Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Hey everyone,
First off, a Merry Christmas to everyone who celebrates, happy holidays to everyone, and happy almost-new-year!
Tim and I are very happy with the year devRant has had, and thinking back, there are a lot of 2017 highlights to recap. Here are just a few of the ones that come to mind (this list is not exhaustive and I'm definitley forgetting stuff!):
- We introduced the devRant supporter program (devRant++)! (https://devrant.com/rants/638594/...). Thank you so much to everyone who has embraced devRant++! This program has helped us significantly and it's made it possible for us to mantain our current infrustructure and not have to cut down on servers/sacrifice app performance and stability.
- We added avatar pets (https://devrant.com/rants/455860/...)
- We finally got the domain devrant.com thanks to @wiardvanrij (https://devrant.com/rants/938509/...)
- The first international devRant meetup (Dutch) with organized by @linuxxx and was a huge success (https://devrant.com/rants/937319/... + https://devrant.com/rants/935713/...)
- We reached 50,000 downloads on Android (https://devrant.com/rants/728421/...)
- We introduced notif tabs (https://devrant.com/rants/1037456/...), which make it easy to filter your in-app notifications by type
- @AlexDeLarge became the first devRant user to hit 50,000++ (https://devrant.com/rants/885432/...), and @linuxxx became the first to hit 75,000++
- We made an April Fools joke that got a lot of people mad at us and hopefully got some laughs too (https://devrant.com/rants/506740/...)
- We launched devDucks!! (https://devducks.com)
- We got rid of the drawer menu in our mobile apps and switched to a tab layout
- We added the ability to subscribe to any user's rants (https://devrant.com/rants/538170/...)
- Introduced the post type selector (https://devrant.com/rants/850978/...) (which will be used for filtering - more details below)
- Started a bug/feature tracker GitHub repo (https://github.com/devRant/devRant)
- We did our first ever live stream (https://youtube.com/watch/...)
- Added an awesome all-black theme (devRant++) (https://devrant.com/rants/850978/...)
- We created an "active discussions" screen within the app so you can easily find rants with booming discussions!
- Thanks to the suggestion of many community members, we added "scroll to bottom" functionality to rants with long comment threads to make those rants more usable
- We improved our app stability and set our personal record for uptime, and we also cut request times in half with some database cluster upgrades
- Awesome new community projects: https://devrant.com/projects (more will be added to the list soon, sorry for the delay!)
- A new landing page for web (https://devrant.com), that was the first phase of our web overhaul coming soon (see below)
Even after all of this stuff, Tim and I both know there is a ton of work to do going forward and we want to continue to make devRant as good as it can be. We rely on your feedback to make that happen and we encourage everyone to keep submitting and discussing ideas in the bug/feature tracker (https://github.com/devRant/devRant).
We only have a little bit of the roadmap right now, but here's some things 2018 will bring:
- A brand new devRant web app: we've heard the feedback loud and clear. This is our top priority right now, and we're happy to say the completely redesigned/overhauled devRant web experience is almost done and will be released in early 2018. We think everyone will really like it.
- Functionality to filter rants by type: this feature was always planned since we introduced notif types, and it will soon be implemented. The notif type filter will allow you to select the types of rants you want to see for any of the sorting methods.
- App stability and usability: we want to dedicate a little time to making sure we don't forget to fix some long-standing bugs with our iOS/Android apps. This includes UI issues, push notification problems on Android, any many other small but annoying problems. We know the stability and usability of devRant is very important to the community, so it's important for us to give it the attention it deserves.
- Improved profiles/avatars: we can't reveal a ton here yet, but we've got some pretty cool ideas that we think everyone will enjoy.
- Private messaging: we think a PM system can add a lot to the app and make it much more intuitive to reach out to people privately. However, Tim and I believe in only launching carefully developed features, so rest assured that a lot of thought will be going into the system to maximize privacy, provide settings that make it easy to turn off, and provide security features that make it very difficult for abuse to take place. We're also open to any ideas here, so just let us know what you might be thinking.
There will be many more additions, but those are just a few we have in mind right now.
We've had a great year, and we really can't thank every member of the devRant community enough. We've always gotten amazingly positive feedback from the community, and we really do appreciate it. One of the most awesome things is when some compliments the kindness of the devRant community itself, which we hear a lot. It really is such a welcoming community and we love seeing devs of all kind and geographic locations welcomed with open arms.
2018 will be an important year for devRant as we continue to grow and we will need to continue the momentum. We think the ideas we have right now and the ones that will come from community feedback going forward will allow us to make this a big year and continue to improve the devRant community.
Thanks everyone, and thanks for your amazing contributions to the devRant community!
Looking forward to 2018,
- David and Tim
48 -
Watch 3 videos about iOS/Swift on YouTube, and now I'm getting a frontpage full of recordings of app development events and iPhone reviews.
Listen to one kpop track on Spotify out of curiosity, and now the recommendation playlist is polluted with music I really don't like.
If we are going to hand our balls to AI and expect it to be a glorious fondling fest, don't cry if it suddenly realizes "nuts? aren't those supposed to be cracked?".
I mean what's fucking next? Where will this "smart" shit end up?
I accidentally click on a my little pony meme, and amazon will drone-strike me with 500 gallons of glitter? I drunkenly mumble "OK google how do kangaroos fuck" in the back of a self-driving Uber, I'm going to be dropped off in a shady alley and raped by a dozen walibis?
STOP FUCKING TRYING TO UNDERSTAND ME, INTERNET. I JUST WANT TO FUCKING USE YOU, NOT BE USED BY YOU, THIS WASN'T THE DEAL.
If you truly understood me, internet, I would probably not even give a fuck about privacy. But you are all building these profiles wrong.
You don't understand that I might be interested in juggling tricks today, tomorrow it might be all about crocheting a wool sweater for my penis, and the day after that I'm curious how many corpses it would take to fill up an olympic swimming pool.
NO I'M NOT ACTUALLY INTERESTED IN THAT QUORA, STOP SENDING ME RECOMMENDATION EMAILS ON HIDING MURDER VICTIMS, MY BOSS WILL THINK I'M WEIRD.
Yeah of course I could pulls some plugs, anonymize the shit out of my online life. I respect those who manage to just say "Fuck you Google, I'm sick of your shit, I'm going cold turkey".
But these platforms are feeding us heroin-laced candy.
All your coworkers friends and family with their oled-lit zombiefaces, staring at tiny screens, all absent-mindedly grasping your ankles whispering "aww take one more hit with us, check out this funny youtube clip, let me send it to you on whatsapp.... what you don't have whatsapp? You deleted your facebook? don't you love grandma anymore? Why do you hate your family?"
Before you know it, you watched ten episodes about cultivating cactuses, have a year subscription to brilliant, skillshare, squarespace and 3 different organic foodboxes are delivered to your door, Netflix is spamming you about a cupcake baking show, and you're thinking about same-day delivery for a baseball bat so you can just beat the crap out of every pretty glass display you see.
I want to break up with you, Internet.
I love you, but I hate you.
Since you passed 2.0, you have grown into a manipulative bitch.
I just don't know if I'm strong enough. It's all "let's just be friends" with you, but I know you'll be trying to reel me back in.
Before I know it, you're feeding me cookies once again, and I'll end up balls deep with your trackers stuck to my dick.21 -
Unpopular opinion about Microsoft buying GitHub.
Just putting it out there that when you made your github repos you did so under their privacy policy and terms and will be protected under those in the future, and that both GitHub and Microsoft are corporations with the goals of making money.
Are people seriously mad that their code has gone from one capitalist corporation to another, with no foreseeable change in privacy or data policy? I have respect for those that switched to self hosted long ago since that's going from corporate to private, but if you throw away the UX and community GitHub has developed because a multinational corporation (with so many branches, products and divisions, which happens to have a few products you don't like) will soon own it, are you actually making a rational, guided decision?
Also just throwing it out there that GitLab is also a company. They've also had issues with keeping data intact in the past. They do, however, have free private repos (although I can't ever trust someone who gives me "free" privacy) as well as builtin CI. There are some definite upsides to it, although the UX has a ton of differences. If you're expecting the same dashboard and workflow you've used on GitHub, don't, GitLab has cool features but the bells and whistles aren't the exact same.
If you're switching to GitLab solely because of Microsoft, step back and think, regardless of how popular it might make you to hate Microsoft, is it really worth changing your development ecosystem to go from one corporate entity to another solely because you don't like the company?
I use GitLab and GitBub as well as Bitbucket and selfhosted git on a daily basis. They each have their upsides and downsides; but I think switching from one to the other solely because of Microsoft is not only totally irrational, but really makes light of/disrespects the amazing tools and UX the teams behind each one have carefully developed. Pick your Git hosting based on features and what works out for your use case, not because of which corporate overlord has their name plastered on it.
(Also just throwing it out there that lots of devs love VS Code, and that's Microsoft owned too... They did also build and pioneer a bunch of really cool shit for devs including Typescript so it's not like they're evil or incapable in any sense?)11 -
I work at a small retail store and we have quite a few regular customers who know I'm studying computer science because I'm always coding at work on my laptop.
One lady who comes in quite often and is very sweet asked me if I would take a look at her phone. She said she bought it and paid the owner of a phone repair store to set it up for her, but was felt like he did something weird to it. I told her I wasn't an expert but would look at it.
Oh my god. This guy set up her phone connected to his own personal icloud account. All of his music was on there. All of his contacts were on there. All of his pictures were on there. Even nude pictures of multiple people that this lady said she definitely does not know. I tell her this is very very wrong and no one in their right mind should've set her phone up this way.
I automatically think to factory reset. I'm unfamiliar with iPhone, as the last time I used one was an iPhone4 many years ago. I was unaware that apple applies an authentication lock when the phone is reset.
The authentication is set up underneath yet ANOTHER email address that belongs to this guy, as this lady promised me she has no knowledge of any email address similar to the one listed, nor does she have access to it.
I tell her to call the guy and ask for her money back and to unlock her phone so that she can reset it herself.
He claims that he cannot accept refunds if a factory reset has been performed.
Uhm, I am calling SOOOOO much bullshit. There should be absolutely no reason why the owner of the phone cannot factory reset it. The owner should be able to do ANYTHING she wants with it, without being locked out of it because some creep at a repair store did NOT DO HIS JOB CORRECTLY AND HE KNOWS IT. Why else would he claim he can't refund if it's been reset, because he KNOWS she got locked out.
So long story short I talked on the phone with him and cussed him out telling him he was wrong for taking advantage of someone who doesn't know much about technology and that he was invading privacy and violating her security and that i would report him if he didn't fully refund her and unlock her phone.
He gave her all of her money back, unlocked the phone (which she is deciding to sell because she got so scared by this), and I'm still filing a complaint against this man and his store. Who knows how many more clueless people he did this too. Fucking scumbag.10 -
Well, here's the OS rant I promised. Also apologies for no blog posts the past few weeks, working on one but I want to have all the information correct and time isn't my best friend right now :/
Anyways, let's talk about operating systems. They serve a purpose which is the goal which the user has.
So, as everyone says (or, loads of people), every system is good for a purpose and you can't call the mainstream systems shit because they all have their use.
Last part is true (that they all have their use) but defining a good system is up to an individual. So, a system which I'd be able to call good, had at least the following 'features':
- it gives the user freedom. If someone just wants to use it for emailing and webbrowsing, fair enough. If someone wants to produce music on it, fair enough. If someone wants to rebuild the entire system to suit their needs, fair enough. If someone wants to check the source code to see what's actually running on their hardware, fair enough. It should be up to the user to decide what they want to/can do and not up to the maker of that system.
- it tries it's best to keep the security/privacy of its users protected. Meaning, by default, no calling home, no integrating users within mass surveillance programs and no unnecessary data collection.
- Open. Especially in an age of mass surveillance, it's very important that one has the option to check the underlying code for vulnerabilities/backdoors. Can everyone do that, nope. But that doesn't mean that the option shouldn't be there because it's also about transparency so you don't HAVE to trust a software vendor on their blue eyes.
- stability. A system should be stable enough for home users to use. For people who like to tweak around? Also, but tweaking *can* lead to instability and crashes, that's not the systems' responsibility.
Especially the security and privacy AND open parts are why I wouldn't ever voluntarily (if my job would depend on it, sure, I kinda need money to stay alive so I'll take that) use windows or macos. Sure, apple seems to care about user privacy way more than other vendors but as long as nobody can verify that through source code, no offense, I won't believe a thing they say about that because no one can technically verify it anyways.
Some people have told me that Linux is hard to use for new/(highly) a-technical people but looking at my own family and friends who adapted fast as hell and don't want to go back to windows now (and mac, for that matter), I highly doubt that. Sure, they'll have to learn something new. But that was also the case when they started to use any other system for the first time. Possibly try a different distro if one doesn't fit?
Problems - sometimes hard to solve on Linux, no doubt about that. But, at least its open. Meaning that someone can dive in as deep as possible/necessary to solve the problem. That's something which is very difficult with closed systems.
The best example in this case for me (don't remember how I did it by the way) was when I mounted a network drive at boot on windows and Linux (two systems using the same webDav drive). I changed the authentication and both systems weren't in for booting anymore. Hours of searching how to unfuck this on windows - I ended up reinstalling it because I just couldn't find a solution.
On linux, i found some article quite quickly telling to remove the entry for the webdav thingy from fstab. Booted into a root recovery shell, chrooted to the harddrive, removed the entry in fstab and rebooted. BAM. Everything worked again.
So yeah, that's my view on this, I guess ;P31 -
We had the most fucking retarded client today. No, seriously, if you ever beat their level you have a serious mental issue.
They had a mail problem for which they'd need to check at the side of another company since we don't have those fucking logs.
Their statements:
- they entered an email address In the text field of mail-tester.com and were furious that they didn't get the results sent.
Note: it says right on that page that YOU JUST NEED TO SEND THE EMAIL ADDRESS WHICH IS PRE-ENTRRED IN THAT TEXT FIELD AN EMAIL.
- their company has been a reputable 'conservative' company which hasn't done anything wrong since 19xx so the fact that they'd end up on a blacklist was FUCKING OUTRAGEOUS and bullshit.
- our support wasn't willing to help and only willing to tell them outrageous lies.
- the other it company was only reachable at a premium number and thus expensive to call.
Emails back and forth and finally they CC'd the other company. They're reply was fucking priceless:
"we never had a premium number. Feel free to call us on *number* any time during the week between *time* and *time*.
Then he told us that we should just go back to sleep.
It was way worse than that but due to privacy and my own memory this is all I can tell.
Just wow.3 -
Well, this has been one hell of an awesome ride already. I’m at 70K+ and the biggest ranter as for reputation (those upvote thingies). Although I don’t care about being the biggest one currently, I do take pride in it but I’ll get back to that one later on. (I’ll very likely lose the first place at some point but oh well, couldn’t care less :))
I joined back in May last year through an article I found on https://fossbytes.com (thanks a bunch!), joined and was immediately addicted. The community was still very tiny back then and I’ve got to say that getting upvotes was also not the easiest :P. But, I finally found a place where I could rant out my dev related frustrations: awesomeness. I very much remember how, at first, reaching 1K was my biggest devRant dream and it seemed to be freaking impossible. Then I reached 1K and that was such a big achievement for me! Then the ‘dream’ (read these kind of dreams (upvotes ones) as things that would be awesome to reach not just for the upvotes but for participating, commenting, ranting, discussing and so on within the community, so as in, it shows your contribution) became 10K which seemed even more impossible. Then I reached 10K and 20K seemed freaking impossible but I got there a little faster and from that point on it’s been going fast as hell!
It’s always been a dream for me to become a very big but also ‘respected’ or especially well known user/person somewhere because that pretty much never happened and well, having dreams isn’t wrong, is it?
The biggest part of that dream, though, was that it would be a passion of mine that would get me there but except for Linux, the online privacy part was something I always deemed to be ‘just impossible’. This because irl I ALWAYS get (it’s getting less though) ridiculed for being so keen on my privacy and teaching others about it. People find me very paranoid right away but the thing is that if they ask me to explain and I actually present evidence for my claims, it’s waved away as if it’s nothing. (think mass surveillance, prism, encrypted services, data breaches and so on)
I never thought I’d find any other people who would have the same views as I do but fucking hell, I found them within this community!
Especially the fact that I’ve grown this much because of my passion is something I am proud of. It’s also awesome to see that I’m not the only one who thinks like this and that I’ve actually find some of you on here :)
So yeah, thanks to everyone who got me where I am now!
Also a big thanks to sir Dfox and Trogus for putting your free time into making this place happen.
Love you peoples <3 and to anyone ‘close’ on here I forgot, if you match any of the comments as for privacy/friendliness etc, don’t worry, those nice things also apply to you! My memory just sucks :/
P.S. Please do NOT comment before I comment that I’m done with commenting because I’ve got a lot of comments coming :D61 -
I realize I've ranted about this before, but...
Fuck APIs.
First the fact that external services can throw back 500 errors or timeouts when their maintainer did a drunk deploy (but you properly handled that using caching, workers, retry handlers, etc, right? RIGHT?)...
Then the fact that they all speak a variety of languages and dialects (Oh fuck why does that endpoint return a JSON object with int keys instead of a simple array... wait the params are separated with pipe characters? And the other endpoint uses SOAP? Fuck I need to write another wrapper class around the client...)
But the worst thing: It makes developers live in this happy imaginary universe where "malicious" is not a word.
"I found this cloud service which checks our code style" — hmm ok, they seem trustworthy. Hope they don't sell our code, but whatever.
"And look at this thing, it automatically makes database backups, just have to connect to it to DigitalOcean" — uhhh wait...
"And I just built this API client which sends these forms to be OCR processed" — Fuck... stop it... there are bank accounts numbers on those forms... Where's that API even located? What company?
* read their privacy policy *
"We can not guarantee the safety of your personal data, use at your own risk [...] we are located in Russia".
I fucking hate these millennial devs who literally fail to get their head out of the cloud.
Somehow they think it's easier to write all these NodeJS handlers and layers around some API, which probably just calls ImageMagick + Tesseract on the other side.
If I wasn't so fucking exhausted, I'd chop of their heads... but they're like hydra, you seal one privacy breach and another is waiting to be merged, these kids just keep spewing their crap into easy packages, they keep deploying shitty heroku apps... ugh.
😖8 -
1. I wish that people start taking back their device ownership. Right to repair is an extremely important thing. Like that Nexus 6P that I've recently repaired by jamming another battery into it, now it's at 110-ish% health according to AccuBattery. And it cost me.. €10 or so? All the while if I wasn't able to get in there, it would've been a €120 paperweight (and that's not even considering the €300-ish (? Someone please fill me in on that) price it retailed at back in 2015 when it was a flagship).
(edit the so many'th: according to https://express.co.uk/life-style/... the base model was apparently £449 at release, haven't been able to verify it though.. point is, a paperweight at such prices would've been quite a bummer, I mean for me it was even one given that it failed a mere few months after purchase for €120.. €40/m for a phone ain't nothing :/)
Right to repair is an extremely important thing, and the ability to do so shouldn't ever be impeded. Users should become able again to service the devices that they own.
2. I wish that people start caring about their privacy again. Google and Facebook and the likes are large companies, but at the end of the day, that's all they are. Large companies. And they're hungry for your data, not because they're selling it, rather because they're collecting it to an extent which they shouldn't. Over at DDG (https://spreadprivacy.com/duckduckg...) they explain a very much viable alternative revenue model pretty well. Additionally, there's several tools which you can use to limit the amount of data that's being collected about you. These include but are not limited to Firefox, NoScript, ad blockers (I personally use uBlock), a trustworthy VPN (ideally one of your own), and Tor.
3. I wish that software would become less inefficient. It really pains me to see that applications with functionality that could be implemented in a couple of MB at most come at a size of several hundreds of MB. 1% efficiency, even the inefficient as fuck tungsten light bulbs weren't that awful!!! Imagine what could be done with all the hardware we have available nowadays, if every piece of software would be around 80% efficient as is a common norm in electronics. Just looking at Linux which is still in many ways convoluted, modern desktops with a couple hundred MB of RAM usage? You've got it! So why can't OS's like Windows (although I have to say, huge improvements have been made there over the last few years) and browsers like Firefox and Chrome be more like that? I really don't understand.
There's several more wishes I have of course, but those are the most important ones.. hopefully I'll be able to see at least one of them come true during my life.10 -
!!privacy
!!political
I had a discussion with a coworker earlier.
I owed him for lunch the other day, and he suggested I pay him back either with cash (which I didn't have), Venmo, or just by him lunch the next time (which I ended up doing).
I asked about Venmo, and he said it was like paypal, but always free. that sounded a bit off -- because how are they in business if it's always free? -- so I looked it up, and paid special attention to their privacy policy.
The short of it: they make money by selling your information. That's worth far more than charging users a small fee when sending $5 every few weeks. Sort of what I expected when I heard "always free," but what surprised me is just how much they collect. (In retrospect, I really shouldn't have been surprised at all...)
Here's an incomplete list:
* full name, physical address, email, DoB, SSN (or other government IDs, depending on country)
* Complete contact list (phone numbers, names, photos)
* Browser/device fingerprint
* (optional) Your entire Facebook feed and history
* (optional) all of your Facebook friends' contact info
* Your Twitter feed
* Your FourSquare activity
(The above four ostensibly for "fraud prevention")
* GPS data
* Usage info about the actual service
* Other users' usage info (e.g. mentioning you)
* Financial info (the only thing not shared with third parties)
Like, scary?
And, of course, they share all of this with their parent company, PayPal. (The privacy policy does not specify what PayPal does with it, nor does it provide any links that might describe it, e.g. PayPal's "info-shared-by-third-parties" privacy policy)
So I won't be using Venmo. ever.
I mentioned all of this to my coworker, and he just doesn't understand. at all. He even asks "So what are they going do with that, send me ads? like they already do?"
I told him why I think it's scary. Everything from them freely selling all of your info, to someone being able to look through your entire online life's history, to being able to masquerade around as you, to even reproducing your voice (e.g. voice clips collected by google assistant), to grouping people by political affiliations.
He didn't have much to say about any of them, and actually thought the voice thing was really cool. (All I could think of was would happen if the "news" had that ability....) All of his other responses were "that doesn't bother me at all" and/or "using all of these services is so convenient."
but what really got me was his reaction to the last one.
I said, "If you're part of the NRA, for example, you'd be grouped with Republicans. If they sell all of this information, which they do, and they don't really care who buys it or what they do with it... someone could look through the data and very very easily target those political groups."
His response? "I don't have to worry about that. I'm a Democrat, and have always voted Democrat. I'll tell anyone that."
Like.
That's basically saying every non-democrat is someone you should be wary of and keep an eye on. That's saying Democrats are the norm and everyone else is deviant and/or wrong.
and I couldn't say anything after this because... no matter what I said, it would start a political conflict, and would likely end with me being fired (since the owner is also a democrat, and they're very buddy-buddy). "What if they target democrats?" -> "They already do!" or "What if democrats use it against others?" -> "They deserve it for being violent and racist, but we never would" (except, you know, that IRS/tea-party incident for example...)
But like, this is coming from someone who firmly believes conservatives are responsible for all of the violence and looting and rioting and mass shootings in the country. ... even when every single instance has been by committed by democrats. every. single. one.
Just...
jfl;askjfasflkj.
He doesn't understand the need for privacy, and his world view is just... he actually thinks everyone with different beliefs is wrong and dangerous.
I don't even know how to deal with people like this. and with how prevalent this mindset is... coupled with the aforementioned privacy concerns... it's honestly *terrifying.*65 -
I am trying to understand something for a while. devRant is full of privacy advocates and to be honest, part of it is almost taken by a group of people that call other people random swear words people because they are using a particular product of a company.
I will raise some points and will try to discuss them with other people in comments.
I will stick with Google. Since it looks like it's the most hated one. A company that has built one of the most intelligent infrastructure, the most popular mobile operating system and of course, the best search engine currently available.
The problem everyone sees is the privacy. Google tracks the search history to give users a better experience and show relevant ads. You might not need this "better experience". In case you don't know, you can turn off personalized search any time to make sure Google doesn't track. Same goes with Google Chrome, you can turn off all the data it is sending to servers in settings. You can simply not sign in if you don't anything to be synchronised.
An argument is Google should be opt-in rather than opt-out. But the general users are not tech-savvy. And yes, going to settings and turning on personalised search is a lot of work for a huge amount of people. Trust me, I worked in IT before. If they find other search engine giving them a good experience without changing anything in the settings, they will just simply move to that engine.
What interests me most if how people back DuckDuckGo. First of all, not all parts of DDG is not open source (it's fucking not, you can argue all day). Parts of it is closed because of licensing issues.
That is perfectly fine to privacy community. But it's not when Chrome is closed source for almost the same reason. I mean when you're using DDG, you are supporting a US-based company that has privacy all over its face and using closed source application on their server. Have you not learned anything from history?
You might be wondering about my obsession with Google. It hurts me when I see a giant company whose popular software is open source is bashed like this. Google has made huge contributions to open source communities. Chromium, Android, Kubernetes, Angular, GoLang, TensorFlow etc.
And PRISM, how do you know that DDG is not part of it? it's US-based after all.
I just saw an article that used a video with a title "TNW - Aral Balkan - Free Is A Lie | The Next Web" while asking us to switch to DDG. Ummm....DDG is also free right?
Maybe we should raise concerns with the US gov first rather than Google.60 -
I hope I'll be able to release the new/refreshed version of the security/privacy blog today.
Feel free to test stuff out and report back when it breaks!
Also, feel free to pentest it. The only thing I ask is to, if you find any vulnerabilities, report them instead of passing them to malicious people/abusing them.
And yes, post sorting will be fixed ;)24 -
A big FUCK YOU to chrome, and a big FUCK YOU to google in generally. First the hell that is code.org, then the chrome. I genuinely want to open a dictionary in google to see if the word "privacy" is in there. Sure, first it was tracking users with by making them agree to a long ass TOS no one wants to read except lawyers, then barely even giving any info and asking for consent with YOUR data, but this is too far. For all you that dont know, LanSchool is an application that allows teachers to see students screens, internet history and more. Its the reason kids can't play games in English class. But most importantly, its a chrome extension. We have to do assignments from home right? So when we logon to the school account from home, LANSCHOOL GETS DOWNLOADED ANYRACKS EVERYTHING I DO. It pains me how teachers can view so much information unfairly because of some unknowing students, my friends privacy was unfairly in the hands of google and the school system. Right when I found out about tit (~2 mins after i first logged on) i made an Ubuntu VM just for goddamn google docs. Back to my friend, he went on some websites not to be considered appropriate, and got in huge trouble. He was completely unaware of the fact that they could see his screen, and I resent google for allowing a third party to manipulate my PERSONAL COMPUTER without my consent. Die google, you ruined android, which had so much potential, and now the web and virtual privacy. You should be <strike>ashamed</strike> dead, and I hope in the future you realize that one day people will have common sense.26
-
Call me old-fashioned, but... I kinda liked it back in the day, when Microsoft made proprietary software, the Community made free software and everyone's "cui bono" was quite easy to answer - even those corporations involved in FLOSS did have a clear way to finance themselves.
Now, we have Microsoft coming into open source, seemingly making projects better and offering more and more "free" stuff.
You know.
"Free" Windows 10.
"Free" SaaS Office.
"Free" "Private" Repos on Github.
In general - what happened to clear and concise "I give you money, you give me stuff" capitalism like we had it in the 2000s?
I'd rather pay 20 bucks for a game on Steam than get it "free" and with ads or microtransactions - yet, many games, especially mobile, don't even offer me that option. It wouldn't be that hard now, would it?
The same goes for software. That Canonical would need to fuck their users over after Ubuntu One went to shit was obvious - they didn't offer the kind of commercial/enterprise OS'es that Redhat or SuSE sell.
What people seem to forget is that everyone needs to make a profit somehow. You don't get "free" stuff. Even the volunteers in the Open Source Community get something out of it - an opportunity to pad their CV at least, if nothing else.
Nowadays, software manufacturers have the same legitimacy as the "free" financial "advisors" you find at banks - and who could be dumb enough to trust them? Oh yeah: Almost the entire fucking society is who.
But then again, sell something and noone will want it - because they all want it for free, with annoying, privacy-invading ads or with equally annoying microtransactions, or financing based on commission - so you don't only pay ONCE, you pay until you realize you got fucked over and quit.
Capitalism used to work until all those idiots stepped in. How the fuck don't people realize that there's no free lunch in life? When have we stopped being functional people and turned into idiots.
Even worse: Those idiots think that they're entitled to something! They, who volunteered to become merchandise instead of customers, think that they have rights! Do cattle have rights? Nope. They get their "free" hay everyday and I get to buy beef, that's how it works. Moo!
Hell, they are surprised when they get fucked over by bank salespeople or their data stolen by corporations, intelligence agencies or something... What did they expect, goodwill?
Can we please make Adam Smith mandatory reading in school?! I mean, give people a chance to understand capitalism? The nonexistent "goodwill" of traders in general?8 -
PSD2 is into effect in the Netherlands.
Because let's enable others to fuck over other peoples privacy!
Back to cash as much as possible it is.
Fucking hell 😡12 -
Remember Apple's initiative to scan photos on user's devices to find child pornography?
Today I finally decided to research this.
The evidence is conflicting.
For context, the database of prohibited material is called CSAM (child sexual abuse material).
“If it finds any CSAM, it will report the user to law enforcement.”
— Futurism
“Apple said neither feature would compromise the security of private communications or notify police.”
— NPR
CSAM initiative is dead. It won't scan photos in iCloud. It won't scan photos on your device. It will be a feature that only works in some countries, only on children's devices, and it will be opt-in. It will only work for iMessage attachments.
This is what Apple actually said at https://www.apple.com/child-safety:
- “Features available in Australia, Belgium, Brazil, Canada, France, Germany, Italy, Japan, Netherlands, New Zealand, South Korea, Spain, Sweden, UK, and U.S.”
- “The Messages app includes tools to warn children when receiving or sending photos that contain nudity. These features are not enabled by default. If parents opt in, these warnings will be turned on for the child accounts in their Family Sharing plan.”
News outlets telling people they will be automatically reported to authorities, and then telling there can be false-positives is a classic example of fearmongering. I hate this. Remember, anger and fear are the most marketable emotions. They make you click. News are and will always be worded to cause these emotions — it brings in money.
When presented with good news, people think they're not being told the truth. When presented with bad news, even when they're made up, people think it's the truth that's being hidden from them. This is how news works.
Now, a HUGE but:
Apple is a multi-billion dollar corporation. There is no such thing as good billionaires. Corporations will always wait for chances to invade privacy. It's like boiling the frog — one tiny measure here, one there, and just like this, step by step, they will eliminate the privacy completely. It's in their interest to have all the data about you. It brings control.
This is not the first time Apple tries to do shit like this, and it definitely won't be the last. You have to keep an eye on your privacy. If you want your privacy in the digital age, it's necessary to fight back. If you live in Europe, take the action and vote for initiatives that oppose corporate tyranny and privacy invasions.
Privacy on the internet is one thing, but scanning people's devices is a whole another thing. This is unacceptable no matter the rationale behind it. Expect more measures like that in the near future.
Research Linux. Find a distro that suits you. The notion that you can't switch because of apps/UI/etc. may be dictated by our brain's tendency to conserve energy and avoid the change.
Take a look at mobile distros like Graphene OS and LineageOS. The former only supports Pixel devices, the latter supports a wide range of devices including OnePlus and Xiaomi. They'll have FAR better privacy than iPhones.
Consider switching. It's easier than you think. Yes, it's me who's saying this. I do and will always protect people/companies from unjust criticism, and I consider myself an Apple fangirl for personal reasons related to my childhood, yet I won't fight blindly. CSAM initiative is a valid criticism, and there's nothing preventing me from saying this is unacceptable, and Apple deserves the backlash they got.11 -
Google cripples ad and tracking blockers: In January, Chromium will switch to Manifest V3 which removes an essential API in favour of an inferior one. As usually, Google is being deceitful and touts security concerns as pretext.
That hits all Chromium based browser, such as my beloved Vivaldi. The team argues with their own browser internal blocker, but that's far worse than uBlock Origin. One of Vivaldi's core promises was privacy, and that will go out of the window. The team simply doesn't react to people pointing that out. They're fucked, and they know it.
So what now? Well, going back to Firefox because that will include the crippled new API for extension compatibility, but also keep the powerful old one specifically so that ad and tracking blockers will keep working. Google has just handed Mozilla a major unique selling point, and miraculously, Mozilla didn't fuck it up.26 -
So this bloody hilarious, I submit my PWA to windows store, mainly for shits and giggles, see how the whole thing works and all that.
App gets approved, I go in and run another submission to upload a few extra screenshots, at this point they block it as I do not have a privacy policy, but accept user authentication, which is not the case, so after a few days of back and forth I ask them to attach a screenshot, so turns out I need a privacy policy as when the users click on the map link which opens Google Maps in a NEW window, has a sing in button.
According to them, this is 'Opening within my application" and I am apparently able to access user details via google own sign in link, not SSO.
So as a joke, after some frustration I wrote up a privacy policy, what is an even bigger joke is that they accepted it…
This exists solely for the benefit of Microsoft who are having trouble comprehending the fact that RTMS Events does NOT have Authentication.
Microsoft believes that as the application uses Google Maps, and when Google Maps opens a “Sign In” button appears, that I am able to access your personal information.
As any reasonable person will understand, that is not the case, logging into Google Maps/Google for the benefit of using Google Maps in NO WAY gives anyone else access to your personal information.
So to be clear, I do not have any interest or access of any kind to your personal information, should you have any concerns about your privacy, remember, that the “Sign In” button is for Google, not RTMS, take up any issues with them, I am pretty sure they have a REAL and actually NECESSARY privacy policy.
http://rtms.events/privacy.html3 -
I have a Windows machine sitting behind the TV, hooked to two controllers, set up as basically a console for the big TV. It doesn't get a lot of use, and mostly just churns out folding@home work units lately. It's connected by ethernet via a wired connection, and it has a local static IP for the sake of simplicity.
In January, Windows Update started throwing a nonspecific error and failing. After a couple weeks I decided to look up the error, and all the recommendations I found online said to make sure several critical services were running. I did, but it appeared to make no difference.
Yesterday, I finally engaged MS support. Priyank remoted into my machine and attempted all the steps I had already tried. I just let him go, so he could get through his checklist and get to the resolution steps. Well, his checklist began and ended with those steps, and he started rather insistently telling me that I had to reinstall, and that he had to do it for me. I told him no thank you, "I know how to reinstall windows, and I'll do it when I'm ready."
In his investigation though, I did notice that he opened MS Edge and tried to load Bing to search for something. But Edge had no connection. No pages would load. I didn't take any special notice of it at the time though, because of the argument I was having with him about reinstalling. And it was no great loss to me that Edge wasn't working, because that was literally the first time it'd ever been launched on that computer.
We got off the phone and I gave him top marks in the CS survey that was sent, as it appeared there was nothing he could do. It wasn't until a couple hours later that I remembered the connectivity problem. I went back and checked again. Edge couldn't load anything. Firefox, the ping command, Steam, Vivaldi, parsec and RDP all worked fine. The Windows Store couldn't connect either. That was when it occurred to me that its was likely that Windows Update was just unable to reach the internet.
As I have no problem whatsoever with MS services being unable to call home, I began trying to set up an on-demand proxy for use when I want to update, and I noticed that when I fill out the proxy details in Internet Options, or in Windows 10's more windows10-ish UI for a system proxy, the "save" button didn't respond to clicks. So I looked that problem up, and saw that it depends on a service called WinHttpAutoProxySvc, which I found itself depends on something called IP Helper, which led me to the root cause of all my issues: IP Helper now depends on the DHCP Client service, which I have explicitly disabled on non-wifi Windows installs since the '90s.
Just to see, I re-enabled DHCP Client, and boom! Everything came back on. Edge, the MS Store, and Windows Update all worked. So I updated, went through a couple reboots-- because that's the name of the game with windows update --and had a fully updated machine.
It occurred to me then that this is probably how MS sends all its spy data too, and since the things I actually use work just fine, I disabled DHCP Client again. I figure that's easier than navigating an intentionally annoying menu tree of privacy options that changes and resets with every major update.
But holy shit, microsoft! How can you hinge the entire system's OS connectivity on something that not everybody uses?
6 -
What in the unholy fuck is going on with the world!!
I get how our personal lives and data are bloody good at being used against us and tracking our behaviours but fuck Facebook won't let "good enough" alone and are coming back out with a new way to pay for our most sensitive data. Everything on your phone!
What more could they possibly want from knowing what,where,who,why,when, and probably even how we are shitting in a back ally besides controlling the masses
- no I'm not a privacy nut, just a concerned citizen -
https://theverge.com/2019/6/...3 -
Last year at the the Xmas party CEO slips in that he wants the app done by end of February, I freak because I thought he meant both iOS and Android (only dev working on both :/), anyways he wanted specifics for locking out specific people that haven't paid for some in-house training (like in app persons just not in the app lol) it required web development which I'm horrible at, I spend a whole week and managed to scrape together the right functions to do a user lock out, pretty all things considering.
A couple weeks before deadline I'm done :D, I've done a lot of testing, some in-house user testing, changes made all bugs visually possible are fixed.
Now I've been sitting here waiting, it's an iOS app that is currently completed aside from some legal work, which I kept going to boss "hey, we need that disclaimer and privacy policy", he becomes busy for the next few weeks, pester him more, pester another co-worker, only a week ago did they contact a lawyer...
I'm here stuck waiting at a roadblock, developing the Android app sure but for their iOS app that they want released first, I'm stuck on hold, so annoyed, it's not like I can just put on a lawyer hat and just right some shit that says don't use x unless you agree and such.
So annoying, for about 2 weeks I just played games on my phone, I was not expecting to waste that much time lol, I was really expecting the legal stuff to be ready.
Just a side note co-worker and boss that needed to get this legal stuff knew I needed to get this done, since I mentioned it leading up to my completion.
I don't think it'd take too long with Apple when it comes to the review, it's just an update but I wouldn't put my faith in that as an answer. Just hate that I'm on hold, was wanting to finish this app and apply for a new job (nothing against the company more so because I want to go a company where I could get a but of mentoring). But I sit here waiting, working on the Android app, it'd be sad if finish the Android app before their lawyers get back to me with the legal stuff, though Android is a lot easier for me (I did iOS after completing majority of the features they wanted on Android because I was more comfortable working on it).
:/ What a drag -
26 or so hours up now. And I've got a few stories to tell :) feel free to refresh your cup of coffee and take a seat.
Last few days I've been going into this odd place called intown.irl to get in touch with its inhabitants. An odd place I have to say. But in some cases quite rewarding, even got a MILF home with me and into bed at some point. Anyway...
3 days ago I think it is now? Thursday evening I took my laptop to this local bar where I had this issue about dihydrogen monoxide with one of the bartenders earlier (you'll find that rant on those keywords). Still wanted to visit it regardless though, as I met that first woman there earlier that approached me. Unfortunately I didn't see her there that day.
Some bald guy who was clearly drunk approached me. Many people were already giving curious looks at this laptop I brought to the bar. I finally tuned it up with the stickers from FOSDEM.. I'll put a picture of it in the comments. My theme was one of privacy (central), distributions and Google's open source initiative (which aligns with the keychain token I got from them as well). But of course.. that guy.. he thought that a pimped/riced laptop obviously meant that I was a hacker.
Guy went to the toilet.. went back.. and suddenly grabbed my laptop and turned it towards him. Boy was I never more smugly satisfied that those rubber pads on the bottom are quite resilient. Could've almost damaged my screen by trying to grab it like that. But it's a CCFL display.. so high voltage. If it were to become broken.. worth it. 😈
On it at the time was a terminal, pinging Google (had network issues at that bar, to the point where one of the - I think - staff members got up to me and offered the WiFi password and got to talk with me.. more on that later), and my usual Linux desktop along with the Arch anime wallpaper with the quote of Da Vinci.. simplicity is the ultimate sophistication. Of course the guy saw the terminal.. and probably reaffirmed.. yep, that's a hacker. At least he wasn't too wrong about the general term.. but the hat.. most likely he was wrong on that one.
Guy left with this question.. "you are a hacker, aren't you."
I replied to him: "No sir. I'm not a hacker. I've got no idea what you're talking about."
Guy kept looking at me weirdly for the whole night to come.
Back to that companion guy though. Mac user, yada yada.. but he told me about his backup solution. Apparently - I shit you not - he has not only the photos on his local device, he's also frequently backing them up in Time Machine (which I was really curious about whether it uses mirroring or snapshots.. he couldn't tell, lmk if you do) but not only that.. he was storing another offsite backup in that very bar, in case his house went on fire.
Now that is a proper backup scheme!!! If only more people were like that.
Seriously though.. that bald guy who took my laptop just like that... I just let it slide for that one time, but I tend to treat my machines as an extension of my very self. I think that was a very uncalled for move. Asshole...
How would you have reacted to such a thing? And.. maybe that's why we technologists don't get outside too often? Fucking everything is hacking these days if it's not Knopkes and Blinkenlights… Not every shell is a h4xx0ring console for h3kk1ng de fasbuk…9 -
So I'm on vacation right now to visit family. I received an email from the head of department that, due to our department getting 7 new hires in one day, the seating arrangement has been changed.
My new seat is next to this one developer who's old enough to be my dad. He's a very nice guy and all, but the problem is he burps ALL. THE. TIME. I've never met anybody more gassy. His burps don't stink, thank God, but they're loud enough that it's seriously jarring.
You know how us devs can be completely in the zone until some marketing dickbag taps you on the shoulder and asks you to check your email or help with something that is absolutely not your job and you completely lose all focus and have to start over? Its exactly like that, except it happens every 10 minutes.
Another thing is, my back is now facing away from the wall, towards the rest of the office. The nearest section to mine is management. That means that anybody, including the CEO, can walk up right behind me and see what I'm doing at all times.
I really hate that. Id much rather be next to the wall to have some sort of privacy. Somehow sitting next to burpy guy is still the thing I'm most annoyed about though.
I tried to ask for a different seat, but my manager effectively said that I have no choice but to sit there because that guy is part of my team, and teammates should sit together. He forgot about the fact that, while the work him and I do is indeed related, I've been working on a solo project for the past few months and I don't need to be next to anybody in particular because I'm the only one working on this thing. Theoretically, I could sit in the toilet with my laptop and get my work done just fine. Maybe when I talk to him face to face in the office I can convince him to have some mercy on me.
The bright side is I'm very excited about meeting those 7 new hires I mentioned. They seem to be smart, capable people so I look forward to working with them and learning from them. Every cloud has a silver lining. 😊7 -
"There's more to it"
This is something that has been bugging me for a long time now, so <rant>.
Yesterday in one of my chats in Telegram I had a question from someone wanting to make their laptop completely bulletproof privacy respecting, yada yada.. down to the MAC address being randomized. Now I am a networking guy.. or at least I like to think I am.
So I told him, routers must block any MAC addresses from leaking out. So the MAC address is only relevant inside of the network you're in. IPv6 changes this and there is network discovery involved with fandroids and cryphones where WiFi remains turned on as you leave the house (price of convenience amirite?) - but I'll get back to that later.
Now for a laptop MAC address randomization isn't exactly relevant yet I'd say.. at least in something other than Windows where your privacy is right out the window anyway. MAC randomization while Nadella does the whole assfuck, sign me up! /s
So let's assume Linux. No MAC randomization, not necessary, privacy respecting nonetheless. MAC addresses do not leak outside of the network in traditional IPv4 networking. So what would you be worried about inside the network? A hacker inside Starbucks? This is the question I asked him, and argued that if you don't trust the network (and with a public hotspot I personally don't) you shouldn't connect to it in the first place. And since I recall MAC randomization being discussed on the ISC's dhcp-users mailing list a few months ago (http://isc-dhcp-users.2343191.n4.nabble.com/...), I linked that in as well. These are the hardcore networking guys, on the forum of one of the granddaddies of the internet. They make BIND which pretty much everyone uses. It's the de facto standard DNS server out there.
The reply to all of this was simply to the "don't connect to it if you don't trust it" - I guess that's all the privacy nut could argue with. And here we get to the topic of this rant. The almighty rebuttal "there's more to it than that!1! HTTPS doesn't require trust anymore!1!"
... An encrypted connection to a website meaning that you could connect to just about any hostile network. Are you fucking retarded? Ever heard of SSL stripping? Yeah HSTS solves that but only a handful of websites use it and it doesn't scale up properly, since it's pretty much a hardcoded list in web browsers. And you know what? Yes "there's more to it"! There's more to networking than just web browsing. There's 65 THOUSAND ports available on both TCP and UDP, and there you go narrow your understanding of networking to just 2 of them - 80 and 443. Yes there's a lot more to it. But not exactly the kind of thing you're arguing about.
Enjoy your cheap-ass Xiaomeme phone where the "phone" part means phoning home to China, and raging about the Google apps on there. Then try to solve problems that aren't actually problems and pretty vital network components, just because it's an identifier.
</rant>
P.S. I do care a lot about privacy. My web and mail servers for example do not know where my visitors are coming from. All they see is some reverse proxies that they think is the whole internet. So yes I care about my own and others' privacy. But you know.. I'm old-fashioned. I like to solve problems with actual solutions.11 -
So i am a diabetic and carry an insulin pump. Now being in India, the pump is not covered by insurance (for some god forsaken reason that I don’t know) and therefore is not a common sight here (contradictoraly India has a major diabetes problem). So I was at the metro station going through security check and the security personnel asks me what the pump was and asked me to show it to him. Now since insulin pumps are uncommon here I understood his concern and showed it to him. Now I like to carry the pump under my shirt with a clip pouch. So naturally I had to lift up my shirt to show it to him. But this isn’t the highlight of the story.
The guy behind me rised above and started peeking over my shoulder and constantly repeating like a 2 year old child what is this. And that too with my fucking abdomen exposed. I went into rage mode there and then like wtf dude, none of your business just step back a little.
Now my issue is that I do not understand that in their own curiosity, why do people forget to respect others privacy. And a very big problem with medical equipment manufacturing organisations (yeah you medtronic). Why are you only concerned with sales and why not awareness? I mean spreading awareness will only help your sales as more people will become aware about your product and it will be less awkward and concerning for people like me to wear your device out in the public5 -
GDPR is about to happen.
Has anyone read the provisions?
It's like they put some flat earther anti-vaxers in a room and made them scribble up a law.
For those who don't know - it's a new, EU-wide "data privacy" law that's about to take effect on May 25th.
The gist of it is that if you fuck up even a little bit, you get to personally pay a fine of up to 10 Million Euros (for companies there's a separate clause, this is for employees only), or/and 2-3 years in jail if that fuck-up has caused material damages.
That little fuck-up can be as simple as losing a tiny amount of data between back-ups, or entrusting a third party with full access to some data (which is not prohibited) without controlling 100% what he can do with that data (which IS prohibited).
I shit you not, these are the explicit articles of that law.
If it is enforced in this way, it is the swift death of European economy. Just because some retards didn't read the privacy policy before agreeing to it, and then made a shit storm, everyone has to suffer.50 -
I am a junior web developer, currently working in my first job for a small company, I was hired because I have an interest in meteor and modern web dev.
When I say small I mean I am the only full time js dev.
So the project we are working (my first ever professional project from start to finish) is a travel booking web app (being a little vague, for the sake of privacy). I am the lead developer, as a new programmer of a project that is far from trivial. There are no other javascript devs in office, no sort of code review. We have an outsourced dev but as I got in a flow with one dev my boss supposedly told him to do it part time (without discussing with me), but haven't heard anything from him, so assuming he's just disappeared (probably annoyed at being treated like a commodity).
Boss has set up the stages, and forces me to move on to the next stage before that stage has been finished. I will have to go back over the whole thing to finish things off.
He will only hire cheap juniors, one front end guy with barely any experience is styling the site.
He is used to churning out WordPress and Magento sites.
Wish I had a senior I could learn off.
I want to stick at this project and see it through, but i can only see it ending in a train wreck.
At the same time I want out, I want to work under a better team with senior programmers and better code review.
I just have to do my best and see how it goes I guess6 -
Recruiters company emailed me to accept their privacy statement. I asked them what kind of information they got from me. Get an email back with: your information is deleted. I didn't expected that. It's clearly to hard to just send me the info...2
-
Browser rant:
I just want to get this off my chest, IE isn't a bad browser. It's highly outdated but it was good back when the alternatives weren't there. And today it's new "browser update" Edge isn't bad either. Edge really is a neat freaking piece of software. Microsoft tries their best to make a browser for their operating system (and a browser engine for their new app format!) that means it has couple of features the alternatives don't (or only with plugins) - oh and plugins, they're coming too. And still it's not slow either. From my own experience (I say this because every user says their browser is the fastest) it's way faster than Quantum. Yet Quantum is still a very good browser because it's faster than the old firefox, I guess it's open source(?) and still a privacy focused browser. Chrome (my personal favorite) on the other hand is really the fastest thing you can get - if you allow it to use all your ram - (if people like linuxxx say firefox is faster for them, I'll just smile) but for everyone worrying about ram usage and "spying", well - you know what I mean. And still I can understand people trying opera or FF/Chrome/Edge mods, I myself love "Monument". Just stop saying a browser is bad because it doesn't have what you like/does have what you don't like. The only bad browser is Midori, okay? 😘
Tl;dr
IE isn't bad but old. Edge isn't bad today. Every high end browser (edge, quantum, chrome) has their perks and none of them is "bad".
Q/A:
What's your favorite Browser? Comment below9 -
Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D
1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?
2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?
3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?
4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?
5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.
6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).
7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?
8) Any other advice you can give :P ?12 -
You all know that these AI dev tools are reading your code right?
It is sending it back to a data center and doing evaluations on the code. This is like handing your code to an unknown entity with no guarantees for privacy or copyright protection.
This concept bothers me and I would have to consult with my employer to even determine if we wanted to take that risk. I think it is just a matter of time before a bad actor takes advantage of this and rips off a company somewhere.8 -
In my opinion, russian nation's chronic inability to fight oppressive regimes is partly attributed to one interesting quirk the russian language has.
When talking about injustice committed against someone, or making threats to commit said injustice, the actor is completely omitted.
Here's an example:
“Надо будет — найдут”, roughly translated to “they could find you if they wanted to”, is a common phrase to use when talking about proxies, VPNs and other online privacy measures. But the word “they” in English translation is nowhere to be found in the original text! Let's examine the literal translation:
- “надо будет” — “the need will arise”
- “найдут” — “will find you”
The English phrase “they could find you if they wanted to” can be easily challenged with a simple question: “Who's they?” The government? The corporates? The regime? The CIA? Who exactly?
English language can mimic that with passive voice: “you are being watched”, “you are an easy target”, etc. But in active voice, you can't avoid using “they” or some other actor.
In russian, you can. And you will. Indeed, this is how russian people converse. It's a very specific, very common pattern that never really changed.
It's a very powerful thought-terminating cliché built straight into the language. You can't fight an enemy that has no name and no word to describe it, not even a euphemism. The very language you THINK in prevents you from analyzing the entities that oppress you.
In a Tom Scott Plus video where he tried tightrope walking, he learned that they don't say the “F-word” — “fall”. You can't say “I'm afraid I'll fall”. You have to find more specific alternatives like “I'm afraid I'll lose balance”. The word “fall” in this context is a thought-terminating cliché. There is no going back after you “fall”. But if you “lose balance”, you can “regain balance” — the lack of a thought-terminating cliché promotes problem-solving.
Russian language is the same, but in soviet russia, language terminates you, I guess.1 -
Brave Browser.
There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.
Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:
Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”
If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.
But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:
“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”
Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.
In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.
Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.
I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.
There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.
In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.
Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.15 -
Fuck DuckDuckGo!
Is this is what you "privacy savyy" like to get? Irrelevant content. WTF?! Such a waste of time. I'm selling my soul back to Google. Fuck your opinion.21 -
[linux distro stuff]
Hey guys!
Im considerig switching to linux because:
My macbook does not support mojave and the new ones are expensive af.
Windows 10 is bloated and not a great user experience(removing stuff from the control panel and adding it to the very stripped down settings app, privacy etc..).
I love open source software
However i did not used linux for a long time, back then i used ubuntu and SUSE.
My considerations:
Debian - because .deb on them haters
OpenSUSE - because i used it in the past and it seemed very stable and fast
Arch - i heard from a lot of sources that it’s “da best”
My use case is game development and 3D modeling. I use gimp, blender vscode and unity (the game engine) at work i sometimes use autodesk stuff (motionbuilder, 3ds max) because of fbx.
For audio stuff i use audacity
So overall i’m looking for a distro that is fast, lightweight, i can develop on it (mostly 3D stuff) and occasionally play some games
Anyone has experience with the mentioned distros? What distro would you use for this?6 -
I hate those fucking websites that reject Mailinator email addresses (including alternative domains).
The other day I was so pissed off that I went on Freenom.com, registered a bunch of free domain names, and pointed their MX record to mail.mailinator.com.
Now those fucking dumb websites don't block me anymore.4 -
Smart contact lenses and the appropriate software. It would be the ultimate AR experience. I have no idea how to produce them, as they would need to be super high resolution, lag free, completely wirelessly powered and connected, safe to use and to wear and useable 24/7.
My current concept is a ultrabook sized block that can be taken around in a backpack.
Oh and wireless handoff ...
meaning everything I grab and throw in your general direction becomes available to you, kind off like they do it in Avatar. This should also work with PCs, tablet and everything else.
Speaking of grabbing you would also need some kind of minority report glove so every bit of hand movement can be tracked precisely. But probably a bit more elegant meaning only small stickers on the back of your hand.
Did I mention that sharing stuff should enable working together on the same object in real-time?
Also this system should integrate seamlessly with a smart environment, meaning looking at the light, opening its context menu and changing its brightness or colour should be no effort at all.
And of course all of it should be open source, highly scalable and either hosted on public infrastructure (funded by taxes or smt) or by each individual for himself to protect his or her privacy.
So who is with me?2 -
I need your thoughts on a privacy related matter. I find this fact being very provocative.
So, at work we use Gmail:
Person AB has email AB@company.tld
Person ABC has email ABC@company.tld
How is it that when you send an e-mail to AB, that ABC sends back a god damn Out-of-office, without ABC being in either To, CC or BCC?
I reckon that the mailbox AB is owned by said company, and ABC is the owner of all those accounts. But shouldn't the contents of such mailbox still be private in some regard? (At least until AB isn't in the company anymore?)
It's funny, as a customer said she got an out of office from ABC, while solely sending one to AB.. I noticed this a few weeks back, and I'm rather infuriated by the fact that there's a possibility that every e-mail AB reveives, also ends up in in ABC's box.
🤔13 -
I don't get why there are laws restricting the use of my website.
Let's say I pay for the electricity, internet, housing and everything related to my server and the website that is hosted on it.
This makes the computer my property and I allow connections to be made over the internet to it, and people accept whatever I send back to them and their machine acts based on that information.
In no way am I forcing or attacking their machine, so why are the restictuons on what data I can send (other than illegal images and such, I'm talking about cookies and privacy stuff).
Their machine is the one setting and storing cookies, not mine. They're entering their personal info and sending it to me, nothing is forced and most the time it is written out what will be done with that data.4 -
This is a continuation of my previous rant about admob being not very informative when it comes to invalid traffic and the resulting restriction in ad delivery.
I then wanted to use admob mediation to hang in facebook ads. My app is written with Xamarin.Forms.
So first I needed to make some facebook configuration - create an account, let my app review, create some ad placements and other shit. I came to the point where I had to put in a link to my privacy policy and the link could not be accepted due to some SSL fuckup -.-'
I then found out that there is an issue with my SSL Chain. With the help of whatsmychaincert.com I solved that issue. Little side note here: I have limited knowledge of that stuff and my cousin helped me set up my homepage so I had no idea what I was doing. Did a snapshot and luckily I did not needed that as everything worked :)
This took me around half an hour just so I can paste the fucking link to activate my app in facebook developer portal.
After that I made the whole mediation configuration shit - not an issue as google documented this quite well but it took some time.
Now comes the shitty part. To use admob mediation you need adapters to the other ad network. I found a nuget package with exactly what I needed just to find out that it is outdated. So I pulled the repo and saw that this thing is an aar binding library. Never did that stuff so I read some docs again. Updated the package and consumed it in my app.
The google docs then said "Use this mediation test shit to check if you did everything correct before going prod" - aar binding nr. 2 (but I am now familiar with that :P). This thing then told me that facebook ads could not be loaded because the SDK version is outdated -.-' SDK version comes from another nuget package which is referenced by the first aar thingie. I tracked that thing back to a repo where I found out that they are indeed totally behind. So I downloaded the aar, made a binding lib and bound that to my first aar binding lib as that depends on this.
Put that all back in my app - tested mediation and fucking finally after 6 hours everything comes together! all lights are green and things work.
Sorry if this is not quite a rant but it was quite a journey and I just had to share it. -
I’m having this issue for the online marketplace I’m working on the side. It’s blockchain tech where you can purchase normal goods and services(no, not like Amazon or Fiverr, eww, this one’s more inclined with promoting organic growth for small businesses and freelancers).
I’m stuck with what solution is in the best interest of the user and the business for the long-term.
The dilemma about anonymity, online freedom and privacy is yes, it protects users from predators and attackers, but then, it’s harder for authorities to hunt down people who uses platforms for malicious intent, and also, digital footprint is helpful during litigation as evidence.
You don’t know who to trust.
-There is nothing to differentiate normal users with spammers, scammers, etc.
-There is no accountability for if they break the rules. They can easily delete and create a new account.
Platforms, communities big or small are plagued with these.
There are a lot of people out there who would rather project their insecurities on other people than to seek therapy.
Also, how platforms uses psychology tricks to make platforms addicting, it’s safe to assume that it’s bound to get toxic. Fixation on these platforms, leads to other needs being neglected or people forget to stay present.
Another thing, automated moderation is not that effective as there are still biases in data and human verification is still required. But then, human moderators get exposed to extreme violence, gore, etc that leads to poor mental health. (see Facebook got sued by moderators)
Also, I’ve had a recent experience where some unstable dev was stalking and harassing me. During that turmoil, I’ve found the many loopholes in every platform out there and how crappy their support is. Like they’ll just say, “make your account more secure”, bitch it’s your platform not providing enough security, your blocking feature means nothing coz anyone can still create accounts and message anyone.
It happened like February-August (it ended coz I quit going online and made private all my accounts). UGH I MISS ALL MY FRIENDS THO. FUCK THAT DUDE. He deserves to be in jail TBH
Lol if this product booms, now u know the back story lololol -
This whole thing about privacy and google is getting a little paranoid, it's almost like the Y2K bug back then...
-
My mom bought a new phone in a phone shop. They advised her a Samsung A25 prolly not matching the specs of her old iPhone. My mom doesn't do anything else than making videos with that thing, so storage and camera are important. Now, she doesn't get email configured on it somehow and the people of the store are like "we don't enter passwords because privacy Bla Bla". What a lame excuse fuck faces. Giving service is the only reason your sad stores still exists. Transferring data and configure them for older people. I've send her back to demand it from those scammers.
Fuck faces, refusing to do their job if they can get away with it1 -
PM: I can't see the Facebook page, can you check what's wrong with it?
Me: *click click tab tab* There's not much I can do... I don't have the admin access
PM: Who is the admin?
Me: ABC (who is on holiday)
PM then decided to bombard ABC with emails & phone calls (& to ABC's family)
PM: When ABC comes back, ask for the login details
Me: But that's linked to the personal account.....
PM: It doesn't matter
Where the f is privacy?
p.s PM is an arrogant bastard who logged in to ex-colleague computer, read her personal emails, found out she went to a job interview, told the boss and asked her to come back then fired her on the spot6 -
I've started to get more into the TOR idea over the last couple of weeks.
I know I'm way to "non protective" of my privacy but changing would mean I'd have to break many habits and stop using things I'm used to.
A couple years back (I guess it was in like 8th grade or so) I had a presentation in German (my first language) for an extra mark. It was about tor. In the process of researching all of it I learned quite a lot about it. All of this knowledge has stuck to me the whole time, unused.
Fast forward to today, I've finally decided to use the couple of bitcoins I have (like 15€ or so) from my home mining experiment to rent a vps for a tor relay. First, I was lucky enough to find a service provider that accepts bitcoin for a 3€. They advertised "Fair use Traffic", later found out, after committing for three months since I was like "yeah... will be fine", in the customer panel there is a graph that shows me that I have used x% of 1.5 TB... I guess the customer support will get an email from me asking what "Fair use" exactly means... But that's fine... Oh... And ipv6 wasn't a thing to be found...
To wrap it up... I've now got a 2 weeks old little tor relay <3
(I didn't wanted to put it on my main vps where I have 200mbit guaranteed at unlimited for 5€ a month since that's where I have my mail server running and a hidden service for my next cloud)1 -
Well fuck Amazon. I am trying to get into my account because for some fucking reason they say my payment method is faulty while they actually write off the subscription of prime of it. But to get into my account I need to login again with 2FA as I have that turned it on. So far so good. But since it's an old phone number I can't login. Well just change the phone number wouldn't you think? Well yes but to change the phone number I need to login in with the old phone number to which I have no longer access 🤦♂️. Eventually found a phone number I could call. I get a lovely lady on the phone which guides me to resetting my password but for that, you guessed it, I need to do the 2FA again. I get send through to the next person as she can't change it for me because of privacy reasons (oh well). That guy first askes the last 4 numbers of my creditcard like 5 times because he can't remember it (write it the fuck down then asshole) then he starts mistaking the 6 for 9 (like how the fuck do you do that) and then the text messages don't come in while I am on the phone with him which he tries to blame to my service provider because they would block Amazon (like why would they do that?). But since I got a text message of them 15 min before I shot that down quickly. Then he finally admitted that they might have a disruption going on. So I think we'll fine I'll just ask my question to him how it's possible that Prime stops working as I am watching it because my payment method is faulty according to them (but manage to write off the subscription) and he starts talking just shit. Just admit that you don't know and connect me to someone who does know how that can happen. In the the end I just hung up because I knew I wasn't getting anywhere with this guy and don't you know it, as I start writing this the text messages come in. Problem solved you would say just out that number in the website and you can change your phone number. Well no because I have to tell the number to the guy who I hung up with because the texts weren't coming in 😒. Now I should call them back but I think I'll wait till tomorrow hopefully the day shift will be a bit more knowledgeable on how shit works and can actually remember 4 digits.2
-
A long time ago I used to use Tresorit with free plan, they had back then. But...I stopped as I started to use GIT more and there just wasn't enough storage (5GB) in the free plan to upload photos.
Now I am thinking about using it again but I am not sure. Do you use Tresorit now? Is it good service?
I want privacy, that is it, do not recommend shit like GDrive or Dropbox,...3 -
Question: What do you guys think of this logo?
Anyway, here's my rant..
I'm starting to get pissed off with my relative for whom I'm doing a project.
He's coming up with the ugliest logo and fonts I have ever seen in 2018.
I mean it's business so I don't have much say in what he decides esp since he seems to have taken it upto himself to design the logo and managed to make a logo suggestion I made even terrible.
I have told him multiple times to avpid the knockoff wierd fonts and use simple fonts that looks normal.
And yet, he comes back everytime by changing colors in one of the letter n the words 🤦♂️
Maybe it's because we are from different generations and we have different visions on what it should look like.
He is the kind of guy who goes on and on about how he used computers and internet back in the 90s everytime we meet!
He probably uses MS Word to design the logo! This is the newest logo he came up with.
If I were to be honest, I would be probably rude in his eyes, since it is his "work".
What do you guys think of this logo? Can only show that much of the logo to maintain some privacy.
14 -
One of the things I’m frustrated with is that I own top-end devices but I am fearful of using their top-end features. It’s because I have a strong hunch that despite the privacy policies of the corporations I bought them from, my personal data, IP, and biometrics are being back-doored out to the intelligence community, the military, or those of foreign adversaries. My question is this: Does anyone on Devrant have personal knowledge that my hunch is true? Or to the contrary? And to what extent?
Context:
https://twitter.com/wideawake_media...
16
Top Tags
Weekly Rant
View