jsgohac 4 years ago • 100%
Thats a good question that I would like to understand better. On first glimpse, FF provides protection “against fingerprinting by blocking third-party requests to companies that are known to participate in fingerprinting”.
Maybe that targeted approach is as good or better than heuristics but will take a closer look later.
jsgohac 4 years ago • 100%
Very interesting ... sort of surprised to see digitalocean leading on an onion service:
DigitalOcean provides Onion Routed Cloud as an application in its marketplace. All you need to do is click ‘Deploy’ and the script will automatically configure ORC on a Ubuntu 18.04 server.
jsgohac 4 years ago • 100%
It is such a simple, quiet extension it was not clear to me if it did anything. Was surprised to see how much design went into it.
jsgohac 4 years ago • 100%
Pretty good list.
In terms recommending Privacy Badger, I was recently reading privacy possum’s analysis of it (he says he worked on PB at eff for 6 months) and how it drops the ball somewhat on fingerprinting
Here is a link: https://github.com/cowlicks/privacypossum
and a main point is this:
Privacy Badger's fingerprinting blocking has a large deficiency, when fingerprinting is detected, the origin is marked as tracking (not the URL). So everything from that origin is blocked in a 3rd party context. This is a problem because it can lead you to block everything from a cdn. To get around this, Privacy Badger adds CDN's to the "cookieblock list". This prevents cookies from being sent to origin's on the list. However, it then prevents fingerprinting scripts from being blocked, thus allowing fingerprinting.
I’d be curious to hear about other addons like decentraleyes, etc.
jsgohac 4 years ago • 100%
While it would be enjoyable to see someone take down this idea that egregious wealth consolidation at the top is OK so long as the rest of the world is equally serfish, I agree with this:
Unfortunately, much gloomier forecasts seem more plausible. The trade and technology war between China and the United States, while perhaps understandable from a narrow U.S. strategic point of view, is fundamentally pernicious from the global point of view. It will prevent the spread of technology and hamper improvements in living standards across large swaths of the world.
jsgohac 4 years ago • 100%
And then sites that will not serve users who are not using technocracy approved browsers like this new Chrome with built-in forbid lists, tracking, and compulsory advertising.
jsgohac 4 years ago • 88%
It is a little sad/ironic that decentralised spaces rely on centralised services to reach audiences, a bit like bitcoin largely depending on fiat. One of my problems with something like peertube or ipfs is not being able to find much content — which is traditionally solved by centralised indexing.
Perhaps this is an opportunity to improve discoverability issues.
“fediverse” apps (groups of interconnected servers used for web publishing) from the Play Store
jsgohac 4 years ago • 100%
Not sure about always. Wouldn’t an attention seeking troll posting something controversial enjoy tons of comments instead of downvotes? I guess a protocol is to upvote your favourite dissent instead of commenting?
jsgohac 4 years ago • 100%
Without a downvote button on an open, largely user moderated forum, you may very well start seeing more users appeal to mods. For example: “mods, can you remove/ban any Delete Facebook comments? OP is clearly asking how best to use it privately, not delete it”
jsgohac 4 years ago • 100%
What’s next? Facebook starts crying foul when ios 14 shows apps secretly accessing the microphone?
jsgohac 4 years ago • 100%
there were some 700,000 young mink on fur farms in the Netherlands, national statistics agency CBS said last week.
ug
jsgohac 4 years ago • 100%
Great point. Flashing back to hours spent scouring hkey local_machine..._run, services.msci, add/remove What a nightmare windows is.
jsgohac 4 years ago • 100%
Fair enough ... in some places the habitat "comes alive" around March 21 and seems like a start of something new as opposed to everything frozen solid in Jan, but advocating for marking the rebirth of the sun has been working great for millennia.
jsgohac 4 years ago • 100%
Especially if this is true:
Facebook’s stock jumped more than 5% on the news. Wedbush analyst Michael Pachter said the market sees Apple’s new rule as likely to shift demand toward Facebook’s own targeting system.
http://www.dailyjournal.net/2020/08/26/us-facebook-apple-revenue/
jsgohac 4 years ago • 100%
I noticed you left Facebook out of that forbid list. It would be funny if they took React proprietary.
jsgohac 4 years ago • 100%
Zuck and Cook should settle this the old fashioned way
“Ink-a-dink, a bottle of ink," I recited as I pointed back and forth between the two boys, "the cork fell out, and you stink."
jsgohac 4 years ago • 100%
I would go so far as to say that earth based calendars might benefit from starting at an equinox instead of the height of (winter or summer), months should start at new moon, and days should start around sunrise instead of the middle of night. Space travellers will need a more universal calender.
Permanent, year-round standard time is the best choice to most closely match our circadian sleep-wake cycle
jsgohac 4 years ago • 100%
That note about plaintext email trended on another site and I thought it smelled like turd. This fact about it originating from a MS employee puts it in a proper light.
The author of the criticism, and sr.ht site operator, has some interesting commentary. His comments after mozilla layoffs were pretty blunt.
IMO, MS has embraced not just github and npm but node js itself and seems a threat to embrace extend extinguish javascript engines and committee standards.
Today, I discovered this article, “Relying on plain-text email is a ‘barrier to entry’ for kernel development, says Linux Foundation board member”, a title which conveniently chooses to refer to Sarah Novotny by her role as a Linux Foundation board member, rather than by her full title, “Sarah Novotny, Microsoft employee, transitive owner of GitHub, and patroness saint of conflicts of interests.”
jsgohac 4 years ago • 100%
In version 3, users are no longer clicking on school buses and crosswalks but rather the google script silently observes our regular page interactions in the background, making a determination of the user (or bot) based on behaviour fed into algorithms derived from machine learning. That is a scary aspect of it, we don’t know when we are being observed.
jsgohac 4 years ago • 100%
I know many people love HBO, but it would be nice to see some other alternative arise to this entity owned by the AT&T beast.
On October 22, 2016, AT&T announced an offer to acquire Time Warner for $108.7 billion (including assumed Time Warner debt). The proposed merger was confirmed on June 12, 2018,after AT&T won an antitrust lawsuit that the U.S. Justice Department filed in 2017 to attempt to block the acquisition.[9] The merger closed two days later, with the company becoming a subsidiary of AT&T. (https://en.wikipedia.org/wiki/WarnerMedia)
Example EFF suit against ATT: https://www.eff.org/document/scott-v-att-geolocation-complaint
EFF is now suing AT&T for selling this data without users’ consent and for misleading the public about its privacy practices
jsgohac 4 years ago • 100%
I spent about 5 minutes looking for a good link and could not find one on a privacy respecting site -- was the best I could find as cnbc bounced me for adblocking.
jsgohac 4 years ago • 100%
I do not know much about android development and its development norms and practices, but I do wish customer service would refrain from bringing geopolitics into their support cases.
What appears to be their github seems pretty stale: https://github.com/onyx-intl
jsgohac 4 years ago • 100%
hard to find a link that isn’t full of trackers and adblock blockers
Facebook on Wednesday acknowledged that Apple’s upcoming iOS 14 could lead to a more than 50% drop in its Audience Network advertising business.
Facebook had previously warned that iOS 14 could impact its advertising business, but the company’s blog post Wednesday outlined just how specific that impact could be. The Facebook Audience Network allows mobile software developers to provide in-app advertisements targeted to users based on Facebook’s data.
...
Facebook’s stock jumped more than 5% on the news. Wedbush analyst Michael Pachter said the market sees Apple’s new rule as likely to shift demand toward Facebook’s own targeting system.
http://www.dailyjournal.net/2020/08/26/us-facebook-apple-revenue/
jsgohac 4 years ago • 100%
Interesting about the cost of identification.
In terms of competition, I was seeking to distinguish between browser competition (eg chrome vs firefox, “edge”, safari, qt, falkon etc) and ad platform competition (doubleclick vs facebook, bing, amazon, apple, etc) but in some ways its all the same ha and your look at the trackers themselves makes a lot of sense
jsgohac 4 years ago • 100%
Because you would break the riddle of the sphinx:
The sphinx asked him this riddle: What creature goes on four feet in the morning, two at noonday, and three in the evening?
jsgohac 4 years ago • 100%
advertising competitors right? I saw another article with smaller adtech companies bemoaning FB and Google emerging walled gardens
According to its [Google's ReCaptcha 3 blog post](https://webmasters.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html) this service "runs adaptive risk analysis in the background to alert you of suspicious traffic while letting your human users enjoy a frictionless experience on your site" [Eff coverage](https://www.eff.org/wp/behind-the-one-way-mirror#Part2) outlines how this benefits Google: > ReCAPTCHA scripts don’t send raw interaction data back to Google. Rather, they generate something akin to a behavioural fingerprint, which summarizes the way a user has interacted with a page. Google feeds this into a machine-learning model to estimate how likely the user is to be human, then returns that score to the first-party website. > In addition to making things more convenient for users, this newer system benefits Google in two ways. 1. it makes CAPTCHAS invisible to most users, which may make them less aware that Google (or anyone) is collecting data about them. 2. it leverages Google’s huge set of behavioural data to cement its dominance in the CAPTCHA market, and ensures that any future competitors will need their own tranches of interaction data in order to build tools that work in a similar way.
jsgohac 4 years ago • 100%
And Grab is 23% owned by uber
Uber's right to redeem its 23% stake in Grab for cash was revealed in the U.S. ride-hailing giant's initial public offering prospectus released Thursday. This suggests a possible time frame for when Grab is planning to launch its own IPO.
as of Apr 19 per https://asia.nikkei.com/Business/Startups/Grab-faces-2bn-payout-to-Uber-if-no-IPO-by-2023
so maybe it will be vastly improved ha
jsgohac 4 years ago • 100%
It seems that they are trying to get out ahead of regulations and help define how identity tracking tools emerge. Or maybe google really is our friend ha
Earlier this year, a plan was announced on the Chromium blog to make third party cookies obsolete ... > we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete. Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome. Our intention is to do this within two years.
The following is a summary and highlights from an article appearing on adweek, provided by an identity resolution technology supplier. The claims may be exaggerated for sales purposes, but it is interesting to see one idea for getting around GDPR and other regulations. The disturbing idea that GDPR and other privacy regulations creates the role of brands as protectors of its users profile shows how business doubles down on privacy challenges. Nothing short of Wall St selling shares of companies violating privacy laws will change the privacy landscape. --- Europe's GDPR battle has made clear the writing on the wall as changes including: - over 60 countries announcing data privacy laws - several US states commencing consumer privacy protection - tech giants becoming involved in privacy regulation - Google introducing "anti-fingerprinting" in Chrome - Facebook Pixel disconnecting from user histories demonstrate that plans for content creation, targeting and attribution models will need to adapt to life without tracking pixels, cookies, and fingerprints. However, a Salesforce survey indicated that over 75 percent of consumers expect brands to provide customized experiences. Therefore, enter "Identity Resolution", the fabric which enables a clear and accurate picture of a consumer's "omnichannel journey". > By integrating identifiers across available touch-points and devices with behaviour, transaction and contextual information, a cohesive and addressable consumer profile can be constructed for marketing analysis, orchestration and delivery. User profiles may be developed in this way and pseudonymous IDs like mobile ad IDs (MAIDs) and cookies help construct cross-device identities. Identity covers three areas: 1. online and offline data collection 2. resolution of partial profiles into persistent, unique profiles 3. maintenance of the identity over time as factors change. > technology that collects and matches disparate data sets in a privacy-compliant manner are key to creating the persistent identity at the heart of customer-centric omnichannel marketing. Consolidating partial profiles into single, persistent sources of truth improves the consumer's omnichannel experience and helps safeguard his or her privacy requests. Identity resolution is a win-win. > As consumers move through various marketing channels, they give consent for technology to collect and analyze information such as cookies, email addresses, device IDs, site visits and past purchases. Identity is a symbiotic relationship. ## References 1. GDPR-Era Privacy Laws Demand a New Approach to Identity: https://www.adweek.com/partner-articles/gdpr-era-privacy-laws-demand-a-new-approach-to-identity/
jsgohac 4 years ago • 100%
Twitter came a long way out of the basement with its SMS messages into being key player in the surveillance capitalism, inside sales cabal. If it was the plan all along, well played Dorsey.
Here is a not-CNN summary if anyone else does not want: https://m.slashdot.org/story/374171
jsgohac 4 years ago • 100%
I sometimes catch myself thinking that a small team could maintain a modern browser. Then I come back to earth after reading something like “Security Vulnerabilities fixed in Firefox 80” : https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
jsgohac 4 years ago • 100%
Interesting stuff and quite a rabbit hole. One article claiming early_data could survive browser restarts seemed to light a fire. I started building a tls 1.3 node server to see what type of values could be set, but will have to revisit when more time avails. This list of extensions is interesting: https://tools.ietf.org/html/rfc8446#section-4.2
jsgohac 4 years ago • 100%
This is a little vague to me, but seems as though he feels others will carry on:
In either case, I consider myself extremely lucky to have people that can manage the project in future, and can only imagine what it would be like for someone without that luxury. I can't help shake the feeling that somewhere, the software I use is being developed solely by volunteers who would rather quit, but don't have the ability to say "no". This post has been delayed for that very reason, especially when so many people have given so much, and I feel they deserve a proper goodbye. At this point though, I can't find the strength to leave on better terms.
And in case instances.invidio.us shuts down at the same time, here is a current list of instances:
- invidio.us
- invidious.snopyta.org
- yewtu.be
- invidious.tube
- invidious.13ad.de
- invidious.xyz
- invidious.site
- vid.mint.lgbt
- invidiou.site
- invidious.fdn.fr
- invidious.toot.koeln
- invidious.ggc-project.de
jsgohac 4 years ago • 100%
I usually keep a copy of the fedora xfce spin handy in case I blow up a new install of some random distro and need to revert to something known.
jsgohac 4 years ago • 100%
yep, as long as a main target is an html display, it makes sense. in my case, I take notes in a way that restrains my syllable count to about 10-15 per line to encourage conciseness and my target is pdf—not a use case I expect markdown to accomodate, but it would be nice if I could tell pandoc to preserve new line but pandoc defers to md rules
jsgohac 4 years ago • 100%
Thanks for sharing that, I was looking at ssl handshakes as a possible supercookie for advertisers, but this is next level stuff. Will dig in.
jsgohac 4 years ago • 100%
thanks, true. my peeve is with disregarding normal newlines. from a utilitarian point of view it probably makes sense, just a personal pet peeve.
jsgohac 4 years ago • 100%
glaring issues with markdown like double spaces for newlines and so on that are just bad design.
this one drives me nuts. I read an issue on this and the markdown people were insistent on letting text flow through newlines
Researchers showed it is possible as of Oct 2018 to track users via TLS Session Resumption. Zdnet covers it with an article ( https://www.zdnet.com/article/advertisers-can-track-users-across-the-internet-via-tls-session-resumption/ ) though the linked paper is fairly readable. Among interesting observations, they note: > Google and Facebook, two of the world's largest advertising firms, used abnormally large TLS Session Resumption lifespans of 28 hours and 48 hours, respectively Countermeasures: > The recommended upper limit of the session resumption lifetime in TLS 1.3 of seven days should be reduced to hinder tracking based on this mechanism. We propose an upper lifetime limit of ten minutes based on our empirical observations. > We note, that more than 80% of the Alexa Top Million Sites restrict the session resumption lifetime to less or equal to ten minutes by their own choice and 27, 7% of all revisits of a site occur during this period. Furthermore, the average visit duration of popular websites is of the order of ten minutes, thus this lifetime limit hinders the correlation of multiple page visits by the same user. Browser vendors should address the issue of third-party tracking via TLS session resumption, either by deactivating session resumption for third-parties or by allowing only session resumptions to third-parties if the first party site is identical. There was an issue that mentioned this in ghacks-userjs issues list (https://github.com/ghacksuserjs/ghacks-user.js/issues/643) > Picture this: You do a google search and get a SSL Session ID, then you change VPNs, and return to google and search for something else. The SSL Session ID absolutely tracks you 100%, whereas disabling it, only makes you part of a very very small group (if used for tracking: and it is server side). > Also consider that Firefox keeps this for up to 24 hours, which is outrageous IMO. Other browsers are much quickly at releasing them Furthermore, for firefox it is suggested here (https://www.ssl.com/article/tracking-users-with-tls/) that this behavior can be avoided by setting the following preference to true: "security.ssl.disable_session_identifiers" EDIT: As mentioned in https://bugzilla.mozilla.org/show_bug.cgi?id=967977, this preference is not included by default and must be set manually. Some pre-configured user.js for firefox include it.
jsgohac 4 years ago • 100%
Your use directly jeopardizes Google's ability to make cultural works available to the world. As such, we would appreciate your voluntarily removing this content.
sad state of affairs
jsgohac 4 years ago • 100%
The tildes model (though invite only) seems appealing ... here is a breakdown of their costs and donations:
and on tildes potential lack of funding
What if you don't get enough donations to run the site full-time?
One of the best parts about avoiding venture capital and other forms of investment is that there's no pressure. Tildes doesn't have to reach certain thresholds of traffic or revenue to prevent shutting down. The worst case is just that I end up running Tildes as a side project, and hope that it eventually grows to a point where it's sustainable to work on full-time.
granted, one main goal for lemmy is federation so approaches may vary, but in any event an influencers sheeple eyeballs revenue VC model is not the only one
jsgohac 4 years ago • 100%
what kind of funding do you mean? I hope this remains true for the life of lemmy:
Lemmy is free, open-source software, with no advertising, monetizing, or venture capital, ever.
also, do we really want influencers and sheep?
An analysis of DRM in Linux kernel.
Rise of the Council of Plebs in Rome, 500 BCE > Tensions between the two classes continued to grow, especially since the poorer residents of the city provided the bulk of the army. They asked themselves why they should fight in a war if all of the profits go to the wealthy. Finally, in 494 BCE the plebians went on strike, gathering outside Rome and refusing to move until they were granted representation; this was the famed Conflict of Orders or the First Succession of the Plebs. The strike worked, and the plebians would be rewarded with an assembly of their own - the Concilium Plebis or Council of the Plebs. (via https://www.ancient.eu/Roman_Republic/)
Privacy disclaimer: Algo is not focused on privacy, but prioritizes security. You host it yourself on a cloud instance, so you are attached to a single IP. As an iphone user, I have not seen many good ad-blocking solutions and I sadly expect zero anonymity on mobile. Perhaps Disconnect was OK. I would like to know more if they exist. Algo gives an option to install an adblocker on your vpn server and it seems to work fairly well. You can set it up in under half hour and destroy your $5 instance as needed. You can use on desktop if you want, but I prefer dynamic IP VPNs when possible.
For five years running, Rust has taken the top spot as the most loved programming language. TypeScript is second surpassing Python compared to last year. We also see big gains in Go, moving up to 5th from 10th last year.
> U.S. Sens. Jeff Merkley and Bernie Sanders have introduced the National Biometric Information Privacy Act (BIPA) ... Most importantly, the bill empowers you (and the EFF) to sue businesses that break these rules.
> It would be an overstatement to say Microsoft now has an iron grip on JavaScript, a view that is rooted in fear among those who remember the time when Microsoft was openly hostile to open source, Murphy added. > "How you package for Node.js is hardly controlling the future of JavaScript," he said. "Microsoft does have a large play in JavaScript as a whole, but it is an open community."
In 1997, Eric S. Raymonds, The Cathedral and the Bazaar, prompts Netscape to release Navigator as free software. The tech industry was examining how to bring open source ideas, principles into commercial software. Some decided that social activism tendencies of the FSF (Free Software Foundation) unappealing, and looked for ways to rebrand free software movement to emphasize business potential. "Open Source" was decided upon and Linus Torvalds approved. Raymond in Cathedral and Bazaar, relates managing open-source project fetchmail, struggle between top-down (Cathedral) like emacs, bottom-up design (Bazaar) like Linux, "given enough eyeballs, all bugs are shallow", the more widely available, scrutinized, iterated, all bugs discovered. Inordinate time, energy spent in Cathedral model. Many lessons, principles inumerated.
Avoid commercial sites by adding your own flavor of top level domain (TLD) limitations, e.g. "(site:*.org OR site:*.net OR site:*.edu))" For example: instead of returning the top result on ahrefs.com, this query: - 'search operators "site" (site:*.org OR site:*.net OR site:*.edu))' makes it easier to find: "https://guides.lib.berkeley.edu/GoogleTips" in what would be a sea of SEO gamed results on .com domains. Reference: - https://guides.lib.berkeley.edu/GoogleTips