ReversalHatchery
@ReversalHatchery@beehaw.org
- Comment on Are there any guides, tutorials or similar on how to use Steam more privately? 5 days ago:
I don’t have experience with it, but as I know that is a GUI helper for Wine.
A steam emulator is different. It is often just a single file, a program library that holds program code.
On windows it is a DLL file, on Linux it does not have an extension but it’s the same concept. The game loads it because it actually searches for the official version of this file, but both Linux and Windows implement the search for it so that a library file (with the expected name) besides the executable is preferred instead of whatever is installed systemwide.Lutris on the other hand is a GUI tool to manage your “wineprefixes”, which is maybe better called wine environments. If you are familiar with python, it’s more like python’s virtual environments.
And besides basic tasks, it has a lot of additional tools to make using Wine easier. - Comment on Are there any guides, tutorials or similar on how to use Steam more privately? 1 week ago:
Ater purchasing and downloading a game from Steam, the Steam client is not actually needed for it to be playable. Of course it will try to start up Steam, and if isn’t installed then it will complain, but if use use a “steam emulator” that can be worked around.
One such emulator is Mr Goldberg’s steam emu.
It has a bunch of configuration options, per-game settings, optionally portable settings, windows+linux support, and I think it’s even open source. - Comment on Privacy services and non privacy payments options 1 month ago:
Yeah, that’s true for most of them, they all are basically useless. It’s only worth to use private crypto, like Monero, that is designed actually with privacy in mind.
- Comment on Privacy services and non privacy payments options 1 month ago:
but I don’t know if it makes sense if my bank knows I’m using it anyway so they can sell that info to advertisers, gov, etc.
Yeah it’s not ideal, but it’s still much better because these services won’t give access to your data if they can avoid it, and then data that is encrypted is not useful when given out
- Comment on Interesting new data on Lemmy instance federation with Threads, ordered by Active Users descending. 2 months ago:
I think you have sorted by “users”, and are looking at the “active” column.
If you sort by active, it’s fine. - Comment on I am a victim of the network effect who wishes to degoogle. What do I do? 2 months ago:
How much are you into programming and tinkering?
You may be able to make an xposed module to convince the dji app that you use an “investor approved” operating system.First you would need to reverse engineer the dgi app a little, to find out where in the code it checks for your system, like when does it use safetynet. If it prints an error message or logs something to logcat when it refuses to work, then it could be easier to find the place starting from that point and the stringcs appearance in the code and usages.
Fortunately, even it not too easy, android apps are among the easiest to reverse engineer. The 2 major tools that will help you are jadx (the decompiler) and Android Studio (the official android dev program for helping in navigating the code, most important features are finding usages of a function or string resource, and “refactoring” so mass renaming functions when you understood what does a key function do)
- Comment on I am a victim of the network effect who wishes to degoogle. What do I do? 2 months ago:
Maybe it’s not for safety reasons, but they just don’t trust you with attending school. This is even worse.
- Comment on Why is it dangerous to chain power dividers? 3 months ago:
I think they may be speaking about a different kind of power divider, something to which the name probably fits better
- Comment on "How to bypass and block infuriating cookie popups" 🙄🤦🏻♀️🤦🏻♀️ 4 months ago:
Yes, but preferably go over the list of enabled filterlists in it’s settings and tick a few more boxes.
- Comment on BVG out here recommending the best 2FA Apps! 6 months ago:
It’s not bad design, it’s definitely intentional, however I agree that it’s probably not for having backdoors, but for convenience. Average people forget their passwords all the time, and with encryption that level of carelessness is fatal to your data if they have not saved it somewhere, which they probably didn’t do.
Very few devices are rooted and usually you cannot get root without fully wiping your device in process.
I’m pretty sure the system is not flawless. Probably it’s harder to find an exploit in the OS than it was years ago, but I would be surprised if it would be really rare. Also, I think a considerable amount of people use the cheapest phones of no name brands (even if not in your country), or even just tablets that haven’t received updates for years and are slow but “good for use at home”. I have one at home that I rarely use. Bootloader cannot be unlocked, but there’s a couple of exploits available for one off commands and such.
- Comment on Does Google still hold contact data after deleting from Google Contacts? 6 months ago:
I don’t think there’s a factual answer to this question.
My take on it though is why would they delete it? They can make use of it in various ways, and in new ways every once in a while, and it’s not like as if you could prove it in court or even just find out that they didn’t delete your data. - Comment on BVG out here recommending the best 2FA Apps! 6 months ago:
That depends. More of the popular ones don’t encrypt the secret keys, they can just be read out with root access or even with the use of ADB (the pull command), not even speaking about reading the memory contents while booted to a recovery.
Some even uploads the keys to a cloud service for convenience, and they consider it a feature. - Comment on I have an archaeology joke but it's probably just a ritual. 7 months ago:
I remembered this XKCD from the image: xkcd.com/1683/
- Comment on I have an archaeology joke but it's probably just a ritual. 7 months ago:
Or “but it does not compile”
- Comment on Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement 7 months ago:
on the proton encryption, i did know about this but does that apply to proton-to-proton, proton-to-NonProton, or both? if you have details on this let me know.
As I know it applies to both. Formerly they were asking (among other things) about the titles of your latest emails for account recovery. (after I have put all the links here I realized that these don’t give a details on whether this also applies to inter-proton messages…)
A few sources:
proton.me/…/proton-mail-encryption-explained
Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.
www.reddit.com/r/ProtonMail/comments/…/eiphhs7/?c…
…stackexchange.com/…/why-is-some-meta-data-not-en…
either way the fact that they dont makes me feel that proton is a similar honeypot to signal and telegram, where they make a compromise with the five eyes, to give them metadata even if actual contents are safe. metadata can be much more powerful than contents often times
Yeah, might as well be. But if it is, I’m afraid we won’t get to know for a few decades, if ever. And I think it’s still better than the alternatives… the alternative email providers, that is.
If it comforts you, in their reddit comment I linked they mention (in 2019…) that there’s a proposal they support for openpgp to be able to have an encrypted subject line. - Comment on Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement 7 months ago:
Proton can be legally ordered to start recording the IP address of a specific user. That’s why they recommend that you always connect through their Onion site.
Other than that and if that’s possible, I think it may also be possible to legally order Proton to keep the unencrypted form of incoming emails for a specific user, but Proton did not said it in the article, and Swiss laws might protect them against that. It’s certainly possible technically, and good to be aware of it, I think.Sorry but I can’t open the second page, as it actively resists it. I suspect though that the problem with Tutanota was not their encryption, but their legal system, which required them to keep a copy of the incoming emails.
Also, don’t mistake me, I’m all for protonmail, and I mean this. But did you know they only encrypt the email contents? Metadata like title, sender recipient and other things in the mail header don’t get encrypted.
- Comment on Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement 7 months ago:
Why, what else could have they done with laws? Protonmail and literally every other provider on the clearnet is also susceptible to this.
- Comment on Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement 7 months ago:
The plan was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.
Excuse me, what?
- Comment on Why Not Store Encrypted Emails in Plaintext Locally? 7 months ago:
fastmail
That’s a paid service, right? I don’t know much about them, they may have other pros too, but proton also allows you to use your own email client if you’re in a plan.
- Comment on Why Not Store Encrypted Emails in Plaintext Locally? 7 months ago:
Protonmail now supports searching in the content of all your mail, though.
Or at least the web client. It will ask you to download all your mail, and it will make an encrypted search index on your computer. - Comment on 8 months ago:
service has all the downsides of a centralized service
No it doesn’t? A single party cannot block you from participating in the network, as you can just find a different provider, and you can have control over what servers may store your data, both as a server operator and as a room admin.
- Comment on 8 months ago:
And at that point it was just working like Signal does. Right?
New users should be told that they won’t have access to their old messages, just like with signal, unless they do a one-time additional setup.
This really should be exclaimed at the beginning on every chat history in every major client, because it is not obvious, and as you said users only realize when the damage was already done, or not even then. - Comment on 8 months ago:
Of course, as soon as two people take this advice and then attempt to communicate, we have reached the standoff, where One of the two people must swear off their data sovereignty.
What is your idea to solve this?
With centralized messaging services, both of them must swear off their data sovereignty.
While with true peer to peer systems none of them must do that, that model is not really compatible with mobile devices as both the sender and the receiver has to be online at the same time for the message to go through, and generally any device that is not online 24/7, which mostly includes all desktop PCs.For this reason, I think that for the average user (who does not have a 24/7 online server-role machine, or maybe even a desktop computer) the best solution is to choose a server operator who they trust with their data. Or, they may try to run a lightweight homeserver on their mobile device (laptop or even smartphone), and live with it’s shortcomings. Not like it’s not possible, and this way everyone can register where they want, including their own part-time server if they are more comfortable that way.
However I think I did not totally understand what is your exact concern.
Do you think it to be a problem that even if you run your own server, messages you sent to your friend on another one will be stored on that homeserver too?
If so, I don’t think it’s possible to solve that problem. They (your friend) have chosen to take a compromise between security and ease of use by trusting someone else with storage. You can’t tell them - only suggest - where should they store their data, otherwise they would lose their sovereignty over it.
Fortunately confidentiality can be kept with encryption, and if you are concerned with the other server having access to metadata, you could patch your server to try to generalize the message metadata to some extent, like with delaying sending messages to they 10th minute and such measures. - Comment on 9 months ago:
Yes but it could just lie and hide it’s own traces.
Portmaster is fine, but you won’t be able to make a difference between requests made by an addon (and know which one) or by a website, so it’s not relevant here. - Comment on 9 months ago:
It’s easier to fully vet a single extension than several however-complex extensions.
But also, for firefox there’s a recommened label for those that are actively vetted by Mozilla employees.
- Comment on 9 months ago:
Isn’t piling on browser extensions generally considered bad practice as it increases your attack surface (bad for security) and makes you more easy to fingerprint (bad for privacy)?
I read this very often, but I’m not really sure if it’s strictly true.
An addon only increases your attack surface if it processes data sent by the website, and it only makes you easier to fingerprint if it does something to the website or it’s observable environment.A few examples:
- Simple Tab Groups does not change anything a website could see, and other than title and favicon does not really process other parts of the website
- Bitwarden: might be affected on both fronts because of autofill, and it reads the webpage to see if it contains a login form (to offer to save your new password or new account)
- disable page visibility api, disable console clear: I think these are invisible to the website
- firefox multi account containers: only adds fearures to the browser
- libredirect: unless redirection of embeds is enabled, should not be visible
- generic QR code maker addon: does not do anything with the website. Does a context menu entry for selected text, but that shouldn’t be visible by websites
- redirect amp to html: invisible, redirection happens before loading the new page
- tab session manager: same as STG above
- new tab page addons
- temporary containers
- undo close tab
- web archives
So my point is that there’s a plenty of addons that don’t need to do anything with the website itself to be useful, and even if it does something with it, it does not necessarily make you more fingerprintable.
That being said, it’s also important to mention that an addon could do something you don’t know about, so without asking others or yourself reading it’s code (it’s human readable, download the XPI file from the addon store and unzip it (it is a zip file actually)).
- Comment on Carmakers are failing the privacy test. Owners have little or no control over data collected 9 months ago:
Interesting how many car privacy articles popped out suddenly.
- Comment on This one goes out to the sysadmins in the crowd. 9 months ago:
We need to come up with a shorthand for that.
- Comment on Do eSIMs have any downsides from a privacy standpoint? 9 months ago:
I remember reading that for custom ROM developers it’s complicated (or even not possible?) to implement eSIM support because the use of it requires google services.
- Comment on Do eSIMs have any downsides from a privacy standpoint? 9 months ago:
And now I have an expensive brick, as I can’t use it. Thanks.