They may block IP addresses associated with consumer ISPs. Assuming that’s the case, I would guess you’re seeing that as an HSTS/TLS error because their network is trying to trick your browser into redirecting to/displaying an error page hosted by some part of their network.
[edit: To be clear, I assume the part that OP is not sure if it’s satire or not is “or switching to a more privacy-conscious browser such as Google Chrome.”] The emphasis in
Firefox is worse than Chrome
is in the original. To me that clearly implies that they are of the opinion that in general Google & Chrome are worse on privacy than Mozilla & Firefox. The comment at the end is just tongue in cheek snark alluding to the fact that in this particular case google did better for privacy in Chrome than Mozilla in Firefox.
or switching to a more privacy-conscious browser such as Google Chrome.
Definitely satire, the context from earlier:
- Firefox is worse than Chrome in their implementation of ad snitching, because Chrome enables it only after user consent.
IMO, the best free option is https://freedns.afraid.org/. The biggest downside of that one is that you have to login a couple times a year (IIRC?) to keep it active. I actually still use this even though I have a paid domain, I just CNAME my real domains to the afraid dynamic name. That was easier than changing the config every time I become unhappy with my domain registrar and have to reconfigure everything after swapping.
You’re not mistaken, it is definitely possible with at least RSA, though, I would guess it may not always be possible. It also sounds like it’s still a bad idea unless you know all of the parameters used to generate the keys and can be sure what information is actually encoded in the keys.
Less commercial interest means only hobby level development
Podman is developed by RedHat: https://github.com/containers/podman/graphs/contributors
As others have said, it’s quite good on privacy. For the truly paranoid, IIRC you can even self-host the sync server.
From the security perspective of privacy, do make sure to use a good password for the Mozilla account, the account password is also the encryption key for the E2E encryption.
Unfortunately, no. Samba needs a different label. Doing that relabels things so that only containers (and anything unrestriced) can access those files.
IMO, yes. Docker (or at least OCI containers) aren’t going anywhere. Though one big warning to start with, as a sysadmin, you’re going to be absolutely aghast at the security practices that most docker tutorials suggest. Just know that it’s really not that hard to do things right (for the most part[1]).
I personally suggest using rootless podman with docker-compose via the podman-system-service.
Podman re-implements the docker cli using the system namespacing (etc.) features directly instead of through a daemon that runs as root. (You can run the docker daemon rootless, but it clearly wasn’t designed for it and it just creates way more headaches.) The Podman System Service re-implements the docker daemon’s UDS API which allows real Docker Compose to run without the docker-daemon.
If anyone can tell me how to set SELinux labels such that both a container and a samba server can have access, I could fix my last remaining major headache. ↩︎
As far as I’m aware something like that isn’t really possible.
- it would prevent one person from making multiple fake accounts
How do you define ‘a person’ and how do you ensure that they only have one account? Short of government control of accounts, I don’t think you can really guarantee this and even then there’s still fraud that gets past the current government systems.
Then, how do you verify that the review is coming from the person that the account is for?
IMO, we’d all be better off going back to smaller scale social interactions, think ‘social media towns’ you trust a smaller number of people and over time develop trust in some. Then you can scale this out to more people than you can directly know with some sort of web-of-trust model. You know you trust Alice, and you know Alice trusts Bob, so therefore you can trust Bob, but not necessarily quite as much as you trust Alice. Then you have this web of trust relationships that decay a bit with each hop away from you.
It’s a rather thorny problem to solve especially since for that to work optimally you’d want to know how much Alice trusts bob, but that amounts to everyone documenting how much they trust each of their friends, which seems socially… well… difficult.
Though the rest is actually easy™:
- reviews wouldn’t be suppressed or promoted by paid algorithms
- the algorithm WOULD help connect people to items they are interested in. But maybe the workings of it would be open source, so it can be audited for bad acting.
You do what the fediverse does, you have all the information available to everyone, then you run your own ‘algorithm’ that you wrote/audited/trust. The hard part is getting others to give away access to all ‘their’ data.
I think people are just all outraged-out these days. (Well, at least for this…) The years and years of outrage about locked phones didn’t get any of the old manufacturers to change their ways and when the option of the pixel showed up, people who care about this were just tired and settled for just voting with their wallet. Or at least that was my experience.
I so, so wish this were a real option, but sadly the software support just really isn’t there yet.
For that to become reality I think it would either need a ‘Proton for Android Apps’ or some sort of killer app that I can’t even imagine.
I am dismayed at the current scenario of basically nothing but the pixels being supported for rooting (not the fault of the community). Also a bit saddened by how easily everyone has accepted it.
Serious question, what the the community not accepting it look like?
Technically neither of these are donations, but:
I subscribe to Firefox VPN, and don’t actually even use it, just because I want to support them in a way where money could possibly towards FF dev and not just the Mozilla foundation (which can’t fun Mozilla corp work AFAIK).
I also have a supporter subscription at https://neocities.org because I support his ideals. Plus I get dirt cheap, easy to use static hosting out of the deal.
Edit: Oh, I guess humble bundle purchases might count, I do at least slide the sliders to make sure the charities get most of the money.
Edit 2: Oh and the Calyx Institute, that’s actually a proper donation to a registered nonprofit. With my $400/year donation I get a 4G hotspot with actually unlimited data. (They also have a $500/year for an unlimited 5G hotspot, I just haven’t felt the need to upgrade since they started offering that.) I also use CalyxOS, so it’s nice to feel like I’m supporting that.
Defense in depth. If something escapes the container it’s limited to only what’s under that user and not the whole system. Having access to the whole system makes it easier for malware to hide/persist itself.
If your distro offers it, rootless podman + podman system service is the best setup, IMO. That will give you a docker command that is 1-to-1 compatible with docker and lets you use tools like docker-compose that expect a docker service socket. Then you can just follow tutorials that only explain things for docker.
That’s not really possible with docker TBH, and I say that as a diehard Podman advocate. Docker, the tooling that you install with your package manager, is open source. Sure they have windows and mac desktop stuff that isn’t open, but it’s not like you’re self-hosting with that, right?
Plus there’s always Podman to switch to, which can be a (mostly) drop-in replacement, if you want something with a more trustworthy provenience.
Wait, what? What did he do? (Aside from selling the company, I mean.)
OP is asking about userChrome.css, which applies to the style of the browser window itself, not webpage contents. Websites can’t view the markup for the browser window itself (which, fun fact is (mostly?) just HTML too), otherwise this would all be moot and they could just look at your list of tabs or your username in the menus.
I’ve just said “I don’t have one” when asked this for awhile. This never seems the phase the cashiers, I’m guessing they know what that really means. Half the time I still get whatever discount, though I’ve never tried to sign up for a membership saying that.
If it’s an online form my phone number is just (local area code)555–5555. I’ve never had that not take, except for one case where it automatically enabled 2-factor auth and I had to create a new account.