For cookies you just need to enable one of the Cookie Notices list in uBO, and for paywalls you can add the https://gitlab.com/magnolia1234/bypass-paywalls-clean-filters/-/raw/main/bpc-paywall-filter.txt filter list.
Use kagi.com. By default it indicates pay walled sites and you can also block whole domains if you choose. Listicles are broken out separately and if you’re feeling ambitious Kagi supports regex-based redirects, so you could redirect paywalled domains to a paywall bypass website.
Im concerned that adopting kagi is just taking your data back from multiple greedy corporations and giving it to one corporation instead, and also giving them a direct link to who you are via your payment method.
If you do this, you’ll start writing small scripts to help you with repeating tasks, to simplify somethings, then you’ll start looking for help trying to improve those scripts, then you’ll find better written and tested ones and start replacing yours with those, one by one. Then you’ll probably find pass or other terminal password manager. It can be a fun learning experience but sooner or later you’ll end up using a password manager.
Ah, the programmers pilgrimage. The first hill that they must climb is the one where they spend 12 days automating something that would have taken 10 seconds every time + half hour setup time.
Other comments here do a great job pointing to DH key exchange; I’d like to try explaining it with the paint analogy.
You and Youtube need to agree on a “color of paint” (encryption key) without ever sending it over the network.
You and Youtube agree on a common “yellow” in the clear, and you each pick a secret color. Youtube mixes yellow and their secret and sends it to you. This is okay, because un-mixing paint (factoring large prime numbers) is really hard. You add your secret to the mixture, and now you have yellow+Youtube’s secret+your secret.
You mix yellow and your secret and send it to youtube. Youtube adds their secret; now they’ve got yellow+Youtube’s secret+your secret. You both have the final color!
An eavesdropper can’t reconstruct this - everything sent over the network had yellow mixed in, and un-mixing paint can be really hard. Maybe you can guess that green minus yellow is probably blue, but you can’t get close enough to decrypt anything. And what if it’s brown? Is that blue + orange, or is it red + green?
Cryptographers have worked very hard to make the communications secure. I would be more worried about the other end ratting you out - using a relay / proxy / vpn that you trust is a good idea :)
But why? Is there a compromise taken on privacy in favour of visibility and mass adoption of whatever fediverse client they’re using? I don’t understand this, especially since I also find the strongest advocates for privacy right here.
A lot of Lemmy adopters joined with rose tinted glasses, and came with a lot of good ideas, like getting data out of the hands of big companies, making it easy to access it (as Reddit locked down APIs), etc. Which is all good, but a subset of them believe “not officially belonging to one company” is good enough. As for how your data is handled online, a subset of them believe nothing can be improved, and a subset believes it shouldn’t be improved because your data shouldn’t belong to you at all.
And Lemmy is made up of all sorts, so there’s overlap between Reddit refugees and diehard fans. That interaction is a lot more implicit here, but the friction is a lot more visible on sites like Mastodon where similar privacy discussions have been happening.
I’ve not seen any of these arguments. Though it may be all downvoted to hell and back.
My main gripe with adding privacy features to Lemmy is that the whole point of Lemmy is that all data is already publicly available and for Lemmy to continue working the way it does it’ll need to remain that way. And because of that there’s nothing that can be done to stop bad actors setting up an instance and selling all the data they collect.
At least in the EU (and UK to a lesser extent) no major corporation would be able to get away with selling that data, so the spent man hours on allowing privacy settings would be wasted time.
It doesn’t necessarily need to remain that way. For example,we should have the option to make our profiles private. We should also be able to create pseudonyms for content we submit. The content will still be federated, but not necessarily linked to one user ID
Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.
That said, it seems like we’re reaching a turning point for big tech, where having access to private user data becomes more of a liability than an asset. Having access to the data means that they will be required by law to provide that data to governments in various circumstances. They might have other legal obligations in how they handle, store, and process that data. All of this comes with costs in terms of person-hours and infrastructure. Google specifically cited this is a reason they are moving Android location history on-device; they don’t want to deal with law enforcement constantly asking them to spy on people. It’s not because they give a shit about user privacy; it’s because they’re tired of providing law enforcement with free labor.
I suspect it also helps them comply with some of the recent privacy protection laws in the EU, though I’m not 100% sure on that. Again, this is a liability issue for them, not a user-privacy issue.
Also, how much valuable information were they getting from private messages in the first place? Considering how much people willingly put out in the open, and how much can be inferred simply by the metadata they still have access to (e.g. the social graph), it seems likely that the actual message data was largely redundant or superfluous. Facebook is certainly in position to measure this objectively.
The social graph is powerful, and if you really care about privacy, you need to worry about it. If you’re a journalist, whistleblower, or political dissident, you absolutely do not want Facebook (and by extension governments) to know who you talk you or when. It doesn’t matter if they don’t know what you’re saying; the association alone is enough to blow your cover.
The metadata problem is common to a lot of platforms. Even Signal cannot use E2EE for metadata; they need to know who you’re communicating with in order to deliver your messages to them. Signal doesn’t retain that metadata, but ultimately you need to take their word on that.
Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.
I’m quite sure, they arn’t. This statement doesn’t mean that I think they have bad intention or something. It’s just, at least for me, obivious that the interest of the users and these of the companies are highly different. This is also the case with other companies and their customers.
Having access to the data means that they will be required by law to provide that data to governments in various circumstances.
A more paranoid person than myself would suspect that any big enough gouverment world simply force the companies to collect and share data.
The metadata problem is common to a lot of platforms.
From the viewpoint of the cooperations, this is a good deal. Enough privacy to keep people on the plattform and still enough data for advertisment.
While we’re talking about asymmetric encryption, can someone explain to me why you can’t decrypt information with the same public key that encrypted it? I understand the analogies (locks on a briefcase, unmixing paint, etc), but I can’t “un-analogize” them to understand what’s actually going on. Encryption keys aren’t physical locks or paint. They’re numbers(?). So why can I encrypt something by multiplying by a known public encryption key, but I can’t decrypt it by dividing by that same known public key?
You can. You can also light your house with just candles. Its just not a very efficient or effective way of doing it and you lose out on modern features.
Depends against whom you are protecting yourself. If it’s against
your younger sibling then it’s probably sufficient
some script kiddie or scammer running scripts against the most typical setups, might be just obscure enough
a proper targeted attack, then it will depend on which zip software you are using. Most likely the stock one that might (I didn’t bother checking) relying on something that is far from the state of the art in terms of encryption. In that case it will most likely not be secure.
a proper attack but you use something like 7z with encryption that is relatively resilient, then most like if you are not facing state actors with huge amount of resources to try to crack it, most likely secure
Note I’m NOT a security expert so… don’t believe me.
I don’t know that I’d really add more. It all depends on who and what you’re protecting against. The only thing that’s secure is something that doesn’t exist.
National level hackers have access to resources you might not be able to think of. And if they really want in, rubber hose cryptography is super effective. But most “hackers” on the Internet? And encrypted zip is often enough to deter them. Not impossible, but you might not be worth the time and effort.
In summary, there is better. Much better than an encrypted zip file. But only you can judge if you’re a juicy enough target to pursue more esoteric protection.
The admin of Blahaj is openly interested in exposing trans people’s alt accounts and outing them on their mains. And somehow it’s the biggest trans instance. We need a community and admin reaction in favour of defederating people who do that.
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.