The ISP would only see “encrypted video call”-like traffic between you and the people who connect to Tor through your snowflake.

How/why would a VPN be useful for this ?

This lets people use your computer as an entry point into the Tor network and camouflage the traffic as a video call between you and them (if the regular, publicly known, entry nodes are blocked by their ISP or gouvernement). The snowflake extension will then forward people’s traffic through the Tor network, and services they use will only see a tor exit node’s IP, not yours. As long as you trust Tor to be secure and anonymous (I personally have very high trust in its guarantees), you don’t have to worry about legal consequences or being blocked by services.

I used to run a few (public) tor relays (entry or middle nodes, not exit ones), including one from my home network and IP. Never had any issue except for one service which blocked everything that had anything to do with Tor. I reached out for their admin, who claimed Tor users can show up with any node’s IP (which they definetly can’t, only exit nodes will forward traffic to the regular internet)

I thought funkwhale is dead

Edit: last time I checked, the funkwhale.audio website was offline and I could not find a maintained Git repo, but now the site is online and the Git repo has had recent updates. I don’t know what happened

I don’t know about other homeserver implementations but synapse kinda sucks. It used to randomly eat 100% of 1 or 2 CPU cores (including the database) until I tracked it down to 3 rooms having a messed up state which caused costly SQL queries. I removed the rooms from my server (using a third party admin panel because there’s no proper admin GUI built in, the documentation just mentions curl commands to hit the admin API, with placeholders to manually replace). It has been fine since I did it, but I’m the only user on my server. And I expect other issues to come up at any time…

It also eats a lot of storage, mostly the database. It grew very large quickly, but it’s more stable now

I found out about it while making a Jekyll plugin, the speed improvement is really noticeable

ImageMagick does the job but can be slow. libvips is à faster alternative

Reading the parts of the original report that are shown in the article, it gives me “AI-generated” vibes. Especially the part at the end, where they list other subreddits the user engaged with : this section feels so unnatural and irrelevant to the broader report

Knowing how much this administration loves AI, this seems plausible to me that these reports are auto generated, either from a human flagging specific posts, or from an automatic flagging system

What I mean by “lower level” is that it has less abstractions built in

Systemd abstracts so much stuff away that it does not feel like learning Linux “from scratch” :/

(I like having it in my daily driver, but it’s sad LFS had to drop support for a “lower level” init system)

This thread was a fun read. The part where the author tries covering up their BS with force pushes is so messed up…

Looks interesting, but after reading through the readme, I still clueless about the gameplay. Why does it need a container ? Is this some kind of security CTF with a story ?

MAC addresses are only visible on a LAN

This is neat. I’ve intercepted trafic from a few apps in the past, and whenever cert pinning was enabled it was a massive pain to deal with

Blocking or allowing domains should not mess up SSL. Is there anything else filtering or intercepting the trafic ?

I believe Signal has already fixed it, while meta said they won’t fix this in WhatsApp.

This side channel can be used to infer more than a rough timezone, specifically, an attacker could continuously monitor :

• the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
• the locked or unlocked state of the target’s phone
• whether the phone is connected via Wi-Fi or a mobile network
• whether the WhatsApp application or browser tab is running in the foreground or background.

In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance

I’ve tested this on myself and can confirm all of this can be done reliably

https://lemmy.pierre-couy.fr/comment/2733652

This is not high effort. Starting from an open source WhatsApp client library, reproducing the attacks described in the research paper is trivial. There are even a few public github repos implementing PoCs of this.

Whether the reward should be considered high or low is ultimately subjective. What is objectively verifiable, however, is that an attacker can continuously (and silently) monitor several aspects of a target’s environment, including:

• the number of devices linked to the target’s account, along with fingerprints that allow differentiation between operating systems and browsers
• the locked or unlocked state of the target’s phone
• whether the phone is connected via Wi-Fi or a mobile network
• whether the WhatsApp application or browser tab is running in the foreground or background.

In addition, an attacker could deliberately drain the target’s phone battery and consume their mobile data allowance.

This would have been a (if not the only) good point to make in the article considering the title. But I guess this would have taken space away from ads

The headline is vert clickbaity : it does not affect VPN users (the law forbids age-gated websites from promoting VPNs as a circumvention), and the whole article is just an ad for VPNs