@elias_griffin@lemmy.world

elias_griffin

@elias_griffin@lemmy.world

Desert Nomad, First Responder, Reverend, Intelligence Analyst, Computer Expert, Cowboy, Sorcerer, Metaphysician, Polymath.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

Signal leaked random contacts to me! (feddit.de)

When I press on some message to forward it, it shows me Random usernames of contacts I don’t know. And it even shows some Mobile Numbers I don’t know. For example, one number starts with +964 that’s Iraq. I’m from Europe tho. These contacts and numbers are from all over the place....

elias_griffin, (edited )

Huge if true! You could conceivably submit your phone to a Cybersecurity company and share in any reward.

Help us with:

  • Your OS Version
  • OS settings that are possibly related
  • How you obtained Signal
  • Signal version
  • Video proof
  • Steps to reproduce

Who knows how to compute a hash for an installed mobile phone app? We need to compare it with legit.

elias_griffin,

What that user is describing is very serious. They are saying iOS can reach into Signal and extract data.

elias_griffin, (edited )

This is super helpful, I may post this to infosec.exchange. Flathub makes this so much more difficult to find the reason for what looks like a real breach. I don’t use Flathub for security reasons so I don’t know if you can even isolate the PID? Anyone know?

I don’t want you to have to spend a lot of time or troubleshoot over the web but if you see anything that stands out as “wow shouldn’t be there/running” when you run these commands come back to us:

  1. ps the PID of Signal or secondarily, Flathub
  2. lsof -p PID
  3. strace
    • sudo strace -f -t -e trace=file -p PID
  4. sysctl kernel.randomize_va_space
    • pkill/killall Flathub/Signal and restart FH/Signal and see if it still presents the vulnerability
elias_griffin, (edited )

No. In the “Steps to reproduce” turning on Signal setting “Show in Suggetions” was not listed nor any setting of this type.

elias_griffin,

Welcome to the real world.

elias_griffin,

Let’s not go all the way down the rabbit hole in one pill. Steps of one less person so inured (Definition: Made tough by habitual exposure), so hopelessly dependent on Google.

Time to ditch #duckduckgo (lemmy.world)

In the last couple of months I have noticed an increasing trend of supplying me search results that are completely unrelated to the current query and tie back to my location or previous searches. I can say this with a high degree of certainty this is without a doubt beyond the 100th instance this has happened....

elias_griffin, (edited )

Looks like you are using Firefox. Use arkenfox sure, but cut Mozilla off it’s 115 server network it uses to track you via FF by using a host deny list, FOSS git clone harden-firefox. You’ll have to disable to update ublock origin or remove the extensions line, but it’s better to just cut the adverts and tracking by removing it from the networks than by browser interception (slower, loss of performance, still hits your computer). Links included to do that in that repo.

Alternative browers are Librewolf and Qutebrowser. When you really don’t want to be tracked for some things use Lynx.

A great search engine replacement is Grasp. It’s being funded by Paul Graham, the founder of Y Combinator and although you only get 100 free searches a months, it can come in very handy. The search results it gives you, unlike Kagi which is just a reformat of DuckDuckgo yet with AI, it’s results are completely different than any other engine and imo, on point, surely for anything technical.

My general search engine is an envs.net free hosting of Searx. envs.net is a free Linux shell community with many services like blogs, email, matrix hosting, etc etc. If you do end up using their German Searx as main search donate to them, I did.

elias_griffin,

I tried Kagi and canceled after a week. It’s a reformat of DuckDuckGo, a better format for sure, and lack of sponsored links, yet it adds AI too. In the end, it’s the same old curated unhelpful results that leave millions of high value boutique and indie sources of information out. Also, it’s Orion browser is bad.

Basically ask yourself that knowing all the good writers, content creators went to Substack, yet hardly any search engine gives results from there, why?

elias_griffin, (edited )

When I entered by beta code to get into Bluesky, I was immediately, instantly followed, which doesn’t sound private, an API that lists new accounts?, by funny blogs, photo bomb accounts, and a profile that said, “This is the trans Witch your mother warned you about”.

It’s a …select community that seems at first glance, all in the same think where cogntive reinforcement is the norm.

Proton Mail CEO Calls New Address Verification Feature 'Blockchain in a Very Pure Form' (tech.slashdot.org)

Proton Mail, the leading privacy-focused email service, is making its first foray into blockchain technology with Key Transparency, which will allow users to verify email addresses. From a report: In an interview with Fortune, CEO and founder Andy Yen made clear that although the new feature uses blockchain, the key technology...

elias_griffin,

So, every identity verification of your email address will be forever in the public domain? That’s counter to privacy. Your email address will be married to a block and chain? There is no thorny issue. That’s a solution to a problem that hardly anyone has. Ridiculous nonsense.

If you are one of those people that thought CERN was looking out for your privacy, here is the rude awakening.

elias_griffin,

You could have at least posted the results to Vimeo. Isn’t it a bit contradictory to funnel traffic to Youtube given the subject matter? ;)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #