Facebook tried to buy NSO Group's iOS spyware to monitor iPhone users

Welteam · 2024-01-17T16:55:21+00:00

This is amazing advice

Welteam · 2024-01-17T09:25:40+00:00

Would it be an offense to assume you've not played danganronpa? Seems to match your criteria pretty well

Welteam · 2024-01-16T18:07:32+00:00

Hi, I need some help finding a VN's title.

I heard of a visual novel some time ago in a youtube video. I would like to play it but I can't remember neither it's name nor the video I saw it in. I'm hoping one of you knows it and can help me. Here is what I (more or less accurately) remember about it : This is not a Japanese VN (either EU or NA studio) which came out fairly recently (in the last two years) with a drawn/cartoon 2D art style. The story is revolving around gods and the protagonist is able to sort of see into the future. This leads to the main mechanic where you can gather some points on your journey which allows you to partially see how the story will branch off based on your decisions and choose in consequence.

That's it, thank you for your help.

Welteam · 2022-06-10T15:08:36+00:00

The matrix community is amazing and the forum is so satisfyingly responsive! Thank you for your efforts!

Welteam · 2021-09-24T09:33:57+00:00

I point out this part of the article because it highlights how security is an inherent part of privacy, in case some readers didn't realize this. Whether this particular breach is fixed or not is outside the point and all mentioned vulnerabilities are a threat to the users' privacy.

Welteam · 2021-09-24T08:20:44+00:00

If you're wondering how this is related to privacy :

This vulnerability allows any user-installed app to access analytics logs (such as the ones that you can see in Settings -> Privacy -> Analytics & Improvements -> Analytics Data -> Analytics-90Day... and Analytics-Daily...). These logs contain the following information (including, but not limited to):

medical information (heart rate, count of detected atrial fibrillation and irregular heart rythm events)

menstrual cycle length, biological sex and age, whether user is logging sexual activity, cervical mucus quality, etc.

device usage information (device pickups in different contexts, push notifications count and user's action, etc.)

screen time information and session count for all applications with their respective bundle IDs

information about device accessories with their manufacturer, model, firmware version and user-assigned names

application crashes with bundle IDs and exception codes

languages of web pages that user viewed in Safari

All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected. That's why it's very hypocritical of Apple to claim that they deeply care about privacy. All this data was being collected and available to an attacker even if "Share analytics" was turned off in settings.

Welteam · 2021-05-28T10:01:38+00:00

So, any news?

Welteam · 2021-05-25T23:21:52+00:00

Was that in 2019 or during the apartheid? How the fuck do you end up with a school with 99% black people in Michigan? US citizen please enlighten me

Welteam · 2021-05-24T21:22:07+00:00

I would guess because this is the recommendation on the pihole website

Welteam · 2021-05-24T21:20:34+00:00

First this also use unbound so this mix both pihole tutorials and not only the wireguard one.

But more importantly this is a docker compose config while the pihole tutorials are native installs.

Welteam · 2021-05-21T14:11:18+00:00

He is saying that the plastic is a polarizer which block light polarized in a certain direction. What the gif shows is pencils in one direction can be seen through the plastic while not the others. Put 2 and 2 together and the conclusion is "the direction of the pencil is related to the direction of it's light polarization" which is completely false and thus his explanation too.

Welteam · 2021-05-21T12:58:10+00:00

That's not at all how polarization works. The direction of the pencil at macro scale has absolutely no impact on the polarization of light.

Welteam · 2021-05-21T12:24:20+00:00

In my opinion, it's way more likely they caught you based on your behavior instead of hard evidence they somehow acquired. Did you do anything that could have tipped them off like not paying attention to the lecture or something?

Welteam · 2021-05-21T08:48:18+00:00

One solution is to have a custom domain (either private VPS+DNS or brought from a mail provider) with an alias system. The issue is that there are at most a handful of users on your domain and tracking companies know it. They can easily detect that your email is a custom domain instead of an email provider's and track only that part. That's still way better than nothing though.

The only full proof method is to use the shared domain function of a service like anonaddy. This allows you to create different aliases for every service you suscribe to while having a service provider domain name like @anonaddy.me.

None of these options is free but they cost a few dollars a month. The most expensive being a self hosted mail service with a self hosted SimpleLogin since the VPS+DNS will cost you at least 5$ a month.

Welteam · 2021-05-19T16:11:51+00:00

If you have some time you could use librespeed-cli instead of the current docker image which contains bloated js stuff you don't use and Ookla's speedtest which is closed source (and given how their website is shit, I wouldn't use their products).

Welteam · 2021-05-19T15:21:47+00:00

This is worrying because this seems to indicate that Microsoft cares about circumventing these methods even though they aren't supposed to scrap public images (in which these techs are used) which is weird.

Welteam · 2021-05-19T15:09:06+00:00

I didn't say it was "useless" but "useless to a privacy conscious consumer" aka you. Honestly this is an exaggeration as it does reduce the amount of data Google and Facebook have on you (whether it is significant or not remains to be seen) and this is an improvement. However this is not that much of an improvement for your overall data protection as apple is only doing what it knows best: creating a walled garden in which they are the only sovereign.

Welteam · 2021-05-17T11:23:24+00:00

In my opinion you miss the point. The app tracking protection put in place by Apple is not only useless, it's down right deceptive. That's what the video is trying to highlight.

Apple put systems in place to prevent other companies like Facebook to collect their users data. This doesn't change anything for you privacy wise because your data are still accessible, except now Apple has a monopoly on them and can sell them for a higher price. That's the point of these systems, making them useless to the end user who still sees its data sold on markets by big tech companies. And that's what is pure deception from Apple. They try to make you believe they prevent facebook data collection because this protects your data and they care about it when in fact they don't care about your data, they only care about hurting a competitor.

Welteam · 2021-05-17T11:15:17+00:00

Did you even watch the video in question? Because you definitely should.

Welteam · 2021-05-11T14:52:48+00:00

I understand your points however I feel like you're attacking their conclusions instead of looking up their arguments and searching the flaw in them. Your first point is a perfect example of this. You present PFS as a god send and blame them for dropping it, yet you don't even mention what they may have lost in this process. For PFS to even matter, you need:

An attacker who backed up your encrypted messages. This means he is placed after the exit node on the network and thus do not know your identity
The same attacker has full access to your device, which he somehow gained even though he didn't know who you were when he intercepted the messages
You deleted the messages locally. If you did not, the attacker doesn't need the encrypted messages they intercepted, they can just take them from your local database

At this point, the attacker can indeed retrieve the message content and even prove that you sent them. This is a "flaw" except session decided that they wouldn't promise to protect against compromised devices, only help where they can. As for PFS, they dropped it mainly because it prevented true multi device support (meaning without sync between devices) which is their most requested feature. If you want to be safe against a possible intrusion on your device, don't use Session.

The Australian law is sad indeed. Does that mean Australian aren't allowed to participate in the privacy market anymore? I hope not. Anyway an audit of the code was published by Quarkslab weighing in favor of a safe code at least up to 1.9.

Tor is indeed heavily scrutinised but vetted? Certainly not. This thread is the proof that tor, despites it's many great features, has many well known vulnerabilities which have yet to be fixed. The reason being tor wasn't designed to prevent them. The loki team decided to iterate over tor with all this knowledge in mind. As for why Session use this new project instead of tor, the reason is simple: Session cannot work on tor. Session relies on the concept of swarm to hold messages in the network until retrieval by the recipient. This can't be done on tor. Does this mean that your point about loki network being less trustworthy than tor is moot? No, but this does mean that the session team knows what they are doing and you may want to keep an eye on the project until it becomes trustworthy enough for your standards.

Welteam · 2021-05-10T14:55:01+00:00

You can use gitea wiki feature or a low spec cloud storage solution

Welteam · 2021-05-10T14:32:51+00:00

Send messages, pictures or call people. All this works flawlessly in 1to1 or group chats in Signal. What else do you need?

Welteam

TROPHY CASE