAC address.

I can’t view that link you shared, but I’ve viewed my share of packet captures diagnosing misidentified endpoints. Not only does a DHCP request/offer not include other metadata, it can’t. There’s no place for OS metrics. Clients just ask for any address, or ask to renew one they think they can use. That only requires a MAC and an IP address.

I suppose DHCP option flags could maybe lead to some kind of data gathering, but that’s usually sent by the server,not the client.

I think, at the end of the day, fighting so that random actors can’t find out who manufactured my WiFi radio just isn’t up there on my list of “worth its” to worry about.


I bought a used Pixel 5 in Feb for my daily driver. Replaced my Pixel 3 only because the power button was flaky. They both still run great. By my standards, getting two years out of a phone I paid $150 for is better than getting three years out of a $700 phone.


Re: DuckDuckGo:

You can sign-up and manage your aliases from any browser on any OS

But not on the TOR or Mull browsers on Android:

ETA: I use both DDG and SimpleLogin. I recently bumped up against the ten alias limit in SL, but I prefer the ease of creating outgoing aliases in their dashboard vs the DDG method of manually typing with underscores. That said, they both come in handy and I have dozens of DDG aliases that helped me break my dependence on gmail as my single email provider. Never tried Addy.



If you’re unfamiliar with the change being implemented, Google is using every android device to detect every other device and report that location to a central database. You can then go to the Find My Device app or website and your device can be located if it’s been seen by any other device.

There’s no need for the user to access anybody else’s device.

My concern is that my privacy is now being invaded by all the scanning devices in my area, and everybody’s movements are even more transparent for the data brokers.




The email has a link to opt out too.

Here it is for anyone else interested: opt out of the network


I’ve been expecting Google to kill it like they tend to do with everything people start to like, but it’s been over 7 years already, and still going.

Don’t jinx it!!! 😉

Aurora

I’ll be checking this out tonight; thanks for the tip!


I’ve been out of the US since late '22 and they still haven’t cut my data or sent one email about it. I expected to lose it after 90 days. I get a google play services error once in a while about Fi needing it to have all permissions, but I don’t have any problems leaving them off. My next install of lineage I’m going to try no GApps and see if it still works. I know the LOS team say you need it for Fi.



We can already tell you the age, gender, hobbies, kinks, frequently visited spots and how long they stay there, who goes with them and who they meet, what they think about, when they go to sleep, but wouldn’t you also like to know where they are and who they’re near when their devices are offline with Bluetooth on? We can do that now too! Creepy? No! They think it’s so they can [checks notes] find their device even if its offline.

-Google probably


Quite true. As a Google Fi subscriber since 2015, I still rely on them for that service, but I’ve weaned off everything else to the extent that I can. There was a time that I thought the value outweighed the spying, but its impossible for me to maintain that delusion now.


Thoughts on Google turning every device into a scanner for Find My Device?
Received notice of a change to the service in my inbox today. Seems icky to me. > Devices in the network use Bluetooth to scan for nearby items. If other devices detect your items, they’ll securely send the locations where the items were detected to Find My Device. Your Android devices will do the same to help others find their offline items when detected nearby > Your devices’ locations will be encrypted using the PIN, pattern, or password for your Android devices. They can only be seen by you and those you share your devices with in Find My Device. They will not be visible to Google or used for other purposes. ETA: here's the link to opt out: [opt out of the network](https://www.google.com/android/find/settings/fmdn)
fedilink

Some AV Processors include a night mode or loudness processing that attempts to normalize the levels. In practice, the levels will lower some, but perhaps not enough to alleviate the problem.

You could try reporting the provider, but it’s likely their legal team would argue the CALM act doesn’t apply to them. Come to think of it, the FCC may not have ever formalized the rules still…


This is classic efficient market hypothesis brain worms, the kind of cognitive dead-end that you arrive at when you conceive of people in purely economic terms, without considering the power relationships between them. It’s a dead end you navigate to if you only think about things as they are today – vast numbers of indebted people who command fewer assets and lower wages than at any time since WWII – and treat this as a “natural” state: “how can these poors expect to be offered more debt unless they agree to have their all-important pocket computers booby-trapped?”

-Cory Doctorow from his blog, unintentionally addressing you