• 8 Posts
  • 775 Comments
Joined 2 years ago
cake
Cake day: June 20th, 2023

help-circle

  • It’s difficult to know that for sure, which is why (e.g.) the US government wants to make sure that there is domestic chip manufacture with a completely controlled supply chain to make hardware for classified communications. It can help to consider the difference between targeted surveillance (spending millions to tap the President’s phone, to get big juicy national secrets) and dragnet surveillance (tapping everybody’s phone so that you can have dirt on Joe Schmoe if he does something interesting later, even if he is of no particular interest right now). Hardware backdoors would be used mostly for targeted surveillance.

    Stuff like VPN’s and encrypted apps can be of considerable help against dragnet surveillance, which is what the civil privacy community mostly cares about. If you think you might be a subject of targeted surveillance, you have to be much more paranoid. Not just hardware backdoors in your computer, but suspicious white vans on your street, microphones in your flower pots, FBI agents under your bed, the whole bit.

    There are some countermeasures you can take against hardware backdoors (electromagnetically isolate a computer from the network and transfer data from it by floppy disc or similar) but basically you’re in a different world if you’re dealing with this.

    You mght like the book “Security Engineering” by Ross Anderson (older editions free online and still very good: https://www.cl.cam.ac.uk/archive/rja14/book.html and scroll down). It goes into this stuff, has lots of good overviews even if you gloss over the technical parts, and will generally help you see clearly in the topic.







  • I don’t bother with a proxy host or with LetsEncrypt, though I guess you could use LetsEncrypt perfectly well. Back when I was doing this, LetsEncrypt didn’t exist and you had to actually pay for public certificates, so using locally generated free ones saved money. It also had a minor(?) security advantage in that if the private server key somehow leaked, it wouldn’t let people impersonate our internet domain.

    For the private CA I simply used the crappy CA.pl script that comes with OpenSSL or did at the time. There are much better ways to do it, especially at any kind of scale, but CA.pl sufficed dealing with a few development machines.


  • Not sure what you mean. If you want to stay focused on the task, then try to do so. If you want to let it slide, then do that and get back to it whenever. It’s possible that you’ll completely forget or it’s possible that you will get back to it. Back in college there was a certain book (fiction) that I wanted to read. I finally got around to it 20+ years later. I’m glad that I read it and the delay wasn’t a problem. It wasn’t like it was bugging me for all those years. Something eventually reminded me of it and I followed up.




  • The initial post is a somewhat incomprehensible rant but I think the objection is that any number of skeezy websites all have domains pointing to the same Cloudflare IP. So when a malware app opens a TLS connection to one of those domains, the shared IP doesn’t tel you anything, and the ECH prevents you from seeing with Wireshark just whose home the malware is phoning. You have to resort to more drastic methods like intercepting DNS. Better yet, don’t run malware.


  • Not sure what you mean? He didn’t really care. Linux started out as a hobby project, and became usable at around the time that the GNU userspace was mostly sufficient for a full system, the Hurd kernel project bogged down from technical overreach (maybe still is), and BSD was bogged down by licensing snags (later fixed). The GNU project by then had somewhat quieted its naysayers by releasing some very impressive userspace code such as GCC and Emacs. Plus the X window system was a thing. So once there was a runnable complete GNU/Linux/X system, maybe it wasn’t for everyone, but there weren’t real doubts about its viability. I guess there was always more uptake in the server space though, and it’s still like that.


  • Nextcloud might handle what you want. There are a zillion places that offer hosting for it, or you can self-host it. MediaWiki is another possible choice, that despite the name is more document oriented and less media oriented than NextCloud is. Again, you can self-host, or there are commercial hosts for it. Lots of VPS providers also offer one-click installers for it. I haven’t run a MediaWiki instance myself, but am familiar with it as a user through editing Wikipedia. I’ve run Gitit, which has a similar UI, but is backed by a Git repo.





  • If people dont care enough to mess with their browser settings thenselves, then they can either a. join a privacy-focused Mastodon instance

    “Joining a privacy focused instance” is exactly an opt-out approach so the answer is exactly the same is before, opt-out is the wrong chocie.

    live with the fact that choices are being made for them. People need to take actions for themselves, we cant treat everyone like babies.

    It’s not that choices are being made for them, it’s that they are adversarial choices. There’s a difference between “treating everyone like babies” and being on their side. Users who want sites run by predatory jerks already know where Elon’s site is. The fediverse’s main appeal afaict is that it’s run by people who aren’t like Musk and Spez. That is, its operators can be trusted more. They should be looking out for the user. They should make choices for the user that the user would want them to make. Otherwise there is no point to it.

    This article looks good: https://www.wheresyoured.at/never-forgive-them/ :

    The people running the majority of internet services have used a combination of monopolies and a cartel-like commitment to growth-at-all-costs thinking to make war with the user, turning the customer into something between a lab rat and an unpaid intern, with the goal to juice as much value from the interaction as possible.

    I’ve only started reading it though. Anyway, if the fedivese has anything to offer, it’s a respite from that. Stop trying to ruin it.


  • The referer header tells the site which specific users and which specific clicks came from lemmy world. That’s flat-out invasive. Revealing the number of users (as Mozilla wants to do) is also invasive even if it doesn’t single out the user (of course that’s much less direct and people usually tolerate it until they become attuned to the issue).

    The thing to ask yourself when site X wants information Y is “what does X want to do with the information?”. If the answer can possibly be “something bad”, then X should not get the information unless the user opts into sending it. That is even if it’s statistical or aggregated information. Being included in the count is like casting a vote for X, which (as we see with Trump getting elected) can have significant effects even with no identification of the individual voters.