That's why I kept my old printer from the 1980s or so. Can only print black and white and no bullshit added. Though, these days, I rarely print. Maybe once a year.

I knew about metadata but this was new to me

The different sensitivities of the photosites creates a type of imperceptible image watermark. Although unintentional, it acts like a fingerprint, unique to your camera’s sensor, which is imprinted onto every photo you take. Much like snowflakes, no two imaging sensors are alike.

In the digital image forensics community, this sensor fingerprint is known as "photo response non-uniformity". And it's "difficult to remove even when one tries", says Jessica Fridrich of Binghamton University in New York state. It's inherent to the sensor, as opposed to measures, such as photo metadata, that are "intentionally implemented", she explains.

This is good to know too. I always suspected that printers had something like this.

When considering these privacy issues, we might draw parallels with another technology. Many colour printers add secret tracking dots to documents: virtually invisible yellow dots that reveal a printer's serial number, as well as the date and time a document was printed

I have heard that the Thinkpad X200 is a good laptop for people who want to install libreboot and disable the Intel Management Engine.

This is another article about the IME. It lists libreboot compatible computers

Despite all Intel's efforts to make the Management Engine inescapable, software developers have had some success with preventing it from loading code. For instance, the Libreboot project disables the Management Engine by removing all the code that the Management Engine is supposed to load on some Thinkpad computers manufactured in 2008, including the R400, T400, T400s, T500, W500, X200, X200s, and X200T.

Also, many Intel computers manufactured in 2006 have the ancestor of the Management Engine which is disabled from the start, such as the Lenovo Thinkpads X60, X60s, X60 Tablet and T60, and many more.

https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom

You know, I generally don't like the whole "throw the book at the hacker" mentality the legal system has sometimes, in this case, the prison time is due to the financial fraud component of this. He hacked those accounts... To trick people into giving him bitcoin. I'm ok with the years for that. His life isn't ruined.

Well, it has been previously blocked in Iran as well, so I think we can expect additional TLS proxies set up to avoid censorship. Or maybe you will be able to use existing TLS proxies, I don't know.

By the way, why did no one learn that centralized instant messaging apps can easily be blocked in this world of censorship? I really don't understand.

I recommend XMPP than Signal, especially for Chinese people. I think XMPP's main features are anyone can select from many servers and it have easy to use End-to-End Encryption implementation.

"Is Jabber accessible from China?" - reddit
libreddit. (webproxy frontend for reddit) URLs: clearnet, Tor

I'm in China and can access many XMPP servers, e.g. xmpp.jp, swissjabber.ch, chinwag.im, yax.im, disroot.org, member.fsf.org.

From what I understand about China's GFW, and I am American so no direct experience, it'll work at the beginning if you use TLS. Maybe not STARTTLS?

However, I do know that all VPNs will eventually stop working, forcing you to switch IP or protocol - the GFW has some basic machine learning. If all you do is connect to a specific IP, it'll start throttling connections to said address. It may do the same if it can't scrutinize the encrypted Jabber connection.

The bigger issue is that Jabber is still more complex to set up securely. That's probably why it doesn't have as much mindshare. Given that reputation, and the state of clients across platforms not all implementing the same features (not even equally well), it's harder to convince someone to deal with all of the headaches involved.

I actually had a plane get delayed in Shanghai, and I had no phone plan so the internet was my only option for communication back to the US. Couldn't use Facebook or Instagram. Forget Gmail, because even the Google homepage couldn't be accessed there. Hotmail said it delivered, but I found out the message didn't get received until about 3 weeks AFTER I arrived back in the US. Jabber was the only thing that DID actually work.

By comment on "Signal's open sourced server code hasn't been updated for over a year. Should we be concerned?"

Well, while open source does not mean it's secure, this is still a weird thing to do.

I would simply recommend to stop using Signal and start using XMPP with OMEMO encryption, since this is the gold standard of instant messengers, at least for me. You should especially stop using Signal because it requires your phone number, which immediately disqualifies it for a private messenger.

I'd like to point out that the "A Hacker Got All My Texts for $16" is clickbait. wow, as if that never existed

But yes, stop using insecure SMS. Start using XMPP with OMEMO encryption.

This site uses Clownflare (clear net only), visit it in archive.org (clear net only) instead.

TL;DR: the "safest apps" are the most dangerous apps, including Etsy.

---

Now, I don't care about most of the article - we all know big corpos collect as much of our data as possible. I care about the so called "safest apps", while in reality, they're dangerous.

They're also saying that:

Even with video calling service Zoom’s conferencing flaw from last year, it managed to crack the top 10.

Well, what are you doing, Komando? Defending Zoom? This piece of rubbish? And what about the "safest apps"?

• Signal and Telegram - they require your phone number. You really claim to be private with this?
• Clubhouse - this app is kind of obscure to me, and I can't even visit their Clownflared website because Wayback Machine doesn't like its JavaScript (so no reading their privacy policy there - although, I obviously know that Clownflare will collect your data from the shadows), but what if I check their App Store listing (clear net only), what do I see there? Contact info, identifiers, contacts, usage data, user content, diagnostics? And you call it private, Komando?
• Netflix - this attempts to enslave you with Digital Restrictions Management. Obviously, those are only attempts, and I refuse its usage. I hope you are doing this too.
• Teams and Skype - they're owned by Microsoft, and Skype works with the PRISM and also used to redirect Chinese people to an even more censoring version of Skype. Next!
• Classroom and Shazam - owned by big corpos. Google and Apple, respectively.
• Boohoo - Uses Clownflare. Good luck trying to make me think you're private with a MITM attacking me, boo hoo.

So it doesn't look great at all. But wait, I skipped Etsy. Why? Well, here goes a long section about it.

Let's see what the situation with Etsy is, in terms of privacy:

• Tor support - no onion domain, but it looks like you can log in without getting your account terminated. Not sure about registration or shopping, though.
• Monero acceptance - no cryptocurrency to select in the bottom left corner, or anywhere else.
• No personal data required for registration - obviously requires your e-mail address and password, but also your first name, but it's not that tragic.
• Compatibility with established standards - Etsy doesn't have OpenSearch, but you can use the Mycroft Project search engine plug-in (clear net only) if you use a web browser derived from Firefox, like LibreWolf. You can't receive e-mail notifications encrypted with PGP, though.
• No Cloudflare - obviously, if it had Clownflare, BCMA would automatically redirect to an archived version of the website, and I would say to bail immediately.
• As little downtime as possible - not a privacy issue, but it's still important. It doesn't look like Etsy has much downtimes, really.

So, by looking at those points alone, Etsy seems to be okay. But what about the privacy policy? Let's see another six points:

• IP addresses - paragraph two, point three, says that it will receive them from your web browser, mobile app, and Internet of Things (a thing you can give up). There is no duration on how long they are stored.
• Content data - paragraph two, point six, says it stores your location to "improve" search results. So probably not storing search results itself, but there is still no duration on how long the location is stored.
• System info - paragraph two, point three, says Etsy will store your device-specific information such as the operating system, with no duration attached.
• Metadata - there doesn't seem to be a mention of it. However, looking at all of the other points, it's likely it is collected.
• Interaction data - paragraph two, point four, says the information collected from their vendors and suppliers includes customer service interactions. You should know what duration is attached by now.
• Third party sharing - paragraph two, point eight, says that your information will be shared to third parties like Twitter. Only if you actually connect your accounts, I guess, but still.

So, no, it doesn't look great at all. Bail.

Use Session?

surprised twitter doesn't collect tons of data, especially if you configure your settings properly.

This news site uses Clownflare (clear net only), view it with archive.org (clear net only) or archive.is (.fo clear net mirror, .li clear net mirror, .md clear net mirror, .ph clear net mirror, Tor v2 mirror, Tor v3 mirror) instead.

Also, I have a feeling that even if Goolag phases out third-party cookies (which are mentioned in this article), they're still going to track their users, even across sites. I mean, do you really think third-party cookies is the only thing tracking you? Yes, they are responsible for most tracking, along with third-party scripts (that's why I should learn uMatrix...), but first-party scripts and cookies can also collect your data. Do I really need to also mention the fact Goolag Hrom is the most used browser in the world, and it's also filled with spyware?

Installing Synapse with docker and a TLS reverse proxy is a relative breeze. Like almost all server software, it requires some setup and general LInux knowledge. I haven't personally noted a lot of performance issues, but I concur that choosing Python (they even started with version 2) was a bad design choice. Good for prototyping but definitely not suitable for large-scale production usage. Hopefully Dendrite will reach feature parity soon. Moreover, they're doing some serious work on the p2p end and a working client exists already (https://p2p.riot.im).

I don't think Element has a bad UI, but there's definitely some room for improvement. Am not a fan of their use of HTML/CSS/JavaScript, I would have preferred a Rust GTK/Qt client but I understand that at this point in the project stage it's important to support the widest variety of platforms to serve the largest possible userbase. Performance and optimisation can always come later.

Matrix itself is decent, but the official software is utter shit.

Element is a bloated electron mess that's somehow bigger than pisscord and it's buggy as all hell (from small UI bugs to losing connection/not receving messages). Don't get me started on the mobile version. Oh and fun fact, even though olm is implemented in C so it can run natively on pretty much anything, desktop Element still goes through wasm for EVERY MESSAGE, because the devs are retarded enough to not be able to link a binary to a release exec.

The server is even worse, even installing this piece of shit can be a challenge (especially out of the Linux comfort zone) and it hogs EVERYTHING. Say goodbye to like 3 GBs of RAM for a few rooms and users. Say goodbye to your disk space & cpu because python.

The only thing they haven't fucked up yet is Dendrite, the second-gen server which actually looks promising, but it's still in beta it's probably too early to call.

Not according to me getting into my workplace. Glasses, hat, mask . Sometimes have to pull my mask down just a tad to reveal the very top of my nose , the bridge, near the eyes.

Its scary .

So long as masks are de rigueur, facial recognition is pretty much a nonissue. Add some sunglasses with a hat, and the tech is dead in the water.

Any time you have to download an app to use something, you should be concerned. Apps and anonymity tend not to coexist.

Its a common Trope since 1982 scifi movies and stories.

"ZOOM... ENHANCE!"

such as a scene in Blade Runner

https://knowyourmeme.com/memes/zoom-and-enhance

What's the threat scenario of some random company acquiring your face? I think of privacy as a safety feature, so if I can't think of a threat, I have a harder time caring.

That and my passion is archiving, so innately deleting data is somewhat uncomfortable for me.

Element.io is fantastic

My concern is more private use. I get my face scanned to enter my workplace, and the (biometrics) company state that they retain that for up to 3 years beyond end of employment.

To me, that's up to 3 years too long.

And I don't "mind" it, so long as that information was stored locally and could be purged by HR when an employee ls no longer employed, as part of an after-employment checklist. For example, if you have a company with 700 active employees, then on your LAN you have the biometric hardware/software operating and it contains no more than 700 faces, and doesn't face anything public, as it's only used to allow/deny entry to the building. Doesn't need a web facing control panel, no need to store that data 'in the cloud', etc.

But, that's not how things are done. The biometric company could be bought up by another. It could be hacked. It could be secretly funded by any alphabet agency or sharing data with them.

If it was private use, open source, localized installs across companies and company owned worksites... no problem.

As far as public stuff goes? I'm kind of with you. I have cameras. I use them. Moreso when I lived in the city. Shortly after installation I thought all the hoodlums were casing cars on the street because they were walking in the street instead of on my sidewalk. Turns out they noticed the cameras and thought they were out of view of them if they just walk in the middle of the road. Nope, I still see ya buddy.

As much of a privacy nightmare as it is, I kinda dream of a city with high-resolution security cams featuring facial recognition covering every public space, even the sewers. But they would be accessible to everyone, so you can watch it yourself. It could be cooler than reality TV.

Also, I never was too concerned with privacy in public. The problem is how the system can be abused in the future, but then everyone is more or less keeping a tracking device on their body and publishing their opinions on the Internet, so I'm not sure if facial recognition could be abused to do something that isn't already possible anyway.

Maybe people would finally stop littering, if there are cams identifying and fining them automagically.

Have you seen the show Higashi no Eden? Friends of the protagonist created an app that would let them identify everything, people included. Everyone had the ability to identify new things and add to the database. It was a pretty neat tool, but utterly futuristic back in 2009 when the show aired. That was about when smartphones became common.

And it looked a lot like that screenshot from the site.

The concept was kinda dwarfed by the real point of the show, which was a mobile phone with a billion or so and an operator doing tasks for you by using that money. Like shooting rockets or shipping all shut-ins off to Africa or something like that. Good fun.

Well, while open source does not mean it's secure, this is still a weird thing to do.

I would simply recommend to stop using Signal and start using XMPP with OMEMO encryption, since this is the gold standard of instant messengers, at least for me. You should especially stop using Signal because it requires your phone number, which immediately disqualifies it for a private messenger.

Have you tried element.io and Matrix? Been using it for years now and I'm very happy with it. Clients for all kinds of platforms and bridges to all kinds of networks exist.

Yes lol, the client is making calls to endpoints on the server which don't even exist in the publicly released code. Saying all messages are encrypted avoids the question of metadata and how the server actually deals with that metadata.