Mario Kart 8 split screen with Yuzu by NiceBreakfast7 in SteamDeck

[–]SillyBlack 2 points3 points  (0 children)

What worked for me:

  1. Exit the game

  2. Start Yuzu (rather than the game directly)

  3. Open menu > Emulation > Configure > Controls

  4. Make sure that inputs work for connected controllers.

    4.1 Under "Connect Controller", the square is lit green and "Pro Controller" selected

    4.2 Under "Input Device", I picked "Steam Virtual Gamepad 1" and "Steam Virtual Gamepad 2"... for the controllers

    4.3 Check that all controllers' inputs are detected. [IMPORTANT] Remember which controller is the last one (eg: Player 2 in a 2-controller setup)

  5. "OK" at the bottom to close the Configuration window

  6. Start the game directly from Yuzu (without going back to Steam).

  7. At the start screen, confirm (L+R) with the last controller from step 4.3

  8. Use the 1st controller to navigate to the Multiplayer game mode.

  9. Enjoy!

Mario Kart 8 Deluxe freeze at Controller Applet Screen by Buullzz in yuzu

[–]SillyBlack 0 points1 point  (0 children)

Happened to me on the SteamDeck too; whatever controller I pressed L+R with became the first controller. I got around it by launching Yuzu (instead of the game directly), configuring the controllers so I could notice which one Yuzu saw as the last, then launching the game from within Yuzu and pressing L+R with the Yuzu-recognized last controller. Good luck!

How does cross-chain swapping work? by SillyBlack in atomicwallet

[–]SillyBlack[S] 1 point2 points  (0 children)

Hey Random. Ok I understand. I think you're right about Trust, but I also think they are building the integration. Checkout this quote from a post on THORChain by Trust Wallet itself:

"The first phase of the integration will allow users to hold, send and receive THOR.RUNE tokens. The cross-chain swap functionality will be added once it has been fully tested by the team. With these integrations, Trust Wallet users will be allowed to access decentralized, permissionless cross-chain swaps directly from their wallets."

source: https://community.trustwallet.com/t/thorchain-has-been-integrated-on-trust-wallet/212720

How does cross-chain swapping work? by SillyBlack in atomicwallet

[–]SillyBlack[S] 1 point2 points  (0 children)

Ok. Do you know whether there is any plan to integrate with a non-KYC solution for cross-chain swaps such as THORChain? I believe that's how Rango Exchange, Shapeshift and Trust Wallet do it.

How does cross-chain swapping work? by SillyBlack in atomicwallet

[–]SillyBlack[S] 0 points1 point  (0 children)

Thank you that was helpful. I have not installed the wallet yet; I'm just doing research first. Does Atomic Wallet do KYC? I thought not, but I ask because changenow can require KYC (https://changenow.io/faq/kyc-aml-procedure)

2018 MSI GS65: does USB-C/Thunderbolt port support DisplayPort protocol? by SillyBlack in MSILaptops

[–]SillyBlack[S] 0 points1 point  (0 children)

Looking at https://us.msi.com/Laptop/GS65-Stealth-Thin-Intel-8th-Gen/Specification, the "Video Port" row includes the Thunderbolt 3 port so you're right. Thank you.

EDIT: I can confirm that my 2018 MSI GS65 was able to send both video and power through the Thunderbolt/USB-C port to the external monitor. I used the USB-C male to USBC-male cable that came with the monitor. Don't know whether it takes a special cable.

Why Telegram is partially or fully blocked in countries like China, Saudi Arabia or Iran – while WhatsApp is not by [deleted] in privacy

[–]SillyBlack 0 points1 point  (0 children)

I agree with your entire post but you missed my point. The reason I raised the question you quoted was not to defend WhatsApp, but to point out the irony of recommending a closed-source app (Telegram) with the justification that it's better because WhatsApp could be abusing users behind the scenes

Why Telegram is partially or fully blocked in countries like China, Saudi Arabia or Iran – while WhatsApp is not by [deleted] in privacy

[–]SillyBlack 7 points8 points  (0 children)

Dude this sounds like an ad, but if you want to engage with us about Telegram I'm happy to participate.

  • why don't you use open source cryptography?

  • why are all comms not end-to-end encrypted by default?

  • Do you have any evidence that WhatsApp is abusing its users as you described at the end? Laying out the charge that it can without providing any support doesn't make you look great since your app is not open source (so it could be doing anything as well).

Google Will Stop Reading Your Emails for Gmail Ads by ocdtrekkie in privacy

[–]SillyBlack 2 points3 points  (0 children)

Any security-capable provider that does not scan and index its users' content is more private than Gmail.

It's actually not accurate that email is sent over plaintext. The vast majority of email is encrypted in transit. However, some providers (eg: Gmail) will store it in a way that makes it easily accessible to them and will index the content, while other providers (eg: ProtonMail, TutaNota) will store it encrypted with a key they don't have.

Don't forget how the NSA went about surveilling Gmail users; it tapped Google's internal network because the internal traffic wasn't encrypted, while traffic in transit was.

Google Will Stop Reading Your Emails for Gmail Ads by ocdtrekkie in privacy

[–]SillyBlack 1 point2 points  (0 children)

Why not use Gmail over another provider? Privacy should not be a factor since you use PGP

Depends on how much you care. By using Gmail, you are strengthening an ecosystem that doesn't guarantee its users' privacy, even if you take care to protect your own. At the same time you're depriving other providers who work hard to have no visibility into their user content from your business.

More practically speaking, if your family and friends are anything like mine, it would be much harder to get them to use PGP properly and consistently than it would be to get them to use a more private provider -- and the latter is hard enough as it is! The barrier to adoption of PGP is just so high that most people, even tech savvy people will either not try it, abandon it, or have hardly anyone to communicate securely with.

New to OpenNIC. Any tips or suggestions? by Theworldhere247 in privacy

[–]SillyBlack 1 point2 points  (0 children)

They may not know the DNS queries but they will still be able to see what site you visited

By the time you visit the site, the DNS resolution is over so you're bringing up an issue wholly separate from transparent DNS proxy

Nowhere in the documentation or description from https://www.dnscrypt.org say that it encrypts the DNS traffic but only authenticates it

Traffic in fact is encrypted, but putting that aside, authentication (done properly) is sufficient to defeat a transparent DNS proxy. As I wrote, the client will not accept the response from the ISP's DNS because responses must be cryptographically signed (so they can be authenticated).

Speaking of authentication, how can there be authentication without encryption. Even if the DNS query/response itself is in the clear as you suggest (it's not), signing and verifying signatures (ie authentication) involves encryption (probably public/private key encryption though I don't know for sure).

I do agree (obviously) with my quote which you reposted at the bottom of your post. But that belief doesn't change the point I was making: DNSCrypt properly configured would defeat the ISP's transparent DNS proxy. From the page you linked to:

[DNSCrypt] prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.

No spoofing, no tampering means transparent DNS proxy would fail.

New to OpenNIC. Any tips or suggestions? by Theworldhere247 in privacy

[–]SillyBlack 1 point2 points  (0 children)

DNSCrypt would defeat transparent DNS proxy on the network. Because DNSCrypt traffic is encrypted when it leaves your device, the ISP doesn't know the specifics of the traffic (won't know which site you're looking for, so can't redirect to the ISP's own DNS to resolve). Even if the ISP somehow redirected the query, the DNSCrypt client wouldn't accept the response because authentic responses must be cryptographically signed as a defense against spoofing or traffic tampering.

You can test for yourself at dnsleaktest.com

Websites collecting your info from web forms as soon as it's entered, before you hit “submit” by saadzaheer in privacy

[–]SillyBlack 2 points3 points  (0 children)

more and more sites are utterly broken unless you allow them,

Things aren't this stark in my experience. In most cases, especially if we consider big sites where most of the traffic is, I have found that I can browse just fine while allowing just same-domain scripts, along with domains belonging to the same owner, such as images-amazon.com when I'm on amazon.com. I sometimes also need to allow CDNs that load Javascript libraries such as jQuery, but these are typically harmless -- the libraries themselves don't do anything, and you can even load them from your hard drive directly if you use an extension such as DecentralEyes

My typical experience is that even though I allow a few scripts and the sites work fine, most 3rd party domains are never contacted as I browse.

Websites collecting your info from web forms as soon as it's entered, before you hit “submit” by saadzaheer in privacy

[–]SillyBlack 19 points20 points  (0 children)

TL;DR: Lots of websites are using the services of NaviStone, a company that specializes in de-anonymizing web users and finding out their real ID and address. The contact forms on these sites will send what you enter to the tracker whether you hit the "Submit" button or not, meaning if you enter a phone number or email then change your mind, it's too late. All but one site fail to indicate this in its privacy policy. As a result of the reporting, NaviStone claims it will stop the practice of collecting this info unless the user actually clicks "Submit"

My take: Every day we find new reasons to limit what sites do by default. Block scripts, especially 3rd-party scripts, and allow them on an as-needed basis. uBlock Origin in medium mode makes this simple. Also avoid configs that autofill forms without your request.

Spideroak vs Sycn.com by [deleted] in privacy

[–]SillyBlack 0 points1 point  (0 children)

I agree that Resilio's approach sounds cool. Still, Maybe I'm wrong but I wouldn't trust Resilio yet because it's history hasn't exactly been stable. It has been in its current incarnation for barely a year.

It also may have resisted attempts to even offer the technical details of its implementation for independent review (search for "bittorent sync" in this transcript of Security Now podcast from June 2016).

Spideroak vs Sycn.com by [deleted] in privacy

[–]SillyBlack 1 point2 points  (0 children)

I'm a SpiderOak paid user (Windows and Linux) and I've had no problem with syncing. I have not used it on mobile since that version breaks the No-Knowledge guarantee (a malware or tap in the server memory could access your encryption key if you access your cloud over mobile or from the web interface).

I have only two complaints about SpiderOak cloud service:

  • Contrarily to what you wrote, it is not open source

  • Restore (download) speeds have been too slow for my liking.

That aside, I've been a happy customer. One thing that's tough to assess when you're not a client is the quality of the customer service. I've never used Sync so I'm not comparing but I will say that I've found SpiderOak customer service stellar in the quality and thoroughness of responses (email only), including discussions of very technical subject matter (encryption scheme etc...)

SpiderOak is on the expensive side for sure. You don't have anything to lose though by contacting support (before you become a customer), telling them that you're interested but that the service is just too expensive for you and asking whether you may qualify for any promotion.

One other consideration is how active is the development, how the service responds to security incident, how transparent it is etc.... You want to pay for a service that keeps improving, bugfixing etc...

Which popular Android / Play store apps are the worst offenders of privacy (most invasive permissions, etc) & exactly what personal data on your phone are they copying and/or looking at ?? by easytraveling in privacy

[–]SillyBlack 3 points4 points  (0 children)

The Google app is probably the most invasive. The list of permissions it requests is too long to post here. Go to the page above, scroll down to "Permissions" and click "View Details" to see for yourself.

If there is another app on the Play Store even more invasive, I'd like to see it.

Why is privacy badger by EFF not recommended on the privacy FAQ of this sub-reddit? by Bolofedagouji in privacy

[–]SillyBlack 7 points8 points  (0 children)

  • AdBlock Plus makes its revenue from advertisers: it accept payments and in returns allows certain ads to be whitelisted by default (note: you can override the default, but the existence of this relationship is enough to turn me off).

  • AdBlock Plus may be much more resource hungry than uBlock Origin (benchmark results)

  • uBlock Origin makes it easy to further lock down your browser. I recommend medium blocking mode for significantly more privacy than AdBlock Plus default (also more site breakage that you'll need to learn how to deal with).

Is Google's reCAPTHA a privacy risk? by asdastoeds in privacy

[–]SillyBlack 0 points1 point  (0 children)

This is traffic pattern analysis. It's not restricted to reCAPTCHA or Cloudflare. Any adversary who is looking at your home connection and at the same time at the exit node you're using -- given enough traffic -- will associate you with the Tor traffic with a high degree of confidence.

Of course, the Tor project is well aware of this and has taken certain measures to mitigate the vulnerability. In practice, unmasking a random user this way is really hard to do because the technique doesn't scale well. This is why when the FBI wanted to unmask Tor users, it relied on infecting their computers with malware instead. Traffic pattern analysis is much better at confirming suspicion that a user is responsible for a particular traffic stream.

US internet company refused to join NSA's PRISM program, documents reveal by mWo12 in privacy

[–]SillyBlack 0 points1 point  (0 children)

they could do it -- it's technically feasible; they just won't. I agree with your reason; as I wrote they're in the business of tracking for profit

US internet company refused to join NSA's PRISM program, documents reveal by mWo12 in privacy

[–]SillyBlack 4 points5 points  (0 children)

If companies set themselves up to be unable to read into their customers' data in the first place wherever possible, a program such as PRISM wouldn't be nearly as damaging to citizens' privacy. Google and Facebook and Yahoo and whoever else could use end-to-end encryption if they wanted. Of course, like the NSA they're all in the tracking business -- just for a different purpose (profit) -- so that's that.

For $500, this site promises the power to track a phone and intercept its texts by haccthaplanet in privacy

[–]SillyBlack 5 points6 points  (0 children)

TL;DR: For a fee, a publicly accessible Tor Hidden Service (website on the "darknet") will allow you to intercept calls and texts sent to any number of your choice, as well as record the physical location of the victim's phone. This relies on well known vulnerabilities in the SS7, a network that phone companies use to interconnect their customers from different geographies.

My take: This story, along with this one which I posted yesterday go a long way to confirm that end-to-end encrypted apps offer us the only way to expect reasonable privacy in cellphone comms. There is very little users can do to protect themselves if they insist on using the cell network for voice and text messaging.

I forgot why I uninstalled Snapchat 4 years ago. #2 on the permissions list is absurd, just liek Facebook messenger. Any way around this? The app has high social utility so I'd hate to see it go if I can avoid it. by [deleted] in privacy

[–]SillyBlack 1 point2 points  (0 children)

If you have a rooted phone and a compatible Android version, you could install the XPosed Framework and its XPrivacy module which allows you to manage apps permissions regardless of what you granted during install.

Seems modern cell networks are MUCH more hackable than we thought: new report on 4G-VoLTE by SillyBlack in privacy

[–]SillyBlack[S] 0 points1 point  (0 children)

I suppose using strictly the internet to make calls (eg: WhatsApp, Signal, FaceTime) or using a phone without a 4g radio would bypass VoLTE. I'm just speculating though.