I don’t think browsers are able to detect as much and easily as a dedicated website can. Anyway, these dedicated website detectors can also be used BEFORE visiting the site, providing more protection
So just to put this out there. I’ve been testing single-board-computers running Android and Linux and streaming multiple IPTV streams at the same time and the Fire TV (I have the 4K Max) beats the Raspberry Pi 4, Odroid N2 + & Intel NUC 7 i5 CPU w/ Intel GPU). I know that they’re cheap as hell but they actually perform better in my specific use case than other Android or Linux platforms. I can stream 5 or 6 1080 IPTV streams simultaneously on the Fire TV, while 3 or 4 is the max on the others.
What you’re describing is an issue with all of social media. While your concerns are valid, I don’t see your arguments as privacy issue. I honestly prefer post and comment history being transparent and accessible. It’s much like Reddit and this format fits much better with an open forum style of platform.
Don’t post private information and it’s a non-issue.
Also, can’t you just delete posts and comments like on Reddit?
Also, can’t you just delete posts and comments like on Reddit?
Nothing ever dies on the Internet. With the federated nature of Lemmy, it’s possible for deletes to not sync across instances, especially if there’s defederation that happens.
If you’re not running your own server privacy policies are not even worth the pixels they’re presented on.
Literally, you’re just taking a random person’s word for it (whoever the admin is). A website is a black box, you have no idea what’s going on on the back-end.
The only way to be in complete control of your user data is to run your own server and be literally the only user on it.
Even then, any public comments you make are, you know… public.
Ask me no questions and I’ll tell you no lies. It asks much less of my instance admins if it’s understood that my information was never private to begin with.
All your data will pass over other hardware owned by other people. The only real online privacy is not connecting to the internet to begin with.
And now we’re entering into the realm of encryption, especially end-to-end. Generally speaking, just because you’re sending information that touches other people’s hardware, doesn’t mean it’s public and readable.
Even then, AMD, Intel and now Apple CPU chips are suspected to be backdored. NIST has been slow to adapt a standard post-quantun E2EE algorithm, with some rumours of self-sabotage mandated by NSA (like they have already done in the past). The Tor network is extremely vulnerable to traffic correlation by big parties.
Encryption theoretically gives you what you describe, but in reality you still need to put a lot of thrust in things like your own hardware.
I think that’s worth considering: an open-source volunteer project requires and leaks way more data than a private corporation it’s mimicking.
It couldn’t be that one has had loads of VC funding for *checks notes… 15 years. Whereas one has been barely funded for five years and has more people complaining than adding code.
Actually, it makes perfect sense that an open source project that doesn’t have a big organization behind it isn’t going to have the same capability anywhere near as quickly. Reddit also makes money from advertising. The money for Lemmy is from donations and an abysmally small set of grants.
Hell, Matrix, an actual open source communications protocol is 9 years old and they still haven’t gotten encrypted video group chats working properly and if I recall correctly still offload a lot of that to JitsiMeet. I was using Matrix/Riot.IM (now Element) in 2016 and it was garbage that barely worked, and updates constantly broke what previously worked, etc. It took time to become better and Matrix does have a whole ass organization backing it.
For comparison, Lemmy has been around for about five years and they’ve had far less financial backing and developers contributing to the project. Matrix has governments like France and Germany lining up for services for private communications, which means they’ve literally got people paying them for the service of helping manage their Matrix servers. Lemmy doesn’t have the same advantages. They don’t have a service or ads to sell (no ads is part of the appeal.).
For what its worth, Veilid exists, if you’re looking for a better framework to start with than ActivityPub.
Yeah, qksms’s handling of group messages is really klunky, too.
Deku SMS looks nice, but it doesn’t understand group SNS at all. Neither does Connect You (it also doesn’t have search-by-name for texts, and has trouble linking contacts to texts). Simple SMS is now verboten.
Despite warts, I’m stuck with qksms as well.
Edit Fossify Messages has been released on fdroid. It supports groups, looks nice, and is working for me so far!
If you do this, you’ll start writing small scripts to help you with repeating tasks, to simplify somethings, then you’ll start looking for help trying to improve those scripts, then you’ll find better written and tested ones and start replacing yours with those, one by one. Then you’ll probably find pass or other terminal password manager. It can be a fun learning experience but sooner or later you’ll end up using a password manager.
Ah, the programmers pilgrimage. The first hill that they must climb is the one where they spend 12 days automating something that would have taken 10 seconds every time + half hour setup time.
Not supporting a game is not a reason to switch to linux, and the more games aren’t supported, the less people are gonna switch. The Linux zeal on this site is comical.
“Haha my OS cant play games that have millions of concurrent daily users each!”
OP was saying something along the lines of ‘if Valorant can’t run on Linux, it’s a sign your privacy is much less compromised.’ After all this community is specifically about privacy.
That’s a great argument for the extremely small percentage of gamers who give a damn about that, but just about all of them are already on linux, so if that’s the way forward for linux gaming, congrats it’s at full saturation. This site is wild. Downvotes for pointing out thay not running games thay millions play a day is bad for gaming on the OS. I may as well be talking to Republicans about Biden. You’re zealots.
Go on the legaue and valorant forums see how many of the millions you can convince that Linux security is more important than being able to play with their friends.
Lol bold opinion on this site when people are already responding that its good for Linux gaming that it won’t play games that has intrusive anticheat. I’ll admit sure it’s better for security, but to think that’s a good thing for gaming on Linux is hilarious.
No, it’s obviously better to have the choice (run the game or not). And losing a game that previously worked on Linux is obviously a bad thing, hence the joke about it being good.
Of course you could argue that taking a stance against this kind of intrusive anticheat is good in the long run. If Microsoft had a backbone they’d do the same.
But yeah losing games because of anticheat is obviously a bad thing lol. No need to take it so seriously.
The comment was about valorant, did that one ever work on Linux, if so I wasn’t aware that they figured it out. Didnt seem like a joke, and people are unironocally agreeing with it soooo
So, requiring to puncture the security and privacy of your PC for a game is ok, as long as millions of players are affected. Did I understand you correctly, here?
Nowhere did I say that, what I said is most gamers do not care. So what I’m implying is if you want Linux desktop OS to overtake the next highest competitor (which is ‘OS unknown’ btw) you’re going to need to do better. For at least the past 20 years gaming has been a social phenomena more than anything else, and not being able to play games that millions play daily isn’t a brag for linux gaming just because you’re more secure than they are. Unknown OS is ahead of linux on desktop share, not just gaming desktop, all desktop. Linux ranks just below a statistical anomaly and just above chrome os. If that’s fine with you than fine, but if you’re one of the people for whom gaming is a very social thing, then you’re probably never moving to linux at this rate, or at least hope things get better. But apparently I’m the only one unsatisfied with what gaming on linux looks like, and everyone else loves it as is. Welp, if that’s how it is and this is what linux gaming is supposed to be, then it’s defiantly not for me either.
You’re right, it’s been absolutely devastating not being able to play a 14-year old game that I have no interest in playing on my computer. I’ll go cry over my video game consoles.
It may sound silly, but for a lot of people being unable to play games like Valorant, Warzone or League of Legends it’s actually a feature and not a bug or a problem.
Ima tell you right now 90% probably more of the val community wouldnt play the game on linux or switch regardless of if it ran or not so it so it doesnt really matter
Correct me if I’m wrong but if it can’t run Valorant then it can’t run the game in general, so you’d be just as well off by not playing Riot games on a Windoze or Mac machine as well.
Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.
That said, it seems like we’re reaching a turning point for big tech, where having access to private user data becomes more of a liability than an asset. Having access to the data means that they will be required by law to provide that data to governments in various circumstances. They might have other legal obligations in how they handle, store, and process that data. All of this comes with costs in terms of person-hours and infrastructure. Google specifically cited this is a reason they are moving Android location history on-device; they don’t want to deal with law enforcement constantly asking them to spy on people. It’s not because they give a shit about user privacy; it’s because they’re tired of providing law enforcement with free labor.
I suspect it also helps them comply with some of the recent privacy protection laws in the EU, though I’m not 100% sure on that. Again, this is a liability issue for them, not a user-privacy issue.
Also, how much valuable information were they getting from private messages in the first place? Considering how much people willingly put out in the open, and how much can be inferred simply by the metadata they still have access to (e.g. the social graph), it seems likely that the actual message data was largely redundant or superfluous. Facebook is certainly in position to measure this objectively.
The social graph is powerful, and if you really care about privacy, you need to worry about it. If you’re a journalist, whistleblower, or political dissident, you absolutely do not want Facebook (and by extension governments) to know who you talk you or when. It doesn’t matter if they don’t know what you’re saying; the association alone is enough to blow your cover.
The metadata problem is common to a lot of platforms. Even Signal cannot use E2EE for metadata; they need to know who you’re communicating with in order to deliver your messages to them. Signal doesn’t retain that metadata, but ultimately you need to take their word on that.
Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.
I’m quite sure, they arn’t. This statement doesn’t mean that I think they have bad intention or something. It’s just, at least for me, obivious that the interest of the users and these of the companies are highly different. This is also the case with other companies and their customers.
Having access to the data means that they will be required by law to provide that data to governments in various circumstances.
A more paranoid person than myself would suspect that any big enough gouverment world simply force the companies to collect and share data.
The metadata problem is common to a lot of platforms.
From the viewpoint of the cooperations, this is a good deal. Enough privacy to keep people on the plattform and still enough data for advertisment.
I remember a little while ago a thread with someone from kbin gloating that they could see what everyone was voting, and accusing the people upvoting comments they disagreed with of being bigots in a vaguely threatening way obviously intended to produce a chilling effect, and people found this surprising because that information is not public on most instances.
I basically agree with the people saying open info is just the nature of posting on a public forum and of federation, but there could be improvements, even just in awareness of what is and isn’t private.
This is a great point because in the Lemmy UI, this information isn’t shown, and you can’t even list out all posts you’ve upvoted. As most of us coming from Reddit, we’re used to upvotes being private, and probably assume it’s the same. I understand the technical reasons for having the information public, but it is not clear from a user perspective that it’s public.
What’s extra confusing is that I’ve seen people asking about how to get this information from the API, with the answer being that you can’t (I guess to protect privacy?). It’s only accessible to federated servers, but then those can do what they want with it including publishing it to everyone.
Depends against whom you are protecting yourself. If it’s against
your younger sibling then it’s probably sufficient
some script kiddie or scammer running scripts against the most typical setups, might be just obscure enough
a proper targeted attack, then it will depend on which zip software you are using. Most likely the stock one that might (I didn’t bother checking) relying on something that is far from the state of the art in terms of encryption. In that case it will most likely not be secure.
a proper attack but you use something like 7z with encryption that is relatively resilient, then most like if you are not facing state actors with huge amount of resources to try to crack it, most likely secure
Note I’m NOT a security expert so… don’t believe me.
I don’t know that I’d really add more. It all depends on who and what you’re protecting against. The only thing that’s secure is something that doesn’t exist.
National level hackers have access to resources you might not be able to think of. And if they really want in, rubber hose cryptography is super effective. But most “hackers” on the Internet? And encrypted zip is often enough to deter them. Not impossible, but you might not be worth the time and effort.
In summary, there is better. Much better than an encrypted zip file. But only you can judge if you’re a juicy enough target to pursue more esoteric protection.
SSL/TLS, the “S” in HTTPS, and other network encryption protocols such as SSH, use a technique called a Diffie-Hellman key exchange. This is a mode of cryptography where each side generates two keys: a public half and a private half. Anything encrypted with the public half is only decryptable by the associated private half (and vice versa).
You and Youtube only ever exchange the public halves of your respective key pairs. If someone snoops on the key exchange all they can do is insert spoofed messages, not decrypt real ones.
Moreover, the keypairs are generated on the fly for each new session rather than reused. This means that even a future compromise of youtube won’t unlock old sessions. This is a concept called forward secrecy.
Message spoofing is prevented by digital signatures. These also use the Diffie-Hellman principle of pairs of public/private keys, but use separate longer-term key pairs than those used with encryption. The public half of youtube’s signing key, as presented by the server when you connect to it, has to be digitally signed by a well-known public authority whose public signing key was shipped with your web browser.
this is very detailed answer thank you. however I face an ambiguity regarding this:
This is a mode of cryptography where each side generates two keys: a public half and a private half. Anything encrypted with the public half is only decryptable by the associated private half (and vice versa).
How can this private half be something that I know, Youtube knows but impossible for the snooper to our communication to know??
Youtube never knows the private half of your key pair. That never leaves your system.
Anything encrypted with the private half can only be decrypted with the public half, and anything encrypted with the public half can only be decrypted with the private half. These halves are known as the public key and the private key. Each side of the connection generates their own key pairs.
We both generate a set of keys, and exchange the public halves with each other. I then want to send you a message: I first encrypt it using my private key, I then encrypt it again using your public key and send that to you.
In order to read that message, you first decrypt it using your private key. This ensures the message was intended for you and wasn’t modified in transit, as you are the only one with access to that private key and only its matching public key could have been used to encrypt that layer.
You then decrypt it a second time using my public key. As I’m the only one with access to my own private key, you can be sure the message was sent by me.
As long as that resulted in a readable message; You’ve now verified who sent the message, that it was intended for you, and that the contents have not been modified or read in transit.
All this, including the key exchange is handled for you by the https (tls) protocol every time you connect to a website. Each of the messages sent between you and the site are encrypted in this manner.
The best way I find to think about it is a padlocked box.
The public key is a box with an open padlock on it. I can give it to anyone. If someone puts a message inside the box they can lock the padlock, but they don’t have the key to open it again.
I keep the key private. If someone sends me a locked box that has my padlock on it, only I have the key to open it and read the message.
Anything encrypted with the private half can only be decrypted with the public half, and anything encrypted with the public half can only be decrypted with the private half.
This is not true. In key pair cryptography, the public key used only for encryption and the private key is used only for decryption.
no, it isn’t bidirectional, public = encrypt, private = decrypt, that’s it. You can address a message to multiple recipients though (when using GPG), so often in case of email a message is addressed both to yourself and your recipient, so both you and your recipient have access to message text
You’re not mistaken, it is definitely possible with at least RSA, though, I would guess it may not always be possible. It also sounds like it’s still a bad idea unless you know all of the parameters used to generate the keys and can be sure what information is actually encoded in the keys.
Your computer generates two keys. One to encrypt a message. One to decrypt the message. The encrypt key is public. The decrypt key is private. Your computer shares the public key with YouTube. The private key is never shared.
YouTube does the same thing for your computer.
Your computer will have YouTube’s public key and your computer’s private key…
Your computer will be able to encrypt messages to send to YouTube that only YouTube will be able to decrypt. Even your computer will not be able to decrypt these messages after it has encrypted them using YouTube’s public key.
Since the decryption keys are never shared they can’t be snooped. That is why it is only possible for an attacker to encrypt new messages but not read any messages from either sender.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.