Yeah. Honestly. For platforms like Instagram, Facebook, TikTok, mandate chronological feeds of only people you have followed, paginated at like 30.
- 1 Post
- 70 Comments
They saved lifes.
Glad to have cleared that up for you 👍
I think the text is somewhat dubious in its arguments, but this (and the arguments built on this assertion) is just plain wrong:
[Signals servers have] a few important pieces of data;
Message dates and times Message senders and recipients (via phone number identifiers)
Signal clients implement the Pond protocol. As a result, Signals servers know who a message is for (obviously, how else do you get the message) but cannot know who it is FROM.
I’ve been playing around with implementing a secure/private messenger demo for myself, and have been consistently impressed with how privacy preserving Signal is when reading their papers and code. I wish it was selfhostable, but apart from that, it’s great.
The server would be NICE to be OSS, but ultimately, privacy breaches are prevented client/protocol side.
smiletolerantly@awful.systemsOPto
Selfhosted@lemmy.world•`continuwuity` vs `tuwunel`: where to go from `conduwuit`? (Update: probably `continuwuity`.)English
1·3 months agoI don’t really know, sorry :(
If you want to migrate, is going conduit - conduwuit - continuwuity (first version) - continuwuity (current version) maybe an option?
smiletolerantly@awful.systemsOPto
Selfhosted@lemmy.world•`continuwuity` vs `tuwunel`: where to go from `conduwuit`? (Update: probably `continuwuity`.)English
1·3 months agoI went with continuwuity and am happy with it. Development happens at a steady pace, with sane priorities. The server is stable and I haven’t had any issues to speak of, despite one minor bug that got resolved very quickly after creating an issue.
This doesn’t make a call to government servers.
The app (or desktop application BTW, incl. Linux) reads your national ID’s NFC tag, once. When you need to prove your age, the app locally computes a zkp that only tells the site “at least 18yo yes/no”.
Note that every EU country has a form of national ID, and the digital capabilities of these IDs are already used for a bunch of stuff (e.g. taxes, bank account creation,…). This doesn’t worsen the privacy situation for EU citizens, but instead ensures that no privacy-unfriendly solutions emerge.
smiletolerantly@awful.systemsto
Not The Onion@lemmy.world•Man bites woman at cherry blossom park in Japan, dies shortly afterEnglish
5·3 months agoOh right, yes. Sorry.
smiletolerantly@awful.systemsto
Not The Onion@lemmy.world•Man bites woman at cherry blossom park in Japan, dies shortly afterEnglish
28·3 months agoThe (edit: second) Osaka one is just sad. Grief sucks.
smiletolerantly@awful.systemsto
Ask Lemmy@lemmy.world•If you could become a character and enter any universe and that becomes your permanent life what universe would you pick?
5·3 months agoThat actually makes a lot of sense, ha.
(Just in case you aren’t familiar with the Culture: yep, anyone or anything in it would be famtastic.)
smiletolerantly@awful.systemsto
Ask Lemmy@lemmy.world•If you could become a character and enter any universe and that becomes your permanent life what universe would you pick?
11·3 months agoFuck, Id be okay with any random Culture citizen
smiletolerantly@awful.systemsto
Technology@lemmy.world•Spotify and Labels(including UMG, Sony, and Warner) Seek $322 Million Default Judgment Against Anna’s ArchiveEnglish
1·3 months agoDid they still not release the actual torrents though?
smiletolerantly@awful.systemsto
Technology@lemmy.world•European Union finds PornHub, Stripchat, XNXX and XVideos in breach of the Digital Services Act for allowing minors to access their servicesEnglish
1·3 months agoIt’s mostly just that I don’t want the government to know precisely which websites I visit. Nor do I want the the porn sites to know exactly who I am.
I understand, I want that too. It’s easily possible though (just one example for a scheme):
- you visit porn site
- porn site sends your browser a random nonce
- you/browser tell government service: sign this if I’m >18
- government signs the nonce + a timstamp to prove freshness
- your browser forwards the result to the porn site
- porn site can verify signature per standard public certificate chains
- now porn site has proof that you are >18, but knows nothing else about you; and government only knows that you wanted proof that you are an adult, but not for what site or purpose you wanted to prove that
Alternatively, if we go the “device has an age bracket field browsers access” route, it’s even simpler, and just as if not more privacy preserving.
smiletolerantly@awful.systemsto
Technology@lemmy.world•European Union finds PornHub, Stripchat, XNXX and XVideos in breach of the Digital Services Act for allowing minors to access their servicesEnglish
0·3 months agoIn that case: sorry to blow up on you. I have seen to many comments on here claiming these things while being 100% serious. I just saw your comment and incidentally had time to write the above for once, so, here we are.
I agree that there’s no way to completely cut teens off from porn. Your torrent example is perfectly demonstrating this.
But I also do not understand the current outrage at anything trying to improve the situation, even when it’s not some stupid “scan your face” scheme.
smiletolerantly@awful.systemsto
Technology@lemmy.world•European Union finds PornHub, Stripchat, XNXX and XVideos in breach of the Digital Services Act for allowing minors to access their servicesEnglish
0·3 months agoSo let me get this straight:
When I was 13, I managed to figure out the router password, disabled child protection for myself, then watched porn on my Android 2.3 phone that I had managed to put a custom ROM on because I liked the way it looked and had no idea what a “launcher” was yet.
This is not a hypothetical btw.
My parents were smart enough to enable appropriate blocking and secured access to those settings. I’m not sure something on-device was available at the time, but I included the bit about the custom rom to demonstrate that, even though I didn’t know WTF I was doing, I was more than capable of fucking around with the tech to get it to do what I wanted.
So were my parents in breach of their duties on child protection?
I don’t think they were. They actually did educate themselves (visiting a course / parent meetup to discuss and learn how to protect me from the Internet), and implemented everything they learned.
I was just a little shit and found a way around this.
And this is NOT an edgecase. Because guess what. It takes one kid in the friend group to figure out a way to circumvent parental controls, and then EVERYONE knows how to do it.
It simply does not fucking matter how well intentioned, knowledgeable, and present the parents are (mine were all of that).
Going “this would not be a problem if parents parented” is the LAZIEST fucking excuse, and I’m sick and tired of reading about it on here.
(Because I probably have to make it clear: I’m not advocating for photo/passport scanning, third party age verification,… and all that bullshit. What I think would be a FANTASTIC idea would be privacy-preserving age verification. There are two good ways to do this: 1) on a login attempt, prove that you are of age by presenting a fresh, signed token from a government service proving that you are over 18, and nothing else; site does not get any info, government does not know what you were trying to access; 2) a device-level age field. Proof here comes from the device itself, and can be 100% privacy preserving; just a “yep, is of age”. In this scenario… GUESS WHAT, PARENTS GET ENABLED TO PARENT “PROPERLY” BY PROVIDING THEM WITH A GOOD, SIMPLE, PRIVACY-PRESERVING TECHNICAL SOLUTION.)
Chat is this real?
smiletolerantly@awful.systemsto
Selfhosted@lemmy.world•Any good selfhosted instant messaging?English
4·4 months agoHuh - you’re right. I went back to Signal’s X3DH spec because I was sure I was right, but it seems I misremembered how the “prekey bundles” work: Users publish these to the server, allowing (in my original assumption) for the server to just swap them out for a server/attacker-controlled key bundle for each Alice and Bob.
However, when Alice wants to send Bob an initial message and she gets a forged prekey bundle, Bob will simply not be able to derive the same key and communication will fail, because Bob knows what his SPK private key is, while the server only knows the public key.
smiletolerantly@awful.systemsto
Selfhosted@lemmy.world•Any good selfhosted instant messaging?English
3·4 months agoA compromised server would allow the server to man-in-the-middle all new connections (as in, if Alice and Bob have never talked to each other before, the Server/Eva can MITM the x3dh key exchange and all subsequent communication). That’s why verifying your contact’s signatures out-of-band is so important.
(And if you did verify signatures in this case, then the issue would immediately be apparent, yes.)
Edit: I was wrong. See below.
smiletolerantly@awful.systemsto
PC Gaming@lemmy.ca•RIP Discord: Self-Hosted Discord Alternatives Tested (TeamSpeak, Stoat, Fluxer, Matrix, & More)English
9·4 months agoJitsi is a group (video) call tool. It’s not even close to resembling a Discord alternative. And I’m saying this as someone selhosting Jitsi and evangelizing it whenever I can.
smiletolerantly@awful.systemsto
Privacy@lemmy.ml•"look! the #signalapp income and salaries report for 2024 dropped!" #startpocketwatching #opentechnologyfund #usgovernmentsponsored
3·4 months agoFunny, I’ve also already read that 😄 Good blog and article.
But… That would force them to provide a great user experience in order to retain users!! That’s an unacceptable burden on the largest companies in the world!!