Computers and the internet gave you freedom. Trusted Computing would take your freedom.
Learn why: https://vimeo.com/5168045
- 0 Posts
- 45 Comments
to the same note, you shouldn’t upload images of them anywhere. not facebook, not google (drive or any other service), not facebook messenger, but not even anywhere encrypted.
take the images with a regular camera, or a phone that does not give any apps storage access permissions, and have physical prints, which can be viewed every time they visit you. you will need to tell them they can’t take photos of the children nor the photo album.
this has worked well forag es, they shouldn’t be so entitled to images.
if I were you, I would require all guests to leave all their phones on a shelf near the main door. It’ll not only prevent photos, but also increase quality time by them not scrolling facebook and such while there.
before you tell them this, let them know firmly that you’re not doing this for one, but for child safety and basic human rights, and that in your house it’s you who make the rules. and keep in mind, that even when you are the guest, you hold the rights to disallow making pictures of your children until they are old enough to make the decision fur themselves.
why don’t use even the private cloud services?
the reason is your relatives who you trusted, will probably download the videos, and reshare them with others through the services you wanted to avoid. also consider that most of them doesn’t have any information hygiene, they won’t even know they are doing something bad, they won’t understand and will hand-wave all your concerns away.
this is not just a technical problem, but also a people problem, which cannot be solved with tech.
if your wife does not cooperate, you won’t be able to protect your children to the level you want. of course don’t divorce over that or something, it’s not worth it, you can probably still do lots. maybe over time, going slower and you can be forming your family’s privacy habits.
but I also have to mention, I wouldn’t want to live with someone who is not intereinterested in any level about personal privacy. if you have got so far that you’re having kids, this is probably not the case for you.
as last words, don’t take this as a strong “don’t take any pictures” stance. yes, do take pictures, they’ll be very good to have later, but make sure that you can keep control over them, for your children’s safety.
and don’t get (too) mad if parents in the class will take group pictures on which they are there. that’s something else, and hopefully relatively rare. best you can do with that is teach your children about why they might not want it, the reasons you don’t want it to be uploaded to facebook and such, and that they agree on this they can request the parents to be more careful.
To me it seems more nuanced.
First, a VPN won’t solve much because this garbage will still be able to log connection periods (when you are home), signal strengths changing over time, (where are you in your home), and traffic bursts (when are you doing something on your phone or other devices). A VPN will just help a very little bit, by the devices having less visibility into what sites you visit. But this “solution” is like if people would have forced cameras into your house, and from that on you would only be going around while holding a towel in their line of sight to “disguise” you.
Second, this is not about mesh WiFi, as I understand. Install OpenWRT, and the mesh function of that won’t do any of this.
The problem is with new (but probably preexisting too) router brands who’s sole purpose is making all the unknowing customers into a product, but stealing their private life and giving it away for money (or anything else).
The problem is basically that a facebook-like company has got deep insight into your network, which you can’t avoid using, especially if your ISP forced you to use these garbage.
I don’t have experience with it, but as I know that is a GUI helper for Wine.
A steam emulator is different. It is often just a single file, a program library that holds program code.
On windows it is a DLL file, on Linux it does not have an extension but it’s the same concept. The game loads it because it actually searches for the official version of this file, but both Linux and Windows implement the search for it so that a library file (with the expected name) besides the executable is preferred instead of whatever is installed systemwide.
Lutris on the other hand is a GUI tool to manage your “wineprefixes”, which is maybe better called wine environments. If you are familiar with python, it’s more like python’s virtual environments.
And besides basic tasks, it has a lot of additional tools to make using Wine easier.
Afaik there are also other such utilities, I don’t yet have experience with any of them.
Ater purchasing and downloading a game from Steam, the Steam client is not actually needed for it to be playable. Of course it will try to start up Steam, and if isn’t installed then it will complain, but if use use a “steam emulator” that can be worked around.
This is useful if you don’t want Steam to track how much and when do you play, when is it that you are online, what achievements you got and such. This is afaik also the only way to say no to forced automatic game updates.
One such emulator is Mr Goldberg’s steam emu.
It has a bunch of configuration options, per-game settings, optionally portable settings, windows+linux support, and I think it’s even open source.
Using the Goldberg emu is not piracy, neither DRM circumvention. The Steam API is not a DRM, most Steam games just make the Steam client a hard dependency, not bothering with making it work without it.
When the game is protected by DRM (this should always be marked on its store page), the steam emu won’t be enough, but you would also need to patch it’s DRM protection. Sometimes that’s easier, sometimes harder.
Steam emus may or may not work with multiplayer games.
The Goldberg emu has a replacement Steam’s own multiplayer network communication system, which works through the local network or a selfhosted wireguard-like VPN, but with big centrally hosted multiplayer games you’ll run into licensing validation problems or such.
You are allowed to modify a car however you like
I’m pretty sure that’s not the case. Like, even if we are not taking about adding a badly welded 4 wheel attachment without the use of a trailer hook, the car will have to go through technical inspection every few years.
If the inspectirs deem that a non-functional such system is a problem, you’ll not be driving your car anywhere.
This is just the usual “nothing to hide” handwaving argument.
This data is not used by some theoretical policeman to laugh at how bad you drive, it is part of commercial datamining present in virtually all devices and services you use.
GPS and such? Great that I have a smartphone that I trust more, and have more control over, than this big blackbox with no access whatsoever.
but I don’t know if it makes sense if my bank knows I’m using it anyway so they can sell that info to advertisers, gov, etc.
Yeah it’s not ideal, but it’s still much better because these services won’t give access to your data if they can avoid it, and then data that is encrypted is not useful when given out
How much are you into programming and tinkering?
You may be able to make an xposed module to convince the dji app that you use an “investor approved” operating system.
First you would need to reverse engineer the dgi app a little, to find out where in the code it checks for your system, like when does it use safetynet. If it prints an error message or logs something to logcat when it refuses to work, then it could be easier to find the place starting from that point and the stringcs appearance in the code and usages.
Fortunately, even it not too easy, android apps are among the easiest to reverse engineer. The 2 major tools that will help you are jadx (the decompiler) and Android Studio (the official android dev program for helping in navigating the code, most important features are finding usages of a function or string resource, and “refactoring” so mass renaming functions when you understood what does a key function do)
It’s not bad design, it’s definitely intentional, however I agree that it’s probably not for having backdoors, but for convenience. Average people forget their passwords all the time, and with encryption that level of carelessness is fatal to your data if they have not saved it somewhere, which they probably didn’t do.
Very few devices are rooted and usually you cannot get root without fully wiping your device in process.
I’m pretty sure the system is not flawless. Probably it’s harder to find an exploit in the OS than it was years ago, but I would be surprised if it would be really rare. Also, I think a considerable amount of people use the cheapest phones of no name brands (even if not in your country), or even just tablets that haven’t received updates for years and are slow but “good for use at home”. I have one at home that I rarely use. Bootloader cannot be unlocked, but there’s a couple of exploits available for one off commands and such.
That depends. More of the popular ones don’t encrypt the secret keys, they can just be read out with root access or even with the use of ADB (the pull command), not even speaking about reading the memory contents while booted to a recovery.
Some even uploads the keys to a cloud service for convenience, and they consider it a feature.
on the proton encryption, i did know about this but does that apply to proton-to-proton, proton-to-NonProton, or both? if you have details on this let me know.
As I know it applies to both. Formerly they were asking (among other things) about the titles of your latest emails for account recovery. (after I have put all the links here I realized that these don’t give a details on whether this also applies to inter-proton messages…)
A few sources:
https://proton.me/support/proton-mail-encryption-explained
Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.
either way the fact that they dont makes me feel that proton is a similar honeypot to signal and telegram, where they make a compromise with the five eyes, to give them metadata even if actual contents are safe. metadata can be much more powerful than contents often times
Yeah, might as well be. But if it is, I’m afraid we won’t get to know for a few decades, if ever. And I think it’s still better than the alternatives… the alternative email providers, that is.
If it comforts you, in their reddit comment I linked they mention (in 2019…) that there’s a proposal they support for openpgp to be able to have an encrypted subject line.
Proton can be legally ordered to start recording the IP address of a specific user. That’s why they recommend that you always connect through their Onion site.
Other than that and if that’s possible, I think it may also be possible to legally order Proton to keep the unencrypted form of incoming emails for a specific user, but Proton did not said it in the article, and Swiss laws might protect them against that. It’s certainly possible technically, and good to be aware of it, I think.
Sorry but I can’t open the second link, as it actively resists it. I suspect though that the problem with Tutanota was not their encryption, but their legal system, which required them to keep a copy of the incoming emails.
Also, don’t mistake me, I’m all for protonmail, and I mean this. But did you know they only encrypt the email contents? Metadata like title, sender recipient and other things in the mail header don’t get encrypted.
a federated service has all the downsides of a centralized service
No it doesn’t? A single party cannot block you from participating in the network, as you can just find a different provider, and you can have control over what servers may store your data, both as a server operator and as a room admin.
And at that point it was just working like Signal does. Right?
New users should be told that they won’t have access to their old messages, just like with signal, unless they do a one-time additional setup.
This really should be exclaimed at the beginning on every chat history in every major client, because it is not obvious, and as you said users only realize when the damage was already done, or not even then.
Of course, as soon as two people take this advice and then attempt to communicate, we have reached the standoff, where One of the two people must swear off their data sovereignty.
What is your idea to solve this?
With centralized messaging services, both of them must swear off their data sovereignty.
While with true peer to peer systems none of them must do that, that model is not really compatible with mobile devices as both the sender and the receiver has to be online at the same time for the message to go through, and generally any device that is not online 24/7, which mostly includes all desktop PCs.
For this reason, I think that for the average user (who does not have a 24/7 online server-role machine, or maybe even a desktop computer) the best solution is to choose a server operator who they trust with their data. Or, they may try to run a lightweight homeserver on their mobile device (laptop or even smartphone), and live with it’s shortcomings. Not like it’s not possible, and this way everyone can register where they want, including their own part-time server if they are more comfortable that way.
However I think I did not totally understand what is your exact concern.
Do you think it to be a problem that even if you run your own server, messages you sent to your friend on another one will be stored on that homeserver too?
If so, I don’t think it’s possible to solve that problem. They (your friend) have chosen to take a compromise between security and ease of use by trusting someone else with storage. You can’t tell them - only suggest - where should they store their data, otherwise they would lose their sovereignty over it.
Fortunately confidentiality can be kept with encryption, and if you are concerned with the other server having access to metadata, you could patch your server to try to generalize the message metadata to some extent, like with delaying sending messages to they 10th minute and such measures.
sure, but if the messages are stored on servers you don’t fully trust or control?
Encrypted messages.
Also, you can limit which servers can participate in your room’s federation (in simple terms: which one has access to room data). There’s an option on the Element UI to disallow federating the room, and I think it’s also possible to have fine grained control over it (with so called server ACLs)
data collection & sharing practices
Isn’t it opt-in on all the released Element clients?
Websites don’t have by default access to the extensions you have installed
This article implies otherwise, apparently there are multiple different ways to detect installed extensions.
The article says:
The Extensions Fingerprints site only works with Chromium browsers installing extensions from the Chrome Web Store. While this method will work with Microsoft Edge, it would need to be modified to use extension IDs from Microsoft’s extension store.
This method does not work with Mozilla Firefox add-ons as Firefox extension IDs are unique for every browser instance.
Firefox is not affected, and chrome is just being chrome. You should not expect privacy from a chrome browser.
you are totally right, it was created for the baby, in the name of her