Lines 52 and 94 have errors and UBO will not save the list because of that.
Edit: Never mind, I was setting it up in "My Filters" tab instead of adding the RAW URL to my custom filter list. Now I was able to add it, taking it for a spin, see if it actually works.
Many of the entries seem very simple - anyone know if it is easy to locate the elements that need to be filtered to create your own entries? Would love to add some more newspapers in my country not found in that list.
In regards to which elements to pick out, I wouldn't know what to tell you other than monitor the Network tab in the browser's devtools and block one by one until it works? Other than that perhaps reach out to someone more experienced at generating these filter lists (like the Dev of the linked repo) and see how they go about it.
It's not as if encryption would stop them being able to infiltrate and observe criminal gangs, and generally catch the bad guys. There are all kinds of other tools they can use without having instant push-button access to all communications data.
Encryption doesn't stop them spying on you. It stops them spying on everyone in the world simultaneously all the time with no effort.
I can't read it because of the paywall but IIRC (based on a similar article) that was such a nothing-burger issue.
People turned on an entirely optional (I think off by default setting) for some feature that allowed discovery of users by location ... and shocked pikachu they could be tracked or something like that.
It’s not nothing if Telegram makes people believe they only share their location in a limited manner, but instead broadcast it to the whole world. That’s a serious breach of trust. I don’t know why Telegram users keep making excuses for that platform.
I don’t know why Telegram users keep making excuses for that platform.
Honestly? Because the others are just so bad.
Element has an extremely clunky UX and uses Electron. The other Matrix app implementations are incomplete buggy messes.
Signal can't sync old messages to the desktop, uses a messy Electron interface, and lacks a bunch of features/polish I've come to expect.
Discord doesn't even pay lip service to privacy and uses a similarly doesn't invest in native apps.
Threema has been saying that cross-platform/multi-device connectivity is coming for like 2+ years and has had nothing but the most minor of unexciting features added.
WhatsApp is run by Meta, has a crappy desktop experience, and has had several serious security vulnerabilities.
Jami is ... extremely glitchy.
Session is basically Signal backed by a Crypto platform.
If someone took Telegram's UX and feature set and paired that with Signal's approach of "everything is encrypted", that would be a winner. I kinda hope someday Telegram just does that and moves everything to E2EE. When Telegram was launched E2EE for group chats/at scale wasn't really a thing ... now it's not nearly as novel but nobody has deployed E2EE with a feature set like Telegram's.
It’s not nothing if Telegram makes people believe they only share their location in a limited manner, but instead broadcast it to the whole world.
That's not even what happens by the way. It's just that you can spoof a device into random locations and eventually figure out where someone is.
A "toot" isn't a very persuasive piece of journalism.
I can verify that it absolutely impacts groups run by queer communities in the Gulf, because I was in one such group that was monitored and shut down by Etidal.
That claim needs a lot more investigation and context. At the very least, it needs investigated by a credible third party.
Also, do you even know what the feature you're criticizing is? A "channel"? Because it's not even really a part of the messaging portion of Telegram. It's basically an in-app blogging platform.
That news article talks nothing about targeting groups unfairly and only talks about removal of extremist activity from what's a social media platform (which is standard practice for all social media platforms). Specially that article talks about targeting "combating the online propaganda of ISIS, Hay'at Tahrir Al-Sham, and Al-Qaeda" which I believe is uncontroversial for all decent and reasonable people.
Quoted replies (i.e., quote part of a reply or create an arbitrary quote block)
Code snippets
Message forwarding
Polls
Animations in the UI
Detailed custom theming
Chat room theming
A content index (e.g., view only the files, links, videos, etc that were sent in this chat)
Group invite links to people you don't have in your contacts
Channels (i.e., micro-ish blogging)
A nice bot API
Subjective UI/UX changes to put things in more reasonable places (e.g, why can't I right click on a chat to pin it in the desktop client, why is the Electron menu bar shown by default)
And probably several other things I've forgotten because ... basically nobody I know is still using Signal.
You shouldn't need to trust open source, it should be independently verifiable. Unfortunately that's not possible with either signal or telegram, as there's no way to tell what server code they're running.
Closed sources server (even open source with no verification of the code running on the server) means it's possible the server records who you talk to, when, where and the size of the messages. This can be useful to sell to advertisers.
Cloud source server or open source server, you can't know what server their running.
Pavel's whole argument here is basically the same thing for the client; "you can't verify the build in the app store matches what's in the source code, so you have no way of knowing it's actually what you're auditing."
We can already tell you the age, gender, hobbies, kinks, frequently visited spots and how long they stay there, who goes with them and who they meet, what they think about, when they go to sleep, but wouldn't you also like to know where they are and who they're near when their devices are offline with Bluetooth on? We can do that now too! Creepy? No! They think it's so they can [checks notes] find their device even if its offline.
GrapheneOS officially supports and encourages the use of Google Play Services and a Google account for "security" purposes. Their "unofficial" members also spread propaganda advocating for the same.
They are also an embargo partner with Google for security patches, and add features that may threaten the lives of privacy users, or end up in jail or death in certain circumstances.
There is defiance against Google services for sure. DivestOS is quite a lot better in that the motivations are fairly honest, and Tad is not catering to Pixels only. However, he has a different type of problem, in that he has done a bit of soul selling to the disgusting Daniel Micay. The situation is complicated, so let me simplify it. Micay's code is not truly open source, but rather only usable if one worships Micay, and if someone were to even lift a finger to criticise, he will label them with epithets, harass them and unleash his rabid GrapheneOS social media army upon them. Sounds wild? It happened to FlorisBoard and Bromite projects, both of which are no longer developed.
Micay in realtime, in DivestOS' XMPP chatroom, was accusing me of the typical "harassment ringleader campaign" BS, and ordered DivestOS/Mull developer (these are his aliases) SubZer0Carnage/Tad/SkewedZeppelin that if I was not banned immediately, DivestOS and him would face social media targeted campaign and DivestOS will have to forcibly pull off any borrowed GrapheneOS code. DivestOS developer dusted his hands off me.
For obvious reasons, I stopped using Mull and switched to Firefox mainline browser with uBlock Origin. I will never touch stuff that Micay or Tad has created or forked, unless other good developers have a strong oversight on them.
The title is misleading in that the attack isn't against the VPN apps or even the VPN protocols, but against the networking stack of the operating system.
I also don't get much value out of the statement that "every" OS except Android is vulnerable. Do they really mean all other OSes, or just what would come to mind for most people, i.e. Windows, macOS, Linux, iOS? What about the various BSDs for example?
I also don’t get much value out of the statement that “every” OS except Android is vulnerable. Do they really mean all other OSes, or just what would come to mind for most people, i.e. Windows, macOS, Linux, iOS? What about the various BSDs for example?
It's a DHCP manipulation attack, so every RFC 3442 compliant DHCP implementation implementing option 121 would be "vulnerable" (it's not vulnerability though). Android apparently doesn't implement it, so it's technically impossible to pull off against Android device. There might be others, but I'd guess most serious server/desktop OS'es implement it.
The title isn't misleading at all, even though the "neutering their entire purpose" is a bit of a click-bait. This doesn't affect ingress VPN at all.
It's an attack that uses DHCP features (according to RFC).
It's a clever way to uncloak egress VPN users, therefore it does have privacy impact since most of us use VPN for purposes of hiding out traffic from the local network and provider and there's no "easy" fix since it's just a clever use of existing RFC.
tldr; no, if you trust your vpn more than your ISP always use it, as any hit to fingerprinting is menial.
it really can't hurt much to always be using it. any fingerprinting metric it would give is outweighed by the hiding of your IP behind the proxy. this is the #1 unique identifier that is tied back to people/locations.
the other fingerprinting metrics also are still exposed anyway & could probably be linked back to "you" regardless of your IP changing if they wanted too.
if you are worried about fingerprinting look into some projects like mullvad, librewolf, or even tor. clearing cookies on quit &/or having a separate browser for permenant logins/tokens to live in is also a good mitigation technique.
Thanks for the detailed response. I'm sure my IP is most relevant in tracking me, but if I'm tracked while visiting Lemmy/YouTube it would do no harm, while correlating my YouTube activity with my e.g. me reading websites the government doesn't like would do harm.
I use mullvad, and previously read using tor through a VPN doesn't really make sense. I have Firefox set to not save cookies, but I have made an exception for YouTube as it is to troublesome to log in with 2fa all the time.
My thought was that it may be easier to match up the fingerprint of @somelemmyuser accessing lemmy with the fingerprint of @somelemmyuser downloading capitalist propaganda while living in China if they come from the same VPN in a similar timeframe, while it would be harder to match the fingerprint of @somelemmyuser acsessing Lemmy from an normal ISP to the fingerprint of @somelemmyuser accsessing capitalist propaganda from a VPN, as you would need both datasets to find matches.
And since me accessing Lemmy is not a problem but my lemmy account could be tracked back to me as a physical person, it could be smart to not do it with the same VPN.
your thoughts on spacing out your connections & isolating is smart. unfortunately if you connect from the same device & browser any government agency or dedicated company with a big enough dataset (google, meta, etc.) would still be able to link you regardless of you IP by browser fingerprint alone. this does make YouTube more specifically being linked to your exact browser fingerprint porblamatic in a high stakes situation. As it, as you said is linked to your identity.
for lower level tracking changing IP regularly is effective. however, instead of switching to your local IP it would be more privacy conscious to just switch to a different VPN server.
unfortunately if you are genuinely worried about government level surveillance or the likes u enter into territory where VPNs often no longer cut it (or at least can't truly be trusted too) as they are centralized & can be forced to make exceptions for law enforcement. traffic analysis is also easier, which makes time correlation deanonimization a more realistic risk when talking about government agencies specifically.
the tor + vpn debate is one that lots of people argue & is excedingly complicated. tor is generally more than enough, unless you are wanted by INTERPOL haha. if you are genuinely worried about suppressive government or world powers targeting you look further into tor, & do not connect directly to your ISP at all as that data is essentially up for grabs to local authorities (depending on locale).
for you specifically I would consider doing your more sensitive tasks in the tor browser without the VPN & then having your normal browser always on the VPN so they would be more difficult to correlate. anything torrent related is low enough stakes that I would imagine just about any proxy would suffice. hope this was helpful 🙏.
It was, that was the kind of information I needed, as it helps to differentiate what kind/level of privacy I have and what kind/level of privacy different actors can circumvent etc.
As I am mostly looking at not generating useful data for shitcompanies like amazon, google, Microsoft etc. The always onvpn and no cookies except YouTube should be more than sufficient. If my country decides that my political opinion is no longer permitted I should nevertheless be using Tor and check if I'm unique (fingerprint wise).
Several years ago I took an extended break from Facebook and when I tried to log back in, they wanted a copy of my drivers license to prove my identity. I declined and made a new account. Unfortunately, I still needed an account for local stuff like neighborhood info, local businesses, kids sports leagues, schools, etc.
After a couple years, my son got a Quest 2 and without even trying to log in, my original FB account was magically available once again.
You still need a phone number to register an account as far as I could tell when I did the other day. You no longer need to share your number with any contacts and can set it so noone who has your number can look you up on signal. You can optionally set a unique alphanumeric 'username' instead to hand to people to look you up. But yea, Signal still requires you to give them and their authenticatian service (through sms code) your phone number.
Yes, XMPP, a long-standing protocol that's also not a walled garden, doesn't require a phone number or even a phone.
For android I use the Conversations client combined with Dino on computers. Currently logged in to a handful of devices synchronously. You can choose what server to make an account on; conversations.im I found to be reliable. Drawback is Signal doesn't let you bridge to it from anywhere outside of Signal. So I have accounts on both.
It's the privacy vs convenience problem. For most people, the convenience is so much more important so when you can just use Google to sign in everywhere, you get rid of your passwords remembering issue (oh my god how many people have blamed me for losing their passwords, I'm an IT guy).
Companies want to maximise profits by 'knowing' (ie tracking) their customers so they can tailor their products or services to actual usage. A noble goal? They just want to be more convenient for us.
In the end I guess having an account anywhere and the companies seeing anonimised or aggregated, no personally identifiable records, should not be an issue. But they don't need to keep track of where I live, what my e-mail adress or phone number is and especially need not now any third party stuff.
It has become a very untrustworthy business just because the companies could do whatever they wanted and now that there is more scrutiny, they just find back alley ways to screw us over.
I think "knowing" the customer isn't worth the risks and the amount of carbon emissions. Every company will start selling the data at some point. It means that the unnecessary data collection shouldn't be there in the first place. And I highly doubt they use the useful telemetry to improve the product or make it more convenient. They just add more features they see people are talking about on forums and stuff and don't bother optimizing it for older hardware. The products often get just worse over time (especially in the currect AI era). Bug fixes are there though so I don't have much against error logs
Who remembers their passwords? Use a password manager and it's as simple as a Google login. It even fills in the credentials automatically on a hotkey.
Ok you have to create a new password the first time you want to register somewhere. But how lazy can people get? It's also just a button click in a password manager.
I honestly don't know how I could function without password manager. It was one or two passwords for everything or constant resetting becauseI forgot what variaion I used where.
I've suggested password managers to loads of people who'd rather cling to updating their little pocketbooks where it's impossible to distinguish between certain characters and password versions. The stubbornness of tech illiterates is stunning.
I have to think there's a bigger reason why telling them about it doesn't magically fix anything... I mean "if they were smart" they'd already be using it anyway, but because of "not smart", they also won't switch either.
Some reporter(s?) in Germany found that all the forums for CSA actually host their material in the clearnet, i.e. on Google Drive, Dropbox, etc. (since TOR speeds are shit and those people don't watch SD videos anymore).
The police could have demanded data from the uploading accounts and that the material was taken offline. They refused to do so, in order to "catch more criminals" or something like that.
So, their "think of the children" is exactly as in the spirit of Helen Lovejoy as it seems.
They also openly use youtube for distributing passwords and pastebin links to such content. I have seen multiple channels from a specific country (starts with I) that does this, sometimes going so far as to flash a single letter of the password at a time throughout innocent-looking childrens videos, with the encrypted pastebin link on the last video that requires the full password to unlock. Some others on a site I will not name have been trying to report these channels for several days (they have actually been operating for years with millions of views) but youtube isn't doing anything. Only company who has done anything was mediafire for removing some actual content.
Privacy
Top
This magazine is not receiving updates (last activity 54 day(s) ago).