Harsh question: Do you have a real need to prevent this data from being collected, or are you investigating just for funsies best practice advice? There are a lot of posts like this where people overestimate the threat model they have and insist on needing to block things that are nearly impossible to, or at least have significant tradeoffs like you are dealing with now.
Javascript is also not the only source that sites can use for these pieces of info from your machine. Local time in particular can be estimated by looking up the rough location of your IP address then matching to a time zone.
Anyway.
I would assume you could technically fork localCDN (replaces remote javascript libraries with local copies) and then manually edit the local javascript library copies to remove the calls you are concerned about.
There’s also options like uBlock Origin’s methods of only whitelisting specific scripts. Much more flexible than NoScript. You can block scripts that are third party and only allow site specific ones fairly easily, without digging deep into the settings.
Bear in mind that your specific combination of installed extensions can also be a unique identifier though.
Yeah, but they’ll still create a shadow profile on you and track your data anyway. Have a friend with an account? Your name and phone number is known to them. Even without a true identity attached, they will track you from your own devices, and then correlate that with everything else they can at every opportunity.
Also, Facebook is preinstalled as a system app (cannot be uninstalled without adb) on various manufacturer’s and carrier’s android builds.
Edit: As rtxn and n0x0n point out, we can adjust settings in Firefox itself and expect them to stay applied, but any settings done within the websites for Mozilla’s services could be changed on the Mozilla end at any time. Probably best to have an extra layer to this just in case.
Yes. Yes it can, and you bet your bibby people will be watching to see if Mozilla bypassed those settings, not that they ever have in their multiple decades of existence.
You’ll also have to opt out of using Mozilla services like browsing and bookmark sync.
What? What?
Their track record has no instance of them not respecting settings! A track record of multiple decades! The code is fully auditable, so any of those shenanigans would be caught immediately!
I feel like I’m taking crazy pills lately.
We need to be on guard and verify they don’t do this shit, but outright expecting it? When Firefox also has a history of absolutely abysmal PR on shit like this, without the follow up of abysmal practices?
It feels like accelerationism. Like people want Firefox to fail, rather than just wanting to be prepared if it does.
I’m going to stick with some form of Firefox fork, personally. Chromium forks are questionable, as if I recall right they include a binary blob provided by google, which could be hiding god knows what.
Firefox is fully open source, so any code supporting this potential data harvesting can’t hide, and will be removed by most forks.
I’ve used Sardu on Windows for making multi-iso bootable USB sticks a long time ago in the past, but I’d admittedly never looked at their ToS or Privacy Policy. My use case was slapping some live boot antivirus scanners, data recovery tools, and one or two lightweight liveboot-Linux ISOs on one USB as a portable toolkit.
When I’m making anything else from Windows, I’ve always stuck with Rufus. Had never heard of BalenaEtcher before now.
In my experience the “privacy and security” argument is a smokescreen.
The real reason is that it makes someone else responsible for zero-days occuring, for the security of the tool, and for fixing security problems in the tool’s code. With open source tools the responsibility shifts to your cybersecurity team to at least audit the code.
I don’t know about your workplace, but there’s no one qualified for that at my workplace.
A good analogy: If you build your house yourself, you’re responsible for it meeting local building codes. If you pay someone else to build it, you can still have the same problems, but it’s the builder’s responsibility.
You’re welcome to your opinion, but I feel the bolded section is distinctly relevant.
If you want privacy, don’t admit to a crime and tell the cops where to find the evidence. Privacy starts at home with proper OPSEC.
That’s the story. It has very little to do with the specific crime committed.
The cops did as the cops do: if they are given a lead, particularly by the perp themselves, they investigate. To not do so would be to not do their job.
There was no new precedent here. This was not some brand new enforcement of a new law, and the chats were not the definitive evidence in the trial. Cops using Facebook chat transcripts were likewise not something newly established in this case.
The rest is me emphasizing that this lady was not a martyr, with the jeans comment being the least damning part of it all. Meant as a lead up to the bold.
She overwhelmingly had the ability to do what she needed to do, safely and legally. That has to mean something. And if it doesn’t mean shit to you, I know for a fact it means something to the people who want to take your reproductive rights away, or to ignore the very real dangers you’re worried about.
That said this is not the first step down that slope that you’re acting like it is, and it is not some datapoint on a downward trend towards what you are afraid of. This is a intersection of already existing problems that someone thought they could spin for clicks and emotion bait, and it overwhelmingly worked.
Stay safe, take steps to prevent ending up in that situation, only discuss dangerous shit using safe protocols, and for fuck’s sake don’t tell the cops where the evidence is.
Example: Terry Crews speaking out about his own experiences with sexual assault. Also him calling for black men to step up and be father figures in communities lacking them.
You can argue that he wasn’t truly “cancelled”, but he drew a lot or fire for those. People claiming that he was somehow taking away from womens’ experiences by speaking about his own, and people saying that his statements about a lack of father figures in the African American community was racist.
It’s not just white people wanting excuses to be racist. Just mostly that.
Uhhh… if that’s the situation that blew up on lemmy shortly after the reddit API-pocalypse, that specific one probably isn’t something you want to rally behind.
That situation occurred in Nebraska, before the messy Roe v Wade repeal. At the time, abortions were 100% legal and available until the end of the 20th week (5th month) of pregnancy, far past the point that anyone shouldn’t be aware they are pregnant.
Beyond that, fetuses are considered viable outside the womb at 24 weeks (6 months). They show clear signs of conciousness before this point.
This woman waited until week 28. Two months past the point it could have been done legally and safely by a doctor. One month past the point of being viable to survive outside the womb. No US state has ever allowed abortions that late into the pregnancy.
The way she performed the abortion was to take medicine to kill the fetus. She still had to go through the normal process of labor and delivery (of the stillborn) afterwards, without any medical assistance. She and her mother then burned the stillbirth and buried it on a farm.
At that moment, if she had had labor induced, she could have went through the same process in a safer manner, and given the resultant baby up for adoption. She had roughly two months left until she would have given birth naturally. Going through labor in the manner that she did does not sidestep any of the postpartum medical and health stuff that happens after a normal pregnancy either.
This also ignores all of the many contraceptives available to help prevent pregnancy in the first place as well.
The only change was causing extra danger to herself, two months of time, and whether or not a living baby existed at the end.
She and her mother discussed their plans at length on Facebook messenger, before Facebook implemented end to end encryption. One of the last comments is of the woman stating she couldn’t wait to wear jeans again.
When questioned by police, they admitted to their actions, and admitted to discussing it on Facebook messenger. That is the reason the cops even got the subpeona for the chat logs. They told the cops where to look for evidence of their crime, and the cops followed normal investigative protocol.
Don’t talk to cops.
Privacy is important, but that was not the narrative of some downtrodden freedom seeker’s rights being infringed upon by regressive right wing policy, the surveillance state, or anything else that a lot of people took it to be.
Too late. If you’re in the US, it is officially known that the feds already can record roughly half of all national internet traffic. AT&T room something or other.
The current saving grace is that the amount of data generated over time is outpacing increases in the ability to store and analyze it all. God forbid that ever changes.
Also, people change over time, and more and more of our lives are ending up online earlier and earlier.
Do you really want some stupid “hot take” you were passionate about as a teenager effecting how someone sees you a decade or more down the line?
Everyone deserves the right to change their mind and not have old beliefs hang around their neck forever.
Do they not already have access to the beginnings of this through driver’s license photos?
I’d also be shocked if there aren’t companies offering identification services based on scraping publicly uploaded pictures off social media (mainly facebook due to connection to real identity).
Like, I hate this, but I’m not sure there’s a reasonable counter to it.
While not connecting to your personal identity, you can be tracked through multiple camera feeds of a crowd through gait analysis already. Tie that into getting your identity by paying with a card at one of the in-stadium vendors and boom. Alternatively, they know when you entered by scanning your ticket, what entrance it was scanned at, and the name associated with the ticket. So now you can say “Persons 345-367 entered from west entrance when John Snow’s ticket was scanned, so he’s one of them. Let’s cross reference it with demographics data available on him from a third party.”
I’m just not sure there’s a safe, private way to attend big sports games as it is without putting in a ton of effort.
Not trying to get you back into Windows, and I hate to be the ass saying “skill issue”… but I legitimately have not had any issues with updates reverting my Windows settings in over half a decade. Besides the default PDF reader setting. I haven’t signed in with a Microsoft account and have never been prompted to make one after the initial install process.
Install the Pro version of Windows, use Group Policy to turn off the bloat the way Microsoft intends for it to be disabled by enterprise admins, and you’re golden. Maybe run a debloat tool or two right after your initial setup, but that’s it. No need for repeatedly running debloat scripts, and no settings reverting themselves.
It’s 100% easier to use an OS where none of that shit is needed, but I just get frustrated seeing people point at entirely avoidable things as why Windows sucks. There’s plenty of other reasons too!
That’s not how most malware works though. It’s pretty rare that it’s targeted rather than something just looking to take advantage of whatever security hole is present.
Like, I highly doubt anyone is making Steam OS specific malware, but if there’s some security hole in the kernel, a piece of malware targeting that isn’t going to check if it’s a handheld gaming device and stop.
Gotta say, I don’t think most peoples’ threat models make worrying about IRL privacy a concern, but that’s obviously not the point.
For the record, I don’t use any of these techniques myself, it’s just stuff I’ve read.
For facial recognition, a lot of CCTV cameras don’t have IR filters, and can be blinded with Infrared LEDs, so there have been some promising experiments with shoving a bunch of them into hats. You’ll glow real bright in any footage, but they won’t be able to see your face.
Beyond that, there’s always prosthetics (think like what is used in movies) to alter your facial characteristics.
All that said, I believe the main way of identifying individuals in camera footage now is by gait analysis. Supposedly a rock in your shoe can change it enough to not match up between different footage.
You’d also want to ditch your phone or put it in a signal blocking bag, as it can be uniquely identified by the saved wifi SSIDs that it tries to connect to, and by its bluetooth unique identifier (might just be the MAC address), that can be tracked by low energy bluetooth beacons (how stores track customer movement within and how most places did covid exposure tracing with the apps).
As far as fingerprints go, maybe a light layer of superglue on your fingertips to disrupt the print patterns? That’s a complete guess though.
I’ve tried to do this a few times, and unfortunately it feels like you really have to go all in on managing your own content library.
Like many, I had stopped pirating shit when netflix etc were “good”.
None of the streaming services want you to use them outside of their official sites/apps, so you end up being limited to like 720p when running them through kodi etc.
Archive has been around for well over a decade with no issues outside of sporadic DMCA claims against user uploaded content. For many many years they have been left alone, despite hosting a shit ton of copyrighted material.
Occasional legal battles that they’ve handled with no problems with the help of the EFF. This is the first “existential threat” to them in quite a long time.
This is absolutely because they pulled the emergency library stunt, and they were loud as hell about it. They literally broke the law and shouted about it.
Libraries are allowed to scan/digitize books they own physically. They are only allowed to lend out as many as they physically own though. Archive knew this and allowed infinite “lend outs”. They even openly acknowledged that this was against the law in their announcement post when they did this.
I can absolutely say this is their own damn fault while disagreeing with the law they broke. There, I just did.
This buries the lede so deep it’s popping out the other side of the globe.
The entire core of this case is that (in abscence of more lenient agreements with publishers) traditional libraries are allowed to digitize physical books in their posession, as long as they do not lend out more copies than they physically own. The Internet Archive decided that they would lend out infinite copies, because “covid lol”.
Boston Public Library isn’t being sued because they don’t lend out more than they own! It has precisely zero to do with fucking optics.
Edit: Don’t get me wrong, I hope they win this case, but them continuing to play stupid helps nobody. Unfortunately, as discussed thoroughly online when they opened the covid19 emergency digital library, they fucked around. Now it seems they may have to find out.
This is the worst kind of misrepresentation of tech. Nothing you said is explicitly false, it sounds true in passing, but it sure is effectively false.
The amount of data you can actually store in any single node/transaction on a given blockchain is traditionally very small. Even most NFTs are not truly “on the chain” as in the image data fully stored in a node/element, it’s instead a “smart contract” which just says X identity owns Y (with Y itself being stored elsewhere). There have been many many attempts at actually storing data on various chains and there hasn’t been any successes significant enough to come even close to being able to store the classic 90’s Space Jam website, let alone the fucking Internet Archive.
Beyond that, you absolutely can take down nodes in a chain, so to speak. Numerous major “heists” have been “rolled back” or had their nodes/transactions flagged to be ignored by marketplace admins.
Exactly. I hate fucking everything about this. I love the internet archive and nearly all they do.
In principal I love their “covid-19 emergency library” or whatever they called it. In practice? They absolutely know better than to pull stunts and I’m terrified that this will spell the end for one of the greatest knowledge and media resources of the modern age. For shit that was effectively already available to the public through ebook piracy sites.
They already operated on shaky ground, hosting downloads for a metric ton of shit that is unquestionably still under copyright (despite their claims to only be archival of things that are not), skating by on technicalities and by not drawing too much attention to themselves.
Plus, there were so fucking many better ways to do the “free digital library” thing without jeapordizing themselves.
- Have some volunteers “misuse resources”: load an SSD up with the book files, “borrow” some compute power to decrypt/remove drm, pass batches off to existing ebook “dumping” groups to stagger releases and obsfucate the true source. This would ensure that any material they had which was not already available on the high seas would get there.
- Make a big red banner on the site to a blog post with the generic “While we would never condone piracy or copyright infringement, we understand that times are extremely hard right now [blah blah] here are some links to community guides on how to access learning literature (pirate ebooks) during these trying times [blah blah] Please abide by your local laws.”
Don’t have a direct answer, but have you tried making the same short playlist on each, exporting as json from each, and comparing the files?
JSON isn’t a specific filetype that is interchangable between multiple systems. It’s just a way of organizing data as text. You can open it up in a text editor.
The format that invidious is exporting is for invidious. Invidious won’t have the data in that json file organized in the way that piped expects, which is why it says it’s not valid.
You might be able to reorganize the JSON or rename the property names to match the pattern that piped expects. You’d probably be looking at scripting something yourself though.
You’re better off rotating usernames on a semi-randomized schedule if it really matters to you that much. Is your personal threat model such that you actually need to be concerned about this?
Anyway, OpSec rather than asking others to fix your privacy concerns would be the way to go.
Create separate accounts by topic, with different fake identity details beyond what you made them for. Keep track of each identity’s fake time zone when planning when you post so that no one can figure out what time zone you really are posting from.
Beyond that decide on a lifetime (and “cooloff period” before you make a replacement) for each account using a random number generator.
Most importantly, use various AI tools to obsfucate your typing style and word choice.
This all seems like a shit ton of work to just talk about your hobbies. I sincerely hope you don’t have stalkers this dedicated.
Lol. Minecraft alone proves you wrong. 4chan is where Notch first posted early builds and got feedback.
No argument on it being a cesspool. It is, and has been, for a long long time. But plenty of good stuff happens there too.
/vr/ has unearthed a large amount of formerly lost media (guides, promotional material, entire games! Most of Osamu Sato’s work outside of LSD Dream Emulator had effectively been lost before they got onto it) and is often the spot that leaked stuff drops, like the huge Nintendo leaks a few years ago. The Doom threads there have had a hand in some big, well known mods. It’s arguable that Sonic Robo Blast 2 Kart grew out of those threads’ failed Doom Kart project.
/g/s “friendly windows thread” is decidedly unfriendly, but the guides and links in the OP are wonderful resources on how to set up and configure new Windows installs. I haven’t seen the info there laid out as well and as easily digestible anywhere else.
/vg/ has a large number of threads that are really the only source for certain info about certain game series. The emulation general threads are great resources, and the wiki built from them is the best go to one stop shop for info on emulators. The amateur game dev general threads have been the building grounds for a decent amount of games you’ve heard of before. Risk of Rain is a good example. Hopoo started his game dev journey in those threads. Any game that references “AGDG” is shouting those threads out.
Point is, there’s diamonds in the shit pile.
Full autonomous vehicles, and particularly significant levels of adoption of them are decades away. It’s taken roughly 20 years for hybrid vehicles to become “big”, and that’s after the tech already existed. We still don’t even have anywhere close to reliable full autonomous driving.
It usually is much more effective to make plans and changes based off what currently exists rather than anything that isn’t absolute immediate future. No reason to say no to the good because you’re busy waiting for “perfect”.
Buddy, given your relatively basic questions and how you’re posting to every single fucking vaguely relared community, I would highly suggest you do some studying on just… basic computer concepts and how to use them. Not sure what resources are out there anymore, but maybe some basic “these are the parts of a computer, these are programs and how they work” stuff from the 90s. They used to do middle school classes on how to properly use google and other seaech engines to find trustworthy information for citing in research papers. I seriously suggest you start there.
Then, after you understand the basics maybe you start trying to understand how all of that works in regards to security and the concept of trust in the software you install and run.
Spoiler alert: Computers are not designed with any sort of “zero trust” architecture like you seem to be shocked that they don’t have. Things are not sandboxed, segmented, or otherwise prevented from accessing other stuff as a general rule.
This is why one of the bare minimum basics is “don’t run anything you don’t trust”.