Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)R

rekabis

@ rekabis @lemmy.ca

Posts
2
Comments
790
Joined
3 yr. ago

  • Oh this is a good idea

    Jump

  • Now granted, most of these will need additional configuration once installed to be effective. Downside is that you need good security knowledge to configure some of these settings. Most can be rather obvious, but some can trip up those without deep knowledge.

    For example, Referer Control is particularly subtle, as its only mod requires you to set the referrer to be [REFERER_HOST], and (if it is disabled) to have JS referrer handling active as well.

  • Oh this is a good idea

    Jump

  • This makes sense for extensions that respond to and directly process and interact with page elements, such as Flash or Silverlight.

    This makes absolutely no sense if the app has no ability to load or interact with anything in the page. If there is no interactivity - and why would there be, with simple blocking? - there is nothing for an external script to “grab”.

    Which security add-ins, an external script can tell - at most - that an in-page element was not loaded by the web browser, but then anyone doing the tracking needs to contend with the dozen-plus add-ins that have the capability to block an element like that. The exact add-in is still not identifiable, only the class or type of add-in that has the functionality to block said element.

    I have read through a number of white papers that explore this technology, and to a T,

    1. This is still largely experimental and proof-of-concept
    2. Is still primarily meant to block bots that are trying to mimic humans, and to ensure that the site visitor is actually a salty bag of mostly water
    3. Can only identify apps that are explicitly designed to produce a response, as a core aspect of their purpose and design. Which, by default, fails to include almost all security-based add-ins, which behave more as “black holes” that have never been designed nor have any capability to respond to external queries.

    So when a website bitches about you having an adblocker installed, the site cannot tell WHICH ad-blocker is installed, only that ads are not loading because it is not getting any telemetry from them.

    So the website cannot track you by your installation of uBlock Origin unless it has that mix of ads that uBlock’s particular DEFAULT blocking pattern can be identified with. And since you can add or remove black lists at will, this becomes an infinite game of whack-a-mole for anyone trying to track you. Plus, other adblockers can load the same black lists, giving the exact same pattern for any website not loading ads from many dozens of different sources.

  • Oh this is a good idea

    Jump

  • Preaching to the choir.

    The list above is the vast majority of my add-ins. I don’t use any which are sufficiently duplicated in the browser or which are not required for enhanced security.

    I am not one of those people with multiple dozens of add-ins.

  • Oh this is a good idea

    Jump

  • extension detection/fingerprinting

    So you’re talking about bot detection and bot denial of a website, then.

    Well, I’m not a bot.

  • Women’s rights are on a sharp decline in Israel.

    Jump

  • Israel is currently on an absolutely bloodthirsty genocide bender right about now. The fact that it doesn’t give two shits about women’s rights is quite a bit further down the priority list from where it doesn’t give two shits about life in general, and is violently unaliving most everyone not like them in the region

    Pretty ironic, actually.

  • Oh this is a good idea

    Jump

  • the more fingerprint able you are

    Missed Privacy Tweaks, did ya? Look closer.

  • Oh this is a good idea

    Jump

  • every extension installed absolutely spikes up your uniqueness to fingerprinting.

    Missed Privacy Tweaks, did ya? Look closer.

  • Oh this is a good idea

    Jump

  • Women think it is “cute”, and themselves are so big on micro/subtle nonverbal communication that they legitimately don’t realize that it goes completely unnoticed by pretty much all men who aren’t gay or TG in the first place.

    What’s even funnier is that if you call them out on this they gaslight you by calling you stupid and unintelligent. Like, men get absolutely no practise with this form of communication. Father-son and man-to-man communication is almost blindingly obvious and explicitly spelled out. Asking a man to pick up on subtle cues and hints is like asking a blind person to call out all the colours in the vicinity by touch alone.

  • Oh this is a good idea

    Jump

  • Ads?

    What ads?

    I mean, who TF is not running with a proper adblocker and multiple other anti-spyware and anti-malware add-ins in their browser?

    I’ve been doing so since 2004, when the first adblocker came out for Firefox. Except for system set-ups of client machines and working on the machines of new clients, I haven’t seen an ad in over 20 years.

    Of course, you actually need to be running Firefox to have anything approaching an effective in-browser adblocker… Chrome has massively neutered adblockers into near uselessness.

    Seriously, people:

    And for those on mobile:

  • Proton has handed over 32,076 users' data to governments since 2017. Their own transparency report states a 94% compliance rate in 2024.

    Jump

  • I’m not experiencing any of that, mainly because I don’t run eMail lists.

  • Proton has handed over 32,076 users' data to governments since 2017. Their own transparency report states a 94% compliance rate in 2024.

    Jump

  • Self hosting email is impractical. The tech titans already ruined that.

    …when was that memo released? Looking back at the last quarter-century-plus of self-hosting, and it’s damn obvious I missed it.

  • “Yo what?” LimeWire re-emerges in online rush to share pulled “60 Minutes” segment

    Jump

  • Would love to receive one, if you have it.

  • Pirate archivist group scrapes Spotify's 300TB library, posts free torrents for downloading 86,000,000 tracks — investigation underway as music and metadata hit torrent sites

    Jump

  • Research RAID more effectively.

    RAID-10 is far more efficient not only as a transfer speed but also as redundancy across large arrays. It’s only nerf is storage inefficiency.

    RAID-6 requires serious computing oomph to create the parity bits, which dramatically slows down writes and rebuilds. It also needs only two drive losses across any one array before the whole array dies. Conversely RAID-10 has only duplication, no parity, so compute load is far lower and writes/rebuilds are a lot faster, and it can have up to half of all drives fail before the array is irretrievably broken.

  • Foot In The Door

    Jump

  • But to truly beat the house you need to find that one ATM which has a transaction flaw where you can withdraw your entire balance but the withdrawal does not get recorded anywhere, and for extra measure nothing about the transaction gets recorded so they don’t even know it was you who accessed that ATM.

    Fun fact: there have been a few such cases of ATM flaws in the last few decades, either time-limited to a specific period (the hour after midnight, for example) or transaction-limited to a specific type.

  • Controversial Victims Of Communism Memorial Won’t Include Names

    Jump

  • There has never been a communist country; only countries run by communist parties.

    They were “communist” just as much as North Korea is “democratic”.

    Just because a word exists in a name, doesn’t mean that the word actually applies in any fashion whatsoever. The political parties of both the USSR and China were as communist as fish are birds. Which is to say, absolutely not. They wore “communism” as a thin veneer of legitimacy over a bulwark of feudalistic authoritarianism.

    And the real clue is in the name: Communism. Communal. No real leaders aside from administrative functionaries. Classless and cooperative. Everything that the USSR and China never was.

    Edit: Russia became communist in 1917. By every metric with which you could possibly measure communism, it was dead by 1918.

  • 'Disturbing' Canadian MP shoved multiple times by two Israeli officers, NDP MP witness recounts

    Jump

  • Where is John Wick with diplomatic immunity when you need him?

    Canada seriously needs diplomats who know significant levels of mixed martial arts and other forms of defence. And then we need to attach them to groups like this.

    Officers like that desperately need to be made to eat their truncheons. Preferably sideways.

  • better look at it

    Jump

  • Pretty sure it screams at us sometimes.

    If there was an atmosphere to carry the sound, the sun would be screaming at us at just over 100db.

    For reference, sounds at 85db can start causing hearing damage after only 8hrs of exposure.

  • better look at it

    Jump

  • It’s not that we’re not allowed to look at it, it’s that we have oodles of evidence on how severely damaged our vision becomes when we do look directly at it without sufficient protection, and anyone with two functional neurons to rub together isn’t going to be doing any looking unless they are wearing the appropriate vision protection.

  • Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

    Jump

  • For the last decade I have been using IISCrypto to neuter older and obsolete algorithms. I just apply the most recent PCI profile and restart.

    Now granted, this program is unknown to many security professionals I talk to, which is why I mention it here: it works on all NT versions of Windows after Vista. Super-easy to restrict a system to the stronger and more secure algorithms.