• 4 Posts
  • 64 Comments
Joined 4M ago
cake
Cake day: Jan 21, 2021

help-circle
rss

This is a very minor issue if it is an issue at all.

The system log is private. The only apps that can access it are apps that are given special permission from your phone manufacturer. This manufacturer could also get this information other ways if they wanted to.

The only real issue here is that it raises the attack surface because instead of a website or app needing to break into your OS, they can also break into one of these built-in apps. So it would be easier to find an exploit chain that could retrieve these identifiers.

The real question to be asking here is why do these apps need access to the system log in the first place?


Only works with gmail. This needs some sendmail support.

(Sidenote: I do realize that it is weird that a command line tool has become the defacto email sending API)


supposedly breaking the SSL and re-encrypting it with their SSL

There is no doubt here, this is how basically all CDNs work. You need to see the plaintext request in order to perform caching and most other features that they provide.

I agree, if the content is very sensitive then you shouldn’t trust a third party. However in practice most companies trust third parties whether that is a hosting provider, analytics or any number of functions that it is easier to outsource.

I think the concern arises because Cloudflare is big. This has benefits and drawbacks.

  • Generally larger companies have more resources to invest in security.
  • Covering such a large portion of the web gives them a lot of possible tracking data if they want to use it maliciously (for whatever your personal definition of malicious is).


I agree that we shouldn’t be giving money to companies who do not support our use cases on our hardware. But unfortunately RISC-V is years away from being close to competitive in the laptop space.


I agree! Just seeing a single parent of context would make a huge difference.

It would also be pretty cool to group replies to the same comment together.


This is cool, but I’m not sure how much value it provides. For example app.update.lastUpdateTime.browser-cleanup-thumbnails counts as modified even though I never modified it. I understand that it was modified by the browser but it would be nice to see which preferences I have changed from the default so that I can possibly reset them if I don’t think I need that modification anymore. As it is most of this list is stuff that is normal or even expected to be modified and the default isn’t the “recommended” option.


This is probably impossible because a lot of the code is probably licensed from other companies so they couldn’t open source it without negotiating a new license from those companies, and they likely aren’t jntered in open source.


Do you have a link to that highlighting theme though? 😛


That is a very large leap to assume from the leaked data. IIUC the leaked data just says that there was a Signal account associated to his phone number. It could have been one friend or journalist that he wanted to talk to. He may have signed up to see what it is all about. As far as I am aware there is no evidence that he was a significant user, or that he prefers it over his own messaging apps.

I’m not saying that FB apps are trustworthy, but I honestly would have been more surprised if he didn’t have a signal account.


I basically don’t like apps messing in my folders anyways so I don’t worry about it too much. I leave the defaults but the only XDG defined folder I really use is Downloads but I basically use that folder for any temporary data.

Other than that I will symlink the configs of certain apps that I care about (git, zsh, vim, …) into a good place for me and I keep most of my work in ~/p which is basically a directory of git repos.

So basically I find the XDG stuff mostly useless so I keep the stuff I care about out of those folders.

(Although I do wish more apps respected XDG_CONFIG_DIR rather than dumping crap into my home directory. )


Did you ping the ip? 10.0.0.191 or just try the hostname?


191.0.0.10.in-addr.arpa

I do find it weird that this is an internal IP. I would check if this query works. Also maybe checking to see if your VPN has anything at this IP.


If you really want you can set a trace filter on your firewall to see what users those requests are coming from. This is reverse-DNS. It looks up the hostname for an IP address. There are various reasons to do this.

  1. Some applications filter based on the hostname. They need to convert the IP to a hostname (and they query the hostname to ensure it maps to the IP to verify)
  2. Some applications show this to the user (some bittorrent clients try to show you peer hostnames).
  3. Some applications log the hostname.

So there are a wide variety of reasons. You would have to trace this back to the application to find out why exactly it is happening for you.


Your best bet is using the Tor Browser.

  • The Tor network effectively hides your IP from these services.
  • The Tor browser works hard to reduce fingerprinting options.
  • Blocking some trackers can also reduce the chance that one of them manages to identify you.

But remember, you need to use the Tor Browser every time you log in. A single time that you login from your own IP and they will associate that IP with your account.


To be frank I don’t see the advantage here. A project dedicated to making a good chat client will almost certianly make a better tool than lemmy trying to make a discussion form. It seems much better to keep the two features separate and let each project focus on itself.


Communities was kind of an experiment, and IIRC Element only. Spaces is taking what they learned and writing a proper spec for the feature so that it will be better and can properly be supported by all clients.


I don’t see the problem. People at sopuli.xyz are allowed to post to !technology@lemmy.ml. In fact I don’t see a !technology@sopuli.xyz community https://sopuli.xyz/search/q/technology/type/Communities/sort/TopAll/page/1.


I don’t think the standards themselves need funding. I think if you want to improve their adoption the best approach would be supporting clients, services and services that speak these protocols.


I’ve also successfully put self-hosted servers into a network namespace that routes everything through Tor (basically like a VPN, except through Tor). This works for basically every service as long as it uses TCP. However if it has native proxy support configuring that can be easier if you trust that it doesn’t leak.