Jerry

joined 1 year ago
[–] Jerry@feddit.online 10 points 4 days ago

Thanks! I've tried editing it.

 

TIL the guillotine was named after a man who neither invented it nor believed in the death penalty.

The guillotine was named after Joseph-Ignace Guillotin, a surgeon who didn’t believe in public executions and was appalled that while nobility was given merciful deaths, the masses went through extreme suffering during their executions. He spoke out about this, advocating that all killings should be painless and the same regardless of class if the death penalty continued.

It ended up being named after him as more of a joke because of something he allegedly said about the device being as quick as a twinkling of an eye. The new name stuck. The original name, named after the true inventor, Antione Louis (the louisette), ceased, and the official name assigned by the government was guillotine.

The family was so embarrassed by the association that they legally changed their last names.

 

TIL the guillotine was named after a man who neither invented it nor believed in the death penalty.

The guillotine was named after Joseph-Ignace Guillotin, a surgeon who didn't believe in public executions and was appalled that while nobility was given merciful deaths, the masses went through extreme suffering during their executions. He spoke out about this, advocating that all killings should be painless and the same regardless of class if the death penalty continued.

It ended up being named after him as more of a joke because of something he allegedly said about the device being as quick as a twinkling of an eye. The new name stuck. The original name, named after the true inventor, Antoine Louis (the louisette), ceased, and the official name assigned by the government was guillotine.

The family was so embarrassed by the association that they legally changed their last names.

[–] Jerry@feddit.online 2 points 2 weeks ago

You have to trust someone. There's no way around this. But trusting some app written by some unknown person that has nobody overseeing it is probably the worst place to put your trust.

So, decide. You either trust some unknown app developer, your ISP, or a VPN provider. You must choose one. Which one do you choose? Choosing none means you are off the Internet.

I have more trust in Proton VPN, Mullvad VPN, Mozilla VPN, and some other reputable VPN providers than I do in my ISP, some cheap VPN run by unknown people, or some app making crazy claims. I strongly doubt that a reputable VPN provider is doing any tracking of user traffic. But I bet MockTraffic is telling someone all the websites you're visiting.

I think if you are worried about your traffic being tracked, you are safest with a reputable VPN provider.

[–] Jerry@feddit.online 7 points 2 weeks ago (7 children)

I see so much wrong in these claims.

  1. Anyone analyzing your traffic is not just doing so based on DNS queries. They use Deep Packet Inspection (DPI) and they track packets across the Internet to find out what you're doing. A fake request won't fool them.
  2. Similarly, they use machine learning and behavioral analysis, which won't be fooled either by a bunch of DNS queries.
  3. The increased noise could be detected as malicious activity, like a DDOS attack. You can find yourself rate limited, and your network performance can drop substantially.
  4. If the fake requests are real websites, your IP address can become associated with a wider range of interests, leading to more targeted advertising.
  5. Instead of using a simpleton's approach that won't work, use real protection. Use a paid-for VPN, or at least a reputable free one (not many) with built-in ad and tracker blocking to bypass your ISP.

**The App sounds fishy, actually. ** Many apps come out claiming to provide some unique security, and they eventually turn rogue and start stealing information. This one sounds ripe to go rogue, especially since it can't make it into the standard store. I expect to read about MockTraffic someday being caught stealing information.

I wouldn't go near it.

[–] Jerry@feddit.online 16 points 2 weeks ago (1 children)

5.7 on IMDB.com FWIW.

[–] Jerry@feddit.online 2 points 2 weeks ago (2 children)

Depends on the application for me. For Mastodon, I want to allow 12K character posts, more than 4 poll question choices, and custom themes. Can't do it with Docker containers. For Peertube, Mobilizon, and Peertube, I use Docker containers.

[–] Jerry@feddit.online -2 points 1 month ago

Yes, well stated. This is why I usually skip reading people's comments. The vast majority see everything through their own agendas and just echo words they hear.

[–] Jerry@feddit.online 11 points 1 month ago

It's worse than you think. An IMSI catcher is not even needed to find out what phones are in an area:

Section 3.4.1: Presence Testing in LTE
https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks

Passive Presence Testing

The simplest way to do presence testing in LTE doesn’t actually require someone to have what we usually consider a CSS (e.g. a device that pretends to be a legitimate cell tower). Instead, all that’s required is simple radio equipment to scan the LTE frequencies, e.g. an antenna, an SDR (Software Defined Radio), and a laptop. Passive presence testing gets its name because the attacker doesn’t actually need to do anything other than scan for readily available signals (Shaik et al, 2017).

RRC paging messages are usually addressed to a TMSI, but sometimes IMSI and IMEI are also used. By monitoring these unencrypted paging channels, anyone can record the IMSIs and TMSIs the network believes is in a given area . In the next section, we’ll see how an attacker can correlate a TMSI to a specific target phone, as right now collecting TMSIs simply means recording pseudonyms.

There are descriptions in the article of other ways to find phones without using an IMSI Catcher or fake tower.

[–] Jerry@feddit.online 2 points 1 month ago

Wow! Well done!!

 

Rule 1: Don't ever use an agentic browser (one that an AI can control).
Rule 2: But, if you do use an agentic browser, only run it inside a virtual machine.

AI hacking. Downloading images can allow your computer to become hijacked. Here's how.

https://www.scientificamerican.com/article/hacking-ai-agents-how-malicious-images-and-pixel-manipulation-threaten/

[–] Jerry@feddit.online 5 points 1 month ago

It doesn't mean they are wrong. Anyway, here:

"Based on documents leaked by Edward Snowden, the National Security Agency (NSA) had already developed a technique in 2004 to locate cell phones even when they were turned off, called “The Find”, mostly used to locate terrorist suspects [36]. This was accomplished through the use of IMSI catchers, which could wirelessly send a command to the phone’s baseband chip to fake any shutdown and stay on [37]. The phone could then be instructed to keep just the microphone on, in order to eavesdrop on conversations, or periodically send location pings. The only hint that the phone was still on was if it continued to feel warm even though it had been shut off, suggesting that the baseband processor was still running. IMSI catchers used by London’s Metropolitan Police are also reportedly able to shut down targeted phones remotely [38]."

https://www.cis.upenn.edu/wp-content/uploads/2019/08/EAS499Honors-IMSICatchersandMobileSecurity-V18F.pdf

[–] Jerry@feddit.online 1 points 1 month ago* (last edited 1 month ago) (3 children)

Seems to depend on what you read: https://godarkbags.com/blogs/news/imsi-catchers-the-hidden-threat-to-your-mobile-privacy-and-how-to-stop-them

Quote:

Can I Be Tracked With My Phone Off?

Yes, even when your phone is turned off, it’s not entirely inactive. The radio system, controlled by a separate subsystem called Baseband, can still transmit signals. This design allows for features like remote device tracking but also means that simply turning off your phone doesn't protect you from IMSI catchers. Using a Faraday bag completely isolates your device from any external signals, providing robust protection.

The most effective defense against these threats is to block the signals that IMSI catchers rely on. This is where Faraday bags come into play. These specially designed bags create a barrier that prevents radio waves from reaching your device, effectively neutralizing IMSI catchers and other surveillance tools.

[–] Jerry@feddit.online 4 points 1 month ago

They can triangulate from the 8 readings that they did and know my location. They also know it's T-Mobile and they can subpoena T-Mobile and Google to get the information (the IMSI code will identify the dealer) to identify who bought the phone and what phone account pays for the service.

 

I have a #Pixel 10 Pro XL phone, which may be the first phone to give warnings when the phone connects to a rogue cellphone tower or IMSI catcher. The OS cannot block it; it can only tell you that someone read information, and it presents an alert. It says,

"Your data may be at risk. Device ID accessed. At 6:57 PM a nearby network recorded your device's unique ID (IMSI or IMEI) while using your T-Mobile SIM. This means that your location, activity, or identity has been logged."

I didn't ever get an alert before walking through the building, but this time, during a 30-minute walk through the building, I got about 8 alerts, ranging between 1 and 3 minutes apart.

Using this information from repeated connections, someone can follow my movements and location; they can identify it's me because the IMSI number is unique to my phone, so it can be an indication that someone was collecting all the cellphone information in the area, most likely law enforcement.

It can also mean that I was connecting to a rogue cell phone tower, not just an IMSI catcher, and it was an attempted Stingray attack, likely also law enforcement. If successful, they can try to see and hear what I'm doing on my phone, as my phone won't know that it's a fake cellphone tower.

Be aware that a rogue tower will try to negotiate your phone's connection down to a 2G connection, which is unencrypted, providing them with access to everything that you are doing and saying. Please go into your phone's settings and disable 2G!!

It's been believed for some time that this technology has been used by law enforcement secretly and consistently. This is creepy and unnerving.

Turning off the phone, by the way, doesn't stop an IMSI catcher. Your phone still responds. You need to keep the phone in a Faraday bag if you're really concerned.

It's a good thing that phones are now starting to inform people that they are being watched and that people will begin to see how much of an issue this is. You can assume that your local law enforcement knows where you are all the time.

 

This article from Brave's security team highlights a significant security risk in agentic browsers, where they can be tricked into doing things such as stealing credentials. They demonstrate a proof of concept in the article.

Agentic browsers have a built-in AI assistant that can browse the web and perform tasks on your behalf. While they speak about Perplexity's Comet browser, know that Edge with Co-pilot has these same vulnerabilities. There are many in development.

The article details a vulnerability called indirect prompt injection. This attack allows a bad actor to hide malicious instructions on a webpage that the AI will follow as if they were legitimate commands.

Traditional browsers like Firefox that are designed for human use only and lack these autonomous AI capabilities are not vulnerable to this specific attack.

https://brave.com/blog/comet-prompt-injection/

 

Two weekends ago I upgraded my Ubuntu desktop from 22.04 to 24.04.3 and was left with an unusable system because I opted to keep my existing copy of the gdm-smartcard-pkcs11-exclusive configuration file because I don't use a smartcard.

But it's a new configuration file and is REQUIRED. By saying I didn't want it updated, the update program didn't create the new one. And since there wasn't an old one, the upgrade failed with "error: alternative path /etc/pam.d/gdm-smartcard-pkcs11-exclusive doesn’t exist" and "The upgrade has aborted. Your system could be in an unusable state." Oh, it certainly was.

It might as well have said, "Enter N if you want your system to become unusable."

The upgrade program should never have asked. If the file is required and it isn't there, it should have just created it. I think it's a bug in the update program.

gdm3, ubuntu-desktop, and ubuntu-desktop-minimal weren't installed. PAM was not set up. No way to log in.

I wrote a blog post about how I recovered from this in case anyone else is bitten by this same issue: https://jerry.hear-me.blog/ubuntu-22-04-to-24-04-upgrade-failure-missing-file/

 

'Chicago Sun-Times' Slammed After Letting AI Generate Summer Reading List—Full Of Fake Book Titles

 

Need some good news about the fight against Corporations violating your privacy? This is a great ruling! This gives States big teeth to go against companies who violate state laws that protect privacy.

The key issue was whether Shopify’s actions were “expressly aimed” at California. Shopify argued that it was “mere happenstance” that its conduct affected a consumer in California ..."

Ninth Circuit Court:
"Pre-internet, there would be no doubt that the California courts would have specific personal jurisdiction over a third party who physically entered a Californian’s home by deceptive means to take personal information from the Californian’s files for its own commercial gain. Here, though Shopify’s entry into the state of California is by electronic means ..."

"... not “mere happenstance” because, among other things, Shopify allegedly knew plaintiff's location either prior to or shortly after installing its initial tracking software on his device as well as those of other Californians.

https://www.eff.org/deeplinks/2025/05/ninth-circuit-hands-users-big-win-californians-can-sue-out-state-corporations

#EFF #Shopify

106
submitted 8 months ago* (last edited 8 months ago) by Jerry@feddit.online to c/fediverse@lemmy.world
 

There are many #Friendica fans, and for good reason. Once you get past the learning curve from the difficult UI, you get to appreciate the extra benefits of built-in #Bluesky, #Lemmy/#Piefed/#MBIN, #Tumblr, and #RSS feed integration. It also has #Diasporia integration and some other protocol integrations. Of course, it's also a #Mastodon alternative.

Nobody ever mentions Friendica as being a #Threadiverse app, but it has Groups, which is built-in Threadiverse capability. If you follow a Community on Lemmy/Piefed/MBIN, for example, it gets categorized as a group and is placed into a separate section for the groups you are part of. Then you can read and post in the Group (Community/Magazine) just like you would on a Threadiverse application. You can also create public and private groups.

And there is no need to use a Bluesky bridge if the Friendica instance you are on has the integration turned on.

Here's an excellent 5-minute video showing Friendica created by @earthman@my-place.social for those interested in seeing how it works.

https://www.youtube.com/watch?v=QFGLRgnaeLc

 

Hey, Threadiverse! I'm looking for informed opinions on database choices.

I can stand up an Internet-facing application and have it use either MySQL or PostgreSQL. Which is the better choice, and why do you think so?

Thanks!

21
Antisocial Media (feddit.online)
submitted 9 months ago* (last edited 9 months ago) by Jerry@feddit.online to c/communitypromo@lemmy.ca
 

Dedicated to antisocial behavior of social media corporations, censorship, algorithmic bias, filter bubbles, privacy and psychological effects of mainstream social media.

Articles like:

  • Instagram Begins Randomly Showing Users AI-Generated Images of Themselves
  • Meta dumps fact-checkers
    -Facebook lifts restrictions on calling women ‘property’ and transgender people ‘freaks’

!antisocialmedia@piefed.social
https://feddit.online/c/antisocialmedia@piefed.social

 
view more: next ›