LWD

LWD, 1 year ago

A lot of Lemmy adopters joined with rose tinted glasses, and came with a lot of good ideas, like getting data out of the hands of big companies, making it easy to access it (as Reddit locked down APIs), etc. Which is all good, but a subset of them believe “not officially belonging to one company” is good enough. As for how your data is handled online, a subset of them believe nothing can be improved, and a subset believes it shouldn’t be improved because your data shouldn’t belong to you at all.

And Lemmy is made up of all sorts, so there’s overlap between Reddit refugees and diehard fans. That interaction is a lot more implicit here, but the friction is a lot more visible on sites like Mastodon where similar privacy discussions have been happening.

LWD, 1 year ago

Chilling.

en.wikipedia.org/wiki/Chilling_effect

LWD, 1 year ago

We were talking about the definition of privacy, and I was giving an example to bolster my definition of it. We can switch to a different topic if you want, but first I want to cement this definition.

LWD, 1 year ago

Choosing who to share your data with has been considered a privacy setting since the inception of Facebook and the subsequent erosion of those same settings.

For example, privacy settings on Facebook are available to all registered users: they can block certain individuals from seeing their profile, they can choose their “friends”, and they can limit who has access to their pictures and videos.

LWD, 1 year ago

I like that there is no “private” accounts. This is a feature not a bug.

I’m not trying to argue against privacy…

I appreciate your honesty but this seems to conflict

LWD, 1 year ago

If there’s something interesting to add to the list, I’m curious. Brave did partner with a criminal organization currently under a $1.1 billion lawsuit, but I don’t have enough information about your particular case.

Did the software lock you out or did their servers? Was this reported on anywhere?

LWD, 1 year ago

Both points are a bit BS.

Strict mode is used by roughly 0.5% of Brave’s users

Based exclusively on whether a user had not gone through the Brave’s browser settings and disabled the “Send statistics about my behavior to the Brave corporate HQ” flag.

In other words, the number is useless.

This low percentage actually makes these users more vulnerable to fingerprinting despite them using the more aggressive blocker, because they constitute a discernible subset of users standing out from the rest.

This argument could be used to tell people to avoid using the Brave browser too. After all, only a minority of people do. The best way to blend in would be to use Google Chrome on Windows 11, and improve no privacy settings.

Unless someone wants to argue that using Brave makes you an acceptable degree of unique, but using advanced tracking blocking makes you unacceptably unique.

LWD, 1 year ago

What an ironic thing to post

LWD, 1 year ago

Do you hate the Brave CEO for doing the same thing as the Mozilla CEO, but with even less restraint?

Or are you just whining in hopes that nobody will question whether you’re being a hypocrite

LWD, 1 year ago

Probably because LibreWolf is most of the way there, and the Mullvad branding + proprietary VPN is more than a bit much. I use(d) the VPN alongside it and found the add-on “hints” regarding the correct DNS settings more frustrating than helpful, too.

LWD, 1 year ago

There’s no reason to hate Brave unless you have a political bias against their CEO.

Besides in 2016, when Brave promised to remove banner ads from websites and replace them with their own, basically trying to extract money directly from websites without the consent of their owners

And when the CEO unilaterally added a fringe, pay-to-win Wikipedia clone into the default search engine list.

And in 2018, Tom Scott and other creators noticed Brave was soliciting donations in their names without their knowledge or consent.

And in 2020, when Brave got caught injecting URLs with affiliate codes when users tried browsing to various websites.

Also in 2020, when they silently started injecting ads into their home page backgrounds, pocketing the revenue. There was a lot of pushback: “the sponsored backgrounds give a bad first impression.” Further requests were ignored (immediately closed)

And in 2022, when Brave floated the idea of further discouraging users from disabling sponsored messages.

And in 2023, when Brave got caught installing a paid VPN service on users’ computers without their consent.

LWD, 1 year ago

Different use case. Those are containers, which have a similar color… But in Chrome, everything is in one container, the colored tabs are just grouped together and those groups can be collapsed to save horizontal space in the tab bar.

LWD, 1 year ago

Sidebery does a pretty good job of managing tab groups from a sidebar, although it’s much less ad-hoc

LWD, 1 year ago (edited 5 months ago)

For those posting suggestions, do the providers also require KYC at some point?

I know for a fact that Vultr, Digitalocean, and Namecheap (and a few others people have mentioned to me before) will need your identity at time of purchase.

I can understand why verifying a customer’s identity is important to these providers, but at the same time, I’m mostly worried that they will be the victims of some data breach in the future.

LWD, 1 year ago

I’m guessing they want to cover their butt in case their server is used for something illicit. But even in searching for something as locked down as, say, a Minecraft server, I ran into the same issue.

It’s strange, because generally you can use a fake identity and a masked card to purchase… just about anything, really.

LWD, 1 year ago

Ghostery was also intimately involved with what is now Brave Search, IIRC.

LWD, 1 year ago

This sounds like Exodus but Exodus is made for apps not websites. Apps are easier because they tend to list all that stuff up front.

LWD, 1 year ago (edited 5 months ago)

Update: Apple’s role in adding extra location data to your request has been added to this post

Apple and a couple other providers have been experimenting with a multi-hop system of making your connections private.

Here’s what Cloudflare says.

https://blog.cloudflare.com/content/images/2022/03/image1.png

Here’s what a competitor, Invisiv, says.

https://invisv.com/img/relay.png

Both pages are pretty hard to parse (IMO Cloudflare uses more jargony language: “ingress”/“egress server” - really?) but they get to the same point.

https://i.imgur.com/n1BcDtt.jpegf

Your data takes a path like this

1. Your computer, your IP address, your message to a destination gets encrypted in a couple layers and passed on.
2. Your ISP knows exactly who you are and that you’re reaching out to server 1. They can’t see your data but to them, you’re using a VPN probably.
3. The first server also necessarily knows who you are, unpacks one layer of your request and sends it on to a second server (in Invisiv’s case, Fastly; in Apple’s, Cloudflare).
4. The second server now knows that data was requested from the first server, and it can see the name of the domain you’re requesting (YouTube, for example) but because the request came from the first server, it theoretically won’t know it’s you making that request
5. The data moves on from the second server to the destination, with the destination only knowing it’s receiving data from the second server, and not knowing about the first server.

The obvious issues here:

• Do you trust the people providing the multi-hop VPN-like service?
• Do you trust the two servers, which have necessarily entered into an agreement of some sort, to not collaborate regarding transmitting data?
• How easy is it to audit the code we can see?
• What else is going on with your data?

In the case of Apple/Cloudflare, reputation is rather poor. From PRISM to false advertising to notification telemetry, Apple hasn’t exactly delivered on their promise. In terms of Invisiv, the company has some big names on board but Fastly and Cloudflare both have a rather significant grip on the internet (with Cloudflare’s being bigger) but any CDN gets a good view into personal data most of the time.

Update: in the case of Cloudflare/Apple, Apple adds additional location data to your request, making its “private” relay leak approximate location data the same way your IP address could leak it. To wit:

Apple relays geolocate user IP addresses and translate them into a “geohash”. Geohashes are compact representations of latitude and longitude.

But on the bright side: a VPN has far more issues than either of these, as it’s basically #4 above except the same service also has your identity by necessity. An untrustworthy VPN is as harmful as an untrustworthy ISP, with very little separating them.

LWD, 1 year ago

Forums on it are also… A thing. After a couple dozen posts, it becomes rather untenable

LWD, 1 year ago

Considering how many technicalities Apple is weaseling through right now, it’s probably the most legal thing in existence.

Of course, legality does not mean morality, and in this case I would argue it’s the opposite

LWD, 1 year ago

How I hope you are right

LWD, 1 year ago

I’ve trash talked this website before in my head, but maybe I was approaching it as a professional organization instead of more of a blog run by a small group of people.

They aren’t just doing ads dude, it’s a for-profit propaganda machine.

But seriously, Mullvad would do well to switch out their email provider to something that’s not Google. Even though email is inherently unsafe, email through Google is pretty much is unsafe as it can get.

LWD, 1 year ago

It’s because of the difference in credentials. One is a website positing as having both privacy and cryptocurrency investment advice services, and the other is a random Lemur

LWD, 1 year ago

They oughta say who though.

LWD, 1 year ago

Unless we are to believe that one of the most famously user-friendly companies on the planet just dropped the ball here, it looks like a dark pattern