[Patch Notes] 0.3.1b Patchnotes
0.3.1b Patchnotes
- Second Wind III Support now only recovers life if the supported skill actually consumes a cooldown use.
- Fixed an issue where the Ground Effects for the Flaming, Sleet, and Shocking Map Modifiers did not receive the reduced frequency changes from the 0.3.1 patch. Existing modifiers on Waystones will not be affected by this change.
- Fixed a bug where stats that increased the chance of encountering specific content in maps were only increasing the chance relative to other content, and not increasing the amount of content encountered overall.
- Fixed a bug where Minion Instability was able to trigger on Spectres that had been removed after weapon swapping.
- Fixed a bug where the Infernalist's Altered Flesh Skill did not display stats on the character sheet correctly.
- Fixed an issue where Explosive Spear and Storm Lance were thrown at the character's feet when no enemy was targeted while using a controller.
- Fixed an issue where characters could get stuck in unwalkable terrain in the final phase of the Vessel of Kulemak fight.
- Fixed a bug which allowed you to 'upgrade' Runes, Liquid Emotions and Catalysts in the Essence Stash Tab, which could cause items to be deleted in certain cases.
- Fixed an issue where The Pale Angel could not spawn as a Corrupted Nexus boss.
- Fixed an issue where the Cruel Hegemony Unique Tablet did not sell to vendors for the correct amount of Gold.
- Fixed an issue where some guild microtransactions were not usable on all platforms.
- Fixed 2 client crashes.
Early Access Patch Notes - 0.3.1b Patchnotes - Forum - Path of Exile
Path of Exile is a free online-only action RPG under development by Grinding Gear Games in New Zealand.Path of Exile
[Announcement] Rise of the Abyssal Supporter Packs Concept Art
The recently released Rise of the Abyssal Supporter Packs include the Trarthan Executioner and the Justice series, featuring a variety of exclusive microtransactions. We know you always appreciate the work of our artists, so in this post we've gathered some pieces of concept art for these supporter packs created by our art team. Check them out below!
Cruel Trarthan Executioner Armour Pack
Carrion Raptor Pet
Pulveriser Map Device
Apostle of Justice Armour Pack
Apostle of Justice Back Attachment
Banner of Justice Portal
Griffin Fledgling Pet
Sphinx Mystic Hideout Decoration
Early Access Announcements - Rise of the Abyssal Supporter Packs Concept Art - Forum - Path of Exile
Path of Exile is a free online-only action RPG under development by Grinding Gear Games in New Zealand.Path of Exile
Just learned about hexbear being defederated.
Parola filtrata: nsfw
I’ve had two major issues with these guys. While not necessarily worth defederating everyone, I really don’t want to deal with hexbear because:
- ALL of their content is political. When they first showed up on my feed, I watched what posts/communities came up and how their users interacted on non hexbear posts. I’ve done my best to remove all politics from my social media. These guys only talked about politics and would go to other communities to turn a normal conversation political.
- Everything was extreme and obnoxious. I don’t understand why everyone keeps calling them polite. There was a constant “you’re with us or you’re against us”/“my beliefs are always right” behavior that was really annoying, especially in a public space that wasn’t polarized before they got there. It reminded me of this one girl from middle school who would walk into a room and loudly talk about whatever she wanted until all the other conversations petered out.
They’re more than welcome to behave like that in their home, but they can’t go to a public space and expect everyone to cater to their beliefs.
From the admin on a post in Jan 2024.
While I do appreciate offering the reasoning on the matter, I'm quite surprised since I checked all banned instances and hexbear seemed like an oddity amongst the mix.
Perhaps it's so long ago that I dont remember the issues.
But to categorise the banned instances we have the likes of:
* threads
* Lemmynsfw
* maga.place
And the odd inclusion of one big instance which to me certainly feels like any average instance. Certainly no worse than lemmy.ml
Ofc its not my instance, I'm just bringing this up for reconsideration. If you don't wanna deal with it thats your decision to make. But it certainly feels unnecessary from the outside. Especially when so many nation based comms here post political content and so do most lemmy instances.
Sincerely,
PinkyCoyote/ SnokenKeekaGuard.
User and mod on this instance.
Trump says Israel and Hamas have 'both signed off' in first phase of Gaza ceasefire plan
Trump says Israel and Hamas have 'both signed off' on first phase of Gaza ceasefire plan
US President Donald Trump announced late on Wednesday that Israel and the Palestinian movement Hamas had "both signed off" on the "first phase" of a plan to end the two-year genocidal war on Gaza.Faisal Edroos (Middle East Eye)
Qt 6.10 Released | flex-box layout, more vector animations, new search field, ...
Qt 6.10 Released With Flexbox Layout, New SearchField
Qt 6.10 application development framework adds a new Flexbox layout, SearchField control, and major accessibility upgrades for desktop and mobile apps.Bobby Borisov (Linuxiac)
AOMedia Will Be Talking More About The AV2 Video Codec Later This Month
AOMedia Will Be Talking More About The AV2 Video Codec Later This Month
Last month the Alliance for Open Media 'AOMedia' began teasing that the AV2 video codec will release later this yearwww.phoronix.com
Technology reshared this.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
that’s how the codec game works.
That, and add some patent pools filled with dubious claims of essentiality, sales deals made under the threat of litigation, and ever-present claims of "twice as efficient it's predecessor" with a big asterisk. Fun times.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
MHLoppy likes this.
like this
DaGeek247 likes this.
That happens all the time. There’s no way to guarantee that it won’t happen with any codec or really with anything.
Yes, so there's no reason to hold back on releasing updates, since it could very well happen on AV1.
It is very expensive to defend against even when the claim is bogus.
The principle behind AV1, once again, is to have a modern codec that is out of reach from patent trolls. Those who are part of the AOM consortium, which developed this codec, have all contractually agreed to unconditionally license all patents they hold that are necessary for the implementation of the codec.
And those who are not part of the consortium and who would like to claim patents relating to the AV1 or AV2 codecs would have to face the legal teams of the companies part of said consortium, including Amazon, Alibaba, Adobe, AMD, Cisco, Google, Intel, Microsoft, Mozilla Foundation, ARM, Huawei, Samsung, Tencent, Meta, Nvidia, Apple, Netflix, and other large companies.
The AV1 and AV2 codecs, after perhaps H264, are the most secure codecs available today in terms of patent trolls. Nobody has both the will and the means to attack it.
Hardware = pay google -
Proprietary software = pay google or 3rd party -
Open source (d@v1d) = free (this is what most people use = VLC Player)
AV2 provides enhanced support for AR/VR applications, split-screen delivery of multiple programs, improved handling of screen content, and an ability to operate over a wider visual quality range.
aomedia.org/press%20releases/A…
AOMedia Announces Year-End Launch of Next Generation Video Codec AV2 on 10th Anniversary
The Future of Innovation Is Open: AOMedia Member Survey Highlights Adoption TrendsAlliance for Open Media
Look at those sleek lines, it all interlocks.
AV7 is clearly the best.
Av7 - oh god imagine if you pulled that seven in a bit. Sexy.
Ah you got me thinking about graphic design now!
Good eye though ;)
The only solace I take in the enshittification of the web and the resulting rise in prices, is that we might see (be forced into) a return to the small web and an escape from the stranglehold that big tech and social media has had on us for the last 15 years.
If we’re lucky, the late-stage capitalism effect of ruining companies long term futures for short term gains might happen to entire industries instead of companies.
like this
DaGeek247 likes this.
Definitely. The conditions that created this version of the web have been gone for some time now. We've gone from connections that were temporarily and required hours to download a few minutes of postage stamp sized video. To always on connections capable of streaming multiple HD streams faster than real time in both directions.
For my part I'm also looking in to purchasing and trying to set up a small Adhoc mesh Halow network and running a few services on it for myself and any others in the neighborhood that are interested. A small, free (after the hardware) anarchist wireless network. 16mbps can do a lot with simple services, etc.Plus, if a number of people in the area decided to adopt and contribute more nodes to the mesh, you could go faster still.
That sounds like a fantastic way to go. You might also look at meshtastic.
It's a much different use case, being for text messaging and stuff like that only. But, while it may be low bandwidth, it's still incredibly interesting.
reticulum.network/ is also pretty good for small info packets. Does a LOT more than meshtastic...but its VERY difficult to set up. Or at least it was for me.
Its a pipe dream but having small internet without a major ISP would be fantastic. But it will never happen as it is. Friends are thinking of creating a meshnet though just for fun.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
What preset were you using at the time? I know that longfast is not the best preset for larger networks that have a lot of users.
Personally, open source matters to me much more than the speed or congestion or whatever, which is why I chose meshtastic. Because the mesh core, foam applications are not open source.
Until there is an open source version, I absolutely refuse to touch it. I know that the underlying software is open source, but without having open source interfaces, I'm still refusing to touch it.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
nice! I took a look at all the options....
and decided that its all too much. wordpress get hacked daily. writefreely wouldn't install. And some of the other centralized services kinda suck. So im back to old:
nginx with a director filled with txt files haha.
Ill publish as time goes on and by interest. Ill take a look at micro.blog too. But im thinking I might create a neocities at some point just for the fun of it.
Yes, My home network setup is a bit complicated but I am using Pfsense so I have things on separate vlans with internal firewall rules to reduce risks.
All traffic in on port 443 is routed from Cloudflare to an NginX reverse proxy which decides how to connect back into my network for things
Years ago I would just run a server on the network with 443, 80 and 22 exposed directly to the world and never had any major issues. (Other than the normal automated attacks trying to gain shell access over SSH)
Gotcha, vlan setup sounds like the best possible way to do it, I don't trust my security skills at all, 22 with fail2ban is about as far as I trust myself!
The hammering 22 gets is astonishing though.
Most of these things are pretty secure out of the box.
Even without fail2ban disabling root login and only allowing SSH key authentication makes those scripts just a waste of time for the attacker. That game is a low effort attempt to just get the low hanging fruit for botnets though.
Meh.
I converted my blog from WordPress to a static site generator using Gemini's version of Markdown as the base format, and then hosted both HTTP and Gemini versions.
I later took down the Gemini version. The web site remains as static HTML driven by (a variation of) Markdown. No cookies, no JS, limited CSS. Even took out some old YouTube <iframe> tags and converted them to straight links to videos. Doing it this way does everything anyone would want out of Gemini without having to use a specialized client.
We should be promoting some kind of browser extension that flags a site as having no cookies and no JS.
How many of you out there are browsing the web using Gofer?
Gopher predated the Web.
I do agree that there have been pretty major changes in the way websites worked, though. I'm not hand-coding pages using a very light, Markdown-like syntax with <em></em>, <a href=""></a>, and <h1></h1> anymore, for example.
That depends on how you define the web
Wikipedia:
en.wikipedia.org/wiki/Gopher_(…
The Gopher protocol (/ˈɡoʊfər/ ⓘ) is a communication protocol designed for distributing, searching, and retrieving documents in Internet Protocol networks. The design of the Gopher protocol and user interface is menu-driven, and presented an alternative to the World Wide Web in its early stages, but ultimately fell into disfavor, yielding to Hypertext Transfer Protocol (HTTP). The Gopher ecosystem is often regarded as the effective predecessor of the World Wide Web.[1]
gopher.floodgap.com is one of the last running Gopher servers, was the one that I usually used as a starting point when firing up a gopher client. It has a Web gateway up:
Gopher is a well-known information access protocol that predates the World Wide Web, developed at the University of Minnesota during the early 1990s. What is Gopher? (Gopher-hosted, via the Public Proxy)This proxy is for Gopher resources only -- using it to access websites won't work and is logged!
This has been mangled up by history. The important parts of the World Wide Web are having hypertext (basically links inside the document to other documents) and being networked (those links can take you to a completely different server). Apple's Hypercard had hypertext, but it wasn't networked. Usenet was networked, but had no hypertext.
This is laid out in Tim Berners-Lee's original 1989 proposal for the web while he was at CERN:
w3.org/History/1989/proposal.h…
Gopher has all the qualities he was talking about. Gopher was a different kind of World Wide Web. We decided against that particular route, and for mostly good reasons, IMO.
<blink>Welcome to my web page under construction</blink>
I would argue that's not quite correct. You can absolutely transfer HTML files over gopher, but you're not going to be viewing it in the gopher program.It was very much designed to be what most people would be more familiar with in concept as an FTP server today, almost. Pretty much all you could view in app were plain text files. and no links between. Everything else was a directory of files to be downloaded.
Gemini is definitely a bit of an inbetween. It does allow for linking between documents, but otherwise keeps everything simple and small, much like Gopher did.
en.wikipedia.org/wiki/The_Moth…
The 90-minute live demonstration featured the introduction of a complete computer hardware and software system called the oN-Line System or, more commonly, NLS, which demonstrated for the first time many of the fundamental elements of modern personal computing, including windows, hypertext, graphics, efficient navigation and command input, video conferencing, the computer mouse, word processing, dynamic file linking, revision control, and a collaborative real-time editor.
In 1968
Wouldn't that depend on what you're watching?
You can watch reality TV on YouTube, or traditional television.
You can watch educational content and documentaries on YouTube, or traditional television.
Hell you can watch some traditional TV shows on YouTube or traditional television.
YouTube is just a platform for hosting content. Now they may have a "better" algorithm compared to traditional television, but that doesn't really change much.
like this
nekomancer e DaGeek247 like this.
Well, have a look what TV show is getting the highest ratings. I had no idea someone could be that stupid.
I've heard this argument for like 30 years. Everything old is new again.
like this
DaGeek247 likes this.
Long ago, when I first got on the Internet, the big social media forum was Usenet. It was a distributed network of instances where users would have an account on a particular instance, where they could subscribe to "newsgroups" dedicated to particular topics. Their instance would broadcast their posts to a newsgroup to all the other instances that were following that newsgroup, so everyone could interact even if they were on different instances.
Then the World Wide Web grew, and centralized sites like Digg and Reddit appeared that handled the same sort of social media. Usenet faded. It's still around, I suppose, though these days last I checked it's largely a mechanism for distributing pirated files.
Someday those centralized sites might also fade. Who knows, maybe a decentralized system like Usenet might grow again to replace it?
The wheel turns.
like this
DaGeek247 likes this.
like this
DaGeek247 likes this.
Yeah, Usenet was structured that way more for practical reasons than political ones. Local users were truly local, as in you usually connected to a server that was geographically close to you. Often it was on the same university campus you were on. The long-distance connections between servers didn't have the bandwidth for everyone to just be freely hopping around browsing whatever they wanted whenever they wanted, at least not at first, so mirroring the content was a better approach. It also made things much more reliable, the servers didn't need 100% uptime.
Usenet was a lot more "trusting" in its structure. The newsgroups didn't have moderators per se, and they weren't hosted by specific instances; they were more just a "tag" you could add to a post to let people filter which subjects they were interested in seeing. There was a globally agreed upon list of newsgroups and a distributed system for creating new ones, but it was all pretty informal. Wouldn't work well in the current Internet, it'd get spammed to death in seconds. But on the surface level it really felt a lot like the modern Fediverse does, with subject-specific groups and threaded discussions and such.
like this
DaGeek247 likes this.
No, it was every service replicating all posts in groups it served.
Like FTP mirrors of FOSS software, there are plenty of mirrors of Debian, for example. Except far bigger traffic.
Sort of. It predated the web, so calling it a "site" is wrong. Just like you can have an email application that's completely separate from your web browser, you can have a Usenet client that's also its own thing. Of course, people made web-based clients as time went on.
Your ISP ran a Usenet server that connected to other Usenet servers. The biggest problem with this system was that your ISP would automatically delete posts past a certain age. Following old threads was a pain.
Google Groups started as a Usenet archive where messages were kept forever. Google bought them and turned it into what it is now.
I get what the video is saying, but I don't see this as a bad thing. We moved on from many of those services because we found better ways to do things, or at least ways that we liked more. And when we move on from the services we use now, it'll be because we once again found something we liked better.
The internet has died several times, but each time it came back in some new way that had adapted to the new ideas and ways we came up with on how to interact with each other. I'm sure when it dies next, we'll replace it with something that better fits our changing wants and needs.
And hopefully, when that time comes, it's something much more decentralized and resilient against governments and corporations meddling and censoring us.
like this
giantpaper e DaGeek247 like this.
Kristi Noem ‘stares down’ Antifa. It was reporters and a guy in a chicken costume
Kristi Noem praised for ‘staring down’ Antifa. It was a dozen reporters and a guy in a chicken suit
Trump has claimed Portland is ‘war-ravaged’ - but residents and local authorities dispute thatAriana Baio (The Independent)
like this
copymyjalopy, adhocfungus e Rozaŭtuno like this.
VPN Comparison
I made a spreadsheet comparing different open source VPN providers.
Part 2 here
Providers
Notes
- Please do not start a flame war about Proton.
- Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
- The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
- IVPN has two differing plans, which is why "Standard" and "Pro" are sometimes differentiated.
- For accounts, "Generated" means a random identifier is created for you to act as your account, "Required" means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
- Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
- All prices are in United States Dollars. Tax is not included.
- Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
- The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
- The Proton VPN Flatpak is unofficial, but based on the official code.
- Availability on secureblue is based on the
ujust install-vpncommand. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages. - I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.
Takeaways
- NymVPN is very very new, but it's off to a strong start. It wins in almost every category. I actually hadn't heard of it until I started this project.
- If you want a free VPN, Proton VPN is the only one here that meets that requirement.
- If you want to pay week-by-week, IVPN is the only one that allows that.
- If you're paying month-by-month on a budget, Mullvad VPN is the cheapest option.
- NymVPN is the cheapest plan for anything past 1 month.
- If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
- If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
- Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn't even matter.
VPN Comparison 2.0
After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.
Providers
- AirVPN
- IVPN
- Mozilla VPN
- Mullvad VPN
- NordVPN
- NymVPN
- Private Internet Access (abbreviated PIA)
- Proton VPN
- Surfshark VPN
- Tor (technically not a VPN)
- Windscribe
Notes
- I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
- Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
- Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
- Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
- The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
- Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
- All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
- Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
- Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.
Takeaways
- If you don't mind the speed cost, Tor is a really good option to protect your IP address.
- If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
- If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.
ODS file: files.catbox.moe/cly0o6.ods
VPN for Privacy & Security | IVPN | Resist Online Surveillance
Audited, open-source VPN service with WireGuard, killswitch and tracker blocker. No logs, no false promises. Anonymous signup with 30 day money back guarantee.IVPN
like this
Rozaŭtuno likes this.
Can Nym be used on an OpenWrt router?
A guide is in the works.
Does it require a special app or can it be used with a standard wireguard config?
Nym looks interesting and I hadn't heard of it before, but based on my reading I wouldn't say it supports wireguard.
It implements wireguard but it still looks like you need to use their client instead of a vanilla wireguard one.
I've included it both as a post image and as an embedded image for maximum compatibility (e.g. for RSS readers), so there shouldn't be any problems. I've tested it on multiple browsers on multiple devices just fine.
Edit: It seems lemmy.world is breaking all lemmy.ml images
Port forwarding | Proton VPN
Port forwarding setup guide for ProtonVPN, plus how to configure popular torrent clients for port forwardingProton VPN
NymVPN doesn't supports it. I asked their support. They have plans for the future.
If you are looking for reliable port forwarding consider Windscribe VPN.
Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Private Internet Access VPN users don't look happy with the development. Read what they have to say & why they're concerned about privacy.Sudais Asif (Hack Read)
Pure vpn seams like a pretty generic scammy vpn like surfshark or nordvpn they have there own blog dedicated to why they are the best stating reasons like securing yourself in public wifi, protecting you from scams or getting hacked, protecting you against ddos atacks??? and just advertising vpn's as a jack of all trades privacy toolkit, which they really aren't.
VPN companies that are willing to lie to consumers about what vpn's actually do means they could be lying about other things, like there no logs policy.
Proton does a better job at explaining what a vpn actually does and doesn't do.
Why these common VPN myths are misleading
Does using a VPN slow down internet speeds? Is self-hosting your own VPN better for privacy? We clear up common VPN myths vs. reality.Douglas Crawford (Proton VPN)
Where is AirVPN? Arguably much better then these VPN providers offering static port forwarding among their features.
Provides configurations built for Wireguard and OpenVPN with each server having unlisted IPs to completely get around VPN blocks.
Owned by a "hacktivst" lawyer in Italy.
Multiple audit along with police attempting to sieze running servers. These are configured to dump there configuration on shutdown and run entirely in ram.
This is a battle tested VPN that has existed since 2010. They allow for completely anonymity using Creptocurrencies payments.
like this
geneva_convenience likes this.
How is it arguably "much better"? You just value port forwarding above all else? Has airvpn even been audited yet?
Anytime VPN discussions comes up in privacy forums it ends up being a bunch of torrent users whose only criteria is port forwarding
That seems to be a bug. That's my bad. Thanks for catching that! I'll fix it soon and edit the post.
Edit: Fixed! Sorry about that.
like this
geneva_convenience likes this.
Like 90% are just wanting an encrypted tunnel to a proxiy right?
VPNs and Tor are used for different purposes (sort of).
And common tasks like downloading big-ish files or streaming video should not be done on Tor (it's possible, but I believe it is discouraged), but can be done easily over a VPN.
As long as you can generate a wireguard config that works, for example, on your desktop/main pc with wireguard directly, then Gluetun should have no issue (as far as im aware).
Gluetun specific provider support is usually just there to get setup faster (I think so it can automatically get configs for certain countries, etc).
Assuming every connection you make is encrypted with TLS (HTTPS) or otherwise encrypted:
If you use encrypted custom DNS, your ISP sees only the IP addresses you connect to. If you use unencrypted DNS or ISP-provided DNS, they see the hostnames plus the IP addresses.
How does one know if their DNS is encrypted?
And what would the benefits of a VPN be, if any, in this scenario?
It can prevent man in the middle observation or attack and allow you to avoid a particular type of location tracking.
Another user on an instance I don’t see posts from talked about tls in response to your question about https. It’s important to recognize that the certificate based system for establishing identity when making a tls connection is cooked and has been for twenty years at least. It may have been designed flawed from the start.
Because of that, the combination of dns over https or dns over tls and a vpn you trust allows you to bypass certificate attacks.
like this
geneva_convenience likes this.
I didn’t suggest F-Droid for inclusion though. I merely used its applicable terminology.
My bad, I understand now.
Because it's security focused, it includes app stores that are good for their security (regardless of privacy). Other app stores, such as F-Droid, have security issues that Accrescent and the Google Play Store don't share. This topic has been argued to death countless times before, and I don't want to start a flame war, but do try researching it and see what comes up.
F-Droid Security Issues
F-Droid is a popular alternative app repository for Android, especially known for its main repository dedicated to free and open-source software.PrivSec.dev Contributors (PrivSec - A practical approach to Privacy and Security)
libtelio/LICENSE at main · NordSecurity/libtelio
A library providing networking utilities for NordVPN VPN and meshnet functionality - NordSecurity/libtelioGitHub
I wonder which VPNs of the ones listed open sourced their backend/server side?
edit: Neither Mullvad or Proton have...
- github.com/NordSecurity/nordvp…
GitHub - NordSecurity/nordvpn-linux: NordVPN Linux client
NordVPN Linux client. Contribute to NordSecurity/nordvpn-linux development by creating an account on GitHub.GitHub
FWIW took me less than 1h yesterday to setup WireGuard on 4 different devices :
- server with
wg-easyand thus easy to use Web UI (before 2-step auth) - peers
- BananiPi 3 F (RISC-V) headless via
nmcli - desktop on Debian via NetworkManaged
- mobile phone on /e/OS via the WireGuard client (with Ente Auth to login back on server as admin)
- BananiPi 3 F (RISC-V) headless via
... and it was the first time I used WireGuard.
So I'm trying to imply that one shouldn't use commercial VPNs or benefit from their services, solely that setting up your own depending on your abilities and needs might not be as complex as you initially imagine.
PS: I did have experience with OpenVPN before and a running server already with Docker and nginx as reverse proxy.
Utopiah (Fabien Benetou) (@utopiah@mastodon.pirateparty.be)
Attached: 1 image Shame is a great motivator <1h I have my own self-hosted VPN thanks to : - wg-easy providing WireGuard server + WebUI, - WireGuard client on Android reading QRcode config, - Debian/KDE reading the .Mastodon - PiratesBE
transmission in a container.
I do not agree with placing switzerland over sweden in that location category
and i think a category should included, that tracks age of vpn or something like that, considering this is nymvpns biggest flaw.. still hard to say how trustworthy it is + their software is less battle tested
(~~and just for someone curiouse, it should be mentioned that nymvpn does use mullvad servers/ has a deal with mullvad~~ sry i mixed that up obscura and mullvad had partnership, not nymvpn)
I do not agree with placing switzerland over sweden in that location category
I'd be happy to hear your elaboration on this. From what I know, Switzerland is seen as the gold standard in terms of privacy.
and i think a category should included, that tracks age of vpn or something like that
The issue is that age doesn't correlate with security. There could be an outdated, insecure VPN that's been around for 10 years, or a modern, secure VPN that's been around for 10 days. If I included it, there would be no "good" or "bad" values. Nevertheless, I will include this in version 2.0.
(and just for someone curiouse, it should be mentioned that nymvpn does use mullvad servers/ has a deal with mullvad)
I knew NymVPN used a small bit of Mullvad VPN's code, but I didn't know they used their servers. Could you link to this?
this is awkward i am sorry it seems like my memory failed me,
for one it is was mullvad and obscura that have a deal, not nymvpn..
and then i also thought somehow that vpns are in sweden protected by the constitution, but it appears its more like normal laws. Which appear to be effective tho.
But mainly i thought about that recently switzerland was proposing laws like this tuta.com/blog/switzerland-surv… (possible that laws like these get proposed in sweden aswell ofc)
which makes it sound like the privacy stands of the goverment is not that strong anymore, but there are probably no effects really at the moment.
I think i would rank sweden and switzerland equally i guess, i mean the famouse mullvad example kind of proofs that they are safe i think...
But like my research into the countries is not that deep, so if you really looked into this deeply and switzerland is really better for some reason, than i guess it is like this.
But i still think the age is important, like sure its completly possible that an old vpn suddenly gets infiltrated or idk what really,
but since for vpns are mostly trust based,
i think that the track record is the best option for this.. and new vpns just dont have that long of a record (personally i would not use like a 1 month old vpn for example, whoever good it sounds)
or can nymvpn offer garantuees similar to tor?
Switzerland plans surveillance worse than US | Tuta
Revision of Swiss surveillance law VÜPF would directly target VPN & encrypted chat and email providers based in Switzerland.Tuta
VPN Comparison by That One Privacy Guy
Welcome to the VPN Comparison! This section is meant to be a resource to those who value their privacy, specifical...thatoneprivacysite.xyz
Isn’t Mozilla VPN built on Mullvad?
Yes. That's included in the comparison.
Also, why this instead of thatoneprivacysite.xyz/#detail…
They don't include NymVPN.
VPN Comparison by That One Privacy Guy
Welcome to the VPN Comparison! This section is meant to be a resource to those who value their privacy, specifical...thatoneprivacysite.xyz
I was grumped by not seeing PIA on this break down. I’ve been using it for years and have always had a good experience with it. But I’m not so sure I know their privacy side now that I see this great break down
Edit: just re read the post again and I think PIA isn’t on here cause it’s not open source?
PIA is an American owned company obligated to comply with the Five Eyes Alliance, they’re legally obligated to retain your personal information unless noted otherwise.
Source their privacy policy, which FYi compare their Privacy Policy to another company like Mullvad and notice how theirs reads like a novel compared to Mullvads, that’s an immediate red flag.
Privacy Policy | Private Internet Access
Private Internet Access is committed to protecting your privacy. Please read on to understand what data we collect or don't collect, how we collect, store and use the data.www.privateinternetaccess.com
Thank you for this
Still learning here
I’m finding out that I’ve been mislead. Probably by their marketing.
I remember an ad I saw for PIA saying something along the lines of “the only VPN that can prove in a court of law that they don’t retain your data”
Either it’s a lie or it doesn’t actually carry the weight I thought it did.
ProtonVPN has started to become blocked on tons of websites. I have to switch servers all the time, to the point I won't be able to keep a VPN connection up like I used to.
I've read Mullvad has worsened as well. There seems to be a general ban on VPN use (there was always some of course)
My last hope: non profits who offer VPN. They keep logs, don't allow torrenting, and require a real name to subscribe. Very few server choices, if any.
I'm... fine with that. I just want privacy. No surveillance. And I trust the non profit. Plus I torrent on a VPS anyway
What I would like to see are local VPNs, with a small enough pool of users on each server to not get flagged. A rotation between servers from time to time. Compliant with the law of course (as long as the law doesn't require total surveillance, evidently).
The goal is to hide everyone's activity from the providers and websites (yes, I know, fingerprinting)
But maybe there's some other existing tool/service I'm not aware of?
VPN on VPS (easy to do with gluetun)
Basically you use a container that's a VPN connection and connect other containers to it.
Both comments are me. Configuring Tailscale (or Headscale?) is on my to-do.
To be clear, connecting to the VPS is not what I use for the anonymizing part, it's the gluetun container that connects to ProtonVPN servers. This way I can still access my VPS with its real IP.
Not sure if there was a confusion there.
Simply using my VPS as relay would still attach my browsing to a single IP I'm the sole user of... or not? I do not know how that works.
No advantages privacy-wise, but it's like a seedbox! I keep the torrent client running.
Also I'm on a limited mobile data plan on my router at home, so this helps.
When I found out you could get a free 200GB VPS (look up free tier vps) - and because I had another paid VPS already anyway - I decided to make a seedbox. It's not a ton of storage but it works really well, very happy with it.
What would happen if you tried to put I2P on there?
... I guess you'd have to go by the different outproxies... ?
Using one only because it's super well known? Sure. It can be well known and scummy. But it can also be well known, trusted, vetted, etc.
And you also probably don't want to use one that is barely known as there's the lack of trust, getting, who runs it's, etc.
I'm not sure about your statement, but using a very unknown vpn could lead to possibly tracking you because theres less of a crowd to blend in with.
Assuming your statement is correct (idk if it is), then there's a middleground i guess.
You are right.
It is easier to blend in though if the vpn doesn't log (and before logging is added by feds if possible) or if the person tracking you is not a government and doesnt have that control or is just the service you use, etc.
Great work!
+1 to add NordVPN
Nord Security
Nord Security is one of the leaders in providing digital security and privacy solutions for individuals and businesses - Nord SecurityGitHub
Never heard of NymVPN. Does anyone use them?
I use Mullvad, and I really trust their devs. Not really looking to change, but having more options is always good.
I looked on the website. This is actually an “early bird” special price that is ~80% discounted. So after a while, it’s going to be $162/year and $310/2 years.
I don't really pay attention to these "discounts". It is, generally, just a marketing tactic. Plenty of services/websites/shops have the same discount 24/7.
trovate di pazzia tra i rifiuti della mia esistenza (dalla mia tastiera esce di tutto)
Nell’arco di pochi giorni, qualche settimana scarsa, le mie giornate sono diventate così tanto credo noiose che iniziano a spuntarmi fuori riflessioni assurde… vorrei stare infinitamente nel lettino a dormire, perché fa freddo e fa buio prima, e tutto ciò fa un pochino male all’anima (soprattutto il freddo, sto ferma e ho freddo, mi muovo […]
octospacc.altervista.org/2025/…
trovate di pazzia tra i rifiuti della mia esistenza (dalla mia tastiera esce di tutto)
Nell’arco di pochi giorni, qualche settimana scarsa, le mie giornate sono diventate così tanto credo noiose che iniziano a spuntarmi fuori riflessioni assurde… vorrei stare infinitamente nel lettino a dormire, perché fa freddo e fa buio prima, e tutto ciò fa un pochino male all’anima (soprattutto il freddo, sto ferma e ho freddo, mi muovo in casa e il vento che creo muovendo l’aria mi fa freddo, non ce la posso fare), e le altre cose rimangono difficilmente in primo piano… ma, se questo mi porterà ad andare a dormire prima per stare in coma più a lungo, forse è meglio, tanto non è che ho molto da fare la sera… ben 2 post di recupero per i miei manga li ho scritti, e tanto domani mattina mi piazzo col PC a lezione e programmo come se fossi a casa, e tutto si ripeterà così all’infinito… 😤Ah ma, attenzione, ho divagato; le riflessioni assurde di questa sera non sono quelle di cui sopra, che tutto sommato non penso si possano nemmeno tanto etichettare come anormali, bensì… che minchia di roba esce dalla tastiera (a membrana, maledetta, mannaggia alla miseria) del PC? No, non è un pensiero che non c’entra assolutamente nulla con tutto il suddetto, perché in effetti usando meno il PC fisso ultimamente — ma in realtà, stando meno alla scrivania in generale, visto che troppi giorni sto fuori — dovrebbe accumularsi meno roba strana, e invece… scuotendola tra ieri sera e poco fa è uscito tutto questo bel tesoretto di roba (almeno, bello per chi apprezza il discarica-core, credo)… 🤢
…Peli minuscoli che mi tiro dalla faccia mentre faccio altro ed evidentemente ogni tanto finiscono anche lì in mezzo, quelli che sembrano pezzetti di unghia forse finiti lì dentro quando le ho sistemate l’ultima volta… e il resto, di colore marrone, a parte qualche microplastica sparsa e appena visibile, credo sia tutta pelle morta che rilascio gradualmente nell’ambiente anziché fare la muta ordinatamente come i serpenti… Va a finire tutto in questa specie di griglia nera di buchi (che non è come un buco nero, purtroppo, perché in quello la roba sparirebbe, invece qui girando o soffiando riesce tutta fuori, e che schifo) e boh, mi fa sembrare un mostro in decomposizione. 🧟♀️A parte tutto, non ricordo precisamente da quanto non la scuotevo così per pulirla, ma è stato non troppo tempo fa, credo… eppure, si riempie sempre di roba, e io non me ne capacito. Ma ci sarà un fottuto modo per evitare in primo luogo che diventi abitualmente una discarica? A parte i vari frammenti solidi di cheratina che vabbé, a me sembra di fare attenzione a non farli finire lì, ma evidentemente ho problemi di skill… come stramaledizione faccio a non farci finire almeno la pelle morta??? Io non sono Asmongold, le mani e la faccia me le lavo, quindi, veramente, sono esterrefatta! (NON toccate mai la mia tastiera, che sennò vi prendete 10 malattie, di questo ne sono alquanto sicura.) 😾
Frieren - Capitolo 7
Ancora una volta, Frieren decide di passare da vecchi amici... quelli che sono rimasti, almeno, e cioè uno: Eisen, il nano che...
Legacy Journalists from NYT, CNN Are Mentors in a Fellowship Founded for Pro-Israel “Information War”
The fellowship has attracted 16 scholars and journalists from several mainstream publications to serve as mentors, including The Atlantic, Spectrum News, The Spectator, Ynet, Times of Israel, and two journalists at The New York Times: Jodi Rudoren, the former Jerusalem bureau chief for The New York Times, who now oversees newsletters for the paper, including The Morning and DealBook; and Sharon Otterman, who covers education, health, and religion in the New York City area for the Times and who has closely covered the Palestine solidarity campus protests at Columbia and other universities.
The New York Times handbook of “values and practices” for its journalists states they “should take care to ensure” any public engagements—including giving speeches, participating on panels, teaching classes and presenting at conferences—do not “create an actual or apparent conflict of interest, or undermine public trust in The Times’s independence.”
In response to an inquiry from Drop Site about whether having staffed reporters mentoring for a program whose founder has said it exists to help Israel win an “information war” represented a conflict with the Times’ standards, spokesperson Charlie Stadtlander said in a statement: “It’s ridiculous to suggest participation as a mentor in this fellowship is anything other than helping to build the reporting skills necessary for the next generation of independent journalists.”
Other fellowship mentors include CNN’s Van Jones, who recently issued an apology after drawing intense criticism for comments he made on HBO’s Real Time With Bill Maher on Friday making light of images of dead Palestinian children and saying they were part of an Iran and Qatar disinformation campaign; and Michael Powell, a staff writer at the Atlantic and a former national reporter at The New York Times, whose recent articles include “The Double Standard in the Human-Rights World,” that criticizes groups like Amnesty International and Doctors Without Borders for becoming “stridently critical of Israel.”
Legacy Journalists from NYT, CNN Are Mentors in a Fellowship Founded for Pro-Israel “Information War”
Hardline Israel advocate Jacki Karsh says she founded the new journalism fellowship to help “shift some of the narrative” in Israel’s favor.Sharif Abdel Kouddous (Drop Site News)
like this
Maeve likes this.
Top Benefits of Using a Hanging Blade Sign for Your Business
Illuminated Blade Sign Experts | Nova Pro Signs
Discover premium blade signs, illuminated blade signs and hanging blade signs to interior and exterior blade signs, we craft stunning custom blade signs.Nova Pro Signs
Technology reshared this.
Does it come with a free night with your wife or do I just have to wait my turn like everyone else?
If you're going to try to force ads at me like a boomer I'm going to make fun of you like one. Fair's fair.
like this
giantpaper likes this.
Frieren - Capitolo 6
Il tempo continua a passare inesorabile, ma le maghe non si fermano neppure in questo capitolo. Adesso sono a...
Taiwan’s president ‘prostituting himself’ – Beijing
Taiwan’s president ‘prostituting himself’ – Beijing
Lai Ching-te is “propagating separatist fallacies” while selling out to foreign powers, officials have saidRT
anyone who has to work to earn a living is a prostitute; we're just using our bodies a slightly different way.
this guy is special because he's rich enough to guarantee that he doesn't have to, he just loves doing it; he's not a prostitute, he's just the ruling's class' willing removed.
Oregon Fast-Tracks Renewable Energy Projects as Trump Bill Ends Tax Incentives
Oregon Accelerates Green Energy Projects Before Trump Phase-Out of Tax Credits
Gov. Tina Kotek ordered the move, which follows reporting by Oregon Public Broadcasting and ProPublica that highlighted impediments green energy advocates blame for the state’s poor ranking when it comes to the growth of renewables.ProPublica
The Discord Breach Might Be Worse Than We Thought, As The Hacker Is Said To Have Two Million Age Verification Photos
Discord Hacker Allegedly Has Two Million Age Verification Photos, Including ID
It's being claimed that whoever breached Discord now has access to 1.5TB of user data, with more than two million photos.Discord (TheGamer)
like this
adhocfungus, Rozaŭtuno, KaRunChiy, Beacon, Chozo, Atelopus-zeteki, Maeve e yessikg like this.
Technology reshared this.
Just the UK, as far as I'm able to find. Some US users have to verify by clicking the box, but I do not believe they've been en-masse required to upload ID or use the UK's facial recognition nonsense.
From the discord age verification FAQ:
The age verification features described in this article are fully available only to users in the United Kingdom and apply to all new and existing UK accounts.
Besides some countries, people that had their account flagged as possible underage also need to verify themselves.
I know a French guy that joked about being 12 in a chat, got reported by a troll that got his account locked, and had to send his ID to unlock it.
like this
qupada e onewithoutaname like this.
Throw away email! Are you going something illegal online that you would want to bypass the government and big techs absolute right to spy on everything you do! That's it people will henceforth only get one single email address assigned at birth that they will be forced to use for all online interactions henceforth. I hope you feel ashamed of yourself with all the children you put at risk with your thoughtless selfish behaviour. Now upload an image of your face certified by a government official and a copy of your birth certificate just to be sure that ~~terrorists~~, uh ~~criminals~~, uh child abusers don't win.
*Please tell me this is the most superfluous /s of all time. *
So, I looked at age verification - it was made clear photos were on device only and never transmitted.
If this turns out to be false, then the legal fallout would be apocalyptic.
(Edit: or not, see the comment by ambitiousprocess below)
How to Complete Age Verification on Discord
Age verification helps us provide you with an age-appropriate experience, such as managing default settings and controlling what sensitive content you see on Discord (more on when age verification ...Discord
Here's the information directly from the FAQ as of right now:
Q: Is my data stored when I use Face Scan or Scan ID verification?A: Discord and k-ID do not permanently store personal identity documents or your video selfies. The image of your identity document and the ID face match selfie are deleted directly after your age group is confirmed, and the video selfie used for facial age estimation never leaves your device.
These were photos submitted via the compromised support provider (Zendesk) via the Discord support portal.
Automated age verification via their partner (k-ID, which has its own issues) is a separate system, which was only available to some users. Other users had to contact Discord support manually and submit photo ID, which went through Zendesk, which was then compromised in this breach.
support.discord.com/hc/en-us/a…
Additionally, for the automated process, it's the video selfie that's on-device and never transmitted, but photos of your ID and selfie photo are transmitted, just supposedly deleted afterwards. Those ones are **not* included in this breach, as far as we're aware, as it's an entirely different third-party with wholly separate infrastructure.
Kids Say They're Using Photos of Trump and Markiplier to Bypass 'Gorilla Tag' Age Verification
Popular VR game Gorilla Tag partnered with the company k-ID to comply with age verification laws.Matthew Gault (404 Media)
Which is why you farm off stuff like this to third parties whenever possible
DiscordCorp will get a slap on the wrist and give people an offer of a free six months of discord turbo (so long as you provide payment info so it can auto-renew on month seven).
But ANY meaningful consequences will go toward Zendesk Corp for not doing what they were supposed to. And... then everyone will just use ZZendesk instead
Parola filtrata: nsfw
In my opinion, they're still somewhat at fault, because this was them failing to find and configure their software to work with a third-party identity provider who's infrastructure was built to handle the security of sensitive information, and just choosing to use email through Zendesk because it was easier in the meantime. A platform that I should note has been routinely accessed again and again by attackers, not just for Discord, but for all sorts of other companies.
The main problem is that legislation like the Online Safety Act require some privacy protections, like not collecting or storing certain data unless necessary, but they don't require any particular security measures to be in place. This means that, theoretically, nothing stops a company from passing your ID to their servers in cleartext, for example.
Now compare this to industries like the credit card industry, where they created PCI DSS, which mandates specific security practices. This is why you don't often see breaches of any card networks or issuers themselves, and why most fraud is external to the systems that actually process payments through these cards. (e.g. phishing attacks that get your card info, or a store that has your card info already getting hacked)
This is a HUGE oversight, and one that will lead to things like this happening over and over unless it becomes unprofitable for companies to not care.
What is PCI DSS (Payment Card Industry Data Security Standard) Complete Guide
PCI DSS stands for the Payment Card Industry Data Security Standard. It is a set of security standards designed to ensure that all companies that handle credit card information maintain a secure environment.GeeksforGeeks
While there's plenty of merit to what you're saying, I'm too sick to have a coherent thought beyond maybe pointing out that the main issue with legislation like this isn't that it doesn't specify security requirements, but that it's forcing people who do not have infrastructure established to collect and manage sensitive info of this nature in the first place.
Discord never set out to collect this much PII, and as far as I'm aware there's never been a breach of their payment information processing. Like you say, it's an established thing to handle payments and is fairly routine to implement. There is no routine method of handling ID verification yet, and the solutions that exist were forced to be developed rapidly and with no standards.
The legislation is at fault for putting people in this situation - that they used Zendesk was a boneheaded move (I haven't seen details of the breach, was that really the vector that got attacked?) and sure, they're at some degree of fault for letting this happen. But the vast majority of the blame lies at the feet of the asinine legislation that all but explicitly mandated that this situation arise.
Oh, of course the legislation is to blame for a lot of this in the end. I'm just saying that Discord could have already partnered with a number of identity verification services that do already have this infrastructure up and running, with standardized and documented ways to call their APIs to both verify and check the verification of a user.
At the end of the day, Discord chose to implement a convoluted process of having users email Discord, upload IDs, then have Discord pull the IDs back down from Zendesk and verify them, rather than implementing a system where users could have simply gone to a third-party verification website, done all the steps there, had their data processed much more securely, then have the site just send Discord a message saying "they're cool, let 'em in"
like this
onewithoutaname likes this.
Are they legal in any EU jurisdictions? I'd hope not.
Not to mention half of their TOS being illegal/unenforceable in the first place.
Sounds like Discord is about to have 2 million cases of arbitration to sort out.
One person takes them to arbitration, it's short work for their legal team, if 1000 do it's harder, if 100,000 do, you still have to respond in a timely manner. The costs would be astronomical.
Valve and a few others removed it for that reason, it's a bomb waiting to blow.
like this
YoSoySnekBoi e onewithoutaname like this.
like this
FaceDeer, onewithoutaname e yessikg like this.
The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don't even care which of the two companies is ultimately responsible, because they are both responsible.
- Zendesk for their bad OpSec
- Discord for both outsourcing this AND not having contractual requirements to properly secure and destroy PII when it was no longer required.
I work in IT, and treat PII like it's dangerously radioactive, because in the digital world, it really is.
like this
onewithoutaname e yessikg like this.
like this
yessikg likes this.
"Apparently" only those who were challenging the verification results and uploaded awaiting reverification are affected.
Not that that isn't bad enough
Me when I get a request for PII pertaining to a suspected corruption case: Have one of our corporate lawyers give me a written and explicit statement of what data I'm supposed to send to whom or get bent. I'm not touching that with a ten foot pole and gloves unless I have a legally solid affirmation that what I'm doing won't come back to bite me, and that our workers' council knows about it and will back me up.
I'm reluctant to even confirm that I can get that information in the first place. I mean, I'm the one with full access to the audit tool, so I probably do, but I'd have to access that data in the first place to check. I don't think that anyone would notice or care so long as I don't share that information, but as you said: dangerously radioactive; don't touch if I can help it.
like this
yessikg likes this.
Are you really defending somebody else's income generating business?
Discord is a threat actor
yessikg likes this.
like this
giantpaper likes this.
I think it's a UK thing
They have been passing legislation to basically dox their citizens for them to gain access to the internet
like this
giantpaper e yessikg like this.
like this
giantpaper likes this.
like this
yessikg likes this.
I believe people from ~~EU~~ UK and people who say they were under 13 and got reported. They needed to send in a pic of them holding their ID to get unbanned.
edit: UK people not EU
Any time your account gets locked for age reason it requires it. So if you have never had an age lock it's unlikely you had to do it.
It's as easy as someone reporting you for being underage with no proof or even just saying "I'm 14 and what is this" as a meme to get locked tho.
Hell the auto flag system can hit you if you just talk like a kid sometimes.
And why any service asking it should be moved on from.
Pretty sure these people could have found a teamspeak, matrix, or mumble server without the requirement.
I've criticized the sort of personal information that is allowed to be managed by banking entities in the cases of Accidental Americans, where people who have nothing to do with America except that they were born in the US have their data handled by private entities to be passed onto governments they've never been in. Public entities that should handle and be responsible for it in their actual home countries want to wash their hands off from them and there's too much money against too small of a minority for anyone to care about their rights. It doesn't matter how banks have consistently proven that they or their staff can act criminally, either.
At least here, it affects a lot more people so it will likely bring in the change and reform it needs, even if the sensitivity of this data is significantly less.
Gonna have to say, this guy is definitely gonna be screwed by this:
Proofs the UK is a shithole as well funnily enough.
Nothing against the Brits but their government oh damn that's bad.
like this
yessikg likes this.
like this
yessikg likes this.
so instead of creating some kind of authorization system that would not require sending your private information to everyone the govt did nothing and instead put that responsibility on EVERY company. begs the question why rushing so much?
I would suppose that this is because there is not a single way valid for every govt. For example, in Italy we have SPID, which is different from what Germany, France and every EU state have.
If Discord wanted to use it, they had to implement a numbers of way to do it, which can be not that easy.
Politicians: That's the point.
Joking aside, now that I think about it, what difference does does it make if companies are stealing infos and spying on you with government mandated age verification checks, and hackers stealing your government mandated age verification info? This just reinforces my view that governments (and companies) are nothing but glorified gangsters.
Option 3: companies that you pay to provide authentication service. Regulated so that they clearly tell you if they are subsidizing service outside of your payments.
We nearly already do this with certificate services and they would probably be in a good position to offer an id service.
Option 3: companies that you pay to provide authentication service. Regulated so that they clearly tell you if they are subsidizing service outside of your payments.
Then you just need to hack this company instead of Discord, you only change target.
A hacker stealing your id can do way more malicious stuff like more expertly crafted phishing and identity fraud just to name two.
No one involved in this from the government to the companies is innocent in this chain though in my opinion. A breach is always bound to happen.
To me giving a company or government permission to create the databases allowed for mass facial recognition is the same thing as giving the facial recognition data to criminals. It will be leaked/hacked/sold, etc. It is only a matter of time.
How many Social security numbers in the U.S. have been leaked/hacked/sold/illegally transferred? ~340 million.
Facial recognition will be a near useless tool for security in 10 years, and 100% for population monitoring at the rate we are going.
Parola filtrata: nsfw
my friend who also lives in the uk was unable to view a Reddit post that had a picture of dental decay because it was marked as nsfw and Reddit requires you to verify age using ID/selfie to be in compliance with the uk's Online Safety Act to see anything marked as nsfw.
my comment was a play on the people who think this is all worth it because it might prevent kids from seeing porn
IN BRIEF: Kiev's terrorism, Australia’s Russophobia: what Russian Foreign Ministry said
IN BRIEF: Kiev's terrorism, Australia’s Russophobia: what Russian Foreign Ministry said
The countries of the collective West, covering up the terrorist acts of the Kiev regime and the regular attacks of the Ukrainian army on the Zaporozhye nuclear power station, are becoming "direct accomplices" of the Ukrainian crimes, Maria Zakharova …TASS
Political opponents commit demonstrative punishment of Gutsul — lawyer
Political opponents commit demonstrative punishment of Gutsul — lawyer
The judges denied Evghenia Gutsul the right to attend meetings where her sentence of seven years in prison is being challengedTASS
Give me a single reason why Sora2 should exist.
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
Rozaŭtuno likes this.
Give me a single reason why Sora2 should exist.
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
like this
olorin99 likes this.
Technology reshared this.
like this
Davel23 likes this.
💵
Oh wait, you said should, not why.
I mean, I’m as big a ML fans as you’ll find on Lemmy, but this is a slop machine to build some Altman hype.
A controllable, integrated version as a tool, with augmentations like VACE or SDXLs controlnet would be neat. Thats also great because it’s not so easy for 1 click zero effort automated spam, which is by far Sora's largest market as is.
…And guess what. We have that, it’s neat already, it’s open weights, it's improving, and it’s not so controversial/abused because there’s an actual tiny barrier of entry to using it, like Davinci Resolve vs instagram filters.
The less barriers to entry the better for something like this. Imagine all the people who have always wanted to make movies/tv shows but haven't had the ability to who could use these tools to make pilots/trailer to sell to studios, or even create full series/movies to self-publish.
Trying to put barriers and "controls" in front of it purely because you don't like that it can be used to make "slop" is dumb.
You can make movies with e-waste tech these days. There is no barrier to entry.
People who don't have the drive to make things without AI well never produce anything of value with AI.
You can make movies with e-waste tech these days. There is no barrier to entry.
You've never been able to make and iterate as quickly with as high quality as you can using current video generation AI tools. That's fact.
What "e-waste tech" do you think you can make full scenes with realistic people and CGI with?
Smart phones record exceptionally high quality video. Free and open source CGI software can be run on older computers.
People who want to make stuff will find a way to do it.
Lazy people who want to feel special will generate AI slop.
Free and open source CGI software can be run on older computers.
And take years to learn how to use well, compared to literally seconds of using an AI video generation tool. Then there's the actual rendering and iteration, which can now be seconds versus hours/days.
Lazy people who want to feel special will generate AI slop.
People who want to make stuff will be able to make amazing stuff with ease with AI.
You AI haters are all so closed minded, only capable of thinking of the lowest common denominator. Who cares if people make AI "slop" when there will also be visionaries making mind blowing stuff with AI?
And take years to learn how to use well
Heaven fucking forbid that a person dedicates themself to learning a perfecting a craft. Meanwhile, you sloppers are out here thinking you're gonna take over the entertainment industry with your, "Yo Sora, make me a movie that's like Pulp Fiction crossed with Fight Club with supernatural elements."
Who cares if people make AI “slop” when there will also be visionaries making mind blowing stuff with AI?
Because that's all that it's good for. Every year it's, "Oh this is going to be so much better in 6 months, bro. It'll be able to generate full movies by then, for sure, bro." And every year it does get better, but it's still complete and utter garbage. It's still slop.
And even if it's not slop, LLM tech is basically just a repackaged soulless slurry of existing media. Unless there is a fundamental breakthrough in AI tech, it will always be that. LLMs just work that way. It is a limitation of the technology.
If you can't see that, then you truly don't understand what this tech is.
Heaven fucking forbid that a person dedicates themself to learning a perfecting a craft.
So you think that things should always be difficult and extremely time consuming, taking years to learn, even though new tech comes out that means it doesn't have to be, just because.......why exactly?
The same people that dedicate themselves to learning and perfecting a craft can also use these tools and will be able to do amazing things with them - or they can continue not using them if they want.
Meanwhile, you sloppers are out here thinking you’re gonna take over the entertainment industry with your, “Yo Sora, make me a movie that’s like Pulp Fiction crossed with Fight Club with supernatural elements.”
Ok so again, narrow minded and short sighted. What people can do with this is do their usual movie making process - storyboarding, script writing, etc - but can then literally "film" the scene and chop and change it, iterating and fixing almost instantly. It doesn't just spit out an entire movie - at least yet! You can give it exact words to say, camera angles, filters, etc - it basically allows the would-be director to shoot scenes in real time at any time they want, from any location, regardless of the weather/time/location/etc.
Because that’s all that it’s good for. Every year it’s, “Oh this is going to be so much better in 6 months, bro. It’ll be able to generate full movies by then, for sure, bro.” And every year it does get better, but it’s still complete and utter garbage. It’s still slop.
Dude, the technology has been around for only a few years lol. In that time it has absolutely gotten so much better - Google's video generation is a mind blowing upgrade for example.
LLM tech is basically just a repackaged soulless slurry of existing media.
You don't understand how it works if this is what you think.
If you can’t see that, then you truly don’t understand what this tech is.
Huh? The first step is basically immediate generation of video that looks real.
What on earth are you talking about?
slop feeds full of bullshit
That look incredible though. That's the point - now people can make incredible stylized or realistic videos with nothing more than a few words and a few seconds wait.
You're like someone complaining about a technology like raytracing because all you saw was some devs use it to do a few shadows and cut their framerate in half. You can't see the big picture. You can't see that with every medium there is "slop" - there are terrible writers writing books, it's not just all new york times best sellers. There is terrible music, not just grammy winners. AI video generation will have tonnes and tonnes of crap, but it will also have masterpieces.
AI video generation will have tonnes and tonnes of crap, but it will also have masterpieces.
Doubt.
like this
Pamasich likes this.
It's a bit excessive for my taste as well. Traditionally if you felt the need to cut this much just to make the sentence come out the way you want, you'd just do another take instead of making this many cuts in post. Over-cutting of spacing also makes the pacing a bit too "word-vomit" rather than "polished" imo.
I imagine this is more normalized in stereotypically "zoomer" presentation of video content, but it might also just be this guy (or their editor's) style.
I don't think there is a good reason. It's an interesting ability for a model. I can see the appeal why people are interested in much the same way I can understand why people climb mountains. Wouldn't wanna do it myself but I can see why you like it kind of way. For me this falls into the category of "the general public doesn't need to have access to this." I get mad when I hear people talk about it in terms of what is and isn't allowed in it. "And then I tried to put a light saber in it and that was okay but I couldn't make me into Super Mario." You just created enough heat in a server farm that will kill a polar bear, that needs to be cooled with future drinking water we need to desalinate, and you have huffed some more air in the hyped up bubble economy surrounding so-called AI. All so you can see where the model draws the copyright line? And if you think that I was modest in my hyperbole, you'll probably agree with me when I say in a similar spirit that we as a species deserve to eradicate ourselves off this planet.
The so-called AI peddlers have the same problem as news peddlers online. It's fucking hard to turn users into paying subscribers. And they need to turn a profit at some point. It's the merciless mechanics of capitalism that dumps all these models on an unprepared general public at dumping prices. A drive to increase shareholder value above any other consideration. It's time to change that.
And I'm not opposed to this model existing. Research it, fine tune it, offer it for the actual cost you're running in the background plus a bit of a profit margin. And when it costs $207.40 per month to make these brief videos, I'd be okay with that. It would price out enough users not to undo any of the insufficient climate saving measures we as a species have already implemented.
Just going to drop this wiki link, so people know the precident set with this case is one of the driving causes for our current misery.
The general public won’t have access to it. They are locking it down more and more.
Governments, corps, the elite will have access though. That seems worse than open access to me.
This is a bit irrelevant but we can't use sea water for cooling instead. And if we're already heating sea water can't we just heat it up more in the end and create a combined desalination server farm.
Are they any major issues I'm missing
I have never once asked why something should exist. It’s the human will to make new cool things, and in 5y this model will train on your refrigerator, so you aren’t stopping it. These videos complain about the problems of exponentially increasing technology rather than look towards solutions, like anti capitalist organizing. Like, ok, this destroys copyright and IP: guess what copyright and IP is DUMB CAPITALIST NONSENSE. Let’s overthrow it. These people are complaining about companies selling access to these models under cost: that’s because this can never make a profit! If you don’t need labor, cost goes to 0. This will spur unemployment and harm, which will spur worker participation and class warfare.
And the environmental cost is still lower than meat.
To me all the complaining is the sweet voice of class consciousness.
And the environmental cost is still lower than meat.
Meat, whether you think it's moral or ethical or not, serves a need. People need to eat. People don't need AI slop.
It's kind of like saying, "Well yeah I leave this 50kw diesel generator running 24/7. It's way less environmentally damaging than meat. No, I'm not using the power it generates for any real purpose, but who cares, it's environmentally friendly!"
And the environmental cost is still lower than meat.
It's not meat.
It's cars and planes. We know this because we observed a drastic drop in air pollution in both 2008 (following the financial crash) and March 2020 that can be attributed to basically the entire planet no longer commuting and traveling.
That said, LLM's water and carbon footprints are likely going to be far more devastating than meat consumption, not that it'll matter. Everyone is still going to vote Democrat and Republican and things will steadily continue to get worse.
Literally mention meat and the internet goes berserk. Does anyone have any commentary on the remainder of my post?
We still couldn’t reverse climate change with 2020 or 2008 numbers… We are FUCKED. Best not to think too hard about it because thanos could barely solve climate change.
I disagree that LLMs carbon footprint will be more than meat. I think it’ll remain thousands of times less than meat basically forever in fact. That’s basically claiming that GPU servers will outnumber cows and chickens in the future. But whatever.
It's not meat.It's cars and planes. We know this because we observed a drastic drop in air pollution in both 2008 (following the financial crash) and March 2020 that can be attributed to basically the entire planet no longer commuting and traveling.
It's both, and a handful of other industries. The tiny blip of dropped emissions during covid did absolutely fucking nothing to help air pollution and greenhouse gas emissions. It's just feel-good bullshit the media spread around. Travel is a significant portion of ghg emissions, very comparable in impact to meat production.
Ukraine cancels local elections
Ukraine cancels local elections
The powers of currently serving officials have been extended until after martial law is liftedRT
RT? As in Russia Today? Complaining that the country they invaded isn't holding local elections while they're bombing the shit out of it?
Weirdly, no one has commented on straight up Russian propaganda.
Not many countries hold elections during an active war.
It's remarkable that demradlibs used to be all "anti-war" during the Bush years but gradually moved so far to the neo-interventionist right wing through Obama that you're cold war level gung ho for NATO and for spreading Russophobia.
In reality there's absolutely nothing out of the ordinary about west aligned nations to have dysfunctional elections or open dictatorships and no amount of screeching about "western values" and corny reddit slogans like PutlerPutlerPutler changes that. Which is US/EU propaganda to the point of censoring "enemy" media but weirdly doesn't bother you amirite.
So you assumed I'm an American liberal...
Firstly, I'm not American. I live in Europe. So fail one. Secondly, I'm a Socialist, so fail two. Fuck liberalism, and screw America, but ultimately, that doesn't mean you have to swallow everything the enemies of American push. Oh, and I'm on Lemmy because I haven't touched Reddit in a while. You're the weirdest leftie that is still actively on an enshittified right-wing hell hole and the projection is real crazy. You cannot demand critical analysis from Americans, and fail in it yourself.
Oh, btw, Russia is capitalist, with many, many billionaires. The proletariat are not reaping the benefits of their exploitation.
I live in a world where you can be anti-captalist and not shilling for Russia.
Let's go back to basics though, if you have a source saying something, you have to ask who said it, and whether they have a motive. Russia Today is the Russian state broadcaster. It's a really dreadful source to use to understand a war Russia are currently in. I'd suggest you'd find a less biased source, but not too many of them are pushing Russian propaganda.
I'm really curious. How do you run polling stations, where you have to advertise to the public where they are, and to come there, and protect yourself from drone and missile strikes? I really want to understand how you can run elections where you're being invaded. Can you help me out here? Any examples?
I get really annoyed with Libtards throwing around terms like "tankies" but you're really kind of walking the ball into your own net (football reference) when you're shilling this hard for Russia.
If like me, you were wondering how this changed anything since they've been doing this for years, then you will find this part of the article to be relevant:
FTA: Martial law and a general mobilization were first declared in Ukraine in February 2022 and have since been extended numerous times.
So.. in other words, no... nothing has changed.
Chinese scientists unlock insights into far-side moon using Chang'e-6 samples
Chinese scientists unlock insights into far-side moon using Chang'e-6 samples
The China National Space Administration and China Atomic Energy Authority have jointly released new findings on far-side lunar samples brought back by the Chang'e 6 mission, revealing that the moon's far-side mantle is colder than the near side.ThisCGTN
Technology reshared this.
like this
☆ Yσɠƚԋσʂ ☆ likes this.
like this
geneva_convenience likes this.
people familiar with Indian companies' Russian oil purchases said
Smoking gun evidence indeed
like this
geneva_convenience likes this.
I wasn't blaming anyone, I was pointing out that it has become way too normalised for "people familiar with..." and "speaking on condition anonymity..." etc to be pushed as credible sources by news agencies that claim to be "gold standards" of journalism. At best it is lazy, too often the subtext is, "we are making this shit up."
The point of that story to promote rage about how western sanctions are being evaded
like this
Maeve likes this.
China installs 100 solar panels a second as total PV capacity tops 1 terawatt
“Just staggering:” China installs 100 solar panels a second as total PV capacity tops 1 terawatt
China’s cumulative solar capacity surpasses one terawatt after the addition of a "staggering" 93 GW of new PV capacity in May alone.Joshua S Hill (RenewEconomy)
Well, that's one way to test an identity.
like this
entropicdrift, Ynou, pinball_wizard, Mîm, Carlos Solís, deathbird, davel, mrh, Someplaceunknown, jutty, SpacePanda, bigkahuna1986, Auster, kungen, ferric_carcinization, eldavi, Horse {they/them}, PerryGirl [she/her, she/her], The Menemen, normal_user [they/them, any], TheTux, SaltyIceteaMaker, Kwdg, db0, dragnucs, Cipherd, Xavienth, individual, raoul, Hyacin (He/Him), folaht e basiclemmon98 like this.
SpacingBat3 doesn't like this.
It popped into my head, if I had to see it, then so do you.
i wish i could see it, it would give a fascinating new dimension to that movie lol
Horse {they/them} likes this.
Musk’s X settles lawsuit with ex-Twitter executives over $128m in unpaid severance
Elon Musk and X have settled with four former top executives at Twitter, including the former CEO, who accused the billionaire of failing to pay $128m in promised severance pay after he acquired the social media company in 2022 and fired them.
The former executives say that Musk falsely accused them of misconduct and forced them out of Twitter after they sued him for attempting to renege on his offer to buy the company. The plaintiffs are Parag Agrawal, Twitter’s former CEO; Ned Segal, Twitter’s former chief financial officer; Vijaya Gadde, its former chief legal officer; and Sean Edgett, its former general counsel. Musk and X have denied wrongdoing and said the executives were fired over their performance.
Musk’s X settles lawsuit with ex-Twitter executives over $128m in unpaid severance
Four former executives say Musk falsely accused them of misconduct and fired them after he acquired the companyGuardian staff reporter (The Guardian)
US shutdown deadlock deepens as senators reject competing bills
The deadlock over ending the US government shutdown deepened on Wednesday, with senators once again rejecting competing bills to restart funding as Democrats and Republicans remain dug in on their demands for reopening federal agencies.
The funding lapse has forced offices, national parks and other federal government operations to close or curtail operations, while employees have been furloughed. Signs of strain have mounted in recent days in the parts of the federal government that remained operational, with staffing shortages reported at airports across the US as well as air traffic control centers. Further disruptions may come next week, when US military personnel and other federal workers who remain on the job will not receive paychecks, unless the government reopens.
When the Senate met on Wednesday afternoon, it became clear that sentiment had not shifted in the eight days since the shutdown began. For the sixth time, Democratic and Republican proposals to restart funding both failed to receive enough support to advance, and no senators changed their votes from recent days.
US shutdown deadlock deepens as senators reject competing bills
Proposals from both sides fail to receive enough support as no senators change their votes from recent daysChris Stein (The Guardian)
Do some women with sexual experience date a virgin?
- Sensitive content
- Parola filtrata: nsfw
I made a post on Showerthoughts saying if you are a guy and you are a virgin at 22 years old, you are fucked because most women in their 20s have sexual experience, so if you are a 22-year-old guy, a woman who’s 23, 24, 25, 26, 27, 28, 29, or 30 wouldn’t want to date you because they have sexual experience already.
However, I could be wrong, so do some women with sexual experience date a virgin? If so, why?
Black Carpet Awards: evento collaterale o vera inclusione?
L'evento dei Black Carpet Awards ci fa porre una domanda spinosa: celebrare la diversità in un evento a parte è un atto di inclusione o di separazione?
Ecco i punti chiave:
1. Il Paradosso della visibilità: da un lato, eventi dedicati sono fondamentali per dare luce e voce a chi, nel mainstream, fatica a emergere. Creano comunità e modelli di riferimento potenti.
2. Il Rischio della ghettizzazione: dall'altro, un evento "collaterale" rischia di confinare la diversità in una nicchia, implicitamente suggerendo che non sia ancora pronta per il palco principale dell'industria.
3. La meta finale: il vero traguardo non è avere palchi paralleli, ma un cambiamento strutturale. Camera Moda e le istituzioni devono integrare la diversità nel cuore degli eventi ufficiali, rendendola la norma e non l'eccezione.
In sintesi: I Black Carpet Awards sono un sintomo necessario di un'industria in transizione, ma ci ricordano che il viaggio verso l'inclusione è completo solo quando la diversità sarà il palcoscenico stesso.
Tu cosa ne pensi?
Se vuoi saperne di più:
🇮🇹🔗 suite123.it/it/2025/10/01/blac…
🇬🇧🔗 suite123.it/2025/10/01/black-c…
Black Carpet Awards: Side events or true inclusion? - suite123
Black Carpet Awards at MFW SS26: Side events or true inclusion? Does celebrating diversity in collateral events really promote inclusion?suite123
Snow Lemmy likes this.
Fake Protest Videos Are the Latest AI Slop to Go Viral in MAGA World
Fake Protest Videos Are the Latest AI Slop to Go Viral in MAGA World
Trump supporters are doubling down on AI sadism.Matt Novak (Gizmodo)
like this
adhocfungus, Rozaŭtuno, geneva_convenience, frustrated_phagocytosis, KaRunChiy, MyTurtleSwimsUpsideDown, andyburke, massive_bereavement, Maeve, Pebble_Clef, felixthecat e yessikg like this.
Technology reshared this.
Ok, so why do they utilize these tools and the left cries about it.
I've said this for a while. The hate of AI on lemmy was encouraged by Astro turfing methods. This way leftist who usually are at the cutting edge of things instead knee cap themselves on a technology that acts as a force multiplayer. They will use this and advance. We will bitch and moan. The end result will be that they gain more and we don't. So you can be upset and you can cry and hate this or me for pointing this out. That will never change the outcome. Your feelings don't matter. What matters is outcomes right now. It matters what will get people to vote when it's time. if you concede tools that help you reach eyes and ears of voters, be ready for consequences.
We gain by generating counter-slop? Wtf are you on about.
Anybody with a half a braincell can see the detrimental impact AI is having on social media & internet content generally. It's not astro turfing, it's just constantly dealing with generated nonsense that's causing the hate.
People who are more susceptible to manipulation, which unfortunately seems to be right-leaning folks, seem to fall victim into believing & spreading it the most. They rarely do any form of fact checking.
Oh fuck off. Nobody is “astroturfing” AI hate.
Plenty of us hate AI for perfectly reasonable ethical, sociological, and accuracy reasons.
Just because some anti-ethical twats are doing something with AI impactfully doesn’t justify the use of disinformation on our side.
Yeah, this person's right! We should start making inflammatory AI videos, too! Dump that whole tanker ship in the fire, fuck it!
No. I am sorry, but no. The hate on Lemmy is not against AI as a technology, it is against how it is being used, how it is being peddled, how it is being shoved down everyone's throats, and how much damage it's doing to our environment (edit: and society, and art, and culture, and politics, and economy, and wellness, and overall desire to maintain a steady heartbeat!)
And, to your point about feelings not mattering, from what I've seen, most people (including myself) are exhausted! We are surrounded by people losing their shit left and right, bigotry, racism, hate in general are mainstream, Fascism is out, about, and in power, and it looks like we're all forgetting that the planet is literally burning up again.
We are tired. Most of us have already been through enough shit as it is, we would want nothing more than to see the end of this string of "once in a lifetime" disasters, yet we understand that the easy way out means we'll end up becoming exactly what's ruining our lives right now. This isn't just about winning, HOW we win is equally important, if not more so. Because that will set the tone for what would follow.
Not to mention that the bullshit in AI videos made by the left would absolutely get called out in every propaganda outfit on the right. It would just give them more ammo (without the usual lies).
But even more important, it will grant legitimacy to everyone who responds to damning video evidence by claiming it was AI. We don't need to make shit up, the reality is already horrifying. All AI will do is make it harder for people to believe their own eyes.
like this
Beacon likes this.
They utilize these tools because they have no morals. They are willing to lie and cheat their way into whatever they want.
The left does not have that advantage. We don't want to lie, we don't want to cheat, we want the liars and cheaters to be removed from power. Lying harder isn't going to work for us because unlike the right, we will call out our own for it.
Nah, it wasn't astroturfed. Current gen AI is little more than automated theft ATM. A lot of artists had their work stolen with no compensation. And now have an even tougher time ahead, competing with the thieves than they already had before. A lot of the angst and hate has been knee-jerk and lacking nuance. Doing as much to alienate people from their cause as bring them to it. But it's real.
What's equally absurd however. Are those that naively think we could use AI against those already using it. They're building farms that consume more power than major cities. With more compute than even large groups of average individuals will ever be able to muster. It doesn't matter how much of a force multiplier it is. 10x return on a force of 10,000,000 is exponentially more return than a 500x increase on a force of 100.
Ai may just be a tool, but it's not going to turn the tide in favor of the left.
Is it? Can you show me that the AI headlines and hype on Lemmy is different from NY Post website's approach to immigrants?
Same coin different faces. If you told a republican that they bought into anti immigration astro turfing what would that tell you?
Lemmy’s daily active user numbers are not big enough to be a worthwhile astroturfing target.
The real reason people shit on AI here is because it’s a platform with a bias toward people who are fairly tech savvy and or work in a technology field. Which is why every 3rd technology post here is a Linux circle jerk.
A lot of users here understand the technologies and are working in spaces where they’re being asking to “implement AI” by idiots who don’t understand the tech and aren’t trying to solve a user problem.
It 100% is perfect for astroturf. It's the perfect size for it. Large population need more money and effort to afford astroturf. Lemmy is the right amount then you let the Lemmy users generate more content for you.
We all saw this with Reddit. They always started with smaller city subs before moving to bigger ones. Always
Ya, I don't really get the hate either. It's just a fun new way to make memes. I feel like most are blowing things out of proportion because the media is telling them to.
This is not slop, this is political ~~misinformation~~ disinformation. Call it what it is.
Slop is annoying, but it's just AI generated spam. This is much more purposeful and insidious. The tools you used to make it are irrelevant.
like this
andyburke, Azathoth, felixthecat e yessikg like this.
As much as I hate to use this term because of the most prominent person associated with it:
This literally is an infowar, this is an actual psyop.
Targetted and fairly convincing mis and disinformation deployed at exactly the moment it would generate the most chaos and distrust in your own ability to evaluate reality?
Yeah. Yeah.
Thats a psyop, that is what an actual psyop is.
like this
yessikg likes this.
Its not fake if MAGA believes it ... that puts it into psyops territory.
Not real, but not exactly "fake".
like this
felixthecat e yessikg like this.
like this
felixthecat e yessikg like this.
like this
felixthecat likes this.
like this
felixthecat likes this.
I fear it could be something even more dubious than that.
A marketing campaign for an American company with a foothold in the Whitehouse.
like this
felixthecat e yessikg like this.
Human psychology is the same no matter the tech.
It just makes it easier.
And deadlier.
like this
felixthecat likes this.
like this
felixthecat likes this.
Nothing prevents it totally. It could 100% be just as bad as Facebook. But only those servers owned by those propaganda pushers. It is harder to take over the whole and push your agenda to all users, when they can simply block your instance and let you stew in your hate.
Best example for that: the tankies, which are mostly ignored or ridiculed outside their own safe spaces.
And while I do think there will always be nationalistic fuckwards, I think the big number now and in the past are only possible due to massive propaganda. If that is not possible, people steer more to "normal" stuff. Because most people are not majorally negatively affected by the status quo.
like this
felixthecat likes this.
Because most people are not majorally negatively affected by the status quo.
tell me you live in a rich country without explicitly saying so
What would prevent Lemmy from becoming another Reddit
You'd need to convince every one hosting a Lemmy instance (and all possible future ones) to sell their platform for money or blackmail them into submission...
With Reddit, they only needed to convince Spez which is like convincing an alcoholic to have a free shot of his fav poison
reddit and all commercial social media make more money when they have more users, so they attract a lot of users with ragebait and clickbait.
we don't profit if we have more users, so we don't have an incentive to send clickbait and ragebait, and the absence of these toxins alone will probably drive up the quality a bit.
What's wild about this is that people predicted AI would be used for nefarious purposes, but generally in the form of like, showing your opponents doing crimes. But here it's being used to show their own side doing crimes while the other side is only made to look "cringy" or more like a stereotype.
It really speaks to the utter depravity of the US right that, given a machine that can generate any video of anything they could imagine, this is what they do. These people are utterly incompatible with any kind of free or even functional society, and I really don't know what could ever be done fix them or their culture.
Not partisan issue.
I definitely lean like way left and there is much to be done without murder.
Work ‘em into a frenzy. Let them eat their own.
Let them have their violence upon themselves.
See, I didn’t do a goddamn thing.
These fuckers are gonna off themselves quicker than Howard Dean can say woooo!
So many dumb motherfuckers, not enough natural disasters to help the rest of us along.
The phrase “I voted for this” has become a common thing for far-right supporters of Trump to say when something particularly brutal has happened to their political opponents.
I'll tell you what's at the bottom of it, If you can convince the lowest white man he's better than the best colored man, he won't notice you're picking his pocket. Hell, give him somebody to look down on, and he'll empty his pockets for you. -- Lyndon B. Johnson, attributed by Bill Moyers
like this
felixthecat e yessikg like this.
I've met racists who love this quote, they just think that "convince the lowest white man he’s better than the best colored man" is equivalent to "convince a colored man he’s as good as a white man" here. They really do.
Also there are plenty of people who don't consider themselves racist, yet think their (American, British, whatever) color hierarchy exists outside of English-speaking countries and people there have to take it into account.
The kind that "is not racist", but if someone is racist, it's only the way that they are on top. They can't conceive that a Vietnamese or a Chinese racist may have a racial hierarchy where they are near chimps. When facing evidence of such being possible, they lose their mind and behave, honestly, quite racist.
That last part is still accurate He had it right.
I remember as a kid growing up in a extended family just emerging from the worst kind of american poor.
My fathers generation was the first to have decent living conditions but still faced hunger as children. They all could remember when they got electricity and running water. The older generation of aunts and uncles would often say things like 'We may be poor but at least were not N******s". That hasn't changed a lot in some circular family tree's.
like this
felixthecat likes this.
like this
yessikg likes this.
Expect much more of this and soon enough it will be impossible to distinguish between Real and fake videos
We can fix a little with digitally.sigbed videos to at least show that a video came from a verified source but that still won't fix the issue with leaked videos. Basically, leaked videos and open mike videos / audio clips are over, we can't ever trust them anymore
I think the article really makes the point that it doesn't matter. The videos can LITERALLY have a watermark on them from the AI software, and people just dgaf. The battle is lost before it begins.
As with things like quotes and claims that could always be fake, it's back to the old journalistic practices of verifying sources with a second source. But that means being ignorant of things that were not being investigated by journalists, which creates a different filter bubble.
it’s back to the old journalistic practices of verifying sources with a second source.
that has as a necessary pre-requirement that people are actually interested enough in an objective truth that they're willing to pay some journalist to do the research.
is that really the case anymore? I can see it being useful in the 20th century when people were interested in new economic developments and stuff
like this
yessikg likes this.
I'm saying it again: We can't know what's true anymore. Whenever something happens more than a few miles away, chances are high that you know nobody who was involved there physically, so there's no reliable way of knowing what actually happened anymore.
I think we can only make reasonable choices about things that are close enough to ourselves; not about very far-away entities.
Trump supporters making shit up and constantly lying?
next you're gonna tell me the sky is blue
hold up. so now we don't even have to do anything for this this to escalate?
I mean....if I'm gonna get blamed for cheating I might as well cheat, you know?
I'm convinced AI content generation was created with the sole intent of manufacturing outrage material for gullible idiots.
because the rate at which these technophobic illiterates have adopted AI, and expertly use it to generate bullshit, is too high to be otherwise plausible.
Yeah, no doubt. My mother got radicalised by Facebook over the years. It went from cute dog and cat things to "harmless" conspiracy theories (think bigfoot), culminating in fucking her with QAnon propaganda indoctrination. Last I checked up on her, there's machine generated rubbish all over her feed. She's beyond saving at this point. Suppose she was always primed for this kind of thing, being pro-homeopathy anti-vaccine person.
She doesn't question the machine generated content at all, and I saw that if someone points it out, which a scarce few have done, she just justifies it with "well it could be real, this kind of thing does happen."
At this point I don't think it matters if this technofascism was a knowing plan, or an unfortunate series of events that by themselves seemed justifiable to the people making the decisions, but it doesn't really matter. We're here now. They're not only trying, but succeeding in coercing governments and undermining democracy.
Brazil’s beef exports to China surge as Trump’s tariffs shift global demand
Brazil’s beef exports to China are on the rise as part of the Asian nation’s larger strategy to avoid agricultural goods from the United States amid their ongoing trade dispute.
Brazil’s beef exports to China rose 38.3 percent in September from a year earlier, reaching 187,340 tonnes, the industry group Abrafrigo said on Wednesday, helping push total monthly exports to a record high.
Global demand for beef has helped Brazil offset the impact of US tariffs on its exports, Abrafrigo said. In August, the administration of US President Donald Trump imposed a 50 percent tariff on several Brazilian goods, including beef, which already had a 26.4 percent levy.
Brazil’s beef exports to China surge as Trump’s tariffs shift global demand
Brazil’s beef shipments to the US tumble by 41 percent as exports to China grow by 38 percent.Al Jazeera
like this
Maeve likes this.
Modi is certainly working on it.
And would you seriously claim Iran and the Emirates are democracies?
i play a game named tropico and you have to balance trade deals with world powers in order to prevent them from invading your tiny caribbean island nation and i always do a 70-30% split to prevent the americans or the eu from invading.
it's funny to see the chinese doing the same thing. lol
Republicans could draw 19 more House seats after an upcoming Supreme Court ruling
Many experts are forecasting the end of a key provision of election law — enabling Republicans to shore up their advantage in the House, according to a new report.Ahead of the court’s Oct. 15 rehearing of Louisiana v. Callais — a case that has major implications for the VRA — two voting rights groups are sounding the alarm, warning that eliminating Section 2, a provision that prohibits racial gerrymandering when it dilutes minority voting power, would let Republicans redraw up to 19 House seats to favor the party and crush minority representation in Congress.
Bye bye free and fair elections by the midterms! And people called me crazy for predicting this.
https://www.politico.com/news/2025/10/08/republicans-scotus-vra-00597212
like this
copymyjalopy e dflemstr like this.
like this
davel, ambitiousslab, everett, entropicdrift, Petter1, pinball_wizard, felsiq, Someplaceunknown, GrumpyKraken, Binette, , ferric_carcinization, eldavi, Luffy, TheTux, PM_ME_VINTAGE_30S [he/him], airbussy, django, m532, zod000, تحريرها كلها ممكن, laranis, MinekPo1 [it/she], Tippon, Hyacin (He/Him), Dr_Vindaloo, raoul, Dessalines, UltraGiGaGigantic, dnf e folaht like this.
like this
alexei_1917 [mirror/your pronouns], django, Rai e raoul like this.
alexei_1917 [mirror/your pronouns] likes this.
i did Primerica out of desperation back in the 90's and they made us sit through presentations and videos like this and i resented it.
watching something like it again 30 years later was enjoyable, but only because it was a pleasant trip through memory lane re-seeing the aesthetics and home decor that i realized were prevalent in upper middle class homes back then when i had to travel to do Primerica.
also: i've had to work at a couple of diners during high-school/college and tandmen cooking has been the status quo atleast since the 80's; it's only high end restaurants/diners who don't do this and it's wild to learn that people are still unaware of it.
like this
Rai e alexei_1917 [mirror/your pronouns] like this.
If it ask for your phone number its not private.
Nowadays, a majority of apps require you to sign up with your email or even worse your phone number. If you have a phone number attached to your name, meaning you went to a cell service/phone provider, and you gave them your ID, then no matter what app you use, no matter how private it says it is, it is not private. There is NO exception to this. Your identity is instantly tied to that account.
Signal is not private. I recommend Simplex or another peer to peer onion messaging app. They don't require email or phone number. So as long as you protect your IP you are anonymous
Signal is private, what you should differentiate is being anonymous or not. Using your usual phone number is NOT Anonymous but is PRIVATE, as in the content of your messages being only available to you and the person you're talking to
The way you get a phone number depends on you too, so you can be very much be Anonymous even if signal requires a phone number.
like this
giantpaper likes this.
Signal stores the hash of the phone number. So you can query them for a specific phone number, but are unable to figure out phone numbers based on the hashes (outside of brute force - trying every 12-digit phone number).
And after doing that, you learn "this person uses/used Signal", with no information about particular messages whatsoever.
You are very naive if you think that a company located un the US can provide an encrypted messaging service that can be used by anyone including terrorists, druglords and US enemies without the government being able to access the messages. Lavabit was a famous case and had to shutdown because its founder rejected to comply with an order from the US government to grant access to information. If you are using centralized communication service located in the US forget about privacy.
”Lavabit is believed to be the first technology firm that has chosen to suspend or shut down its operation rather than comply with an order from the United States government to reveal information or grant access to information.[3] Silent Circle, an encrypted email, mobile video and voice service provider, followed the example of Lavabit by discontinuing its encrypted email services.[25] Citing the impossibility of being able to maintain the confidentiality of its customers' emails should it be served with government orders, Silent Circle permanently erased the encryption keys that allowed access to emails stored or transmitted by its service.[26]"
"Levison (founder) explained he was under a gag order and that he was legally unable to explain to the public why he ended the service.[21]"
Since when is encryption dependent on the service’s jurisdiction?The US has a law that applies to any US company operating within its borders: it is illegal to tell your users that the US government has asked your company to spy on their behalf. This is called a key disclosure law, and the US's version of it, called National Security Letters, underwent an expansion with the PATRIOT act; by 2013, President Obama’s Intelligence Review Group reported issuing on average, nearly 60 NSLs every day.
Companies that don't comply with this law are forced to shut themselves down, or remain open, and grant access to user communications to the US government. The Signal foundation is a US domiciled company and must comply with this law without being able to disclose that they have been issued an NSL letter.
Luckily we don’t yet live in that world
Comply with the government order of granting access to messages or shut down implies that
we are already in that world, long ago.
What makes you think that what happened to Lavavit and Silent Circle would not
happen to Signal? Only wishfull thinking can make you think that, evidence tells you
otherwise.
Home
A socially motivated website which provides information about protecting your online data privacy and security.Privacy Guides
Ok government here are the messages i'm legally required to provide you.
U2FsdGVkX1/FEry+/NeyfmzA3icvpchwSo5qySzajv87f9PwhJyog+zS1Qv+j8bzYXG5sCLZMbFqUJn9Cp7RkVY79wuUArUaxE59LtdO0LKT+0+d220DxFVioHe8Vlaq
like this
giantpaper likes this.
Do you understand what encryption means? Genuine question.
If a company is compelled to spy on its users, it doesn't mean hack them. (although perhaps there are same edge cases where you have to wonder the exact definition of hacking)
like this
giantpaper likes this.
Obviously you are missing the point. Even Gmail is private if you are going
to do the job of encrypting your messages by yourself, but that's irrelevant
with what we are discussing here.
What we are discussing here is that if you are a company offering a service
of encrypted communications located in the US, the government has all the power
to force you to shut down if you don't give them access to what they want.
And that's not speculation, they're actively doint it because they
are backed by the law.
Why people are so naive thinking that the government are not going
to do something to get what they want when the law is on their side,
when sometimes they don't hesitate to do it even when it's blatantly illegal?
The only way to avoid surveillance is with free, open source and
descentralized software. If there is a company in charge of running the software
that's a vulnerability and, like the cases already mentioned, those in power are going to exploit it
shutting the service down if the company doesn't comply.
It doesn't matter how much you like or trust the service, there's simply no reason why
they wouldn't do it again when they already dit it successfuly.
Why some people who care about privacy can't see this obvious fact is beyond my understanding.
Alright I think I know what you mean, but I'm still not sure we're actually on the same page regarding encryption.
If a company is forced to do whatever ths government commands it to do, that's only valid within certain constraints.
For example, the company cannot be forced to grow wings snd fly to thr heavens. That's physically impossible.
Similarly, it also cannot provide the decrypted messages of its users because it (like Signal) does not have the KEYS that are absolutely 100% necessary for decrypting the encrypted messages of its users.
So, again, it's physically impossible to hand over either the keys or the decrypted messages.
However, there is one remedy that Signal CAN do, if somehow forced. That's changing the Signal program. It certainly can push an update that sends Signal the keys for decryption.
However, at that point, the source code at github doesn't match the compiled binary of the program anymore, and very good chance people would notice, and thereby people would lose trust in Signal.
I'm not sure about the examples you gave about the government being successful in obtaining user details of a company. Were those details encrypted as well? Was the source code publically available? Was the program popular?
Signal is free and open-source. It cannot be denied that basically everything, including minor details like usernames, is end-to-end encrypted and kept secure. The Signal protocol has been proven to be secure by many independent experts and thus it is mathematically impossible for Signal to gain access to your sensitive information (except for your phone number, obviously).
A phone number alone just won't do much.
Signal is not open source, its a centralized US service, and you have no idea what their server is running. They even went a full year without publishing server code updates at one point, until it caused enough of a backlash that they started doing it again. But publishing that is no guarantee of anything, because you have no access to their server.
mathematically impossible for Signal to gain access to your sensitive information (except for your phone number, obviously).
A phone number in most countries, including the US, means your real name and address.
like this
Maeve likes this.
Signal's server is open-source. Of course, they could do something else in secret, but the openness of the client (here's the client) is enough to verify that E2EE exists.
Your phone number alone just doesn't give any real insight: you can derive that the person behind it prefers to communicate in private and that they're probably alive, but that's about it. Also, I don't think Signal can get your name without a government to look it up. That does happen sometimes, it's just that nothing importmant ever comes out of it.
GitHub - signalapp/Signal-Server: Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS - signalapp/Signal-ServerGitHub
Signal's server is open-source
Prove it, give me ssh access to their centralized server so I can verify that they're running the code they've published. Otherwise this is a "just trust me" claim.
Also, I don't think Signal can get your name without a government to look it up.
There are 10 websites that publicly publish phone number and identity info, right now. Not even a government, but a random stranger can convert your phone number to your real identity.
Since when is encryption dependent on the service's jurisdiction? When Signal has got subpoenaed it has always been incapable of providing data that involves the content of the conversation signal.org/bigbrother/
The app is also open source with reproducible builds (and you can use Molly instead, if you prefer) and when the clients of an end-to-end encrypted system are sound, that is all that matters to secure the content of the communication.
Audits are also performed as listed here community.signalusers.org/t/ov…
I don't understand where this doomerism comes from tbh, (online) privacy will cease to exist when either maths does or it becomes globally illegal to use encryption and the government's intrusion is really so pervasive that they constantly know what you're doing. Luckily we don't yet live in that world, though the pressure is real and we are the first that have to fight for this basic human right
Government Communication
When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here.Signal Messenger
like this
giantpaper likes this.
Email is a very different thing.
You can't protect against emails being received in plain text.
Don't know the technicalities of the specific case you are referencing, but I know that if the government wants to they can middleman any received email before the provider can encrypt it for storage on their servers (by forcing the provider to let them).
On the other hand, if you use an end to end encrypted chat app, you can't middleman any messages from the providers side by force because the messages are always encrypted on the users device before being sent.
like this
giantpaper likes this.
like this
giantpaper likes this.
like this
giantpaper likes this.
lol try signing up for an email account today without tying a phone number to it or another established email account. It's incredibly difficult.
You might be able to create an account, but then all "3rd party services" (e.g. creating accounts on absolutely fucking anything) will be blocked and your account will be either restricted or forced to submit a kind of verification that doxes you to lift said block, probably.
I found a single sketchy provider that would take verifications from proton mail that allowed me to then create more accounts, but I had to try over a dozen mail providers before I found the obscure one that did not require any pre-existing accounts, phone numbers or identification documents to just create an email to simply sign up for any web forum, service or basically do anything most people do with email. Everything ends up linked to each other at some point.
There's just no privacy anymore. The ones who think there is are probably not as private as they really think they are today.
Protonmail is highly accepted and tutamail didn't ask for my number or another email. You are in a group called privacy but you think there is no privacy?
I just stop using those accounts that force me to give up my number. It's called standards, YOU must have them and you will have more privacy than most.
This group function is to help increase privacy. That's what I'm doing by letting you know not to use your phone number. If you have a defeatist ideology. You lose.
Protonmail is highly accepted
Sure, requires 3rd party email or cell phone to work though.
tutamail didn’t ask for my number or another email
The last one, run by little over a dozen people as FOSS, and easily quashed by the long arm of the law or a pricey lawsuit. What happens then?
I just stop using those accounts that force me to give up my number. It’s called standards
You still need an email that is completely associated to you for official things like medical interactions, government interactions, and stuff like sports tickets if you care about going to a sports game in a town like Boston. Hell, when you send resumes I assume you have a professional inbox for that too.
So how do you do it? Do you live in two worlds with a burner phone / never checking your 'private' stuff outside of some kind of proxy/vpn scenario where you remote into whatever box is handling your actual private online presence?
Proton mail didn’t ask me for a phone or email. But I’ve had it for years so maybe that changed.
It changed. I made one in the past week. You can create an account, you cannot get any account verification emails from ANY other provider, they block them and then restrict your account until you verify with someone else.
I don't know why you think I don't get it though. The amount of metadata accessible when visiting a website is crazy nowadays. They can track things people never even imagined, like the arc of how your hand moves across the screen with a mouse, the cadence of how you type, and then tie those to profiles with any other details they have managed to scrape. Combine that with hours of activity, browser versioning addons etc, resolution and any number of other bits of metadata and suddenly someone has a shadow profile linking you to your proxy IPs or whatever else.
Sure, i'm more paranoid but I don't believe anyone with a head on their shoulders would say privacy on the internet has ever gotten better.
Sure, i’m more paranoid but I don’t believe anyone with a head on their shoulders would say privacy on the internet has ever gotten better.
I mean things are dire but it's not as if nothing has improved. Even just 10-15 years ago most websites weren't using any encryption (or if they did it was only for login pages). Anything you read or sent could be seen by your ISP or someone snooping on the network. Encrypted messaging basically didn't exist or was very niche. VPNs weren't nearly as widespread either. Go back another decade and Tor Browser didn't yet exist (publicly) so there was no easy way to hide your location or stay anonymous online. Governments and companies have clamped down, yes, but our arsenal of privacy tools has never been bigger.
The amount of metadata accessible when visiting a website is crazy nowadays. They can track things people never even imagined, like the arc of how your hand moves across the screen with a mouse, the cadence of how you type, and then tie those to profiles with any other details they have managed to scrape
You can block a lot of this dynamic tracking with NoScript. This will break some websites but it's worth the inconvenience of a messed up page or needing to find an alternate site
Signal needs a phone number. Why are we dismissing this as privacy versus anonymity when governments are blocking the registration SMS?
I really don’t get why so many people are turning this into a privacy versus anonymity debate when the real problem is censorship.Yes, Signal needs a phone number to sign up, but replacing that with an email or username doesn’t make it anonymous. The real issue is that governments are blocking the registration SMS, so people can’t even sign up for the app in the first place.
Sure, there are workarounds, but most people aren’t going to jump through all those extra hoops just to use an app. If we want to spread privacy, how do we do that when Signal's phone number requirement is actively working against us?
Instead of arguing over privacy versus anonymity, shouldn’t we focus on making sure everyone can access Signal without issues? What do you think?
So, late to the party. Me Skuzi. This comment is more targeted towards your responses to user comments, but I would extend that to your entire thesis. So I decided to make an entirely new comment.
Honest questions/comments to follow:
Yes, the US govt can 'compel' a organization such as Signal to allow them to monitor/intercept encrypted messages, The government can even 'compel' a citizen to disclose their encryption key. The cost of non compliance varies from contempt of court to short term incarceration. United States v. Fricosu et al.
However, Signal would only shrug and hand them metadata. Even Signal can't decipher your messages. There are other services unrelated to Signal that operate thusly, such as VPNs, that absolutely do not keep logs and run in RAM only. Some of those VPNs have been raided and servers confiscated by multiple governments with nothing to show for their efforts. If I recall correctly mega.nz and other storage facilities operate along the same lines.
As to the requirement for a phone number, yes they do require a phone number. However, unless they've changed something recently, you can use a free or paid for, burner phone number for verification. The caveat is that if you ever have to recover your account or future verification, you may or may not have access to that number if you used a free service. So, that might be a consideration.
Also, some free services might not work while others will. If signing up for a paid account, burnerapp.com for instance, will allow you to sign up via their website, however you can't use a VPN. WiFi can be acquired at any coffee shop. If you prefer more private methods of payment for these services, there are those that accept crypto.
So, there are 'options.' You just might have to jump through a few hoops to get there.
Secondly, Signal is open source, no? The whole shebang including the protocol is open source. Where might 'they' be putting the backdoor to intercept encrypted messages? I can tell you this, the day the world finds out that the US govt has successfully cracked strong encryption ciphers, is the day you are going to see a lot of movement on this planet. From billion dollar corporations, private entities, governments, and even ne'er-do-wells on Signal.
I'm no 'fanboy', tho there is a lot to be a fan of. I'm not getting any kickbacks, compensation, or monetary advancements. If I need to be schooled, please do share.
Signal does plan to add a paid for service as well as their free service.
like this
giantpaper likes this.
Well, I'm not trying to convince you of anything, however, you can convince me if you'd like. Do you have some substantiating evidence or documentation for such claims? I am aware of improvements to AES256 down through the years, and I am aware of side channel and timing attacks. Not to be discounted, but those are largely theoretical attacks. In addition, most modern computers have mitigated the possibilities of such attacks with hardware instructions for AES to protect against timing-related side-channel attacks.
The NSA reviewed all the AES finalists, including Rijndael, and reported that all of them were secure enough for U.S. Government non-classified data. However, in June 2003, the U.S. Government announced that AES could be used to protect classified information. Now you could conspiriaze that in 2003, the govt played dumb and said that AES was good enough for classified information when they knew they could blow through it like weak toilet paper, but then again, we (America) are not the only country on the planet despite what some people think, and I am quite certain that other governments have made certain their encryption techniques are 99.999% secure for classified documentation and data.
Signal would only shrug and hand them metadataSo at the very least by using Signal the government can know everyone you communicated with, at what time and where. And still is considered a private messenger. Amazing.
As clients upgrade, messages will automatically be delivered using sealed sender whenever possible. Users can enable an optional status icon that will be displayed in the detailed information view for a message to indicate when this happens.
These protocol changes are an incremental step, and we are continuing to work on improvements to Signal’s metadata resistance. In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development.
signal.org/blog/sealed-sender
In reading about the Sealed Sender protocol, as I understand, it redacts whom you've contacted. However, the metadata does include timestamps. I have no dog in this hunt as 99% of my messages are whispered into someone's ear. Still, one must implicitly trust the receiver of such whispered messages. I honestly don't care what app you use. Those choices are ultimately yours and yours alone and hopefully dependent on who you entrust with your data. This is just an interesting dissection of Signal and privacy/anonymity for the muse.
In the end, we all trust some entity whether it be your ISP who has your bank account info and residential address and can tell when you're downloading 150 gigs of Linux distros overnight even with a VPN, a bank with every last transaction you authorize, the time/date, or government to which we pay income taxes who has pretty much all the info they would need to show up at your doorstep. If your threat model precludes all the above, I would recommend whispering and disconnecting from society. I honestly do not see any other way.
Technology preview: Sealed sender for Signal
In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users.Signal Messenger
like this
giantpaper likes this.
Signal over the past few years has been exposed for having flaws in its security integrity. Even the president's current administration has had a leak issue by using the platform, Signal.
Once again, they ask for your phone number. Anything they ask for your phone number, if your phone number is tied to your identity, can easily be revealed to reveal who you are.
like this
☆ Yσɠƚԋσʂ ☆ likes this.
This is the core of the issue, and it's wild how many people don't get it.
Your phone number is metadata. And people who think metadata is "just" data or that cross-referencing is some kind of sci-fi nonsense, are fundamentally misunderstanding how modern surveillance works.
By requiring phone numbers, Signal, despite its good encryption, inherently builds a social graph. The server operators, or anyone who gets that data, can see a map of who is talking to whom. The content is secure, but the connections are not.
Being able to map out who talks to whom is incredibly valuable. A three-letter agency can take the map of connections and overlay it with all the other data they vacuum up from other sources, such as location data, purchase histories, social media activity. If you become a "person of interest" for any reason, they instantly have your entire social circle mapped out.
Worse, the act of seeking out encrypted communication is itself a red flag. It's a perfect filter: "Show me everyone paranoid enough to use crypto." You're basically raising your hand.
So, in a twisted way, Signal being a tool for private conversations, makes it a perfect machine for mapping associations and identifying targets. The fact that it operates using a centralized server located in the US should worry people far more than it seems to.
The kicker is that thanks to gag orders, companies are legally forbidden from telling you if the feds come knocking for this data. So even if Signal's intentions are pure, we'd never know how the data it collects is being used. The potential for abuse is baked right into the phone-number requirement.
The leak from the administration was because Pete Hegseth included a journalist in a discussion about sensitive war plans. Trying to blame that on Signal is deceptive on your part.
If you are saying that Signal does not offer anonymity then you are right. Anyone I message on there knows it's me. But Signal is still keeping my messages safe from monitoring and third-party surveillance, to the best of my knowledge.
Maeve likes this.
Are you talking about the client app, or about the service?
Much of what you said doesn't apply to the service, which stores hashed phone numbers and first access / last access times and nothing else.
And the client does store these things, but also lets users delete messages and contacts. Your message deletions can propagate as well.
stores hashed phone numbers and first access / last access times and nothing else.
Even if this weren't false (otherwise they wouldn't be able to connect to your existing contacts), that's a "just trust us" claim. You give them your phone number, you should assume they have it and not "trust them" to hash it like its a password.
And the client does store these things, but also lets users delete messages and contacts. Your message deletions can propagate as well.
Not that its that important, but its yet another just trust us claim.
like this
Maeve likes this.
You literally don't understand how hashing works, got it. Please educate yourself on this topic. In short, "connecting your existing contacts" is ENTIRELY possible with hashed phone numbers; it's not even complicated or tricky. To claim otherwise, as you just did, is nothing but trumpeting your own ignorance.
As for deleting (and propagating deletion of) messages, this is most definitely NOT a matter of "just trust us". The client is open-source! We KNOW how it works. We KNOW that deletion propagates across devices when you tell it to. We KNOW that the service cannot see your unencrypted messages, and that the encrypted messages are made with AES so even quantum computers in the future can't decrypt them. This is incredibly far from "just trust us".
If it is tied to a phone number then any information connected to the phone account will be connected to the signal account identity. And any identifying information attached to the method used to pay for the phone account will be attached to the phone account and consequently the signal account.
Typically people pay using credit or debit cards, so the identifying information of those bank accounts become attached to your signal account.
like this
Maeve likes this.
You can use whatever app you like, but I think this adds confusion.
Signal is private because no one can see your messages except the people you are messaging. The government can't, Signal themselves can't.
Signal is not anonymous only in the sense that the government can check if you use Signal. That's it. They can tell if you use Signal. They can't link messages to your number in any way through data requests, etc.
Not forcing anyone to use Signal, but if you choose to, you can know it is private.
(So this post is confusing privacy with anonimity basically)
Try looking up "privacy vs anonimity" (or a similar search query). You may find that your post is talking about anonimity, not privacy.
Signal is private.
Did you look it up?
Yes, as I said, the government can tell if you use Signal or not by asking Signal (by providing Signal a phone number and asking if they have a record of it).
It's not anonymous in that sense, but it is still private because your messages cannot be revealed by such data requests.
How are you still unable to differenciate privacy and anonimity.
And you are calling us stupid for using Signal...
Seriously, use whatever you are comfortable with, but don't spread misinformation and panic.
Privacy: You knowing who I am but not what I'm doing
Anonymity: You knowing what I'm doing but not who I am.
They know who you're in contact with, who you communicate with the most due to the phone numbers being linked to your account. On their own website they say people can add you by searching your phone number in the search bar. If your phone number was not stored, this would not even be possible. A reference (like a phone but with your number on display) would have to be used in order to confirm that your account is the one that is being searched. The reference is the phone number. It is not private. I am not the one talking about anonymity over and over you are.
From the very beginning I have been speaking on privacy. If they know your number and know who your number is in communication with they now know what you're doing (talking to person x)
Evennif it is encrypted the damn app is a worst choice than SimpleX the thing I recommended. You chumps want to argue so bad you are missing the point. PRIVACY. Like the name of the damn group you're in. Why get compromised privacy when you can get comprehensive privacy (simplex)?
Answer you are a hypebeast promoing the most popular "privacy app"
They know who you’re in contact with, who you communicate with the most due to the phone numbers being linked to your account. On their own website they say people can add you by searching your phone number in the search bar. If your phone number was not stored, this would not even be possible. A reference (like a phone but with your number on display) would have to be used in order to confirm that your account is the one that is being searched. The reference is the phone number. It is not private. I am not the one talking about anonymity over and over you are.
I've already covered the phone number conundrum further in this thread.
Answer you are a hypebeast promoing the most popular “privacy app”
Quite laughable. Have fun storming the castle bro.
What data breach could there possibly be? Phone numbers are already public information and that's literally the only info Signal has. Oh no! My phone number that's publicly available already has been released in a "breach"!
It's already been mentioned numerous times but you're confusing privacy and anonymity.
Per Cambridge Dictionary:
Privacy: someone's right to keep their personal matters and relationships secret
Anonymity: the situation in which someone's name is not given or known:
Using Signal, even after giving them your phone number, fits the definition of privacy in that matters discussed through the app are secret to anyone outside of the sender and recipient. Even if Signal is told to hand over messages, they can't, there's nothing to access on their end. Private? Yes. Anonymous? No.
like this
Maeve likes this.
- My neighbor knows who I am and where I live.....next door. He does not know what I do, other than observe that I ride a John Deer around in the fields and corn comes up shortly there after. Riding a John Deer in a field is observable by all public passers by. In public we are not guaranteed an expectation of privacy. He doesn't know tho, that I run a private sex dungeon and crack still in my basement.
- I'm a haxor diddling some server somewhere to gain access. The server admin can see what I'm doing and indeed would have a record of what I was up to including any associated IP addresses, but wouldn't know me from Adam's house cat if I were truly conducting my activities in an anonymous manner.
He does not know what I do, other than observe that I ride a John Deer around in the fields and corn comes up shortly there after. Riding a John Deer in a field is observable by all public passers by.
So because he knows only a limited amount, that's the distinction between private and anonymous?
Signal is not your neighbor. Signal's DB stores phone numbers and knows who you are, and who you talked to, and when. Are the people you talk to considered "public", to a US-based corporation?
like this
Maeve likes this.
So because he knows only a limited amount, that’s the distinction between private and anonymous?
It is my distinction, yes. There are many other distinctions like it, but this one is mine based on my threat model. Now, if you'd supply your definition/distinction and threat model, then I can be pedantic about it as well. Or we can accept that, since we are talking about a wide swath of users, no one real definition suites all. If you'd like a similar exercise, hit Lemmy Self Host and pose the question, 'What is self hosting? Is hosting on a VPS considered self hosting or is a home lab considered self hosting'. Report back please.
Signal is not your neighbor. Signal’s DB stores phone numbers and knows who you are, and who you talked to, and when
You know the part in the Signal setup where it asks you for your phone number for verification purposes? You do know Signal does not prohibit the use of temp phone numbers. You can try as many as you like until you get one to work (if you're relying on free temp phone) One phone number not giving you any joy, tap 'Wrong number' and try again, or use a paid for burner phone service such as MobileSMS.io (which is specifically recommended for Signal), Burner, Quackr.io, Temp-Number.com, or there are reports of using Google Voice, if you dare tread those waters.
As clients upgrade, messages will automatically be delivered using sealed sender whenever possible. Users can enable an optional status icon that will be displayed in the detailed information view for a message to indicate when this happens. These protocol changes are an incremental step, and we are continuing to work on improvements to Signal’s metadata resistance. In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development. signal.org/blog/sealed-sender
As I understand the Sealed Sender protocol, it does redact or seeks to redact the metadata of 'whom you contact and who contacts you'. Since 2024, Signal has introduced usernames to reduce reliance on sharing phone numbers. You can set a username and hide your number from others, though it remains in the database for account purposes. Sooooooo....find you a temp burner phone number to use.
As I've said early on, I have no dog in this hunt. You can use Signal, Simplex, Smoke Signals, design a new enigma machine, whatever. My corn is going to grow regardless and my neighbor will still not know about my sex dungeon and crack still. LOL
Technology preview: Sealed sender for Signal
In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users.Signal Messenger
Maeve likes this.
Yes, we get it. You don't consider it "private" because you are using your own personal definition of the word, and getting all fucking bent out of joint because the definition you just fucking made up all on your own doesn't match what other people mean when they say the fucking word. WE FUCKING GET IT. END OF THREAD.
Dude, these are problems that people have been dealing with on the Internet for more than 30 years now. Not only do we have precise vocabulary that you have not bothered to educate yourself on, WE HAVE SOLUTIONS TO THESE FUCKING PROBLEMS. These are ANONYMITY issues, not PRIVACY issues. If you want an anonymous messaging platform, FUCKING USE AN ANONYMOUS MESSAGING PLATFORM. It's not fucking rocket science.
Please spare us the autism and read a fucking RFC.
You keep saying this. But you never offer any proof. Everyone keeps telling you why there is a distinction but you keep conflating the two, and here you are flat out bullshitting. It is in fact private.
What is your point? I am beginning to think YOU are propaganda. Or an idiot.
Started to write a long paragraph to explain the difference between privacy and anonymity but I now believe this new user is (no idea why) collecting engagement via rage bait. I won't participate in their posts anymore.
It might even come from a good place, namely trying to always do "better" and be "more private" but in practice it's just lead to confusion.
When this US service has your phone number (meaning your real name and address), then what is the point of making this distinction? Is them having my address private?
No one should have this info, regardless of how you every person differently defines "privacy" vs "anonymity"
like this
Maeve likes this.
Just because you know where I live doesn't mean you know what's going on in my house
See the difference?
Words have meaning
mean you know what's going on in my house
Signal knows the real identities of everyone you talk to, and when. Is that not "knowing what's going on in your house?"
like this
Maeve likes this.
what is the point of making this distinction
because they are completely different things
like this
Maeve likes this.
No, it's a private and secure protocol (not corporation) thanks to end to end encryption. You can evaluate the protocol yourself with your own eyes, except clearly you cannot read, but modulo that.
Newsflash, chuckles: your IP address IS NOT ANONYMOUS. Any private protocol you use without going through Tor, i2p, or some similar anonymizing network IS NOT ANONYMOUS.
You're attacking a strawman. Neither Signal nor anyone else has claimed the protocol or the service are anonymous. Which, yes, is something that every user should know before trusting it. They should understand what it means and what the consequences are. I'm honestly not sure you're even there.
thanks to end to end encryption. You can evaluate the protocol yourself with your own eyes, except clearly you cannot read, but modulo that.
This means nothing when you have no idea what code the server is running, they even went a whole year without publishing their server code updates, until they got a lot of backlash over it. Real security doesn't require a "just trust us" claim.
Also, metadata is content. Even if they don't have the message text, Signal still has the real identities of everyone you talked to, and when. With that you can build social network graphs, which are far easier to harvest and more useful anyway than trying to read through message content and determine meaning.
like this
Maeve likes this.
Signal allows you to speak confidentially, therefore it is private. It is not, by default, anonymous. Yes, this plus the centralized server mean that potentially dangerous metadata, like relationship maps, can be collected. All indications are this isn't the case, but that's not something you can count on.
If you need anonymity, which you probably do at least a bit, use simplex. And yes, having more people using anonymous services like simplex is a good thing for the community as a whole. That said, I'm not going to try to convince all of my friends to use simplex. It's just too far from the mainstream, missing too many features. Signal is a sufficient compromise for most people, and it's sufficient for me for most purposes.
My phone number was leaked, I don't know how and it really sucks. It probably happened before I started caring about privacy. and all these phone number aliasing services either don't operate in my region or cost too much money.
National Security Letters
Since the first national security letter (NSL) statute was passed in 1986 and then dramatically expanded under the USA PATRIOT Act, the FBI has issued hundreds of thousands of such letters seeking the private telecommunications and financial records …Electronic Frontier Foundation
like this
Maeve likes this.
I'd say the two are different but related.
Seems OP is discussing the loss of anonymity, but the below ARE privacy concerns:
* Someone obtaining my number who does not absolutely need it
* Someone knowing who I am, and knowing I do or do not use a service
Granted that it is difficult to completely obfuscate some aspects of your identity.
Because it has become extremely popular, that's just how it goes. At one point, even Telegram was recommended for being super secure or private, but the privacy is mild on Telegram at best.
But by comparison to Instagram or Whatsapp, it's how the gram looks like Privacy Central, so it was recommended. Now, Signal is replacing that role.
Signal is more private than the sus apps like IG, Facebook, etc. Yes. But only because those apps are so bad.
Maeve likes this.
Matrix's encryption algorithm was broken for a while and when it was fixed it it took app devs years to migrate to the new requirements. It still might even be the case for a lot of them, I haven't looked in a while.
SimpleX should be secure AFAIK though, but I've heard that it may not be able to scale well to larger user bases. It seems everything has pros and cons.
2FA is important, but if you use your phone number for anything, you have no idea how long they retain it, how they directly use it, if they sell it, etc. A real phone number can be mapped back to you trivially.
It should be standard to offer TOTP codes that can be used via an authenticator app, hardware key, etc. Aome places do, many do not.
But at the end of the day, they typically don't ask for your phone number because they want to give you security, but rather as a proxy to ensure you have a unique identity. Most people will have only one phone number, and it will be more difficult / costly to get additional ones than burner emails, etc.
Anyway, eg.in Vivaldi 2FA is safe and apart optional, as also the account itself, only needed when you want to use sync or the use of Vivaldimail, blog and other services it offers. In much other services it's also only an option.
what information is provided to an entity about whom."Content" and "Context"
Why is only message text considered "information / content / context" here. Signal has your real name and address via phone numbers, and has every other real person you talked to, and when. Why is "message text" considered context, but social networking graphs aren't?
All these definitions are highly subjective, and the above one clearly considers social networking graphs to not be "content". Basically they've re-defined privacy in a way that excludes highly sensitive information like everyone you talk to, and when.
like this
Maeve likes this.
Seriously. I'm getting really sick of OPs take, it is a fundamentally flawed and ignorant understanding of what privacy and anonymity are.
If I'm at work and I need to speak to someone in private, we can go in a room and close the door. That's a PRIVATE conversation. It doesn't mean that nobody heard me say "hey Bob, can I talk to you for a minute?" It doesn't mean nobody saw us go in there and shut the door. The conversation is still private.
It's NOT private if someone is listening up against the door, or if there's a recording device in the room (in our analogy most messenger services and protocols fit here).
Signal IS PRIVATE CONVERSATION. But there's metadata about who is talking to whom, and it's NOT anonymous for the reasons OP pointed out, even if OP is a rabble rousing idiot.
Signal is private, free, accessible, and has a good feature set. Their foundation is a nonprofit with ethical motives, and it's widely adopted worldwide because it fills a very real, very necessary niche.
Signal is NOT anonymous. If you want to be anonymous online you've got a lot, possibly an insurmountable amount, of work to do. Signal should not be a part of that because it's NOT anonymous.
Quit strawmanning a good thing because it's not what you're looking for.
support.signal.org/hc/en-us/ar…
That is a compromise of privacy. If those hackers used those phone number to access any account by using unique methods those users privacy would be utterly lost.
It is certainly a lack of security. I wanted to emphasize how it's also a problem for privacy. People in the thread are now having an imaginary argument about anonymity, even though this has never been something I've been confused about. However, it is something that one of the users pulled up, and now they all are harping on it over and over.
Since my phone number is one of my personal belongings, although abstract, if I hide it from you, it is private. If I reveal it to you, it is not. Since it is associated with me, revealing it to you lowers my privacy, as it is one more thing revealed that belongs to me.
These fools can't even comprehend this, literally.
Dr. Wesker
in reply to fellagha • • •fellagha
in reply to Dr. Wesker • • •jack [he/him, comrade/them]
in reply to fellagha • • •MynameisAllen
in reply to fellagha • • •