• 0 Posts
  • 771 Comments
Joined 1 year ago
cake
Cake day: November 8th, 2023

help-circle

  • I use email masking services for signing up to things rather than giving out an email that is attached to it a domain. That seems far smarter to me than creating a point of interest that sticks out and can be used to correlate multiple data breaches to a single identity.

    In addition, I lack the capabilities of a professional webmaster, and I am not an expert in security, and I can’t decide whether I would rather lie to a domain provider about my identity or hire a third party to obfuscate it on my behalf. That all sounds like a huge hassle to me.



  • I agree with you that email is fundamentally broken, and I use it minimally for communication, but I find it to be mostly inescapable when it comes to registering any online account. That’s where I most appreciate an online service doing due diligence and making the messages unreadable to themselves as rapidly as they can.

    It’s one thing to leave their proverbial door unlocked for a moment where somebody could get in, it’s quite another to leave it unlocked all the time. I just want a service that does the best they can given the terrible circumstances email provides.


  • Crypto is a not private. The blockchain is public.

    Not necessarily true for all ledgers, such as monero.

    Necessarily true for Monero. Theirs is public too, freely available for anyone to download and analyze. The rest of your response did not refute this. An honest response might have been “transactions are public, but…” and you could have laid out your rebuttal, but denying a fact and following it up with irrelevant PR does not make me more confident in the project.

    That, and the simple explanation that evangelizing Monero has a perverse incentive I hadn’t even considered (it benefits money launderers in addition to speculators) makes me trust it all the less.




  • I’m tempted, but Disroot has two things that will probably keep me away, unfortunately.

    1. Email is stored unencrypted on their servers
    2. The site is associated with political activism

    There are technical reasons for #1 being true (and ultimately, even if they encrypted the email, I would have to trust them anyway) but this opens extra venues for exploitation. Coupled with #2, the site may be targeted by activist groups who don’t like the politics associated with them, or participants on the service might be automatically associated with it. Personally, either of these issues on their own tends to be enough for me to avoid a service. I respect Disroot but it’s probably not for me.




  • October 24, 2024, around the time that Enhanced Visual Search is believed to have debuted.

    I love it when surprise features get silently added, then discovered a couple months later. Makes you wonder exactly how easy it would be for Apple to start scanning for tons of other stuff in addition to landmarks, now that they’ve built out the infrastructure for it.

    It’s really kind of them, too. Collecting data for all of your photos for free, holding a database of public places for free, scanning your photos against them for free, returning that day to you for free… They’re so generous!








  • After reading the article and the spec, it looks like GPC is another header (like DNT) and a JavaScript variable the client would set. I don’t see why this couldn’t be used for tracking too.

    For HTTP:

    A user agent MUST generate a Sec-GPC header… if… gpcAtNavigation is true.

    For JavaScript:

    The globalPrivacyControl property is available on the navigator object

    GPC also looks like a watered down version of DNT. DNT was “do not track,” and GPC is "do not sell:

    GPC is also not intended to limit a first party’s use of personal information within the first-party context (such as a publisher targeting ads to a user on its website based on that user’s previous activity on that same site).

    Emphasis mine