gibson Now • 100%
technically there is a lot it could do, but it would not be a number 1 pick for any of it (even if you only have a $100 budget) so i agree, get rid of it.
gibson Now • 100%
you can still use a yubikey or even a password manager like keepassxc with passkeys, no need for any google/apple or even secure enclave.
gibson Now • 100%
it was always free for me but i think i was early enough of an adopter to be grandfathered in on some old setup
gibson Now • 100%
There is already gridcoin which is a cryptocurrency that awards boinc work, so I'd say this concern has already been addressed because of that.
gibson Now • 100%
xpra: it is like tmux but for X windows (works on wayland), but it can do much more than that. You can seamlessly run GUI programs from a container or VM on your main desktop while still sandboxing their X capabilities, forward windows from Windows desktops, and it has efficient encoding so it is usable over poor connections as well.
gibson Now • 100%
At least on my phone, rebooting also makes it require PIN
gibson Now • 100%
For those who don't remember, not only could signal be used for SMS, it used to be able to do encrypted sms convos.
gibson Now • 100%
As a Go dev, its simplicity is arguably taken too far. For example there are no union types or proper enums
gibson Now • 100%
The main benefit is since it is locally installed, it is harder for proton's server to access your encrypted data by serving you malicious JS. A malicious desktop app/update could be served too, but that may be trickier.
gibson Now • 100%
It usually isn't super hard to tell apart randomized junk like this from real human patterns. That is why Tor Browser for example tries its best to make everyone look the same instead of randomizing everything.
That said, for the mere purpose of throwing off the ISPs profiling algorithms, you could make a relatively simple python program to solve this. A naive solution would just do an http GET to each site, but a better solution would mimic human web browsing:
- Get a list of various news sites and political forum sites
- Setup headless firefox or chromium
- Use Selenium or similar to crawl links on each site. Make sure you have the pages fully load and wait a random amount of time that a human would before going to the next page.
- https://realpython.com/modern-web-automation-with-python-and-selenium/#test-driving-a-headless-browser
If you have no programming capability this will be rough. If you have at least a little you can follow tutorials and use an LLM to help you.
The main issue with this goal is that it isn't possible to tell how advanced your ISP's profiling is, so you have no way to know if your solution is effective.
Feel free to DM me if you go this route.
gibson Now • 100%
I do something similar with rclone and vultr's s3 service. I made an s3 remote in rclone and then a encryption layer remote on top of that.
gibson Now • 85%
You can make actual docker compose
use podman by running a user podman docker socket and setting that as an environment variable (export DOCKER_HOST=unix:///run/user/$UID/podman/podman.sock)
https://brandonrozek.com/blog/rootless-docker-compose-podman/
gibson Now • 66%
Just because you can't stop all the leaks in your plumbing doesn't mean you shouldn't fix the ones you can.
gibson Now • 100%
Its best to have some defence in depth. Ideally you would have a firewall on your network AND your local machine. If you are running a laptop definitely have a local firewall on that as you cannot trust random networks you connect to when out and about in the world.
firewalld is sufficient, i suggest learning its CLI as it is not super complicated. ufw is ok if you are allergic to command line.
gibson Now • 90%
I believe he does extend it to JavaScript however, so if he were required to run unfree javascript on a webpage relating to his treatment that could be a problem.
gibson Now • 100%
One Hour One Life is open source, it is a 2D hand drawn survival game where you have 1 real life houre to live from a baby to an elder and contribute to the player-made society in your life as best you can.
You have to pay for an account on the official servers, but i recommend you do to support the development.
Not sure if the dev accepts community patches or not, but the game is public domain license.
gibson Now • 100%
Unfortunately, its not clear if masks actually stop facial recognition. I think it helps, but not probably not as well as it did before covid.
Over the weekend i made a simple read-only frontend for Imgur in the spirit of Invidio.us and nitter It doesn't support gifs/videos yet but it does handle albums. It is open source under AGPLv3 https://git.voidnet.tech/kev/imgin and has 0 javascript. It has a configurable cache. Here is an example gallery view https://imgin.voidnet.tech/gallery/9wkPUsZ The reason i made it is because for me, at least on desktop Imgur craps out on Tor Browser even just for viewing. You can append /layout/blog to albums but that still requires JS. Imgur also has lots of trackers and junk by default. I still need to add tests and clean up the code, so it may be buggy. The idea is that it would be eventually added to privacy redirect addon to auto-redirect imgur links. It is pretty small Python code so if you want to help me you can reach out. Sopuli isn't syncing comments for some reason, i'll reply from onionr https://lemmy.ml/u/onionr
Greetings Lemmy I have been developing a Firefox addon to throw off [keystroke fingerprinting](https://www.whonix.org/wiki/Keystroke_Deanonymization) https://addons.mozilla.org/en-US/firefox/addon/private-keyboard/ I suspect most people on lemmy are aware of browser fingerprinting, but i think alternate routes of fingerprinting are less talked about. Basically, websites can track your keystroke timings which are fairly unique to each person. Addons like Ublock origin can address this problem, but that is inherently a blacklist approach which is not a good security method. I suspect that sites could do it partly server side anyways by using legit features like typing notifications on chat sites. I developed this addon to defeat basic keystroke analysis by randomizing the time it takes keystrokes to be processed by a webpage with a floor of 150ms and a max of 300ms. I'm working on improving the UX, so i anticipate the typing speed to be increased eventually (I admit it is frustrating to type currently). I may add an iframe overlay approach/option that is mildly less secure but much more usable. You can whitelist sites that you trust. I tested it on typingdna[.]com and keytrac[.]net which are two spy companies that advertise keyboard biometrics as an alternative to 2fa (cringe) and for anti-fraud or creepy test proctoring purposes. This is experimental and may not solve all issues (in particular it doesn't prevent stylometry analysis yet). Also it may be possible for spies aware of the addon to account for the randomization. There's a downside aside from the frustration of slow typing, which is cpu spikes during typing, which is a side effect i haven't been able to avoid due to JS limitations. If i'm able to make the iframe approach that would be fixed. Ironically the cpu spike may make it easier to use [power analysis](https://www.inderscienceonline.com/doi/abs/10.1504/IJACT.2014.062722) Other software that attempts keystroke anonymization is the kernel level Kloak project and the Keyboard Privacy chrome addon that doesn't seem actively maintained. If you know JS and want to help shoot me a message.
gibson
sopuli.xyzprogrammer interested in privacy/security. Mostly Go and Python