Skip Navigation
cypherpunks Arthur Besse @lemmy.ml

cultural reviewer and dabbler in stylistic premonitions

Posts 557
Comments 701
i love spreading misinformation
  • For some reason that article doesn't link to it, but it is a real tweet he made in February (and didn't even delete after being called out for the highlighted search terms in his screenshot).

  • Is This The Most Secure Messaging App?
  • Regarding your browser-based thing: what are the specific capabilities of the "threat agents" (in your threat model's terminology) which your e2ee is intended to protect against?

    It seems like the e2ee is not needed against an attacker who (a) cannot circumvent HTTPS and (b) cannot compromise the server; HTTPS and an honest server will prevent them from seeing plaintext. But, if an attacker can do one of those things, does your e2ee actually stop them?

    The purpose of e2ee is to protect against a malicious server, but, re-fetching JavaScript from the server each time they use the thing means that users must actually rely on the server's honesty (and HTTPS) completely. There is no way (in a normal web browser) for users to verify that the JavaScript they're executing is the correct JavaScript.

    If you run a browser-based e2ee service like this and it becomes popular, you should be prepared that somebody might eventually try to compel you to serve malicious JavaScript to specific users. Search "lavabit" or "hushmail" for some well-documented cases where this has happened.

  • Real Facebook ad that doubles as a god-tier shitpost
  • It’s amazing how so many people here are completely oblivious to sarcasm.

    from this commercial, apparently it's a joke but also a real product from Daily Wire 😬

  • Linux "Anti"-Piracy Screen
  • What a confused image.

    1. TiVo complied with the GPLv2 and distributed source code for their modifications to Linux. What they did not do was distribute the cryptographic keys which would allow TiVo customers to run modified versions it on their TiVo devices. This is what motivated the so-called anti-tivoization clause in GPLv3 (the "Installation Information" part of Section 6. Conveying Non-Source Forms.).
    2. Linux remains GPLv2, so, everyone today still has the right to do the same thing TiVo did (shipping it in a product with a locked bootloader).
    3. Distributing Linux (or any GPLv2 software) with a threat of violence against recipients who exercise some of the rights granted by the license, as is depicted in this post, would be a violation section 6 of GPLv2 ("You may not impose any further restrictions on the recipients' exercise of the rights granted herein.").
  • www.theonion.com Who Is Trump’s VP Pick J.D. Vance?

    Republican presidential nominee Donald Trump recently selected Ohio Sen. J.D. Vance as his running mate. The Onion takes a look at the author and venture capitalist’s background and political stances.

    Who Is Trump’s VP Pick J.D. Vance?
    11
    Privacy concerns with DHCP (DHCP fingerprinting)
  • If you use systemd's DHCP client, since version 235 you can set Anonymize=true in your network config to stop sending unique identifiers as per RFC 7844 Anonymity Profiles for DHCP Clients. (Don't forget to also set MACAddressPolicy=random.)

  • Traveling to the US - How to prepare
  • They only do that if you are a threat.

    Lmao. Even CBP does not claim that. On the contrary, they say (and courts have so far agreed) that they can perform these types of border searches without any probable cause, and even without reasonable suspicion (a weaker legal standard than probable cause).

    In practice they routinely do it to people who are friends with someone (or recently interacted with someone on social media) who they think could be a threat, as well as to people who have a name similar to someone else they're interested in for whatever reason, or if the CBP officer just feels like it - often because of what the person looks like.

    It's nice for you that you feel confident that you won't be subjected to this kind of thing, but you shouldn't assume OP and other people don't need to be prepared for it.

  • Traveling to the US - How to prepare
  • If they ask for a device's password and you decline to give it to them, they will "detain" the device. See this comment for some links on the subject.

  • Traveling to the US - How to prepare
  • I’m pretty sure that immigration in the US can just confiscate your devices if you are not a citizen .

    CBP can and does "detain" travelers' devices at (or near) the border, without a warrant or any stated cause, even if they are US citizens.

    Here is part of the notice they give people when they do:

    Screenshot of the initial paragraphs of CBP Publication No. 3160-0423, Revised April 2023, titled "Border Search of Electronic Devices" with text: All persons, baggage, and merchandise arriving in, or departing from, the United States are subject to inspection by U.S. Customs and Border Protection (CBP). This search authority includes all electronic devices crossing our nation’s borders.  What to Expect You are receiving this document because CBP intends to conduct a border search of your electronic device(s). This may include copying and retaining data contained in the device(s). The CBP officer conducting the examination will speak with you and explain the process.  Travelers are obligated to present electronic devices and the information resident on the device in a condition that allows for the examination of the device and its contents. Failure to assist CBP in accessing the electronic device and its contents for examination may result in the detention of the device in order to complete the inspection.  Throughout CBP’s inspection, you should expect to be treated in a courteous, dignified, and professional manner. As border searches are a law enforcement activity, CBP officers may not be able to answer all of your questions about an examination that is underway. If you have concerns, you can always ask to speak with a CBP supervisor.  CBP will return your electronic device(s) prior to your departure from the port of entry unless CBP identifies a need to temporarily detain the device(s) to complete the search or the device is subject to seizure. If CBP detains or seizes your device(s), you will receive a completed written custody receipt detailing the item(s) being detained or seized, who at CBP will be your point of contact, and how to contact them. To facilitate the return of your property, CBP will request contact information.

  • Traveling to the US - How to prepare
  • Or just removing my biometrics?

    Ultimately you shouldn't cross the US border carrying devices or encrypted data which you aren't prepared to unlock for DHS/CBP, unless you're willing to lose the hardware and/or be denied entry if/when you refuse to comply.

    If they decide to, you'll be handed this: "You are receiving this document because CBP intends to conduct a border search of your electronic device(s). This may include copying and retaining data contained in the device(s). [...] Failure to assist CBP in accessing the electronic device and its contents for examination may result in the detention of the device in order to complete the inspection."

    Device searches were happening a few hundred times each month circa 2009 (the most recent data i could find in a quick search) but, given other CBP trends, presumably they've become more frequent since then.

    In 2016 they began asking some visa applicants for social media usernames, and then expanded it to most applicants in 2019, and the new administration has continued that policy. I haven't found any numbers about how often they actually deny people entry for failing to disclose a social media account.

    In 2017 they proposed adding the authority to also demand social media passwords but at least that doesn't appear to have been implemented.

  • Jonathan Kamens: "It has come to my attention that many of the people complaining about Firefox's PPA experiment don't actually understand what PPA is…" - federate.social
  • They had to make it the default though. That was unavoidable.

    For it to be useful at scale, sure, but reading this it sounds like Chrome's version of it is still "experimental" and opt-in. Hopefully the backlash prevents it from being developed further.

  • Jonathan Kamens: "It has come to my attention that many of the people complaining about Firefox's PPA experiment don't actually understand what PPA is…" - federate.social
  • It has come to my attention that many of the people complaining about #Firefox's #PPA experiment don't actually understand what PPA is, what it does, and what Firefox is trying to accomplish with it

    The documentation under the "Learn more" link next to the "Allow websites to perform privacy-preserving ad measurement" checkbox in Firefox preferences explains very clearly what it is and how it works. Asserting that people who read that and are indignant about it being enabled by default just... "don't actually understand" it is absurdly insulting and basically gaslighting.

  • me_irl

    0

    Nobody messes with the Picard

    cross-posted from: https://startrek.website/post/11225086

    > Not my OC

    6

    The US Air Force has been sending unmarked planes from Britain’s base on Cyprus to Israel since it began bombing Gaza

    www.declassifieduk.org Revealed: America’s secret special forces flights to Israel from UK base on Cyprus

    The US military has been flying covert planes to Israel from RAF Akrotiri since the bombing of Gaza began, Declassified has discovered.

    Revealed: America’s secret special forces flights to Israel from UK base on Cyprus
    2

    The US Air Force has been sending unmarked planes from Britain’s base on Cyprus to Israel since it began bombing Gaza

    www.declassifieduk.org Revealed: America’s secret special forces flights to Israel from UK base on Cyprus

    The US military has been flying covert planes to Israel from RAF Akrotiri since the bombing of Gaza began, Declassified has discovered.

    Revealed: America’s secret special forces flights to Israel from UK base on Cyprus
    3
    Seriously how many times does this have to happen
  • adding all compiled file types including .pyc to .gitignore would fix it

    But in this case they didn't accidentally put the token in git; the place where they forgot to put *.pyc was .dockerignore.

  • Pro Tip: Global eSims
  • It seems to me that switching SIMs provides little privacy benefit, because carriers, data brokers, and the adversaries of privacy-desiring people whom they share data with are obviously able to correlate IMEIs (phones) with IMSIs (SIMs).

    What kind of specific privacy threats do you think are mitigated by using different SIMs in the same phone (especially the common practice of using an "anonymous" SIM in a phone where you've previously used a SIM linked to your name)?

  • Seriously how many times does this have to happen
  • At my workplace, we use the string @nocommit to designate code that shouldn’t be checked in

    That approach seems useful but it wouldn't have prevented the PyPI incident OP links to: the access token was temporarily entered in a .py python source file, but it was not committed to git. The leak was via .pyc compiled python files which made it into a published docker build.

  • choices

    9
    United States | News & Politics @lemmy.ml Arthur Besse @lemmy.ml

    AT&T says hackers stole 2022 call and text data from 'nearly all' cell customers

    10

    Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

    fedi.simonwillison.net Simon Willison (@[email protected])

    It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage You can test it out by pasting the following into your Chrome DevTools console on any Google page: chrome.runtime.sendMessage( "nkeimho...

    cross-posted from: https://lemmy.dbzer0.com/post/23752792

    > cross-posted from: https://lemmy.dbzer0.com/post/23752739 > > > https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/

    0
    Site: "I don't feel so good...."
  • this isn’t remotely how this meme is used lol

    "Robin Holding a Whiteboard" meme format with left column labeled "people who use this meme format correctly" and a tally of one, and the right column labeled "people who use this format like glasses dog" and a tally of 21

  • www.newscientist.com Multiple nations enact mysterious export controls on quantum computers

    Identical wording placing limits on the export of quantum computers has appeared in regulations across the globe. There doesn't seem to be any scientific reason for the controls, and all can be traced to secret international discussions

    Multiple nations enact mysterious export controls on quantum computers

    cross-posted from: https://sopuli.xyz/post/14485657

    > In case of paywall: https://archive.is/kZAgI

    0
    www.theonion.com Report: Requests To Prove One Is Not A Robot Up 400,000% Over Past 500 Years

    NEW YORK—In a report released Tuesday that has been hailed as equal parts fascinating and perplexing, researchers at Columbia University found that requests to prove one is not a robot have gone up 400,000% over the past 500 years. “During the Elizabethan era, for example, people were rarely asked ...

    Report: Requests To Prove One Is Not A Robot Up 400,000% Over Past 500 Years
    2
    Bolivian Government Denounces Attempted Coup D’éTat
  • lol, i just accepted the title tag from the page which the create post form auto-filled 🤡

  • Bolivian Government Denounces Attempted Coup D’éTat

    7
    www.tomshardware.com Firmware flaw affects numerous generations of Intel CPUs — UEFI code execution vulnerability found for Intel CPUs from 14th Gen Raptor Lake to 6th Gen Skylake CPUs, and TPM will not save you

    Eclypsium Automata uncovers Phoenix as the latest to fall to a significant Arbitrary Code Execution exploit impacting Lenovo, AMI, Insyde, and Intel motherboard firmware.

    Firmware flaw affects numerous generations of Intel CPUs — UEFI code execution vulnerability found for Intel CPUs from 14th Gen Raptor Lake to 6th Gen Skylake CPUs, and TPM will not save you
    2
    arstechnica.com Apple Intelligence and other features won’t launch in the EU this year

    iPhone Mirroring and SharePlay screen sharing will also skip the EU for now.

    Apple Intelligence and other features won’t launch in the EU this year
    1

    Chat control vote postponed

    www.patrick-breyer.de Chat control vote postponed: Huge success in defense of digital privacy of correspondence!

    Today EU governments will not adopt their position on the EU regulation on “combating child sexual abuse”, the so-called chat control regulation, as planned, which would have heralded the end of private messages and secure encryption. The Belgian Council presidency postponed the vote at short notice

    Chat control vote postponed: Huge success in defense of digital privacy of correspondence!
    0

    The Outsider's Guide to Payments Censorship - Brett Scott

    www.asomo.co The Outsider's Guide to Payments Censorship

    Digital payments can be used to turn people off. But when do you care?

    The Outsider's Guide to Payments Censorship
    1

    The Outsider's Guide to Payments Censorship - Brett Scott

    www.asomo.co The Outsider's Guide to Payments Censorship

    Digital payments can be used to turn people off. But when do you care?

    The Outsider's Guide to Payments Censorship
    1
    www.jwz.org XScreenSaver: Google Store Privacy Policy

    XScreenSaver is a collection of free screen savers for X11, Linux, macOS, iOS and Android.

    0

    The soft hum

    via https://mastodon.social/@spiralganglion/112294836298449151

    image description

    Photographs of the front and back of Apple's original Mac 128k. A finger is touching the power switch on the back, and a hand is inserting a floppy disk into the front. Text below reads: Insert the Macintosh System Disk into the disk drive, metal end first, label side up. Push the disk until it clicks into place. The soft hum is your Macintosh getting information from the disk. A message appears, welcoming you to Macintosh.

    8

    European privacy group nyob ("none of your business") has filed a GDPR complaint against OpenAI about ChatGPT

    noyb.eu ChatGPT provides false information about people, and OpenAI can’t correct it

    noyb today filed a complaint against the ChatGPT maker OpenAI with the Austrian DPA

    ChatGPT provides false information about people, and OpenAI can’t correct it
    0

    Pour it over your tongue till it tingles with it

    cross-posted from: https://lemmy.ml/post/16342545

    > ::: spoiler image description > four-panel McMahon Reaction Meme template with captions: > * 1, 4, 8, 9, 16, 25, 27, 32, 36, 49, 64, 72, 81 > * 100, 108, 121, 125, 128, 144, 169, 196, 200, 216, 225, 243, 256, 288 > * 289, 324, 343, 361, 392, 400, 432, 441, 484, 500, 512, 529, 576 > * 625, 648, 675, 676, 729, 784, 800, 841, 864, 900, 961, 968, 972, 1000 > ::: >

    2