Melody Fwygon

  • 1 Post
  • 20 Comments
Joined 2 years ago
cake
Cake day: June 1st, 2023

help-circle
  • S/MIME is insecure, outdated, depreciated, and should be discontinued; yet people don’t want to adapt or grow or change.

    Because some organizations do use S/MIME; all email software is required to implement it, that is if they want to be adopted and used by said influential organizations.

    OpenPGP and PGP in general is secure but suffers from usability issues and is often wrongly painted as user-unfriendly. (it’s really no worse than S/MIME, installing and managing keys is exactly the same hassle as it is with S/MIME.) The main issue is that some people are too lazy or resistant to change to adapt to it.


  • Lack of detailed audits…only in this case specifically…does not imply lack of security and/or privacy.

    The protocol that Signal uses, which is in fact firmly audited with no major problematic findings, plus the fact the client is OSS is generally enough to lower any concerns.

    The server side software in production for Signal.org is not OSS. It will not be. You are required to trust the server to use Signal; because the protocol and the client renders it factually impossible for the server to spy on your messages. The server cannot read messages; or even connect who is messaging who if the correct client settings are used. (Sealed Sender).

    Non-OS stats software in general is not automatically lacking in privacy or security, particularly not in this case where the affected software does interact only with software that is verifiably open-source and trustworthy in general due to the protocols and how they are implemented correctly in a verifiable manner.


  • E2EE is, theoretically, secure. It certainly prevents a government from hoovering up your data when they casually cast too wide of a dragnet while “chasing a criminal”. …At least, when it is implemented honestly and correctly.

    Now if governments wanted to properly backdoor some E2EE implementation; all they really need to do is compromise one end of the conversation. Of course, they want to be able to do it auto-magically; through delivering a court order to a single point; and not through busting down the door, or capturing the user of, one end or another of the conversation and compromising the device.

    The question therein lies; do you as a person want the government to be forced to bust down a door? Some people think they should be forced to break doors and others do not feel that it is necessary. There are many diverse stances on this question; all with unique reasons.

    It’s clear to me that E2EE works properly…the governments would not be trying to “end Encryption” if it did not work. Therefore it stands to reason that E2EE is not compromised, if a government is forced to pass a law in order to compromise the encryption or turn it off entirely. That proves it works.

    I just logically proved Encryption works, without even taking a stance on the matter. For the record however; I do support Encryption. I think this law undermining it is a massive governmental overreach that will quickly lead to that same government finding out how critical Encryption actually is to their people. Just give it time.


  • All that being said; I’m going to be watching carefully.

    I still think they have time to backpedal, make it right, and clarify. I don’t permit my installations to talk to their data collection services anyways; via network policies. I have no problem tightening those screws and forcefully disabling their telemetry in other ways as well.

    If I have to migrate; well; I already have LibreWolf installed. I might try a few other forks next; to see which ones ‘just work’ with the web properly to protect my privacy while still allowing all websites to work properly as intended so long as I give that website appropriate permissions as I see fit.


  • I don’t believe that anyone misunderstood the wording.

    The problem lies within the broad meaning of the chosen words. If you are angry, you have absolutely every right to be.

    Regardless of Mozilla’s intent here they have made a rather large mistake in re-wording their Terms. Rather than engaging with a legal team in problematic regions; they took the lazy way out and used overbroad terms to cover their bottom.

    Frequently when wording like this changes it causes companies to only be bound by weak verbal promises which oftentimes go out the door whenever an executive change takes place, or an executive feels threatened enough.

    Do not be deceived; this is a downgrade of their promise. It is inevitable that the promises will be broken now that there is no fear of a lawsuit. There’s nothing left to bind them to their promises.

    The Mozilla foundation wasn’t ever intended to remain “financially viable”; it was supposed to remain non-profit. They should be “rightsizing” and taking pay cuts instead of slipping a EULA roofie into their terms of use.


  • It is not only true; it is required by the WMF. Wikipedia and Wikimedia will go dark before it compromises those values.

    Wikipedia can always be revived by it’s massive worldwide community; on Tor even. Trump taking down the WMF servers won’t help; the databases probably get backed up daily and would likely end up on torrents within moments of it being taken down.


  • As an editor with advanced rollback rights on Wikipedia; I can agree with the above statement.

    It is Extremely Difficult; even with slighly escalated rollback rights such as mine; to push an agenda on Wikipedia.

    WP:NPOV is a good read and the editing community and contribution culture on Wikipedia enforces it strongly.

    EnWiki itself for certain has some very strong Page Protection policies that prevent just any editor from munging up the encyclopedia or changing history.

    It’s safe to say that Wikimedia cannot be bent or broken easily by special interest groups…Vandalism and PoV pushing is quickly quelled by sysops on Wikipedia. There are more of us editors than Elon could ever possibly hope to take on.

    Not even Elon Musk gets to ignore Wikimedia policies. That will never change. They are written in blood and sweat and cannot be manipulated. The entire foundation is set up in a way that it always, eventually, cracks down on corruption and greed. Not even a cabal of admins, bureaucrats and Wikimedia Stewards can help you.




  • I.C.E. is obviously overstepping their boundaries here and needs to be pared down.

    Someone should get on publishing EFF’s surveillance avoidance tactics in all the languages…or at least teach the immigrants in their lives to make sure to use throw-away emails, prepaid sim cards and pseudo-identities to criticize government.

    Genuinely it’s not hard to not provide real world information online; you just keep your identities separated by a few things first. VPNs and Tor help as well to prevent tapping into data.


  • Melody Fwygon@lemmy.onetoPrivacy@lemmy.mlScam links from Google?
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    Actually it’s not that hard and it’s even probably possible to even host SearXNG on the same hardware, or kind of hardware, that you’ve hosted your Pi-Hole or DNS server on.

    I actually self-host my own SearXNG and Invidious instances and customize the settings on both, and it’s super useful. (Example: My SearXNG instance is aware of my Invidious instance on my network and will use it to load videos when Invidious is queried via the !iv bang. By doing this I’m not relying on public invidious instances so much; which oftentimes experience downtimes…because youtube hates those more, and frequently bans the public instances.)

    This is all doable with a little bit of Docker or Podman action and a bit of editing the appropriate YAML files prior to composing the containers.

    So you might be able to spin up a SearXNG instance locally on your network for her to use and configure it to use Google and any other search engines she might prefer. Then use something like LibRedirect (Firefox and Chrome plugin) to redirect her to the local SearXNG instance. (instead of using Google)

    A video about setting up SearXNG: https://www.youtube.com/watch?v=UBLypfM9U-g





  • In general Fwy does not agree with the Privacy Guides assessment; and feels that the concerns about the project are simply not credible without stronger evidence of excessively slowed or missed updates.

    Project devs do have lives and I’m not personally going to punish that; so long as the software remains reasonably maintained and free of bugs while still considering the project’s number of devs.

    Is it better than Mullvad Browser? Probably not in the strictest sense; but I’m also not happy with “Mullvad Browser” either; as this browser makes more choices that breaks functionality than Librewolf does in the pursuit of privacy.

    Additionally; I cannot trust that “Mullvad Browser” will not enshittify; it is maintained by a company who is REQUIRED to some extent to make profits. That breeds enshittification. Mullvad would be one bad CEO or core executive team shift away from potentially being targeted as a profit vehicle and it’s privacy benefits weakened or removed entirely so the company can make money.

    In general I trust Librewolf on a pretty regular basis to protect my privacy when my Addon-driven version of manually hardened Firefox breaks up a websites functionality too badly. It provides essential privacy protections without breaking too many things and serves as a good baseline browser.

    As a rule; I keep several different browsers installed to mitigate lack of website function and isolate away any websites that would be more invasive in what privacy protections must be disabled to use properly. “Setting-Hardened and Privacy-Addon-driven Firefox” is what I use day to day, but “a semi-Amnesic* Librewolf (Incognito windows if untrusted website)” is second and is used daily in trusted website scenarios or in case a website is breaking too badly from plugin interactions. Finally; a fairly vanilla and infrequently used copy of Ungoogled Chromium is kept on hand for situations where Chromium is just required; where I can spin up empty profiles easily for anything I don’t trust and configure it to just flush everything on exit.



  • I actually don’t agree with this video; and firmly believe it is more than a little biased.

    For example, the Pixel, AOSP and Android are given several undeserved points due to lack of proper information or understanding of how certain features work. I imagine this is the case too for the iPhone; if a bit less so.

    The review apparently doesn’t deep dive into settings or attempt to maximize privacy by turning off unwanted ‘features’ when settings switches are available to the user; nor does it assume that you set up accounts in as private of a manner as reasonably possible or toggle off as many default-on consent switches as needed.

    While I would support scoring and dinging each case or instance for “Privacy Settings that don’t actually work”…this video really doesn’t do a lot of legwork and leans on the anecdotal evidence of scary news stories too much.

    Worse was the fact that the entire video felt like they were shilling for Graphene OS; which is known to have a slightly unfriendly maintainer and community surrounding him to say the least.

    No mention of Lineage or other privacy oriented Android ROMs were analyzed. AOSP too, was unfairly lumped in and dinged for specific points of the Default Pixel configuration…and yes there are major differences between AOSP and Pixel Android; even though Google tries to be less in-your-face invasive than the other OEMs. Not enough credit is given for the “On-Device” smart features implemented properly on the Pixels.

    Out of personal experience; I’d actually rate a proper Lineage OS install of 4 whole Android versions ago to be more private than stock. Not quite as private as Graphene; but not quite as invasive and much more enforcing of privacy. The debloating provided by a clean AOSP-like ROM, such as Lineage, as opposed to a “Stock Android” configuration from a major OEM is stark.

    Most importantly I personally feel that the privacy model chosen for the video is far too thickly detailed for an average person. Most of the privacy concerns listed on each card contained concern points that might only tangentally apply or don’t apply at all to mobile phones. The way that each card was scored and applied felt low effort. None of the points on any of the card(s) were weighted with average users in mind.

    I really hope someone goes into a much deeper dive; this video is basically clickbait that parrots the commonly parroted advice in the privacy community; which isn’t even good advice, it’s just ‘One-Size-Fits-All’ style advice which gives the user no room to make necessary ‘Privacy vs Convenience’ tradeoffs that they themselves could have made if they understood proper threat modelling.


  • She’s such a narcissist that she couldn’t stay out of the spotlight. lol.

    Regardless; I doubt that any game she could develop would be any good; and I shudder to think of what deranged DRM scheme she will cook up to protect her own game. It’ll probably be worse than Denuvo, knowing how unstable she is.

    Genuinely, the scene is better without her hate filled screeds polluting the web. Her abilities might be appreciated more if she got some mental help and she could rejoin the scene as a positive force; not someone who lets their ego run rampant and spews hate at the slightest provocation.

    Unfortunately the scene is too cowardly to NUKE her output into obscurity until she cleans her spew up.


  • Microsoft is stupid, someone high up is getting greedy or desperate.

    Patching HWID is annoying and doesn’t stop piracy. In fact it will break a lot of legacy systems in general; which is probably what they intended and why they are guilty of corporate greed in this case.

    I hate Micro$hit but I am REQUIRED to use Windows by too many stupid fucking different idiots, apps, and games to count. Linux is still not there yet for me usability-wise; though it probably is still improving.

    No; I will never accept that CLI is an acceptable end-user implementation; GUI is required; along with ease of use and the polish that comes with it. I don’t mind CLI interfaces; but I do feel they’re not user-friendly enough usually. They REQUIRE YOU to LEARN a few things to get used to them; which is the opposite of an intuitive interface.

    NOTE: I am very FLOSS accepting when it meets my needs; but I will not hold back criticism. Do not try to shout me down. You will always be wrong. Windows is factually more user-friendly and application compatibility diverse than Linux.

    I genuinely hope that Linux finds more ways to 100% match Windows functionally without forcing the user to compromise. We need to punish Microsoft for all these years of monopoly holding and reclaim computing more effectively.



  • There are So many issues/inconsistencies with this laundry list of “Problems”.

    Nefarious History of DDG founder & CEO:

    • Every link under this header is effectively broken except the wikipedia link.
    • Yes; onion links count as broken my friend. You need to link the clearweb version too for our clearweb using readers. Furthermore it is more difficult for the casual reader to verify that the server they arrive on when they use an onion link is actually the source it claims to be coming from. (Because TOR onions do anonymize locations)

    Direct Privacy Abuse:

    • Link is broken; onions don’t resolve on clearweb

    • Reaction link is broken (timeout)

    • this is a good testable procedure to show your concerns

    • four year old source that seems to heavily imply that this is just normal use of the Canvas API for layout purposes. source questionable; as it is not a typical tech news focused reporting outlet.

    • The FAQ states why certain engines are not included with the browser but I see no hard refusal language. They do call it out that the relevant providers went silent when asked how things work and offer this as the reason why they have not yet chosen to include them. It’s entirely possible that if the companies explained their ad-tech to Epic team’s satisfaction they might consider the partnership. We know they probably won’t explain that tech; but the possibility exists based on this document alone.

    • This is probably a reasonable source; and if this isn’t ever printed in English or made available in English ever; I can understand. However the lack of an English language version of this source could be frustrating. I did run it through translate and verify the claim though it’s just one line in a newsletter.

    Censorship

    • This entire header is irrelevant. DuckDuckGo isn’t specifically censoring the content. However; downstream search engines such as Google and Yahoo definitely ARE and DDG is returning what they do.
    • No, they are not complicit in censorship by doing this; they are just as affected by it as you and I are and are working with the data they can obtain.
    • Censorship requires specific action to suppress information and it is not evident that DDG is doing so in the example provided in the source links.

    Cloudflare

    • The reasons under this header are also irrelevant. These are nasty things that Cloudflare is doing. Go yell at Cloudflare.
    • I’d suspect that DDG didn’t do their homework on Cloudflare; but the alternatives to Cloudflare are simply not large at all; and may have been more costly.
    • Not defending their choice to go with Cloudflare but; Cloudflare does have a rather absurd near-monopoly on the kinds of services they can provide.
    • Show me a viable alternative to Cloudflare that meets your privacy model. I’d love to learn about one.

    Harmful Partnerships with Adversaries of Privacy Seekers:

    • Once again you’re listing things that other companies have explicitly done. Everything under this header is largely irrelevant
    • Amazon & AWS: a large number of FLOSS projects use it or provide binaries and containers you can run (for/on) it.
    • Microsoft: like it or not they have to work with, around, near them; they provide Bing.
    • Yahoo/Oath: Same as Microsoft they provide a search engine.
    • DDG is one part “Metasearch Engine” and one part “Search Engine” in that they do also crawl the web to augment their results.

    Advertising Abuses & Corruption:

    • All of this lacks any usable sources or proof.

    • Your one link is an onion; which is not a usable source link.

    • The IRC logs provided appear to be missing a truckload of context and IRC logs never really do provide solid prove as they can be edited/cherrypicked to show/support your argument.

    • The provided logs do only show ChanServ making a ban.

    • IRC channels such as this one are notorious for being highly focused on their specific topic as they state in their rules.

    • Your apparent ban in that channel Does not mean they are censoring you; but it does mean you barged into their IRC channel, probably without reading their rules carefully, and got banned for breaking those rules.

    • As someone who has sit in channels like that on OFTC and even Freenode before the splits happened for 20ish years; I can assert that your communication style was not civil to the standards of that channel. Joining an IRC channel to yell at project maintainers is never going to earn you anything more than a ban if their channel is actually monitored or moderated.

    • I may not have been there myself; but I know that is how things are typically done on IRC in general.