It’s still a “fun self-control challenge” if you just stop watching porn for the month. Nothing wrong with that. But the masturbation part is just silly religious stuff with a dash of prostate cancer.
It’s same data of men who suddenly develop lung cancer after their first month of smoking. Doesn’t mean it won’t come back and bite you in the long term.
“In all, men who averaged 4.6–7 ejaculations a week were 36% less likely to be diagnosed with prostate cancer before the age of 70 than men who ejaculated less than 2.3 times a week on average.”
Funny, because I never mentioned masturbation. I don’t think anyone except the most die-hard members of the NNN/NoFap/etc. community would argue that masturbation in itself is wrong or unhealthy. The original “goal” of the challenge was to curb pornography consumption. I think most people would agree that the spirit of NNN is a lot closer to “no porn november” than “no ejaculation november.”
-14 wow. It’s totally understandable that NNN memes are becoming staler over the years, but there are a lot of people who struggle with porn consumption and I think it’s a better idea to stop masturbation for 1+ months and after transitioning over to masturbation w/o porn.
Yes, you can actually break your penis and do permanent damage. Doctors warn not to do reverse cowgirl for example, a popular position in porn. If not done right the penis will break and you are going to have a bad time.
Hey black mirror had this where they had to watch an ad and looking away was illegal. We’re getting there with Google and their recent and announced YouTube and Chrome changes.
Oh yeah. Maybe it’s because I’m still in the just-got-my-first-credit-card phase, but damn I love that little piece of plastic. I’m clumsy and suck at using cash, but I feel so graceful with a card.
The one thing I don’t like about digital payments is that so far, they’ve all been owned/controlled by various major card processors, like Visa. That control really gives those processors a dominant position and basically free money.
Loved the idea behind satoshis. Even tried it out. Even made a little money and got out before it all crashed.
It was an interesting concept until all the mega-grifters showed up to make it yet another speculative commodity to fuel their insatiable gambling addictions.
I consider myself pretty knowledgable in lots of computing topics but even I felt very shakey at the sheer paranoia required to keep digital currency safe. (Assuming it doesn’t suddenly become worthless overnight on its own).
I can’t imagine normies navigating that. And using paypal or a bank or something put you right back at “not your coins” anyway.
Personlly, dumping 100% of it all at once purged a LOT of anxiety.
Plus, accounts are readily trackable on public ledgers. Not very private as soon as various means are deployed to know your public account.
The thing that saddened me most was seeing how much freaking energy and technology was thrown on the pyre of make-believe numbers. The “metaverse”, web3, the fact NFTs even happened. Hardware shortages whenever some new coin figured out how to store a hash on it. Super sophisticated scams everywhere…
If anything it was definitely a psychological experiment to see what intangible nonsense even entire nation-states would devote massive resources to instead of feeding or housing people.
Not to mention the huge mess with constantly changing laws and taxes from officials who struggle to send emails.
Plus, and finally, it was supposed to democratize money unlike fiat currency, but it was worth fiat currency, so the a-holes hoarding all the fiat currency just gobbled up all the digital ones too and tried to sell it back to us.
I really just don’t care either, Ill just pay who im forced to, 1/10th of my paycheck (it costs them pennies to make) or I could randomly die. It’s all corporate bullshit anyway. /s
I really just do not care, Ill just take out a loan I cannot afford so I can stop playing chicken on crosswalks and avoid dieing to that driver who is on their phone, not paying attention. Its just human bullshit anyway. /s
This is just pure bullshit scare tactics. In order to successfully make a transaction, I have to have my watch facing me, double click the button, and then hold it near the terminal for a few seconds. There is no way someone could just swoop in and do a transaction without my knowledge. It’s bullshit fearmongering like this that makes people scared of new features like NameDrop. Quit it.
In my experience with my Apple Watch you have to activate the wallet functionality in order to pay for something by clicking the side button twice, which should make it harder for somebody to just walk around with a terminal charging random people. Phones usually need to be unlocked to make payments too. In theory NFC credit cards could be scanned like this, and if you’re worried about that you can look into NFC blocking wallets… I’m not super worried about it, though, because usually you wouldn’t be on the hook for such a fraudulent charge.
Agreed. I think cash should always be there as a fallback. But 9/10, I prefer to use card because cash is so dirty, and is harder to keep track of.
If I go to my bank app. I know exactly how much I have. Whereas if I keep cash in my wallet, I have to count it all out and keep track of it in my head. I don’t like that. It’s just more awkward for me.
Yes but how do you pay your prostitute? I’m surely not in the mood to explain my wife what’s that $200 transaction on my card from a MELINDA TEEN at midnight that day I was supposed to be late at work.
There’s a reason why most corporations try to keep a squeaky clean appearance to the public. They’re trying to make money. It baffles me why Elon thinks public perception doesn’t apply to him or his corporations. It’s like he thinks the world is comprised of halfwit tech bros that will lap up any old bit of garbage that comes out of his mouth. Yes, freedom of speech is vital for democracy, but not everyone is required to agree with you or pay you money because you think you are right. A critical short coming of many narcissists.
The post isn’t about privacy, if it was, faxing wouldn’t be on there. I’d wager a strong guess it’s about convenience on one hand while choosing to be inconvenient on the other.
Edit: or maybe it’s more about high tech in some sectors and low tech in others, still not about privacy.
Fax is unencrypted. Encrypted versions apparently exist but that’s not what Japan and Germany use.
And that aside my mom regularly gets sensitive patient data via fax at her workplace because the number is one digit off some doctor’s (bonus points for the inverse also happening, and her also working with sensitive data). Far less likely to happen with email. At most encrypted fax is equally secure.
It is however point-to-point plus doesn’t go over a public network and the routers of “random” 3rd parties (as IP does not necessarily route your packets always via the same path, and NNTP - the e-mail protocol - is even worse).
Faxing is probably is inherently more private simply because generally there is just 1 company controlling the entire network it travels through (i.e. the phone landline network), though I would hardly call it secure.
Properly encrypted e-mail is more secure with regards to the contents but it leaks metadata (that there was a message of a certain size from a certain sender to a certain receiver at acertain time) to a lot more 3rd parties than a fax would.
Yeah, you’re right - it’s SMTP not NNTP. Considering that back in the day I used to telnet to port 25 of my uni’s server to send e-mails portraying as one of my teachers to take the piss of my friends and hence knew at least some of the protocol, I must be getting old to confuse the acronyms.
But yeah, the main point is not the network being “public” (in the sense that anybody can access it) it’s that - as I explained but you seemed to have missed - the intermediate hops for an e-mail travelling on the internet can be owned by just about anybody and, worse, not necessarilly in your country working under local laws - routing will often send things around in quite unexpected tours on a physical sense depending on network topology - whilst the nodes the fax data travels on a phone network are generally owned by just 1 company or 2 (the latter in countries with multiple landline providers if you send it from a phone in one to the phone in another, as the network topology is much simpler and all providers connect to each other directly).
If your data goes over at most only 2 networks owned by very specific companies it is inherently safer from eavesdropping that if it goes over an unknown number of networks owned by an unknow number of companies. This is not the same as saying it’s “safe” - it’s just one relative to the other, rather than an endorsment of faxing.
Also there are usually laws around eavesdropping on phone calls, from the old days, whilst it’s the Wild West out there when it comes to those operating intermediate nodes eavesdropping on e-mails.
Frankly, if you can’t send the data encrypted, then faxing is probably safer from a privacy point of view (it would take a crooked telecoms operator risking their license, a Court Order or physical access to eavesdrop on it), but if encrypted e-mail is safer at least content-wise, though as I pointed out plain e-mail with unencrypted headers leaks meta data even if the contents is encrypted.
Yeah, those were the “good old days” before the openning of the Internet to the broader public when most protocols were all naive and innocent, with zero security consciousness, and SMTP servers didn’t even require a username:password pair from clients to send e-mails with specific From fields.
Mind you, it’s still possible to connect to most SMTP servers using the unencrypted protocol - as it sits on a different port than the stuff using TLS so can be enabled alongside the encrypted protocols - though it’s highly inadvisable to use the plain text protocols (the reason for which, by the way, goes back to my point about how IP can route packets through who-knows-were, so unencrypted stuff - most dangerously your password to access your e-mail - can be more easilly eavesdroped), but at least even the non-encrypted stuff nowadays requires a username and password.
As for your “point” about local law well, if you live in a coubtry next to those guys faxes will not go via there, ever, e-mails might very well go via there and end up in the modern equivalent of those tapes. Interestingly enough on this, when Snowden revelatiosn came out it was discovered that the UK surveillance apparatus (which is way more abusive than even the US) was eavesdropping on their side of the submarine cables that crossed the Atlantic from their coast and thus managed to eavesdrop on a significant proportion of the internet communications to and from all of Europe.
Do you genuinelly think a surveillance society would refrain from watching people’s Internet use but not refrain from doing so for their phone landlines?!
Because that makes no sense at all, especially considering that in earlier days it was actually easier to record Internet usage (less data and already in digital format) than phone lines, though nowadays data storage, processing power and even speech-to-text engines make eavesdropping on phone lines easier.
In fact even supposedly Democratic nations have been caugh doing mass surveillance of people’s Internet use (that’s what the Snowden revelations were all about) - because there were no clear laws on that - all the while phone line surveillance does have clear laws, dating from way back, that require a Court Mandate for it to be lawfully done: it was and is legally easier to do mass surveilance on the Internet even in supposedly Rule Of Law Democratic nations that phone line surveillance.
Nowdays client-server and server-server communication is ecrypted and signed, so no an issue now.
This is probably true, but in a very unsatisfying way. It’s not accurate to say this is not an issue now because mail servers talk to each other with opportunistic encryption — if both ends say “hey, I support TLS” they’ll talk over TLS, but if either end claims to not support TLS they’ll default to plain text. This is deeply concerning because it’s very possible for somebody to mimic another server and get the connection downgraded to plain text, bypassing TLS altogether. There are standards to deal with this, like DANE, but most large e-mail providers don’t support this… The other more recent standard to address this is called MTA-STS, but it’s much weaker than DANE and can potentially be exploited (but at least gmail and outlook support it, I guess). E-mail security is in a weird place. It’s slightly better than the “completely unencrypted” situation that people seem to think it is… But it’s also pretty much impossible to guarantee that your e-mail will not be sent over plain text.
AFAIK DKIM/DMARC now is mandatory on most servers.
DKIM and DMARC don’t have anything to do with this. DKIM is a way for e-mail servers to sign e-mails with a key that’s placed in DNS in an attempt to prevent e-mail spoofing, but this in no way protects e-mails you send from potentially being read in plain text. DKIM is also not necessarily mandatory, and you can potentially get away with just SPF. Many mail servers also do not have strict sender policies, which could potentially allow for spoofing in certain situations. Also neither DKIM / SPF provide any protections if an attacker is able to poison DNS records.
GPG. Or other E2EE.
I mean, yes, but that’s not really the point. PGP has essentially nothing to do with the e-mail protocols aside from the S/MIME extensions. Almost no institution is using PGP to secure e-mails. You could also encrypt something using PGP before you sent it over the fax lines in theory.
Neither TLS provide in such case. Attacker can request ACME cert.
Depends whose DNS you can mess with, but yes! It may be possible to poison DNS records for one e-mail server, but ACME certificate providers like letsencrypt (supposedly) try to do DNS lookups from multiple locations (so hopefully a simple man-in-the-middle attack will not be sufficient), and they do lookups directly from the authoritative DNS servers. This is, of course, not perfect and theoretically suffers from all of the same mitm problems, but it’s more thorough than most mail servers will be and would potentially limit who would be in the position to perform these attacks and get a bogus certificate issued.
With DNSSEC and DANE you are even able to specify which TLS certificate should be used for a service in a TLSA record, and you can protect your A records and your CAA record which should make it much harder to get bogus certificates issued. Of course you need to trust the TLDs in order to trust DNSSEC, but you already do implicitly (as you point out, if you control the TLD you can get whatever certificate you want issued through ACME). The reality right now is that all trust on the web ultimately stems from the TLDs and DNS, but the current situation with CAs introduces several potential attack vectors. The internet is certainly a lot more secure than it used to be even 10 years ago, but I think there’s still a lot of work to be done. DNSSEC, or something like it, would go a long way to solving some of the remaining issues.
Most emails are unencrypted. And indeed, in the medical profession, they were widespread. Nothing can protect from the sender putting in the wrong number or email address. I’ve received some seriously sensitive emails not meant for me because the people made typos and the recipients had the same family name as me (not sure how the email server decided it was close enough and delivered them to me).
I’ve also read for some businesses, it was critical to get an instant receipt that the fax has been properly received.
Now, I’m not defending using obsolete fax machines, it just had one advantage over email but today there are much better alternatives and dedicated platforms.
No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.
Fax on the other hand is never encrypted and also not signed, so there is no integrity protection. Fax is far, far less secure than even standard email. Businesses require fax often for legal reasons because laws are written by people with no technical understanding not because of any technical reason.
No, they are not. They are not end-to-end encrypted but they are encrypted between your PC and your service provider, between service providers and between service providers and receivers. End-to-end encryption is needed to defend against your service provider or entities that can order your provider around but not against random hackers snooping around in your network.
This is true AND untrue at the same time! It’s true that most e-mail providers will talk to other e-mail providers with TLS, but it’s trivial to downgrade the connection in most circumstances. If you can man-in-the-middle e-mail servers you can just say “hey, I’m the e-mail provider you’re trying to talk to, I don’t support TLS, talk to me in plain text!” and the senders will probably oblige. There’s a few standards to try to address this problem, like DANE (which actually solves the problem, but is unsupported by all large e-mail providers), and mta-sts which is a much weaker standard (but supported by gmail and outlook). In practice there’s a good chance that your e-mail is reasonably well secured, but it’s absolutely not a guarantee.
That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not. I highly doubt the “in most circumstances” line, my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all. If not for their users’s privacy, then at least to combat spam.
That depends on the specific TLS setup. Badly configured TLS 1.2 would allow downgrade attacks, TLS 1.3 would not.
Why would TLS 1.3 prevent this kind of downgrade attack? The issue is that TLS has never been a requirement for e-mail servers, so for interoperability they only do TLS opportunistically. Even if you configure your own e-mail server to only talk over TLS, nobody else knows that your server only speaks TLS (or speaks TLS at all), so if somebody is pretending to be your mail server they can just claim to only speak plain text and any sender will be more than happy to default to it. If you support DNSSEC you can use DANE to advertise that your mail server speaks TLS, and even fix the certificates that are allowed, but senders will actually have to check this in order to make sure nobody can intercept your e-mail. Notably both outlook and gmail do not support this (neither for sending nor receiving!), they both instead rely on the weaker MTA-STS standard.
my guess would be that at least the big ones like gmail don’t allow unsecured communication with their servers at all
They absolutely do :).
I highly doubt the “in most circumstances” line
That was maybe too strong of a statement, at least with the recent adoption of MTA-STS this is at least less trivial to do :). The intent of this statement was more “if you are in the position to be a man-in-the-middle between two generic e-mail servers it is trivial to downgrade the connection from TLS to plaintext”. I wouldn’t be surprised if it was hard-coded that gmail and outlook should only talk to each other over TLS, for instance, which should prevent this for e-mails sent between the two (I also wouldn’t be surprised if this wasn’t hard-coded either… There’s sort of a bad track record with e-mail security, and the lack of DNSSEC from either of these parties is disappointing!). Ignoring special configuration like this, and without MTA-STS or DANE these downgrade attacks are trivial. Now with the advent of MTA-STS you’ll probably have a reasonably hard time downgrading the connections between some of the large e-mail providers. Though notably this is not universally supported either, iCloud supports neither MTA-STS nor DANE for instance, and who knows about all of the various providers you never think of. This is a bit of a tangent, but a good talk about how large mail providers might not be as well configured as you’d hope: www.youtube.com/watch?v=NwnT15q_PS8
Because a piece of highly debated governance structure, manifest as a piece of technology was put on the “bad” list, (by accedent?) implying the old way is out of date and switching is as much of a “you dont need to think, its just better” (no brainer) as switching your floppy disks and CRTs for USB sticks ano OLEDs. Tech advancing is usually but not a definite good thing.
Question: do the Japanese actually care about privacy? I know I do, but if you were to ask a Japanese person why does their country use cash, would they say “We have considered a system of payment cards and decided against it for privacy reasons” or would they just shrug and say “I dunno, I’m not in charge of payment systems, I use what I have”?
Not necessarily. It might be privacy but it could also be a combination of other reasons too - a cultural aversion to paperless transactions, a lack regulation for electronic payments, lack of a decent indigenous payment system, lack of financial safeguards, prevalence of fraud / skimming devices etc.
Some European countries were more into electronic transactions than others but with stuff like SEPA, chip & PIN, contactless payments I think most people are just fine using electronic payment unless they have reason to control the transaction in some way. For example I usually pay pretty much everything electronically but I still pay taxis and most restaurants with cash. Also tradesmen if they’ll give me a discount for cash.
I used to work in a shop when I was younger, and the older generation always asked for “cash discount”. Why on earth would we do that, my boss said to me. We need the money to be in the shop’s bank account, not laying around somewhere and not being used.
I remember carrying several 100k of our money, late at night, to our banks night safe and drop it in. That sucked. And they charged us for this too
Cash is off the books so there is an incentive for certain kinds of businesses like tradesmen to take cash because it still works out cheaper since they don’t have to declare it to the taxman.
memes
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.