Israel's attack on two newspaper offices in Yemen last week killed 31 journalists, making it the single largest massacre of the press in 16 years, according to the Committee to Protect Journalists.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Israel’s Strike on Yemen Newspaper Offices Was ‘Deadliest Global Attack’ on Journalists in 16 Years: Press Freedom Group
Israel's attack on two newspaper offices in Yemen last week killed 31 journalists, making it the single largest massacre of the press in 16 years, according to the Committee to Protect Journalists.
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
The Israeli government has declared that all aid entering Gaza for distribution by the controversial Gaza Humanitarian Foundation (GHF) must be sourced from Israel only.
"New Israeli regulations mandate that all food items going into Gaza must be procured and packaged inside Israel, and we are abiding by that requirement."
The JNS report comes as multiple indicators suggest the Israeli economy is taking a hit as a result of its genocide in Gaza, on account of growing international isolation, lack of investment and consumer confidence as well as the high number of conscripts being called away from work to fight.
“The JNS report comes and multiple indicators suggest the Israeli economy is taking a hit as a result of its genocide in Gaza” - oH nO!! Not CONSEQUENCES!! 😲Consequences for a genocide!?!? How dare they!!
It's so they are providing aid but can limit it just enough that everyone is technically able to be fed but still starve. It's a way to look like they're doing something good but in reality are doing something extremely cruel.
I'd just like to interject for a moment. What you're referring to as Leninism, is in fact, Marxism-Leninism, or as I've recently taken to calling it, Marxism plus Leninism. Leninism is not an ideology unto itself, but rather another free component of a fully functioning Marxist ideology made useful by the 『Manifesto』 , 『Capital』 and vital ideology components comprising a full ideology.
Many communists run a modified version of the Marxism ideology every day, without realizing it. Through a peculiar turn of events, the version of Marxism which is widely used today is often called Leninism, and many of its users are not aware that it is basically the Marxism ideology, developed by Marx and Engels.
There really is a Leninism, and these people are using it, but it is just a part of the ideology they use. Leninism is the methodiology: a set of working methods for achieving the goal of communism. The methodiology is an essential part of an ideology, but useless by itself; it can only function in the context of a complete ideology. Leninism is normally used in combination with the Marxism ideology: the whole ideology is basically Marxism with Leninism added, or Marxism-Leninism. All the so-called Leninism distributions are really distributions of Marxism-Leninism!
This reads like the kind of output you get from those tiny 0.7B local LLM models that can run on a Chromebook but tend to get fixated on repeating the same phrases over and over
It's just a funny ML joke using the common GNU/Linux copypasta, I think it's actually really creative and funny for a communist meme, as someone who enjoys those.
It's the other way around, "Stalinist" is just slang for Marxist-Leninists used by those trying to invoke western fear of Stalin as slander against communists. Stalin synthesized Marxism-Leninism, but outside of some good advancement of the Marxist theory of the nation, Stalin's own contributions to Marxism-Leninism are extremely minimal, the vast majority is Marx, Engels, and Lenin.
Lenin's advances on Marxism are largely in analysis of imperialism, and practical revolutionary tactics such as democratic centralism, as well as to combat the revisionism of the second international. Trotskyists often try to call themselves "Leninists" to differentiate themselves from Marxism-Leninism, or "Marxist and Leninist," but their own theory diverges from Marx's.
Lenin's contributions are not diversions from Marxism, but additions and updates to follow the development of imperialism, which pushed the contradictions Marx thought would lead to revolution in Europe into the global south, and all the new questions that added.
It's time to read theory, comrades! As Lenin says, "Despair is typical of those who do not understand the causes of evil, see no way out, and are incapable of struggle." Reading theory helps us identify the core contradictions within modern society, analyze their trajectories, and gives us the tools to break free. Marxism-Leninism is broken into 3 major components, as noted by Lenin in his pamphlet The Three Sources and Three Component Parts of Marxism: | Audiobook
Dialectical and Historical Materialism
Critique of Capitalism along the lines of Marx's Law of Value
Advocacy for Revolutionary and Scientific Socialism
As such, I created the following list to take you from no knowledge whatsoever of Leftist theory, and leave you with a strong understanding of the critical fundamentals of Marxism-Leninism in an order that builds up as you read. Let's get started!
Section I: Getting Started
What the heck is Communism, anyways? For that matter, what is fascism?
Breaks down fascism and its mortal enemy, Communism, as well as their antagonistic relationship. Understanding what fascism is, where and when it rises, why it does so, and how to banish it forever is critical. Parenti also helps debunk common anti-Communist myths, from both the "left" and the right, in a quick-witted writing style. This is also an excellent time to watch the famous speech.
Section II: Historical and Dialectical Materialism
By far my favorite primer on Marxist philosophy. By understanding Dialectical and Historical Materialism first, you make it easier to understand the rest of Marxism-Leninism. Don't be intimidated!
Further reading on Dialectical and Historical Materialism, but crucially introduces the why of Scientific Socialism, explaining how Capitalism itself prepares the conditions for public ownership and planning by centralizing itself into monopolist syndicates. This is also where Engels talks about the failures of previous "Utopian" Socialists.
Section III: Political Economy
That's right, it's time for the Law of Value and a deep-dive into Imperialism. If we are to defeat Capitalism, we must learn it's mechanisms, tendencies, contradictions, and laws.
Best taken as a pair, these essays simplify the most important parts of the Law of Value. Marx is targetting those not trained in economics here, but you might want to keep a pen and some paper to follow along if you are a visual person.
Absolutely crucial and the most important work for understanding the modern era and its primary contradictions. Marxist-Leninists understand that Imperialism is the greatest contradiction in the modern era, which cascades downward into all manner of related contradictions. Knowing what dying Capitalism looks like, and how it behaves, means we can kill it.
Section IV: Revolutionary and Scientific Socialism
Can we defeat Capitalism at the ballot box? What about just defeating fascism? What about the role of the state?
If Marxists believed reforming Capitalist society was possible, we would be the first in line for it. Sadly, it isn't possible, which Luxemburg proves in this monumental writing.
Excellent refutation of revisionists and Social Democrats who think the State can be reformed, without needing to be replaced with one that is run by the workers, in their own interests.
Section V: Intersectionality and Solidarity
The revolution will not be fought by atomized individuals, but by an intersectional, international working class movement. Intersectionality is critical, because it allows different marginalized groups to work together in collective interest, unifying into a broad movement.
Critical reading on understanding misogyny, transphobia, enbyphobia, pluralphobia, and homophobia, as well as how to move beyond the base subject of "gender." Uses the foundations built up in the previous works to analyze gender theory from a Historical Materialist perspective.
De-colonialism is essential to Marxism. Without having a strong, de-colonial, internationalist stance, we have no path to victory nor a path to justice. Fanon analyzes Colonialism's dehumanizing effects, and lays out how to form a de-colonial movement, as well as its necessity.
Solidarity and intersectionality are the key to any social movement. When different social groups fight for liberation together along intersectional lines, the movements are emboldened and empowered ever-further.
Section VI: Putting it into Practice!
It's not enough to endlessly read, you must put theory to practice. That is how you can improve yourself and the movements you support. Touch grass!
Mao wrote simply and directly, targeting peasant soldiers during the Revolutionary War in China. This pair of essays equip the reader with the ability to apply the analytical tools of Dialectical Materialism to their every day practice, and better understand problems.
Congratulations, you completed your introductory reading course!
With your new understanding and knowledge of Marxism-Leninism, here is a mini What is to be Done? of your own to follow, and take with you as practical advice.
Get organized. Join a Leftist org, find solidarity with fellow comrades, and protect each other. The Dems will not save you, it is up to us to protect ourselves. The Party for Socialism and Liberation and Freedom Road Socialist Organization both organize year round, every year, because the battle for progress is a constant struggle, not a single election. See if there is a chapter near you, or start one! Or, see if there's an org you like more near you and join it.
Read theory. Don't think that you are done now! Just because you have the basics, doesn't mean you know more than you do. If you have not investigated a subject, don't speak on it! Don't speak nonsense, but listen!
Aggressively combat white supremacy, misogyny, queerphobia, and other attacks on marginalized communities. Cede no ground, let nobody be forgotten or left behind. There is strength in numbers, when one marginalized group is targeted, many more are sure to follow.
Be industrious, and self-sufficient. Take up gardening, home repair, tinkering. It is through practice that you elevate your problem-solving capabilities. Not only will you improve your skill at one subject, but your general problem-solving muscles get strengthened as well.
Learn self-defense. Get armed, if practical. Be ready to protect yourself and others. Liberals will not save us, we must save each other.
Be persistent. If you feel like a single water droplet against a mountain, think of canyons and valleys. Oh, how our efforts pile up! With consistency, every rock, boulder, even mountain, can be drilled through with nothing but steady and persistent water droplets.
"Everything under heaven is in utter chaos; the situation is excellent."
Freedom Road Socialist Organization (FRSO) is a national organization of revolutionaries fighting for socialism in the United States. Our home is in the working class.
My man Freezy E wrote the best introductory texts to Marxism which hold up to this day,a taxonomy of the family and how it's shaped by the mode of production and hardly anyone ever mentions him unless it's to acknowledge he bankrolled Marx.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
After a random amount of time plasma just crashes. No other graphical issues and I am not sure what is causing this. I am assuming some config somewhere copied over with my home folder? because i did a clean install for the lols. If anyone knows what I am doing wrong respectfully let me know. sorry for being stupid
1) What are your system specs? 2) How much times passes before it crashes? 3) Does this happen with a brand new user you e created and logged in as, or just this one user? 4) There are errors for core apps in those logs. Do Kontact and Discover actually launch?
Trump is set to host a UFC fight on the White House lawn next year, with Dana White confirming the event as part of the US's 250th independence celebrations.
This is already possible with kpatch, ksplice, etc. This new thing seems more like a hypervisor of sorts? Or maybe a next level docker where containers could package their own kernel?
In-memory kernel patching is complicated, AFAIK only select distributions support it, right? If kernel hotswap is successfully implemented this way, it should allow switching between arbitrary kernels at runtime without extra work or setup.
Of course, that's a pretty big "if", but a simple unified system sounds like a great thing. And of course there's more to this than swapping kernels.
Not necessarily, maybe the main kernel has to keep running so you won't be able to hot swap that (haven't read the thing yet). In any case we've had updates without reboot for a while for a while, but it's a pain to set up, there's even a song about it youtu.be/SYRlTISvjww
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
That's kind of hilarious. At first we had VMs to run entirely separate operating systems. Then we had Containers to separate everything except the kernel. And now we might get separation for just the kernel.
Well, there's a separate technology stack for virtualization. So, it would be similar in effect, but the way you get there is different, and it's possible that it performs better or worse for certain scenarios.
Ok now i just need a wrapper for it so that k8s can load to the side loaded kernel as a virtual(?) node.
Crazy cool to think we can load procs on tuned kernels on demand like that. You could also have an container runtime spec for it if you wanted a kernel per pod kind of deployment (more niche to me though).
According to Cabello, the detainees confessed the shipment was part of a "false flag operation" designed to incriminate Venezuela in international drug trafficking and justify external aggression. "The four detainees are saying they work for the DEA," Cabello told state television, calling the alleged plan a "maneuver for destabilization."
Authorities said the boat originated in Colombia's Guajira region and was connected to a trafficking group called "Los Orientales," allegedly led by Gersio Parra Machado. Cabello argued that the operation demonstrated Venezuela's commitment to combating narcotics without resorting to lethal force. "We don't apply the death penalty," he said, drawing a contrast with U.S. military strikes on alleged drug vessels in the Caribbean.
According to the country's Interior Minister, the detainees confessed the shipment was part of a "false flag operation" designed to incriminate Venezuela in international drug trafficking
the americans want the venezuelan oil fields since they're the largest in the world; nobody stops the united states whenever it comes to oil and especially so with trump in charge.
See, I could see this a ploy agianst the U.S.A. but also I could 1000% see the U.S. doing a false flag op like this....it wouldn't nearly be the first time.
We'll have to wait a little bit and see if it becomes clear whos ploy this. Leaning towards a unhinged DEA op.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
That assumes a level of competence the administration hiring and directing these "operatives" has failed to show again and again, I honestly wouldn't be surprised if the agents in question are still teenagers.
Okay sure, they are a bunch of idiots, yes men, and fascists. I'm happy to agree on that.
But how would that even fit into the plans? They are currently just sinking drug ships and calling that a win, ignoring due process and international outcry like usual. They don't need a false flag bust for that strategy, nor does it make sense to assume they'd suddenly use a more complex plan than "lob rocket uga buga" which has so far been the cleverest they came up with in terms of foreign policy.
And then, assuming someone with some planing capability stuck around and actually came up with this international false flag drug smuggling operation for some indecipherable reason, why would they immediately after go back to brain-dead-mode and start sending a fresh-hire teenager to pose as a hardened Venezuelan smuggler?
I'm trying to set up some iptables rules in both Debian and Ubuntu, but I'm not sure how to make them persistent. As far as I understand the iptables package in the debian and Ubuntu repos is actually iptables-nft meaning I'm actually creating nftables rules, so I'm supposed to use iptables-nft-save to save them instead of using the normal method for iptables or nftables? But that command just seems to produce an output that doesn't match the syntax for iptables or nftables and the man page is not very helpful.
I'm also confused why Ubuntu does seem to have the /etc/iptables/rules.v4 and v6 files but Debian doesn't? Both seem to have /etc/nftables.conf as well but I'm not sure if that's even used (the Ubuntu machine has a bunch of iptables rules already defined which don't show up there but do show up in nft list ruleset)
This is another cut, among thousands. It's bad because we can see the motivation behind it. Free speech only for one team.
I don't want to be victim-blaming when I say expecting any big US corp to protect your privacy is futile. I know they want the reach of Insta and that's of course not a bad thing. But it's a threat considering who runs it. Another threat is editorializing the content. Don't put music on it, don't opine on the shamefulness of what the jackboots are doing, just post it. It's the best chance of this dying in the courts before the independence of the judiciary has completely gone. Constant dripping wears the stone and the MAGAs are pissing on it full force.
Another consideration must be at this point to host or mirror your content on servers outside the US. Countries that already didn't give an eff about the US or cooperating with its authorities. If you run your digital opposition on US-run/controlled infrastructure, you'll be shut down soon.
My name is Ehab, from northern Gaza. I have a family with four children — we have lost everything. Our home was destroyed, and I lost parts of my family: my sister and her children are among the dead and wounded. Now, we sleep on the streets, with no shelter and no safety.
The warplanes never leave the skies above us — we cannot sleep from the noise and fear. Tanks and raids are frighteningly close, and the gunboats fire from the sea. The situation is terrifying — the children cry from fear, and the elderly cannot endure the cold and hunger.
I have lost so much weight from hunger and this genocide. We have no source of income, no money to evacuate to the south where it may be safer. We desperately need funds to move my family to safety, and to buy food and medicine. You are our only hope.
Please, share this story and donate if you can. Every amount, no matter how small, can save us right now..
May God protect us and our families. From the depths of my heart, thank you to anyone who reaches out a hand to help. gofund.me/00439328
I'm frustrated. I'm a long time fan of Motorola. Their phones have been pretty simple and easy to remove junk apps. Recently I got an update that forced perplexity on my phone.
Consider if you truly need root on your device because its more of a risk then a benefit in most cases these days. Most features that used to require root no longer do or have more secure alternatives
Another consideration is that while you can buy a phone with grapheneos preinstalled, it's much better if you take the time to do the web install yourself because anyone selling preinstalled phones could potentially be a honeypot.
Pixels don't include bloat other than google, installing grapheneos is a simple and easy process you can do from your browser, unfortunately that's about the only truely secure option available currently any other devices (ie fairphone) will be a trade off of less/slower security updates and/or lack of ability to relock the bootloader.
Have a CMF1 from Murena for few months now, pretty happy with it. 350EUR with unlocked bootloader and rooted, used it as daily driver since day one. Transition from iOS was surprisingly painless.
Brand new Murena CMF Phone 1. Privacy combined with unbeatable value. The Murena CMF Phone 1 combines great specs and privacy with low cost. Powered by /e/OS operating system, this phone protects you at all times against constant data collection.
Less expensive than I expected, but no headphone jack, no SD slot, comes with /e/OS.
In the end any mobile phone is inherently privacy invasive because of tracking by the cellular carrier, and the unending security bugs in the software. It's hard to do much about this.
no headphone jack, no SD slot, comes with /e/OS. * I personally didn't need jack but I understand it might be problematic for some. If you create music for example you might not want the latency but for that I have a dedicated PBG-1 (OSHW grove box) which does have jack. FWIW there are USB-jack adapters. * it has an SD slot, I have a .5To inside * comes with /e/OS was the point for me. I wanted a deGoogle Android without any tinkering. If you don't want that though you can buy straight from CMF but I don't know with what ROM they will ship.
In the end any mobile phone is inherently privacy invasive because of tracking by the cellular carrier, and the unending security bugs in the software. It’s hard to do much about this.
if you don't trust cellular carriers you can setup your own network, e.g. crowdsupply.com/ukama/ukama but... yeah that's a bit demanding and obviously nobody else will connect to it. You can use eSIM but still have to trust the resulting carrier. You can rely on WiFi only but same, trust the ISP or encrypt everything you can, have your own VPN elsewhere and hope you can go through deep pack inspection
on bugs in software... but I like crowdsupply.com/sutajio-kosagi… is exploring the idea, pragmatically, of verifying the whole stack, hardware included, but it doesn't go to mobile packed. One could consider this with simpler modem equivalent, e.g. LoraWAN, but with the obvious bandwidth limitation. None of that removes bugs but if the entire stack is verifiable at least it's about genuine bug, not backdoors.
That’s what OnePlus, Nothing, and FairPhone are supposed to be about.
For privacy, I like my iPhone, but I can’t really recommend them anymore. Even with “Apple Intelligence” the keyboard is hilariously terrible. It gets a few things right and I’m wondering more and more if the ecosystem is worth it. But throwing money at Google somehow seems worse.
OnePlus originally had really nice enthusiast features and support for the CyanogenMod ROM. Now it's just another manufacturer of corporate-safe glass-and-metal slabs while the soul of CyanogenMod lives on in LineageOS.
Carl Pei left OnePlus and put together Nothing. Nothing is a bit closer to what OnePlus was supposed to be, but they still leave much to be desired. They went all the way to implement a detachable back on the CMF phone, but the battery is still sealed inside. Absolutely no advantage compared to manufacturers like Google in terms of the third-party ROM experience.
FairPhone is the best of the bunch, but their priorities don't necessarily match those of the community (i.e. security concerns, loss of audio jack and USB 3.0 on the FP6)
You noted on the phone hardware but not the software so I'll comment on that. Recently OnePlus has announced as of Android 16 that they will restrict bootloader unlocking to only those who fill out an application.
Nothing Phone 3 and all prior Nothing phone bootloader are still unlockable to this day with no call to restrict it. I would know, I have a Nothing Phone 3 running Shizuku and am waiting for Google to move Play Integrity off of its Kanban board so I can root again. Their forums have a strong development presence and as far as I'm concerned this is the one of the last good holdouts on this new restriction standard.
Pixel was the de facto standard for unlocked bootloaders. However, Google is the core of the "registered developers only" movement for their phones, killing sideloading and removing Pixel images from the development models in AOSP. I no longer support new Pixels (certain used ones are still good, don't get the 6 series though they are BAD).
I don’t have one, but I think they are overpriced for the specs you get.
Their goal is sustainability, but the outdated specs means I’d probably upgrade more frequently than I would with an iPhone where I can upgrade less often.
Shift and Volla are closer than Nothing, I'd say. OnePlus, like you said in another comment, belongs nowhere near that list anymore.
But I have a feeling privacy and security minded folks are going to be moving more towards Linux phones (I know Android uses a Linux kernel) over the next few years, as Android continues to get locked down, and cater to government surveillance.
I want to believe Apple has my privacy in mind like they say because I want to believe they’re a computer company first and not an information services company and all that… and it would make me feel better about my iPhone 16 Pro Max having such lousy software running on it… but also because going back to Android seems scary. No good privacy options. Nova is basically dead. Google is going after sideloading. Google is going hard with AI. The Pixel camera straight up hallucinates detail. And yet if I needed a new phone right now it probably would be a Galaxy S25, but I can’t say for sure it wouldn’t be an iPhone 17.
It's probably not a good idea to believe that. Even if they do fight for you behind closed doors, which I doubt, they will still have to bow to large governments for the sake of their shareholders. That's the world we live in right now.
I'm on Graphene on a Pixel 8 right now, but I really don't trust the overall direction that Google is pulling AOSP, nor the closed security chip in Pixel phones. I'm trying to decide if I want to stick with AOSP with a non-Pixel device, or give some form of non-Android Linux phone a shot. The Jolla C2 is looking intriguing, but getting one in the US isn't the easiest thing. I've also considered a Shiftphone 8.1 and Fairphone 6, but I'd want to run Calyx, and the future is murky. The Shiftphone is also tricky to get in the US, as is Volla which comes with an AOSP OS without Google services.
Very unorthadox suggestion, but those Vollaphones can come with Ubuntu Touch pre-installed. Best UI experience I had with a phone was an Ubuntu Touch. Pinephones also come with a Linux phone distro.
Do you need root? It's a big security risk, for multiple reasons.
You can always just get a used pixel (no further money to Google), and install a custom ROM that allows your bootloader to relock after installation. I personally prefer Graphene for this, but I believe Lineage also allows you to do so. They both have no bloat from the start, and GOS has sandboxed Google Play and Lineage has the ability to use microG iirc.
GOS can be installed via chromium based browsers, even from another phone. Security wise, there's nothing more secure at the moment.
Android is not designed the same way as a desktop operating system. For example, Android is designed to sandbox all applications and never require kernel level access. This means that if one app is malicious, as long as you haven't granted it extra permissions, it's much more difficult for it to affect any other apps. If you root, you're breaking that level of defense. Android simply wasn't designed for users to need or regularly use root, whereas Linux was built from the ground up with that expectation.
Root also makes applying security patches a challenge. Android doesn't have a standard package manager like desktop Linux. This means that users with rooted phones are less inclined to go through the pain of updating. I haven't rooted in a long while, but I can confirm that when I did root, I tended to avoid it for far too long. Anyway, the way Android's incremental OTA updates work is by comparing partition hashes. When rooted, this hash gets changed and you can no longer install OTA updates.
Further, root on Android can (and as far as I recall, does) affect verified boot, meaning if you want verified boot, every time you reboot you lose root. Android verified boot detects changes to system partition and either doesn't boot or reverts the changes. If you turn off verified boot, you cannot know if your system has been modified in a malicious way.
Put a slightly different way, Android's security model is entirely different than the security model of something like Linux. Linux expects you to need sudo/root for certain tasks, and other protections are built around that. Android does not expect you to ever need root, so it's not a consideration in its security design.
By rooting, you're not just bypassing manufacturer restrictions, you're bypassing Android's security design entirely. It's much more secure to just install a debloated, degoogled OS that can do verified boot.
Now, if mobile Linux ever takes off, then I'm sure it would be more like a desktop distro and less like Android.
In short, it's simply because Pixel currently has the most hardware level security features of any Android phone (on top of bootloader unlocking), for now. The Graphene team is allegedly in talks with an OEM to produce a phone specifically designed for it, which may be just as or even more secure. Time will tell.
I feel the need to mention that I'm not trying to shill for Graphene and especially not Google. Depending on your threat model and goal, Lineage or similar might be just fine for you. I just don't think there's anything more secure than GOS at the moment, and if that is important to you, along with minimizing bloat, it's a great choice. I do highly recommend avoiding root and instead just get something that you can unlock the bootloader for, and then install a degoogled ROM. Just make sure you don't accidentally buy a permanently locked phone, make sure it says unlocked somewhere in the listing.
I'm sure its in the link the other comment provided, but I'll call out that you not only can unlock your bootloader to install your OS but you can relock it so nothing can install anything afterwards.
So if your phone is ever not in your possession you can be sure that nobody installed anything. Also keeps your phone safe from malware (at root level).
None, probably. Refer to Bootloader Unlock Wall of Shame instead to check which companies do not restrict bootloader unlocking. See here for a list of devices where the bootloader can be locked with custom AVB Keys.
All those rooted concerns are true for desktop Linux / MacOS, and they still ship with sudo. If I can't rm -rf the root partition then its not really my device.
Android does not have the same security model as desktop Linux. I made a comment about this above (which you probably can't see due to .world being defederated with who I replied to), but if you don't want to go to my comment history, it's summed up as three or so main issues.
Rooting breaks OTA updates since it modifies your partition hash, meaning rooted users tend to leave security holes open way too long. Android does not have a package manager for you to be able to update these issues individually.
Android does not expect users to have root access, so they do not even consider it in the design. Android sandboxes apps, and apps can only generally have permissions that you grant, with no direct access to the kernel. However, rooting adds an entirely new attack surface for which there are no protections whatsoever. Desktop Linux, on the other hand, does expect users to need root level access from time to time. That's what sudo is for, but you should not confuse this with switching your user entirely to root and doing everything as root. There's a reason that's not recommended on Linux: it's dangerous. The same thing applies to Android. On top of that, Linux has other tools and protections designed to make running as sudoer safer, and Android has none.
Finally, it breaks your ability to use proper verified boot. If your system partions silently get malware installed, there's generally no way for a user with a rooted phone to notice. Verified boot protects against this, but because rooting (along with whatever else you're running as root) changes your partition hashes, it will either stop booting or revert your changes.
If mobile Linux ever takes off, it will likely be very similar to desktop Linux and be designed with root in mind.
Good guess about the federating problem. Thats a good reminder for me to change instances (was on lemm.ee before it died, .world was my backup).
OTA, While a fair point, again is a technical problem. Desktop systems get timely OTA updates. Its perfectly possible for rooted Android to get security updates that are on-par with rooted (e.g. basically any) Linux systems. The hash can be done on the incoming update instead (integrity hash) instead of on the system.
Linux has other tools and protections.
If there are protections they're at the system level (not app space). Which means the ROM provider could/should add those same protections as Linux instead of saying "you dont need root, stop asking".
AFAIK there are, unfortunately, basically no protections on Linux. Sudo can be trivially shimmed (add malicious exe to PATH) without even having sudo permissions, then the next time user inputs sudo an attacker would have their password. Its bad that its so easy, but its a double standard to say Linux is fine but an (up to date) Android with root is vulnerable.
OTA, as of right now, needs to hash the device to prevent system corruption. I don't think it's a very simple problem to solve, or surely there would be a ROM out there that does fix it with root. A better fix would be a package manager, but that's not going to happen with AOSP.
Regarding #1, it's fundamental to AOSP, and not any particular ROM. Similar to the OTA issue above. It's not just graphene (which, technically, you can root fyi, but I really would not do so, as again it defeats the purpose of running a verified boot secured phone).
#2 is debatable, because it's also highly dependent on the distro and configuration. As an example, immutable distros (which are actually closer to Android than non-immutable distros) make it so sudo/root isn't needed very often, if at all. Fedora CoreOS, for example, can run package updates on a schedule without user intervention, use rootless containers, and do verified boot. It can be deployed from a single file and validate itself after the fact, meaning a user would never be prompted for a password at any point. Obviously that's not a 1:1 because it isn't made for PC usage, but other distros based on Fedora Silverblue and the like can be more secure than standard Linux for similar reasons. Everything is generally sandboxed (flatpaks and containers) and root is rarely, if ever, required.
That being said, if you're not concerned, there isn't anything stopping you aside from your phone's manufacturer, which I'm sure you're aware of. I'm fine just knowing that I could do it, and much prefer the security benefits of verified boot and proper sandboxing above all else. I don't trust Google to properly patch zero days related to rooted phones, let alone patch the ones that affected non rooted devices.
Immutable OS's like nix and fedora silverblue still have sudo, they can still rm -rf /. If they can do it and maintain security, then Android can too.
I agree both the OTA and safe way of doing superuser requests could be heavy technical work. My bigger point is people who manage ROM's shouldn't demonize having full control of devices we own. Root can be done safely. Its not an inherent security risk, its just a technical problem waiting for a technical solution. "Just accept you dont need it" is not an acceptable response IMO.
Wait, what? Like there are no protections on PATH and you're saying that sudo can be hijacked and replaced with simething that does the same thing but with a keylogger.
Yeah try it. It is concerningly easy. Write a program that edits the users bashrc/zshrc. Have it append a line that adds something to the front of the path, and have it shim sudo. You can even have it forward the password to the real sudo.
Instead of waiting for the user to open another shell, you can also open a subshell. (E.g. your malicious program never returns/exits, it just appears to exit by opening a subshell with the modified path)
Aaaaaand, now I want to check the source code of all git repos before doing a git clone. Damn. Yeah, Ill test it out. Thanks for the heads up. Now I know why it's so dumb to run yay as root.
Touching the system partition isn't the only thing one would do with root. And if the ROM ships su in the ROM, there's no problem of being out of sync with upstream or even not passing boot verification.
It does open up an attack surface against the app that provides the UI to gate root access. But that has to be considered against the "availability" arm of the security triad.
Regarding the system partion and verified boot, it's the fact that it isn't the only thing one would do with root that breaks verified boot. You totally could package su in the ROM and ship it, but if a user installs something else to the system with it, it is very likely that the verified boot hash would change, unless I'm missing something.
What bothers me a bit more is, the OS could address a lot of what Graphene is talking about: there should be a builtin OS level "no overlays, no accessibility, allowed when superuser reqested, must use builtin OS controlled keyboard to input password". I'm not saying the graphene team needs to do more work; their contributions are incredible. But they shouldn't claim that having full control over a device you own is inherently a security flaw. Its a technical problem that can be resolved with ROM development.
Great value my ass, I can barely get a used pixel 8a for 300€ in the EU. Redmi 4x from 2017 costed 160€ new and had all the features of phones at the time (except NFC). I'm still considering a pixel just for GrapheneOS, just because it's that good compared to LOS on the Redmi I use.
With this question asked, I'd like to build on it and ask what options exists outside the realm of google given their recent bullshit.
For those who know, tell me about the pine phone, fair phone, anything else like this.
When google fucks shit up in the near future, I would very much like to hold on to the ability to side-load apps using obtainium and f-droid indefinitely. Are the pine phone/ fair phone reasonable for this? What pros and cons am I looking at?
* in your commands is expanded by the shell before tar sees them. It also does not expand hidden files.
So when you do admin/* the shell expands to all non hidden files inside admin. Which does not include admin/.htaccess. So tar is never told to archive this file, only the other non hidden files and folders. It will still archive hidden files and folders nested deeper though.
In the second example * expands to admin and the other does which are not hidden at that level. Then tar can open these dirs and recursivly archive all files and folders including the hidden ones.
You can see what commands actually get executed after any shell expansions if you run set -x first. Then set +x to turn that off again.
Here is an example using ls:
$ set -x; ls -A foo/*; ls -A *; set +x
+ ls --color=tty -A foo/baz
foo/baz
+ ls --color=tty -A foo
.bar baz
+ set +x
I was surprised recently when I did something like
mv ./* ../somedirectory
and found that files like .gitignore were not moved.
I do most of my work in zsh on OS X, and this surprise bit me in bas...
The * expands characters, but . is a pattern not a literal character, so it must be specified since you are explicitly using a character search in the first example.
In the second example, the . files are included by default as they are included in the folder that was found to match the character * that was given.
Ah yes, one of the biggest bugs-later-turned-design-mistakes of UNIX. This is not tar, this is your shell; you always need to use both * and .* for a wildcard to match all files in directory - e.g. tar czf ~/package.tgz admin/* admin/.* api/* api/.* mobile/* mobile/.*
Thanks - this is what I did with a 'you had one job' look beaming at the terminal after realising the hidden files were missed and indeed it did the trick.
This is potentially a great 'weeder' question for junior Unix admin interviews, as it requires some knowledge about shell globbing and tar dir traversal.
I admit it took me a sec (and a second read) before I got it, so it was a fun "hey what" exercise.
On Wednesday, a Louisiana immigration judge’s order to deport Palestinian activist and Columbia University graduate Mahmoud Khalil to either Syria or Algeria was made public.
The order by Judge Jamee Comans is a significant escalation of the Trump administration’s efforts to criminalize free speech and target opponents of the Gaza genocide for removal from the US...
The ruling is notable for its transparent political purpose. Trump administration immigration authorities are pursuing a vendetta against Khalil who has no criminal record and has steadfastly refused to be intimidated.
Mahmoud Khalil has been ordered deported as part of the transparent political vendetta against his steadfast opposition to the Gaza genocide and attempts by the Trump administration to silence him.
The order specifies deportation to either Syria, where Khalil was born to Palestinian refugee parents, or Algeria, from which he holds citizenship through a distant relative. Comans justified the dual destinations under statutes governing removal of stateless persons and nationals of more than one country. Sending Khalil to Syria may well be a death sentence. As for Algeria, he possesses no meaningful ties to that country.
"Just send em back anyhow! There ain't a difference where"
Death to Amerikkka and the Euroanglo-Zionazi entity. Send the settler judge back to Europe while it's going down too.
Israel is “falsifying claims” of Palestinian rape against Israelis on 7 October 2023 to “to justify a further genocide” in Gaza, a groundbreaking new report says.
Published by the Sexual Violence Prevention Association this week, the report documents how Israel is deploying “wartime rape propaganda” and the “weaponization of sexual violence as a tool of war” in Palestine.
The report deploys a framework the group has dubbed SORVO – Systemic Oppression, Reverse Victim and Offender: “a tactic employed by oppressive groups to weaponize sexual violence, and accusations thereof, to justify their oppression.”
Omny Miranda Martone, the report’s lead author, said, “I am seeing SORVO employed against Palestinians every single day. We cannot allow Israel and the US government to use sexual violence to justify genocide.”
The report details how Israel has created a false narrative of Palestinian rapists as a way to both cover up the reality that Israeli soldiers are raping Palestinian detainees and as a way to justify their genocide in Gaza.
Even 47 years later, this thing gets me hyped. The “Master Component” had a 16-bit microprocessor?! Three-part harmony music? A display they called an “extraordinarily high level of resolution”? That sounded like the future. Sign me up.
And when they start hyping up ROM cartridges to a general audience, most people probably had no clue what that meant. But it must have felt like home electronics had just landed on the moon.
This was the first real console war: Intellivision vs Atari 2600. And wild to think—two years ago, Atari finally bought Intellivision.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Libreboot supports the Dell 3050 Micro and the Lenovo T480. I was wondering, since it requires the FSP blob, could it be a backdoor? Does anyone know how it works? Compared to the T440p and 9020, those boards are 100% free BIOS, but lack newer microcode updates.
By its limited scope of just initializing the chip, it seems a lot more benign than Intel ME, which would be a jucier target than the FSP. But no independent audit has been completed on it to my knowledge. Purism got started with an attempt to reverse-engineer it (legitimately without the leaked code!), but Intel told them to take it down, which is a bit troubling.
Couldn't you just place a sticker on top? I know that you'll either not get the led light or it's gonna look a bit funny in the dark if part of the windows logo shines through if the sticker is not thick enough, but you can place a tiny tux sticker there!
One option is to pull the keycap off and paint over it. If you feel really crafty you can sand off the coating to make whole keycap translucent and use a stencil. Personally I don't look my keyboard that much that it'd bother me and it's made by microsoft anyways, their ergonomic keyboard is the best one I've used so far.
"Cute little thing like that, yeah, I'll grab 20, one for each keyboard in the house, a few at work, a few left over for harmless pranks SEVENTY NINE DOLLARS clooose tab" I'm sure the quality is nice but I'm just gonna scribble Tux in with sharpie.
Since it was $79 I assume you just typed 20 in the quantity, but if you do the multiple quantity discount for 10 stickers it's half as much. $2 per is still a bit on the expensive side, but it's not nearly as bad lol.
I wish more people would. I think it's ridiculous that we've put up with buying all these tools and appliances that come with ads like pimples all over. Pisses me right off.
Also e.g. the lobbying around ACPI breaking suspend to ram sometimes. Funny little Bill Gates quote on that:
One thing I find myself wondering about is whether we shouldn’t try and make the “ACPI” extensions somehow Windows specific. It seems unfortunate if we do this work and get our partners to do the work and the result is that Linux works great without having to do the work. Maybe there is no way to avoid this problem but it does bother me. Maybe we could define the APIs so that they work well with NT and not the others even if they are open. Or maybe we could patent something related to this.
Leaders of major tech companies, including Apple, Google and OpenAI, praised President Donald Trump’s pro-business agenda at a White House dinner on Sept. 4....
I mean, what is he supposed to do. The orange man threatened to put Zuckerberg in jail for the rest of his life if he doesn't comply. I have not very much hope left for the upcoming testimonies regarding Steam, Twitch, Discord and Reddit.
"We are watching him closely," Mr Trump wrote in his new book, "and if he does anything illegal this time he will spend the rest of his life in prison - as will others who cheat in the 2024 Presidential Election."
The former president made the claim in a new book, titled Save America, which is a collection of pictures and anecdotes from his presidential campaigns and term in office.
He wrote it in a book (or his writer lol), shortly before he got elected, about a year ago. Look for "Trump Zuckerberg jail threat", I don't know which source to cite here.
If you have any power at all, complying with the blatant fascist is treason. You know what happens next. Think of all the people who have virtually no power, who can be beaten, imprisoned, deported, without consequence. Chuds like Zuckerberg and Gates pave the way for that. They have enough money and power to insulate themselves.
Even fucking Musk parted company with the ghoul emperor. Imagine having less spine than someone who bought a social media platform so people would stop making fun of him (didn't work, obv).
You are right, but I highly doubt that he cares enough considering the quote I posted earlier. He probably also has a shitload of staff around him telling him what to do, whose life also depend on him complying.
Also, Musk bought Twitter to influence the outcome of elections, not for being a petty child that doesn't want to be insulted online. Well, maybe, but that's not the whole story here.
No one rich enough to be in Trump's vicinity actually believes any of the glazing they do to him. They're all executing the very basic strat for dealing with a baby man: stroke his ego -> get what you want.
As far as interacting with other sociopaths goes, my guess is trump is refreshingly simple for them.
He wouldn't be a billionaire if he were a good person.
But....to his credit, he did publicly say recently that he wants to have given away 99% of his wealth over the next 20y, and says he doesn't want to die rich. I am ok with making that the bar for being remembered. Provided it's not to his own foundation.
gates has put his money into a charity to protect his money; charities are only required to share a pittance of their wealth by law and lots of oligarchs have been putting their money into charities because of it.
it's troubling to read that people are actually buying the bullshit that the pr firms are putting around this activity.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
I recently bought my first mechanical keyboard, after having used my razer for 8 years, and i was looking into different keycaps, but i ended up having a hard time finding a good keycap set that is of good quality, and that i also liked in terms of colors, and has a super key or something like that. The keycaps that i ended up settling on didn't have a super key, so i just ended up putting the windows menu key on the super key, so that it atleast looks a bit more generic than the actual windows key. It's too bad they're hard to find, but i guess it makes sense since there is probably very little demand for it. Another idea is to maybe put a sticker on it or something.
I still don't get this I don't think I've ever accidentally pressed it while playing a game, and I am someone who constantly presses every wrong key while typing
I remember playing an FPS game.. Heretic? Shadow Warrior? I would play it without a mouse. Alt would be a modifier on the arrow keys for strife (sidestepping). Spacebar to shoot, and you're set for disaster.
Space Cadet Pinball was another one. It was nice playing with Ctrl, on the corner. But hit the Win key and you instantly lost focus of the window.
If I cared that much, I could have bought a blank keycap for an extra buck when I bought my keyboard and banished that thing forever. (I own a Unicomp New Model M 103-key, which only has one Windows key to begin with, and the manufacturer will happily sell you blank or custom-text keycaps. Unfortunately, while they do sell a set that includes Tux keycaps, they're sized for a 104-key.)
My Thinkpad has the Windows logo on the bottom bezel under the display, as well as this. Mostly doesn't bother me, but it does feel a bit wrong for a laptop that all traces of Windows have otherwise been erased from.
And if not, maybe take the money you saved on a Windows licence and treat yourself to a better keyboard. It's worth spending a bit on your primary input device, the thing you use the most.
For anyone sadly stuck on Windows, please, please for fucks sake don't pay full price for a license. Go grab an OEM key from an authorized reseller for like $20.
There's some limitations on how many machines you can use it on simultaneously. That's it. Otherwise it's a full valid license at less than 1/4 of the price.
Even better, just use MASgrave and pay nothing. Yo ho ho.
The GMMK Gaming Keyboard was the world's first fully modular mechanical keyboard. Our hotswap keyboards and accessories are built to provide ultimate ergonomic comfort, performance, and customization for an unparalleled typing experience.
I used to have this really awesome early 2000's transparent blue plastic keyboard with all the newest media keys. The only problem was that it had 4 windows keys on it! One on either side of the spacebar. The right side of the spacebar was Alt, Windows, Context menu, CTRL. That was a bit weird but it was alright. The next placements were crazy though. Someone figured there was space for more keys right below the Delete, End and Page Down keys but I guess they couldn't really figure out what would be best for there so they put a 3rd Windows key, a 2nd Context Menu and then a 4th Windows key right there. This was pretty close to the arrow keys and if anyone remembers gaming in the early 2000's, pressing the windows key accidentlly would often just crash your game completely. If you could get back into it, it could take quite a while for it to respond again. So if you were playing something like Warcraft 2 multiplayer, that button was a fucking nightmare.
Ugh, I loved the colour of that keyboard so much I put up with all those windows keys.
edit: I can't believe I found it! I've tried searching for this keyboard a few times, but finally found proof on this site!
Background:
Multimedia/Internet keys are additional function keys on PC keyboards that either invoke specific applications like browser, e-mail, media player, etc. or invoked certain function for t...
Wow, Win98 logo and media buttons? Truely between eras.
I actually like the context key above the arrow keys, another method of effectively right-click is nice. Those Win keys are crazy though, that's the perfect place for extra function keys. Imagine having f13 & f14 that you can bind to anything without worry!
I did't know much about the German keyboard layout but I know the Czech one, which is derived from it (we both use QWERTZ) and was able to look up most of what I didn't know.
So, the keyboard has 4 layers: default, Shift, AltGr, AltGr+Shift (the fourth one is not standard but is recognized by xkb; in Czech I use it for custom character mappings, in German it is standardized but Linux-only).
Default layer prints lowercase letters a-z and äöüß, numbers and the symbols in the lower-left of each key.
Shift layer prints uppercase letters A-Z and ÄÖÜ and symbols at the top left of each key.
Caps Lock only affects letters.
AltGr layer prints lower-right symbols, most of which are only populated in a later version of the layout.
As you can see, AltGr+2 produces ², and AltGr+3 produces ³. I think the full-size "2" and "n" are misprints. My old Czech keyboard has some errors too.
we have lots more diacritics so the number row only prints numbers on its Shift layer (most people therefore use the numpad only)
to print rare diacritics (ó, ď, ť, ň, and German ä, ö, ü), one has to first press the corresponding modifier key (´, ˇ, ˚, ¨) like on typewriters
an alternative for common capital diacritics (á, é, ě, í, ú, ů, ý, ž, š, č, ř) is to briefly turn on Caps Lock (advantage over typewriters)
pressing the ˚ key twice prints the degree sign (°) twice (Windows) or once (Linux)
there is a bloody dedicated § key but we need to press AltGr+7 twice, then backspace (or Alt+96) for a grave (`), which is part of ASCII and used in Markdown
physical keyboards almost always reserve the right side of the keys for the English-US layout (very confusing for novices) so one has to type in the AltGr layer blind (except for €); it contains useful symbols ([]{}\<>|\€$@#\^&×÷`) as well as useless ones (Đđ – these are Slovene, why not the Slovak Ôô?), leading people to prefer Windows-only left-Alt+numpad codes (such as Alt+64 for @) that use the obsolete OEM-1252 codepage (the Unicode extension has to be enabled via registry and Alt+letters hex codes get passed to programs anyway, often defocusing the input element). I only found a Slovak one on Wikimedia Commons
some lazy manufacturers combine the Czech/English and Slovak/English layouts, which are similar except ľ, ť and ô, leading to 5 (!) symbols per key, 3 of which are irrelevant unless you switch layouts
Gboard for Android offers QWERTY for Czech, which looks normal (hold for diacritics, potentially swipe for ě and ů) and the unpopular QWERTZ-PC, which has all the physical keyboard's quirks, but its "Czech QWERTZ" is based off German QWERTZ, containing ú and ů but not the other diacritics for some reason. All other keyboard apps with Czech language layout get this right (hold for diacritics, potentially swipe for ě and ů)!
The "n" is probably a misprint, AltGr+2 prints "²" and AltGr+3 prints "³" in the German layout; it can be customized to actually print "n" in xkb though.
I mean, if the redundant Windows keys produce different codes, it could be worth a lot to macro enthusiasts. The model exists with an English QWERTY layout too:
The picture seems to be from 1998 so you'll likely need a passive DIN to mini-DIN adapter as well.
If you want an alternative, lab label tape is a bit pricy but is super durable, comes in fun colors, doesn't leave residue, and sticks for practically forever.
The "sticker" is actually an off-cut from a laptop skin from my other laptop (which also runs Linux, and also has a sticker over its Windows key 😛), so it's held up pretty well
My keyboard came with both windows and Mac keycaps, so I put the mac one since it isn't a corporate logo. Plus the symbol signifies a culturally significant sight in my country.
I've had this laptop for some years now and I don't remember why it has the ~~derpy~~ cute Tux, but I think it's the default one. tuxedocomputers.com/en/Individ…
Individual logos and keyboards: My TUXEDO. My Style. Individual keyboard laser etching and logo printing A TUXEDO is much more than just a Linux notebook. A TUXEDO is your personal and longtime companion for work or private use. We therefore ...
Why is there a Win-Lock option? I get Caps Lock and Fn-Lock but is there any other reason besides saving a finger for the all-important Win-Ctrl-Alt-Shift-L shortcut to open LinkedIn? /s
Not as easy on a laptop, like this is. Usually a pain in the ass to replace laptop chicklet keyboard keys, if you can even find a replacement without a windows icon
Let's pray for the day that future generations will know that to be the Super key, but like the floppy disk icon for 'Save' they won't know why it is what it is.
I don't know what I do to keyboards when I use them for a really long time, but I have the exact same laptop frame and keyboard and most modifier keys are unrecognizable and half of the WASD keys are rarely used keys because I fucked up the keycaps while cleaning and I got other keys off the keyboard in place of them. So anyways, my Windows key is abused beyond recognition and you can't tell it was a Windows key.
4 years and 3 months still going strong. I use the touchpad a ton too and that coating on it has come off too, but it's perfectly usable. It also surprisingly lasted two pretty bad falls with just 1-2 minor cracks that I had to open the laptop up so that i can super glue the cracks just to ensure the cracks won't spread from future vibrations.
Visual condition is pretty unappealing, even a bit bad: the erased keycaps, the lifted coat off the touchpad and one visible crack, but it runs just as it did the day I got it
4 years? My laptop is from 2018 (with only the battery in a shitty condition), my mom had a laptop from ~2004 in 2021 (until I embarrassingly fried the motherboard when replacing the hdd). Electronics last forever if you don't murder them.
You can possibly get real creative with developing different scratch styles. From intentional needle drawing to the plastic equivalent of stonewashing jeans.
My bad, didn't explain it well in my initial comment
I broke my A and S keys when cleaning: because the WASD keys on these keyboards are transparent, I could see all the hairs or dirt under them and once every 4 months let's say, I was pulling them off
And one day they didn't wanna reliably clip back in place anymore
So now I have Right Ctrl on A and Right FN on S to replace the keycaps
So, they're basically newer keys in there, and also they are not transparent like A and S were
I've put a GNU sticker over one, and a Tux sticker over another. I should see if there's a Debian spiral sticker I can get (or even custom keycaps) for future keyboards.
There's the german instance feddit.org. its filled with cryptozionists but i think the post would not be deleted. I think they also have some city-specific comms, I for sure saw a hamburg comm.
Edit: don't link to lemmygrad though they're allergic.
Either is fine, but the image you linked is hosted on lemmygrad.ml, if they notice the URL they will have a strong reaction.
I would advise against making an account on there but a federated instance, and not to engage them unless necessary. They are extremely rude people even for germans. But, it would probably be more visible to people that can go there.
I could try to post some stuff there tomorrow, however I'd need to make a new account and some alone time which is pretty much nonexistent for me nowadays. But if you need help please do reach out.
Sorry another edit: lemmygrad is pretty widely defederated, meaning you can see other peoples posts but they cant see yours. If you want visibility a lemmy.ml or lemmy.blahaj.zone account might be better, blahaj federates with feddit.org for instance.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Is there more software that, like TrackMeNot and AdNauseam, generate random internet activity so as to reduce the accuracy of any profiles tracking companies keep about you? E.g. software that carries out complete plausible-looking surfing journeys in the background: not just issuing searches (like TrackMeNot) and following ads (like AdNauseam), but also clicking on other links, scrolling, going back, perhaps even watching a YouTube video every once in a while and browsing Facebook? (All this, of course, respectful of the environment and the limited resources of small projects.) Or apps for the smartphone to generate false but plausible-looking position data and the like?
(Background: As many of you know, trackmenot is a browser extension that enhances your privacy by generating random search queries in the background, watering out the profiles that Google, Microsoft (and Yahoo, Baidu and AOL) have of you. It's available in the Firefox extension store; whereas for Chrome, Google has banned it from its store for unfathomable reasons. There's also AdNauseam, which works towards the same goal by randomly clicking ads in the background.)
Download TrackMeNot for Firefox. An artware browser add-on to protect privacy in web-search. By issuing randomized queries to common search-engines, TrackMeNot obfuscates your search profile and registers your discontent with surreptitious tracking.
I'm actually not in favour of obfuscation methods, as recent events have shown - authorities questioning a dude for wearing the same innocuous shirt?
Random traffic might turn out to be 'traffic of interest' for just being the at the wrong place, wrong time. I would prefer actual strong cryptography and isolation.
I agree, it could be a last resort when things like ghostery or such fail, but otherwise there's enough crap saturating the wires, no need to artificially inflate that
authorities questioning a dude for wearing the same innocuous shirt?
Why wouldn't they tho? Both persons had the same shirt on. That seems like a no brainer to me. Maybe I'm missing something. It's one of the reasons when I go out in public, I do not wear clothing that are emblazoned with logos, graphics, words, etc. For one, it doesn't do anything for me to wear logos, graphics, words. To me, it's akin to having a political yard sign or bumper sticker. What do you gain from it? What's it do for you? Some guy wearing a t-shirt with a cannabis leaf across the front, again why?, and it's an easy identifier and puts another tick mark for complimentary evidence.
Maybe I should clarify - I'm not a fan of human noise (there's probably a more precise term) - I'm more in favour of privacy/anonymity in the midst of actual, randomized noise, that isn't just random human activity.
I don't even mean t shirts with a logo. It could've been a pair of jeans on a specific date at a place in conjunction with 5 other (random obfuscated) things that a poi also happened to do. Like googled 'how to fold a swan' or whatever.
Even if you didn't do these things but was instead random generated traffic, it would generate unnecessary attention.
One might argue that if enough people adopted such methods, authorities would have too many leads to follow up. But then again, the chances of a random string of generated activity coinciding with that of a poi isn't high, so there likely will be a manageable number of leads.
Even if the number were higher, they have proven to have no qualms about skipping due process. As long as they might've gotten the actual poi, they have no problems subjecting many more unrelated to the same treatment because everyone is some sort of terrorist now.
They could also arrest you just because you have higher than normal randomized traffic and activity that you can't or won't answer for.
"Why did you search how to fix a sink leak and then how to fold a parachute within 2 minutes of each other?? You must be a terrorist generating random activity to hide your true actions. What do you have to hide?" - "found coke stuffed in all the couches and beds boss"
They could also arrest you just because you have higher than normal randomized traffic and activity that you can’t or won’t answer for.
I hear what you're saying, and I'm not going to call it paranoia, however, that isn't in my threat model. Entities that can come into your home, arrest you, and ship you off to Guantanamo for buying a parachute and a drain kit for the sink are not in my scope. Frankly speaking, that is probably not in 90% of most people's threat model, who care about privacy, anonymity, and security. Those entities don't even need to fabricate an excuse like a couch full of coke, to give you that full Guantanamo experience.
To tell the truth, I probably couldn't account for 75%+ of the websites I've visited just today. When I get to researching something, it's usually pages and pages, from many, many different sites. Highlight, search, read, nothing here, go back, highlight, search, bingo! Now for more in depth reading. Highlight, search....ad nauseam. This process happens very quickly. I don't watch TV at all, and I don't read fiction. 99.99% of what I do read tho, comes off the internet. So, they'd have to sift through a bunch of data.
Even if you didn’t do these things but was instead random generated traffic, it would generate unnecessary attention.
I'm quite certain that all of my privacy, anonymity, security, and obfuscation efforts has put me on someone's list, but again, that's not in my threat model. I'm not hiding from the government. I send them tax forms every year. I vote prolifically in both local and nationwide elections. I pay property taxes, etc. They know who, and where, when it comes to finding me. If I were a person of interest, they'd come visit. Now, I'm certainly not going to overshare with them in the least either. Hell, I'm not hiding from anyone. I'm just preventing unauthorized access. That is what keys and locks do.
A nonprofit organization dedicated to advancing human rights in digital spaces across West Asia and North Africa — is warning that Israeli-linked software secretly embedded in Samsung phones across the MENA region poses a serious surveillance threat.
According to SMEX, Samsung’s A and M series devices either come preloaded with the app “Aura” or install it automatically through system updates, without the user’s consent. The application reportedly collects a wide range of personal and device-specific data, including IP addresses, device fingerprints, hardware details, and network information.
In 2022, Samsung MENA partnered with Israeli tech company IronSource, integrating its Aura software into Galaxy A and M series phones across the region. The partnership was publicly marketed as a way to “enhance user experience” with AI-powered apps and content suggestions.
We have reached the point where it feels safer buying a random Chinese phone
1) they got rid of that choice for you: the american carriers has pre-complied with trump by blacklisting all chinese phones based on their imea numbers; it no longer matters that it's technologically feasible for it to work in the united states. so now, if you want premium phone quality but 1/3rd the price; you must buy an american brand and the full price tag.
2) you don't have anything the chinese gov't wants, so they don't care about keeping tabs on you. also buying into the propaganda that they're tryping to keep tabs on your carries with it the implicit acceptance that you're okay with the american gov't keeping tabs on you.
that's the one loophole in this effort to black list chinese branded phones; that non-chinese brands that use the same hardware are allowed on their networks and, until recently, i was looking for an oppo or oneplus that could leverage this loophole.
you're fucked if you try to use a xiaomi or huawei or any other chinese brand that doesn't share hardware w non-chinese brands like i have been doing for the last few years.
i had it on tmobile prepaid for a little bit over year or so and i had the account since 2009 w 2 other chinese phones in the past. i tried switching to at&t in january and it worked for the first day, but then i got a text from at&t saying that my phone is no longer compatible and i had no signal. the store told me that the imea number had to be whitelisted and that i had to put in a request at their website. the signal reception sucked anyways, so i tried switching back to my old t-mobile account by popping in the sim, but it didn't work either and the t-mobile store said that chinese phones aren't allowed on prepaid anymore for "public safety". (he literally used air quote fingers and rolled his eyes. lol)
google recommended mvno's to get around the ban, but they're just as unaware as most that this is a thing in the united states; their websites still show that my redmi is compatible but i've literally tried them all and none have worked.
chatgpt recommended getting around the ban by purchasing phones that share the same hardware like they do with oneplus, oppo, etc. and that was the approach i was going to take until i decided to get a fairphone and put eos on it instead.
yeah, anything out there that i could put out now, it's already on stalker websites for like five bucks (since there's a bunch of other Mes with the same name. Apparently I play hockey. I keep forgetting to follow "my" career tho i should look up Hockey Other Me sometime.
We need to switch over to open source phones. There is no reason we need to rely on these big companies that governments and Powerful interests all have their hooks into.
Samsung phone might be dangerous to your health and life, even in a case of being near oen. Even if you aren't conspiring to send aid to Gaza, since they can probably also track people around you. Andd they do kill based on metadata. US and Israel, both.
goes to show anything tech coming out of US, EU and its client states are not ever trustworthy.. I would go as far as to e.g. not buy a Bosch fridge, never mind the other reasons not to.
After everything that has happened in the past 2 years, that entire region should entirely boycott Samsung until they're clear all Israeli spyware is cleared out of phones. The Middle East is a fairly large Market and everything Samsung should be forbidden entry by leaders of those countries until this is fixed.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
We are thrilled to announce the soft launch of Fedora Forge, our new home for Fedora Project subprojects and Special Interest Groups (SIGs)! This marks a significant step forward in modernizing our development and collaboration tools, providing a pow…
Some clients show an excerpt (I ain't complaining about you putting it in a comment though) so probably to that guy it looked like you just copy/pasted this thing
On Thunder I have no excerpt and I find really annoying all those who post link without comments. They are just doing clickbait like any news aggregator. If I want that there is already google news for instance... So I value those who add a comment to their post and say why they post it and find it interesting. Isn't Lemmy all about sharing thought, so does poster except other to do it for him and just want to have popular posts?
i wish i understood why people use those apps to browse lemmy. i used to think that they were pointless, but watching them drive up the userbase numbers up for .world and .ee made it seem like i must be missing something so i tried all of the ones i could find and the experience was the same for me as it is with a browser.
Whoohoo! I wad just saying how cool it would be if big projects like Fedora, OpenSuse, the free desktop foundation, kde, gnome, etc moved to forgeo because of the impending federation support linking them all together
Only took two years for Corporate media to start reporting what these Zionist psychopaths say to each other in their language rather than rely on official propaganda.
How would I add a new ranking algorithm to Lemmy as a contributor? I'm a developer by trade, but unfamiliar with Rust and the codebase of Lemmy specifically. It doesn't seem like Lemmy has a concept of 'ranking plugins', so whatever I do would have to involve an MR.
I'm pretty sure that with a few tweaks to Thiele's rules, I can compute a complete ranking of all comments in a thread in O(ClogC + E + VlogC), where C is the number of comments, E is the total number of likes, and V is the number of users. This would also support partial approvals, upvotes could decay with age.
I believe this would mitigate the tendency towards echo chambers that Lemmy inherits from Reddit. Lemmy effectively uses Block Approval Voting with decays to rank comments and posts, leading to the same people dominating every conversation.
Lemmy needs less algorithms rather than more. If they're accepting voting-related patches, maybe write one that turns off voting and just shows everythng chronologically. There is actually no way to do that right now. Sort by "new" orders the top level comments in a thread most recent first, but keeps the threading intact. There should be a setting that flattens out everything and sorts purely by timestamp.
Then the conversation would be dominated by whoever has the most time to make posts, which isn't what I'm going for. I'd rather have a method that satisfies Proportional Representation.
I don't think it would work for my specific algorithm, unfortunately. To compute PAV, I need access to the "raw votes" of each individual user.
PAV doesn't need to know the identity of the user behind each upvote, but it does need to be able to correlate which upvotes originated from the same user so that once a user is determined to be "satisfied" by having a comment they upvoted given a high rank, all of their other upvotes need to be deweighted for the remainder of the process to "make room" for other users' opinions.
I checked the Lemmy API docs, and while that information is available at /api/v4/post/like/list and /api/v4/comment/like/list, so I could have a frontend that scraped every comment and then every like of every comment in a community (ignoring how inefficient that would be), but both of those endpoints are tagged as "Admin-only".
Plus, even if I could do that, to compute the rankings my process does need the upvotes of every comment in a post (or every post in a community) before it knows which one is on top, which seems too much to put on a client.
so I could have a frontend that scraped every comment and then every like of every comment in a community
Or you could do the same thing that lemvotes.org/ does and follow the communities and actors to build this database on a separate server, which then can be used by the client(s).
What if the lack of comments were because comments weren't proportionally representative?
Someone sees a discussion that interests them, so they see what the top comments are. But if the Hive Mind(tm) has spoken (even if just by awarding the top two or three comments to the same viewpoint), will they engage, or will they go somewhere else?
Remove the Hive Mind, and maybe you'll get more engagement?
The ranking is implemented in a rather complicated way for performance reasons: - First there are SQL functions which calculate the rank for a specific post or comment (defined here) - These SQL functions are used by a scheduled task which updates post ranks at a regular interval (defined here) - Then there are the database tables which store the calculated rank (eg post.hot_rank) - Also the API parameters to specify the requested sort, and preferences for default sort options etc - These params are used in the post listing db query to sort posts by the given rank field (here)
This is exactly the info I'm looking for, thanks! I knew there'd have to be some kind of scheduled task to recompute the rankings (IIRC the lemmy docs say ~10 minutes for recomputing ranks), I just wasn't sure where it was.
The change that would require the least effort to implement my voting system (whether the lemmy maintainers would accept the change notwithstanding) would be to target the schedule task, and introduce a server-wide configuration option that would allow admins to pick whether they're using Block Approval (what we have now) or Proportional Approval (what I'm introducing) based algorithms for their server's "hot" algorithm. No API or frontent changes required. Then, work towards community mods being able to set that on a per-community basis.
Sounds interesting, though from your links it's not clear to me how exactly it works. Depending on that it could make more sense to implement as a separate sort option, then each user could try and compare it to the existing sorts.
I was thinking of it as a drop-in replacement for "hot" just so that it doesn't require any changes on the UI to implement. I'm a bit rusty with UI development, lol. The frontends wouldn't have to add a new button, and the Lemmy API wouldn't need to add a new sort type. That said, maybe that sort of thing is easy to do?
As far as it would work, Thiele's elimination rules is computed roughly as follows (I'm assuming that only upvotes are counted; I haven't considered yet if the process works if disapprovals count as a vote of "-1" or how the process could remain scalable if an abstention counts as a vote of "0.5":
begin with the list of posts, list of users, and list of votes
# initial weighting, takes O(E)
for each post:
for each vote on the post:
lookup the user that voted on the post
based on the number of votes the user has given, determine how much the user would be made "unhappy" if the current post was removed
# the basic idea here is that if the user didn't vote for a post, then they won't care if its removed
# if the user did vote for a post, but also voted for 100 others, then they probably won't care if one gets removed as long as 99 remain
# if the user did vote for a post, but only voted for 2 or 1 others, then they'll care more if this one gets removed
# if this is the only post the user voted for, then they'll care a lot if it gets removed
# LiquidFeedback uses a formula of "1/r", where r is the total number of votes the user has given
# as posts get removed, the votes get removed too, so surviving votes get more weight
# for the sake of efficiency, I'll probably use a formula like "if r > 20 then 0 else 1/r" so that users only start to contribute weight to posts once they only have 20 approvals left. Replace 20 with a constant of your choice
add the user's resistance to the post being removed to the post
# initial heap construction, takes O(C)
construct a min-heap of the posts based on the sum of the users' resistances to the post being removed
# iterative removal of posts
while posts remain in the heap: # O(C)
remove the first post in the heap - this has the least resistance to this post being marked 'last' in the current set # O(logC)
yield the removed post
for each vote for the removed post: # in total, O(E) - every vote is iterated once, across the entire lifetime of the heap
lookup the user that voted on the post
compute this user's resistance to this post being removed
remove this vote from the user
based on the number of remaining votes the user has given, compute the user's resistance to the next post being removed
compute how much the user's resistance to their next post being removed increased (let this be "resistance increase")
if "resistance increase" is nonzero (based on my formula, this will happen whenever they have less than 20 votes remaining, but not if they have more than 20 votes remaining):
for each vote for a different post by this user:
increase the post resistance to removal by "resistance increase"
perform an "increase_key" operation on the min-heap for this post # this will be O(logC)
# worst-case, each user will perform 20 + 19 + 18 + ... "increase_key" operations -
# they only begin once there are 20 votes remaining
# when they have 20 votes remaining, they have 20 increase_key's to do
# when they have 19 votes remaining, they have 19 increase_key's to do
# etc.
# because this is a constant, it doesn't contribute to the time complexity analysis.
# so each user performs at worst a constant number of O(logC) operations
# so the overall time complexity of the "increase_key" operations is O(VlogC)
For this algorithm, the yield the removed post statement will return the sorted posts in reverse order. So worst to best. You could also interpret that statement as "Give the post a rank in the final sorting of count(posts) - (i++)".
Thiele says that process can be used to elect a committee of size N by stopping your removal when N votes remain. But because it's a "house monotonic" process (electoral speak for "increasing the size of the committee by one and re-running an election is guaranteed not to cost any existing members their seat), I figure it could be repurposed to produce a ranking as well - the top one item is "best one", the top two items are the best two, the top three are the best three, etc.
To make the above process work for approvals that decay over time, we'd just treat a decayed approval as a partial approval. I still have some work to do on how exactly to integrate partial approvals into the "resistance to removing each post" calculations without ruining my time complexity. But basically it's a proportional score voting election instead of proportional approval.
Adding a new sort type is not a big deal, so dont worry about it. And a new admin setting for this would also require UI changes, so the new sort type is easier overall.
The current sort options calculate the rank for each post only from the data on that post (number of votes, creation time). Your suggested algorithm looks much more complicated than that, as it requires two iterations and needs to access data from multiple posts at once. Im not sure if this can really be implemented in a way thats performant enough for production use. Anyway feel free to open a pull request, then hopefully other contributors can help you to get it working.
I am looking to start an online store for some art projects/crafts/stickers mostly as a creative outlet for some of my current frustrations.
Since some kinds of people take art way too personally, I want to take precautions from doxxing or being harassed.
What are some best practices for an online shop? Are there any recommended storefronts or something like that? I’m sure there’s a lot of things I’m not even considering.
Sell it for Monero on XMRBazaar.com. You can just list your item and don't have to give any kind of personal information to create the listing or receive payment for the product.
I recommend that you think hard and properly access your threat profile. You are likely going to have to pay with either your wallet (eg: some sort of company incorporation, lawyer fees, forwarding services, and other privacy protection services), your time (eg: using "inconvenient" services, managing separate accounts, etc.), or both. It can be draining (in more than one way) and take away some of the joy that you're intending this to bring you if you do too much to protect yourself. On the other hand, if you do too little then you can overexpose yourself leading to pricey or dangerous situations.
At a minimum, I would recommend incorpating and making sure your name is not publicly tied to the company in any way. You will likely need a person/company/lawyer to be publicly listed as an agent of some sort for the company. You should be able to have someone do this for you for a small-medium sized fee. Once you have that, do everything in the company's name and ideally with separate phone numbers, email addresses, online accounts, bank accounts, and physical addresses as anything tied directly to you.
Some of that is to protect yourself financially and legally, but there are some obvious privacy benefits as well. Anything beyond that should be dictated by your threat profile.
As always though, follow best practices when it comes to security! Use strong passwords and use multi-factor authentication when possible (or ideally, use passkeys). Don't reuse passwords (and ideally, don't reuse email addresses for multiple accounts). Avoid clicking links in messages when possible. Don't open suspicious documents (especially if they are unexpected). Verify the authenticity of any new person/business you interact with (especially if they contact you first). Be vigilant of all forms of phishing attacks.
Another piece of advice (that you didn't ask for, sorry!) - if the process of making art is the thing that brings you joy and the materials are not too expenses, then just focus on making the art without selling it (at least for a while). At worst, you will realize that maybe this isn't as enjoyable as you thought it would be with the added benefit of not needing to deal with all the troubles of working through all the legal/financial/privacy protections. At best, if you decide to get serious about selling it then you'll have a larger product inventory and better understanding of what you like making most. It may also help you understand what you should price everything at (assuming you've made some of the items in larger quantities).
Get a P.O. Box for returns/exchanges, so you don't have to give out your home address.
Use a VoIP service if you need a business phone #. Callcentric is cheap and reliable.
Use an email redirect service like SimpleLogin or AnonAddy to create an email account that's just for business, and add it to your PayPal (if you have one & plan on using it) so people don't see your personal email address on receipts.
If your volume is low probably some managed service that handles payments and searchability for you. Like etsy, but I'm not sure if etsy is actually good (anymore?)
Whatever you do don't get a domain name (website) and register it with your name and other info they want like email, phone nunber and address. Anyone could whois you and find out all that information in literally 1 second by just typing in your website and it's usually public data unless you request and pay extra for them to hide your info
A former CIA official and contractor, who at the time of his employment dug through classified systems for information he then sold to a U.S. lobbying firm and foreign clients, used access to those CIA systems as “his own personal Google,” according to a court record reviewed by 404 Media and Court Watch.
💡 Do you know anything else about this case? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.
Dale Britt Bendler, 68, was a long running CIA officer before retiring in 2014 with a full pension. He rejoined the agency as a contractor and sold a wealth of classified information, according to the government’s sentencing memorandum filed on Wednesday. His clients included a U.S. lobbying firm working for a foreigner being investigated for embezzlement and another foreign national trying to secure a U.S. visa, according to the court record.
This post is for subscribers only
Become a member to get access to all content Subscribe now
Dale Britt Bendler “earned approximately $360,000 in private client fees while also working as a full-time CIA contractor with daily access to highly classified material that he searched like it was his own personal Google,” according to a court re…
I'm pretty sure he's far from the only one. Databases with such a vast amount of "forbidden" knowledge will always be misused.
That's why we shouldn't have global surveillance, espionage and "highly classified material" wherever it's possible for agencies to do their jobs without them.
And I'd argue most of the data the contractor had access to was neither relevant for his own work, nor for the work of all of the CIA.
We’ve known since Snowden that these people browse private info for fun, and exchange anything spicy they find with each other. But this guy was straight up selling classified info to anyone who would buy it.
I’m shocked they’re letting this guy off with a plea deal. This was so far beyond misuse of systems. This was full on treason.
Depends which kind of partisan you’re talking to. One kind believes it’s ok to keep them in boxes in a bathroom. The other kind thinks ok to keep them in the trunk of a car or a private server.
Reasonable people want both kinds held accountable.
End of September, Switzerland will vote for E-ID. A big threat for our privacy as it will widely used for tons of new use cases.
Behind the government pitch of an "open source project, completely optional" hides big tech industry... Which will make it mandatory to access their services.
Contrary to the last time this was proposed, the government is in control of it instead of private corporations.
This will also be an alternative to any of the current online ID verification, which involve sending photos of your ID, videos of it and videos of yourself to some random third party for verification.
My point of views is it will be used more broadly, in every services. So, even if it will be "optional",there will be no option to choose not to use it.
There is an article in the proposed law that e-ID is only allowed to be required for actions, where the law explicitly requires authentication.
In this proposed law there is no article that explicitly forces services to require a ID
So it only applies to services that used to require identification since a long time, lime buying alcohol, money laundering protection, some government stuff you had to do physically prior etc.
But there is a new law coming which sadly did mot get a referendum, that requires age verification for 18+ media like video and games. But this law will take effect no matter if e-ID is accepted or not. So if e-ID was declined, you would have to scan the compete ID, do a liveness selfie and send it to private companies like Netflix to watch 18+ stuff there.
With e-ID, you can proof you’re old enough without revealing name, gender, body hight etc.
Please inform yourself correctly before spreading nonsense
As you mentioned. There's a new law coming without referendum. Today you'll need it to guy alcohol. Tomorrow streaming After tomorrow access to public transport
The open web forum in my picture exists. You can have a look. They dictate the rules. Its public information 😀
It's not real democracy as the government motivate people to vote yes or no, and the government is completely corrupted. But yeah, it looks close to a democracy
Switzerland is the only country that I know has direct democracy. The others have indirect democracies where you vote politicians (or parties here in Slovakia) and they decide on your behalf what they want.
Mit der Initiative "Für eine volksorientierte Politik – NO-Lobbying" wollen wir dafür sorgen, dass unsere National- und Ständeräte für die Anliegen des Schweizer Volks einstehen und nicht willfährige, bezahlte Helfer sind, welche die Interessen von m…
You are not required to vote. You will not be punished if you abstain from your vote. You are completely free to chose "yes" or "no" based on your own judgings.
Maybe not all the system is corrupted, but when I found that Switzerland just follow the rules defined by the open wallet forum in this case. I've doubts
Mit der Initiative "Für eine volksorientierte Politik – NO-Lobbying" wollen wir dafür sorgen, dass unsere National- und Ständeräte für die Anliegen des Schweizer Volks einstehen und nicht willfährige, bezahlte Helfer sind, welche die Interessen von m…
There are two basic scenarios: 1. The legislative authority is drafting a new law. This law can be challenged and will then be voted on (this is the case for the E-ID law) 2. A suggestion for a new law can be raised by citizens. This law will then be voted on.
Who is "the government" in Switzerland exactly? I see people in favour and against it in "the government" of Switzerland. Or is "the government" just the politicians that disagree with you?
Any privacy freak who did a review on ItsMe? I just shared minutes ago lemmy.ml/post/36346569/2117413… that I don't trust them but maybe I'm just paranoid. The fact that they are regulated means little, Meta and Google also are and they legally siphon everything we let them.
We have a local privacy podcast (Dasprivé). The CISO was featured on the podcast. I can't transcribe everything but the community consents on the fact that they run a tight ship. The use case is very local so apart from Flemish and French speaking sources i sadly can't get further than 'trust me bro' at the moment.
Every authentication uses your SIM, your civil service number and your password (PIN, fingerprint, face id). Before authenticating you'll see all the info that'll be shared like your, date of birth, adress, phone number,...
Acces is granular. If age verification is needed, the request will only state that you're 18 or above for example. They don't get my date of birth. As a resident, I get a reduction at our local swimming pool. The can use my id but the only info they see is whether I live in the city or whether I'm from outside.
Everytime my data is accessed, the acces is logged. The log contains information about the organisation and, if it applies, the person that made the manual lookup. The legality is checked by logging the legal ground for acces.
Are they trustworthy? I don't know. We use our eID for online verification for over 20 years now and ItsMe has certainly made the whole process a breeze.
It's good to point out that the system was developed by a consortium of banks to simplify identity verification en prevent fraud. Banks are held to ''Know Your Customer''. KYC entails that they need to check your identity every now and then and up until ItsMe that meant that you had to verify with your eID and a card reader. Those card readers have issues. Outdated firmware and whatnot make the proces a terible experience. I have several government websites that I use from day to day and the all need my eID for authentication.
Some figures. Nearly 1.700.000 authentications every day for 11.700.000 Belgians. 80% Of the Belgians use the app.
To clarify, I know it works. I used it years ago (2022 I guess) and found it extremely convenient then. I did even help others set it up because I found it so efficient. So that's or popularity is not into question. How secure it is also isn't what I'm questioning because honestly if my bank suggests to use it, and it's not secure, they will have to pay in the end. No, the question is solely WHO gets WHICH data. For example is the bank consortium that can see my purchase? Is it "anonymized" (whatever that might in practice means) then sold to 3rd party?
Ah, you can see clearly who gets which data with every authentication. It's logged and I can look it up on my portal.
Actually'', apart from ItsMe, I can see every time someone did any lookup on my online data with the federal government for the last 10 years. I even get to see their names.
There's no third party watching with ItsMe because the traffic is encrypted. The data is owned by the Federal government and the party that requests authentication gets to see what the are legally allowed to see and what you clear. With every authentication you get to see what info they request.
So who gets to see then beside I guess your bank and the merchant site? You don't have to share anything specific, can be company names but if that would reveal some of your personal preference you can share type of economical actors (e.g. other shops, advertisers, insurances, etc).
It's used for official authentication. The certificates are handled by the federal government. That's only possible with a call to the federal governments servers.
Any eID or other card wil have outdated data on it at some point. Like, when you move or, when you die.
You can not just say that it is a threat to privacy. Its design improves privacy as we finally can ID ourselves, where it has always been required, without actually giving our identity to online services.
I known, but its still up to the provider. And to prove its unnecessary will takes so much efforts. There's too much lack in this law from my point of view. Instead, to prove our age for example, we could get TOKENS with age verification that are completely anonymous.
I mean that is exactly how it works. And if a private company wants to verify your age while violating the law they can do that already, just don't use their service then.
In Belgium we do have e-ID and we had it for years.
If in any of the circles there is only BigTech then indeed you are right it is a threat.
In Belgium though I can access my official document with some of these (honestly I don't remember which, but AFAIR It'sMe is one option) but more importantly there are some options with some decoupling, e.g. SMS (arguable as one must have a phone number usually via BigTelco) but, last and not least :
a card reader with your physical ID card and its chip with eid.belgium.be/en/what-eid which has had Linux packages for years
just learned about it yesterday which is why I'm excited to clarify this, a 2-step authentification app which does NOT have to be from BigTech, e.g. Ente Auth ente.io/auth/ which is FOSS and available on F-Droid
which means as long as at least one of these alternative is available then IMHO we can get some of the benefits without the centralization risk.
If I'm not mistaken, it's up to the the service that's using the Belgian e-id to enable some of the options or not. For example, the website where I check my payroll only works through itsme or with a card reader — no TOTP or SMS 2FA. It's a big issue because itsme refuses to run when you don't pass Google's safety net.
I'm talking about public services. For private services I have no idea what they all do and, as importantly, what they are legally bound to do. I would hope that obviously they would have to provide at least 1 solution that doesn't rely on any third party, e.g at least provide the card reader with legal Belgian ID option (which seems to be what they offer you, so IMHO that's good enough), but I don't know.
ItsMe not running is pretty good in terms of privacy because their entire business model is, and correct me if I am wrong, to be an intermediary. I didn't check what data they share but I'd be pleasantly shocked if it was none.
The card reader might seem slightly inconvenient or outdated but there is no intermediary and it is, AFAICT, secure because it's based on well established cryptography.
PS: it's also fun because you can play with PAM and thus, I didn't try that, login or get su and sudo with your ID card.
It doesn't matter whether it's a private or public service if they both use the same auth provider (beId). I wouldn't be surprised if the SMS/TOTP options went away completely at some point for our "security".
A different issue is that itsme is often the only option when doing things on mobile. Sure, you can avoid it for now, but it's getting increasingly inconvenient to do so, unfortunately. I try to express my disappointment to itsme every now and then about the fact that they require Google's SafetyNet and that the Connective Plugin needed to activate itsme in the first place doesn't even work on Linux, but to no avail. They sent me a detailed email about setting up a Windows VM to get it working so credit where it's due for the effort, but the situation is still bad...
That's what I was saying — sometimes the TOTP option is not available at all for certain services. Ente, Aegis, Bitwarden, etc won't save you there and itsme remains the only option on mobile when that's the case.
That's actually a choice made by the service. The onboarding document has the options listed and they get to choose, which is imho stupid. Just offer all options.
Service A has email enabled, service B doesn't. Since ACM/IDM is SSO you can first authenticate with service A with your email code and then go to service B already authenticated.
Those aren't eID. They are a way to authenticate using CSAM.
There are different weights tied an authentication method, card reader scores highest.
From the top of my head there's email, sms, totp, card reader, eiDAS and itsme® (which I avoid because it's proprietary and controlled by a 3rd party).
There's a list of properties a service can request when accessing data via ACM/IDM, for example your ssn, name, etc.
You can read your eID with local software too, with the aptly named eid viewer. Click on the picture in the overview and drag it into a text editor to see the entire exportable xml.
I will vote in favour if: - The E-ID platform is controlled by the government and is fully open source - Platforms only get a single binary information for age verification if the person is old enough or not and does not get any identifiable information. - The government platform does not get any info about what service is doing the request. So the government controlled ID platform cant log what service the person uses.
If any of these points are not fulfilled with the planned implementation I will have to weigh the risks.
github.com/swiyu-admin-ch contains far more than just the client. Only a certain component where they had to rely on a proprietary solution is closed source. Everything else is in the open.
private ids where always the scope of the privacy movement. However, it may as such present other challenges which can include age based discrimination. It as such must be implemented wisely.
Age is already being weaponised against us (child protection, etc), this shouldn't be like that - We can already see what kind of power governments hold. Ageism is what will ultimately destroy us.
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
i use zsh on my work macs and now i'm thinking of doing so too on my linux machines because of this lady's videos.
i've been using bash for 20+ years and my work macs keep reminding me that the transition is going to have hiccups because bash has become muscle memory for me.
Em meio a entrevistas concedidas à grande mídia, o relator do GT da Reforma Administrativa divulga a conta gotas possíveis ataques a direitos e ao próprio Estado.
With ICE terrorizing Chicago, independent media outlets The Triibe, Unraveled Press and The Chicago Reader joined forces to report on ICE’s activities in the city and suburbs.
It'sbetterwithbutter
in reply to Viking_Hippie • • •MrSulu
in reply to Viking_Hippie • • •sik0fewl
in reply to Viking_Hippie • • •2015 terrorist attack in Paris, France
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)