Lemmy added an alt text field for image-only posts a few versions ago; it would be nice if more people would use it.

At least this post does link to the mastodon post which it is a screenshot of.

I really don’t get how its different than a search engine

Neither did this guy.

The difference is that LLM output is (in the formal sense) bullshit.

https://en.wikipedia.org/wiki/Betteridge’s_law_of_headlines

he wouldn’t be able to inject backdoors even if he wanted to, since the source code is open

Jia Tan has entered the chat

If you use systemd’s DHCP client, since version 235 you can set Anonymize=true in your network config to stop sending unique identifiers as per RFC 7844 Anonymity Profiles for DHCP Clients. (Don’t forget to also set MACAddressPolicy=random.)

They only do that if you are a threat.

Lmao. Even CBP does not claim that. On the contrary, they say (and courts have so far agreed) that they can perform these types of border searches without any probable cause, and even without reasonable suspicion (a weaker legal standard than probable cause).

In practice they routinely do it to people who are friends with someone (or recently interacted with someone on social media) who they think could be a threat, as well as to people who have a name similar to someone else they’re interested in for whatever reason, or if the CBP officer just feels like it - often because of what the person looks like.

It’s nice for you that you feel confident that you won’t be subjected to this kind of thing, but you shouldn’t assume OP and other people don’t need to be prepared for it.

If they ask for a device’s password and you decline to give it to them, they will “detain” the device. See this comment for some links on the subject.

I’m pretty sure that immigration in the US can just confiscate your devices if you are not a citizen .

CBP can and does “detain” travelers’ devices at (or near) the border, without a warrant or any stated cause, even if they are US citizens.

Here is part of the notice they give people when they do:

Or just removing my biometrics?

Ultimately you shouldn’t cross the US border carrying devices or encrypted data which you aren’t prepared to unlock for DHS/CBP, unless you’re willing to lose the hardware and/or be denied entry if/when you refuse to comply.

If they decide to, you’ll be handed this: “You are receiving this document because CBP intends to conduct a border search of your electronic device(s). This may include copying and retaining data contained in the device(s). […] Failure to assist CBP in accessing the electronic device and its contents for examination may result in the detention of the device in order to complete the inspection.”

Device searches were happening a few hundred times each month circa 2009 (the most recent data i could find in a quick search) but, given other CBP trends, presumably they’ve become more frequent since then.

In 2016 they began asking some visa applicants for social media usernames, and then expanded it to most applicants in 2019, and the new administration has continued that policy. I haven’t found any numbers about how often they actually deny people entry for failing to disclose a social media account.

In 2017 they proposed adding the authority to also demand social media passwords but at least that doesn’t appear to have been implemented.

It seems to me that switching SIMs provides little privacy benefit, because carriers, data brokers, and the adversaries of privacy-desiring people whom they share data with are obviously able to correlate IMEIs (phones) with IMSIs (SIMs).

What kind of specific privacy threats do you think are mitigated by using different SIMs in the same phone (especially the common practice of using an “anonymous” SIM in a phone where you’ve previously used a SIM linked to your name)?

If you’re ready to break free of Android, I would recommend https://postmarketos.org/ though it only works well on a small (but growing!) number of devices.

imho if you want to (or must) run Android and have (or don’t mind getting) a Pixel, Graphene is an OK choice, but CalyxOS is good too and runs on a few more devices.

It’s literally a covert project funded by google to both sell pixels and harvest data of “privooocy” minded users. It seems to be working well.

Is it actually funded by Google? Citation needed.

I would assume Graphene users make up a statistically insignificant number of Pixel buyers, and most of the users of it I’ve met opt to use it without any Google services.

Indeed, the only thing WhatsApp-specific in this story is that WhatsApp engineers are the ones pointing out this attack vector and saying someone should maybe do something about it. A lot of the replies here don’t seem to understand that this vulnerability applies equally to almost all messaging apps - hardly any of them even pad their messages to a fixed size, much less send cover traffic and/or delay messages. 😦

You can use Wireshark to see the packets and their IP addresses.

https://www.wireshark.org/download.html

https://www.wireshark.org/docs/

A word of warning though: finding out about all the network traffic that modern software sends can be deleterious to mental health 😬

I do have wireguard on my server as well, I guess it’s similar to what tailscale does?

Tailscale uses wireguard but adds a coordination server to manage peers and facilitate NAT traversal (directly when possible, and via a intermediary server when it isn’t).

If your NAT gateway isn’t rewriting source port numbers it is sometimes possible to make wireguard punch through NAT on its own if both peers configure endpoints for eachother and turn on keepalives.

Do you know if Yggdrasil does something similar and if we exchange data directly when playing over Yggdrasil virtual IPv6 network?

From this FAQ it sounds like yggdrasil does not attempt to do any kind of NAT traversal so two hosts can only be peers if at least one of them has an open port. I don’t know much about yggdrasil but from this FAQ answer it sounds like it runs over TCP (so using TCP applications means two layers of TCP) which is not going to be conducive to a good gaming experience.

Samy Kamkar’s amazing pwnat tool might be of interest to you.

I have a device without public IP, AFAIK behind NAT, and a server. If I use bore to open a port through my server and host a game, and my friends connect to me via IP, will we have big ping (as in, do packets travel to the server first, then to me) or low ping (as in, do packets travel straight to me)?

No, you will have “big ping”. bore (and everything on that page i linked) is strictly for tunneling which means all packets are going through the tunnel server.

Instead of tunneling, you can try various forms of hole punching for NAT traversal which, depending on the NAT implementation, will work sometimes to have a direct connection between users. You can use something like tailscale (and if you want to run your own server, headscale) which will try its best to punch a hole for a p2p connection and will only fall back to relaying through a server if absolutely necessary.

See https://github.com/anderspitman/awesome-tunneling for a list of many similar things. A few of them automatically setup letsencrypt certs for unique subdomains so you can have end-to-end HTTPS.

Mattermost isn’t e2ee, but if the server is run by someone competent and they’re allowed to see everything anyway (eg it’s all group chat, and they’re in all the groups) then e2ee isn’t as important as it would be otherwise as it is only protecting against the server being compromised (a scenario which, if you’re using web-based solutions which do have e2ee, also leads to circumvention of it).

If you’re OK with not having e2ee, I would recommend Zulip over Mattermost. Mattermost is nice too though.

edit: oops, i see you also want DMs… Mattermost and Zulip both have them, but without e2ee. 😢

I could write a book about problems with Matrix, but if you want something relatively easy and full featured with (optional, and non-forward-secret) e2ee then it is probably your best bet today.

Tuta is most likely a honeypot, and in any case it is pseudo-open source so it’s offtopic in this community.