Recent comments in /f/Tech
sh3r wrote
Reply to Don't Use Telegram. by Hitler_Was_Right
Use Signal Instead
Hitler_Was_Right OP wrote
Reply to comment by Strangeways in The Truth About Protonmail by Hitler_Was_Right
https://protonmail.com/blog/cryptographic-architecture-response/ https://eprint.iacr.org/2018/1121.pdf https://protonmail.com/blog/protonmail-has-raised-2m-usd-to-protect-online-privacy/ https://protonmail.com/privacy-policy https://protonmail.com/support/knowledge-base/protonmail-israel-radware/ https://cryptome.org/2015/11/protonmail-ddos.htm https://techcrunch.com/2018/09/06/protonmail-names-one-of-the-attackers-behind-a-major-ddos-this-summer
GadgeteerZA wrote
That does not look like the correct link to the source? It is posts about the Tor Project standing up with rights of the LGBTQIA+ community. Where is the reference to any paedophile community? They're standing up for pride and privacy, which is a good thing for freedoms.
Strangeways wrote
Reply to Wikipedia Banned IP Blocks by awdrifter
Perhaps regional geo-blocking through a CDN like Cloudflare, or whoever it is they use. Just a guess.
Strangeways wrote (edited )
Reply to The Truth About Protonmail by Hitler_Was_Right
Very illuminating. Great research. Time to leave ProtonMail I think. The immediate alternatives aren't that great.
Tutanota I've had massive problems with them in the past. I've actually lost accounts there because of their so called 2FA security, the Belgian company Mailfence appears to be security-oriented but it comes at a small nominal cost. What about Rise Up? that is if you can get an account there.
GadgeteerZA wrote
Reply to comment by smartypants in HOLY SHIT!!! Apple secretly constantly taking photos of face when phone held and active every 5 seconds and uses INFRARED and got caught! Apple claims its for training the AI to unlock, but now admits its to study EMOTION of user to autoselect emojis and study pupil dilation & facial expressions! by smartypants
Are there say three or four links you can give to us? I fully realise they have to permanently scan for a face to keep the screen alive, to unlock, etc but sounds like you have some evidence in links about them actually storing and using those photos elsewhere, in other words zero of it is AI present on the device?
GadgeteerZA wrote
Reply to comment by smartypants in HOLY SHIT!!! Apple secretly constantly taking photos of face when phone held and active every 5 seconds and uses INFRARED and got caught! Apple claims its for training the AI to unlock, but now admits its to study EMOTION of user to autoselect emojis and study pupil dilation & facial expressions! by smartypants
Are there say three or four links you can give to us? I fully realise they have to permanently scan for a face to keep the screen alive, to unlock, etc but sounds like you have some evidence in links about them actually storing and using those photos elsewhere, in other words zero of it is AI present on the device?
GadgeteerZA wrote
Reply to Telegram founder Pavel Durov, who built reputation on creating unhackable app, listed in leaked Pegasus project data, selected by Israeli NSO Group client government. by Hitler_Was_Right
Many people were listed with this, but what does it actually tell us? He may have been a target, we are not even sure if his phone was actually penetrated, and whether they found Telegram's secret description key? It seems really all conjecture at this point until we know anything definate?
Telegram is supposedly not in the business of selling user data or metadata (no hint of evidence to that effect yet) and does at least allow you to hide your phone number from all contacts. Problem is mainstream users only otherwise use WhatsApp (knowingly leaks metadata inc location to Facebook whom we all know about with their dropped balls on user privacy and advertising), and Signal which requires a phone number to register, it can't be hidden, and is hosted in the USA.
Again we sit with the problem, which is the lesser of all evils that mainstream users actually 'can' use?
GadgeteerZA wrote
Reply to comment by Rambler in The Truth About Protonmail by Hitler_Was_Right
Exactly the same question I was thinking, and looking forward to the answer. I know of Tutanota but what's the point of doing a massive mail migration, only to find that Tutanota is worse than ProtonMail.
You can use your own OpenPGP key with Gmail (then Google cannot see the content) but 99% of your contacts receiving it (inc businesses etc), are clueless how to decrypt it.
Hitler_Was_Right OP wrote
Reply to comment by Rambler in The Truth About Protonmail by Hitler_Was_Right
I will post some links with helpful information but some of it might be flawed.
It also depends of what you want to do, some need security, others need anonymity while others need invisibility.
https://freedom.press/training/
https://epic.org/privacy/tools.html
https://www.eff.org/issues/privacy
https://choosetoencrypt.com/category/privacy/
Rambler wrote
Reply to The Truth About Protonmail by Hitler_Was_Right
The question is, then, who do you trust for secure email? Is email, by design, inherently 'bad' or 'flawed'?
What options does your average Joe have, outside of setting up his own mail server, and expecting his contacts to use PGP Encryption, which, may or may not be crackable by the big agencies.
Hitler_Was_Right OP wrote
Reply to The Truth About Protonmail by Hitler_Was_Right
Protonmail’s False Claim List
Lie: “Protonmail obeys the law”
In 2017 Protonmail seems to have used illegal cyber warfare capabilities to unlawfully break into a suspected phishing server. You can see the tweet and read about it here. They soon deleted the tweet and said: “We cannot confirm nor deny if anything happened.” In 2013 the European Union parliament voted to make hacking a crime that carried a prison sentence of 2 years. “Hacking back” is also illegal under Swiss law.
Lie : Protonmail offers “Zero Access” or “End to End Encryption”
A professor who teaches computer science and cryptography Nadim Kobeissi proved that Protonmail does not provide End to End Encryption. Protonmail has since publicly acknowledged that they can decrypt anyone’s encrypted content by obtaining their password/passphrase.
Lie: Protonmail protects free speech
Protonmail has stated on Reddit that they are “controlled by the politics of the community that dominates the ProtonMail userbase”. So if a majority of their users wanted to ban an innocent minority group, Protonmail has stated they would “yield to community pressure” and ban all those users from their platform even if their terms of service are not broken. So Protonmail protects free speech as long as it agrees with the majority of their users. Protonmail is not safe for any minority group including Jews, activists or missionaries. If Protonmail has a majority group ask them to ban a minority group of users then Protonmail has stated explicitly that they will do it even if no terms of service are broken. Read Protonmail’s statements here.
Lie: “Protonmail is open source code.”
Their front end code is open source. Their back end code and mobile code is kept private. This can be confirmed by reviewing their open-source code here
Lie: “By default, we do not keep any IP logs”
Protonmail’s Privacy Policy States: “This includes, the sender & receivers, the IP addresses were emails originated from, message subject, messages sent & received times, storage space, total emails and login times.” Protonmail is also legally required to store all users data for 6 months in Switzerland.
Lie: ProtonMail does not require any personally identifiable information to register.
If a user tries to signup without personal information, via VPN or TOR, they detect it and require a “donation” with a credit/debit card or a confirmation with your personal phone.
Lie: “When a ProtonMail account is closed, data and emails are immediately deleted from production servers”
By Swiss law, Protonmail is required to record all data for 6 months. When a user deletes an email, the email and all meta-data must legally be retained for 6 months
Protonmail Claims to be “Independently Audited”.
There is only 1 company listed as conducting an Audit of Protonmail, Cyberkov.com. Cyberkov’s website says it’s connected to Harvard, MIT & CERN. And their team is full of Harvard and MIT grads, exactly like Protonmail. So Protonmail’s audit was probably done by Protonmail’s college friends or colleagues. Protonmail also shows a list of people who’ve audited their code, but anyone can email Protonmail to add their name to the list. Years later Professor Kobeissi did a real independent audit and proved Protonmail doesn’t provide “end to end encryption Privacy Watchdog
TallestSkil wrote
Reply to WARNING !!!!! ZERO Day exploit in fake JPGs being served to Browsers. A revealed exploit on July 21 2021 to add to long list of remote WebP exploits, and now CATBOX suddenly involved! by smartypants
HAHAHAHAHAHHAHAHHAHAHAHA imagine trusting webp, a bullshit “standard” created by Google.
Wahaha wrote (edited )
Reply to comment by smartypants in WARNING !!!!! ZERO Day exploit in fake JPGs being served to Browsers. A revealed exploit on July 21 2021 to add to long list of remote WebP exploits, and now CATBOX suddenly involved! by smartypants
I'm already using that one for a long time, since webp generally sucks. But it only works if there's a choice between webp and jpg, if there is no choice, I'll get to see webp.
smartypants OP wrote (edited )
Reply to comment by Wahaha in WARNING !!!!! ZERO Day exploit in fake JPGs being served to Browsers. A revealed exploit on July 21 2021 to add to long list of remote WebP exploits, and now CATBOX suddenly involved! by smartypants
no time to go through all solutions, but this plugin from 12 months ago should do the trick at a perfect brute force way, but I dont know if a bad actor can use browser fingerprint to shove it in anyway.
https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/
This extension monitors and edits request headers using the onBeforeSendHeaders API
TRY THAT PLUGIN.
If it works, vile web sites like youtube should show blank white squares for video previews.
many http web development tools including free ones, can do ANYTHING with any data sent or received from firefox and have persistent scripts. "ModHeader" is one fun one.
Wahaha wrote
Reply to WARNING !!!!! ZERO Day exploit in fake JPGs being served to Browsers. A revealed exploit on July 21 2021 to add to long list of remote WebP exploits, and now CATBOX suddenly involved! by smartypants
I don't even have image.http.accept and network.http.accept.default in my about:config for FF90.
smartypants OP wrote
Reply to comment by BlackWinnerYoshi in HOLY SHIT!!! Apple secretly constantly taking photos of face when phone held and active every 5 seconds and uses INFRARED and got caught! Apple claims its for training the AI to unlock, but now admits its to study EMOTION of user to autoselect emojis and study pupil dilation & facial expressions! by smartypants
Apple did, often since 2017, scan faces for 30,000 data points in 3d FOR EMOTION TRACKING in Animojis in 2017 and later, but now in 2021 they do it on home screen and measure pupil and study gaze direction.
Learn and read. Lots of links support all I just typed.
TallestSkil wrote
Reply to comment by Wahaha in Why we will win the war for general-purpose computing by HMTg927
Yeah, they all have hardware level backdoors that governments can access. There’s really nothing doing here.
Wahaha wrote
Wasn't the war lost nearly a decade ago, when all CPUs had hidden operating systems added to them that will grant them complete control over wireless networks?
Wingless wrote
He's grateful to have lost both the domain name and the money. A thousand apologies from this wretched slave for making light of the Master!
Such is the state of modern populist heroism.
Wingless wrote
Reply to Wikipedia Banned IP Blocks by awdrifter
It's been true a long time. The ideal was an "encyclopedia anyone could edit" with "the sum of all human knowledge". Now it is 1000000 times more important to leave out what needs to be left out, than to include what needs to be included, so they use unlimited, creepy, secret means to track users, which necessitates blocking proxies. We have no idea what kind of tactics they really use, but what leaks from their vague descriptions of "behavioral characteristics" in their so-called "AN/I" board is that they are probably using (at least) browser fingerprinting tactics. But they also supplant with a strong dose of simply banning anything they're not sure about or don't understand.
Every for-profit is corrupt, every non-profit is corrupt, and a cabal of spies rules over them all.
BlackWinnerYoshi wrote
Reply to comment by TallestSkil in The Tor Project stands in solidarity with the pedophile community by Hitler_Was_Right
You would have to make the browser engine run through the Tor proxy (socks5://127.0.0.1:9050), including DNS requests to resolve onions. But why no one forked Tor? It's probably because Firefox and its Gecko browser engine aren't dead yet, but it might be in the future, so it's probably a good idea to use Pale Moon as a replacement, especially with the Proxy Privacy Ruler, which allows for applying the proxy only for private windows and/or certain domains. But they'll probably not do that and just accept to use Chromium and its Blink browser engine (I mean, Pale Moon is bad... but it's still better than what Chromium is trying to do).
TallestSkil wrote
Reply to comment by BlackWinnerYoshi in The Tor Project stands in solidarity with the pedophile community by Hitler_Was_Right
Is there a way to transplant the Tor protocols onto a different browser engine? Say, WebKit? Why hasn’t anyone forked Tor as a result of their behaviors?
Wahaha wrote
Phrasing it like that makes me wonder what a village full of pedophiles would look like.
GadgeteerZA wrote
Reply to comment by sh3r in Don't Use Telegram. by Hitler_Was_Right
Signal requires our phone numbers to register and is in the USA. Threema, Wired, Wickr Me, and Jami are probably better.