Show newer
Shamar

@fsfe

I wonder how proud he will feel looking at the huge amount of money that got from since 2013.

More than 10% of its budget.
But hey! Less than 20%!

🤦‍♂️

fsfe.org/donate/thankgnus.en.h

0
Shamar boosted
Niko
Ridículo como animales e insectos caen en las trampas, pero no tanto cuando...
0
Shamar boosted
Niko
El conocimiento, la tecnología libre y el self-hosting nos salvarán de GAFAM y otros males.

#NoGAFAM #Mensaje
0
Shamar boosted
Bernie

Breakfast at Nannini, an iconic pasticceria in Siena 😋

Show thread
1+
Shamar

@mala

In the notice that nobody is expected to read: mozilla.org/en-US/privacy/thun

```
Thunderbird May Disclose Information To:

Amazon Web Services: Thunderbird uses Amazon Web Services (AWS) to host its servers and as a content delivery network. Your device’s IP address is collected as part of AWS’s server logs.
```

I assume they receive and manage the crash reports on "their" servers that accidentally are owned by .

@rysiek@mastodon.technology

1
Shamar boosted
informapirata ⁂ :privacypride:

La pandemia ha fatto bene all'economia dei #GAFAM, ma qualcuno deve iniziare a occuparsi di questi ca**o di informatici!
Di @Shamar alla conferenza #AIUCD2021
tesio.it/2021/07/23/AIUCD2021_

0
Shamar

@jmw150

"Good distros"... these days I wonder if gives a shit, tbh.

So sad...

@rysiek@mastodon.technology @mala

0
Shamar

@b6hydra

No, indeed I surprised myself by being surprised by 's bad faith.

I mean: ok, is a surveillance tool marketed as a privacy friendly browser, but it's a "just" a browser.

But I was STILL thinking that good old (that I do not use since decades but still suggested to others) was safe!

It's not.

is not just on by default and all data are received by through servers.

I really think such kind of defaults should be forbidden by law. And in fact they are forbidden by as all data collection must be opt-in not opt-out.

Curiously, crash reports are disabled by default (as far as I can read online) so at least people are less likely to send them cryptographic keys in clear in a memory dump.

But the fun fact is that if you enable crash reports in the hope to let them improve a privacy friendly MUA, you sacrify your security (and your peer's security, exposing them to social engineering) to improve a surveillance software.

Indeed Thurderbird is sending back your interactions activities, so the fact that mails sent without can be intercepted, is totally irrelevant.

@rysiek@mastodon.technology @mala

0
Shamar boosted
Aral Balkan

In 2014, I gave a talk called Free is a Lie at a run-of-the-mill, dime-a-dozen, Silicon-Valley-worshiping Big Tech/surveillance capitalism conference in the Netherlands.

Yesterday, I learned that they unlisted my talk on *spit* YouTube and that it might be removed.

twitter.com/ribasushi/status/1

twitter.com/l18cp/status/14182

Today, I archived it so you can keep watching it for as long as you want to.

vimeo.com/578393679

#FreeIsALie #PeopleFarming #SiliconValley #BigTech #SurveillanceCapitalism

1+
Shamar

I wonder how I can be surprised to learn that 's collect telemetry infos (including your mail domain) and share them with partners such as .

It's obvious they spy on your mails! 🤦‍♂️

Indeed, in case of crash, they even send to "their" servers a memory dump that contains sensitive data crash reports.

This likely include, your emails in clear, your private encryption keys¹ and everything else the program has loaded and kept in memory.

What does this means for an hypothetical attacker that can access such reports?

I mean... like a agency arguing that you might be a terrorist or something.

Oh but sure... they shall do no evil...

mozilla.org/en-US/privacy/thun


_____

1) Since version 68, Thunderbird does not use the suite via , but directly do encryption "to avoid licensing issues" 🤷‍♂️

@rysiek@mastodon.technology @mala

1+
Shamar

@rysiek@mastodon.technology

Does derivative tools like or count as tools?

What about ?

0
Shamar boosted
Leah Rowe is not a Rowebot

Libreboot pre-installed laptops are back in stock on retrofreedom.com/

0
Shamar boosted
quinta - Stefano Quintarelli

RT @emmevilla
🦠🌍 Volete la prova definitiva che i #vaccini ci stanno salvando?

Eccola.

A sinistra, 8 paesi che hanno vaccinato molto.
A destra, 26 paesi che hanno vaccinato pochissimo.

Trovate le differenze.
E #vaccinatevi.

0
Shamar boosted
Shamar

@rysiek@mastodon.technology

It's not that simple.

In the article you liked explains

```
This is normally done through the target’s mobile operator, which some governments can access or control.
```

How many CA are state-run agency? How many CDNs (behind HTTPS) can be subject to similar impositions?

If a state can impose to a mobile operator to track a citizen, why do you think it cannot impose to serve certain DNS records, certain TLS certificate and so on to certain people only?

Also, HTTPS leaks a lot of information about every visitor to the site owner (IP, cookies) and you are assuming the hosting/cloud provider is not malicious, while often it is.
And these leaks apply to everybody, not just to targetted victims.

You just need to control/compromise a single hosting/cloud provider and attract the victim on one of its HTTPS websites to install the same malware without the website owner knowing anything AND without the victim suspecting anything (it's HTTPS, so it's safe, isn't it?)

On the other hand, HTTP proxies can cache requests and hide you from the server.

It's dumb to blame http website owner for the victims killed by criminals and governments: it's the whole Web that is broken and insecure at heart, HTTPS or not.

We need people to understand how it works in depth so that they can foresee the risks.

A false sense of security is MORE dangerous than a known state of insecurity.

0
Shamar boosted
Emanuele

Edward #Snowden calls for #spyware trade ban amid #Pegasus revelations.

#NSA #whistleblower warns of world in which no phone is safe from state-sponsored hackers if no action taken.

theguardian.com/news/2021/jul/

#privacyMatters

0
Shamar

@fffitalia

Leggendo l'articolo appare chiaro che avete dei token da vendere prima che il prezzo crolli e cercate dei polli che li acquistino.

Definire "inutili" le criptovalute è come definire "inutili" gli strozzini.

Qualcuno ci fa GRANDI utili.

Certamente inquinano molto, ma anzitutto la è una scam-factory su scala globale.

0
Shamar

@minimalprocedure@mastodon.uno

```
More interesting in is the "real code" that handles English but it doesn't seem to be available.
```

What do you mean?

The code is available in the zip: "the compiler" + "the noodle" that is a sort of portability layer.

Unfortunately, it's neither free software or opensource...

```
I don't have particularly care about it on any educational or practical level, actually.
```

I find it very through provoking: it's not just a DSL for a specific purpose, it's a turing complete programming language that can be used for anything and is very readable on first sight (to anyone who knows the language).

The problem is that it would be perfect if all we wanted from informatics was to program computers.

But I think we should use programming/debugging like writing/reading, to enhance human communication and thinking ability.

0
Shamar

@rysiek@mastodon.technology

It's not that simple.

In the article you liked explains

```
This is normally done through the target’s mobile operator, which some governments can access or control.
```

How many CA are state-run agency? How many CDNs (behind HTTPS) can be subject to similar impositions?

If a state can impose to a mobile operator to track a citizen, why do you think it cannot impose to serve certain DNS records, certain TLS certificate and so on to certain people only?

Also, HTTPS leaks a lot of information about every visitor to the site owner (IP, cookies) and you are assuming the hosting/cloud provider is not malicious, while often it is.
And these leaks apply to everybody, not just to targetted victims.

You just need to control/compromise a single hosting/cloud provider and attract the victim on one of its HTTPS websites to install the same malware without the website owner knowing anything AND without the victim suspecting anything (it's HTTPS, so it's safe, isn't it?)

On the other hand, HTTP proxies can cache requests and hide you from the server.

It's dumb to blame http website owner for the victims killed by criminals and governments: it's the whole Web that is broken and insecure at heart, HTTPS or not.

We need people to understand how it works in depth so that they can foresee the risks.

A false sense of security is MORE dangerous than a known state of insecurity.

0
Shamar boosted
vascorsd

Massive data leak reveals over 50,000 phone numbers of potential surveillance targets for clients of spyware company NSO.

These include heads of state, activists and journalists, including Jamal Khashoggi’s family.

amnesty.org/en/latest/news/202

found at: twitter.com/AmnestyTech/status

0
Shamar

@rysiek@mastodon.technology

I mostly agree about what you wrote (see tesio.it/2020/09/03/not_all_ha for another non-US perspective on ).

Note however that hacking INCLUDES, sometime, violating the law (think about Phineas Fisher, for example exploit-db.com/papers/41913 ).

The fundamental difference between and data burglars (either private or governs' ones) is the reason behind their actions: hackers follow their own and look for new knowledge to share, data bulgars look for power (either directly or in monetary form).

0
Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy