Data hoarder and tech enthusiast fed up with capitalism and serious about online privacy. Feel free to send in asks about those topics or about any of the posts I've written
Don't wanna be here? Send us removal request.
Text
babe. I know we’re all going thru a lot rn but I just wanna give u the heads up that sesame streets future is in jeopardy. hbo has chosen not to renew it for new episodes (a series that has been going since 1969) and the residents of 123 Sesame Street no longer have a home :(
80K notes
·
View notes
Text
I've seen a number of people worried and concerned about this language on Ao3s current "agree to these terms of service" page. The short version is:
Don't worry. This isn't anything bad. Checking that box just means you forgive them for being US American.
Long version: This text makes perfect sense if you're familiar with the issues around GDPR and in particular the uncertainty about Privacy Shield and SCCs after Schrems II. But I suspect most people aren't, so let's get into it, with the caveat that this is a Eurocentric (and in particular EU centric) view of this.
The basic outline is that Europeans in the EU have a right to privacy under the EU's General Data Protection Regulation (GDPR), an EU directive (let's simplify things and call it an EU law) that regulates how various entities, including companies and the government, may acquire, store and process data about you.
The list of what counts as data about you is enormous. It includes things like your name and birthday, but also your email address, your computers IP address, user names, whatever. If an advertiser could want it, it's on the list.
The general rule is that they can't, unless you give explicit permission, or it's for one of a number of enumerated reasons (not all of which are as clear as would be desirable, but that's another topic). You have a right to request a copy of the data, you have a right to force them to delete their data and so on. It's not quite on the level of constitutional rights, but it is a pretty big deal.
In contrast, the US, home of most of the world's internet companies, has no such right at a federal level. If someone has your data, it is fundamentally theirs. American police, FBI, CIA and so on also have far more rights to request your data than the ones in Europe.
So how can an American website provide services to persons in the EU? Well… Honestly, there's an argument to be made that they can't.
US websites can promise in their terms and conditions that they will keep your data as safe as a European site would. In fact, they have to, unless they start specifically excluding Europeans. The EU even provides Standard Contract Clauses (SCCs) that they can use for this.
However, e.g. Facebook's T&Cs can't bind the US government. Facebook can't promise that it'll keep your data as secure as it is in the EU even if they wanted to (which they absolutely don't), because the US government can get to it easily, and EU citizens can't even sue the US government over it.
Despite the importance that US companies have in Europe, this is not a theoretical concern at all. There have been two successive international agreements between the US and the EU about this, and both were struck down by the EU court as being in violation of EU law, in the Schrems I and Schrems II decisions (named after Max Schrems, an Austrian privacy activist who sued in both cases).
A third international agreement is currently being prepared, and in the meantime the previous agreement (known as "Privacy Shield") remains tentatively in place. The problem is that the US government does not want to offer EU citizens equivalent protection as they have under EU law; they don't even want to offer US citizens these protections. They just love spying on foreigners too much. The previous agreements tried to hide that under flowery language, but couldn't actually solve it. It's unclear and in my opinion unlikely that they'll manage to get a version that survives judicial review this time. Max Schrems is waiting.
So what is a site like Ao3 to do? They're arguably not part of the problem, Max Schrems keeps suing Meta, not the OTW, but they are subject to the rules because they process stuff like your email address.
Their solution is this checkbox. You agree that they can process your data even though they're in the US, and they can't guarantee you that the US government won't spy on you in ways that would be illegal for the government of e.g. Belgium. Is that legal under EU law? …probably as legal as fan fiction in general, I suppose, which is to say let's hope nobody sues to try and find out.
But what's important is that nothing changed, just the language. Ao3 has always stored your user name and email address on servers in the US, subject to whatever the FBI, CIA, NSA and FRA may want to do it. They're just making it more clear now.
7K notes
·
View notes
Text
Malware Torrents: The Telltale Signs
Be careful with piracy torrents you guys. The majority of them are legit, but every once in a while you'll find someone trying to use them to spread malware. Recently someone uploaded a torrent masquerading as an episode of a TV show I like, but when it downloaded I saw it was actually a disguised shortcut (.lnk file) with a crypto miner attached to it, with just over 1 BILLION zeroes added to the end to make the file big enough to look like a valid video.
The first warning sign was that the episode was uploaded almost 3 days before it actually aired. That's rare, really only happens with hacks/leaks and those are usually newsworthy. Second, my automatic media organizer software refused to import it because it was "not a video file". Again, weird; why wouldn't my software recognize a valid video?
However the BIGGEST red flag was when I went to look at the downloaded file, it had a tiiiiiiiny curved arrow on it indicating that it was actually a shortcut, not a video. When I hovered over it, it showed that it was actually pointing at a completely different file in a protected system directory.
When I viewed the shortcut properties, I could see that it was going to run a command prompt and execute a batch command that installed an executable that would run every time I started my computer (basically, do a bunch of shit it shouldn't be doing. A video file shouldn't even have a target field, let alone one with command prompt stuff in it).
I had to learn how to use a hex editor to delete the billion zeros and separate the .lnk part (the install command) from the actual malware, and the instant I did that Windows Defender flagged it:
So. How can I identify suspicious torrents ahead of time?
When I went to inspect the torrent, in hindsight it was easy to see it was bad because of the file extension, but you can only see that if you inspect the files in the torrent, not just the torrent name. Many piracy sites don't bother showing you a list of files in the torrent ahead of time, so be sure to inspect them once they're in your download client.
I recommend familiarizing yourself with common media file extensions and then inspecting your torrents for outliers; any file name that includes a non-media extension like .lnk, .exe, .cmd, .bat, .ps1, .sh, etc. is automatically a huge red flag!
Secondly, look for that little shortcut icon before you open anything you download from the internet. And finally, don't ignore suspicious things that are adding up (in this case, the fact it was posted before the episode's actual air date, and the media organizer software flagging it as "not a video").
I think Windows Defender probably would have caught it if I had actually clicked it and the malware had tried to install itself, but our goal is obviously to never get to the point of clicking on viruses at all! So be aware of the warning signs, use antivirus software, and sale the high-seas safely!
#i've only run into stuff like this twice in like 10 years of downloading#so don't let this scare you away from torrenting#just posting to keep people safe and informed#the next thing on my list is a guide to piracy via torrenting but my time and motivation has been very low due to life stuff lately#fingers crossed i get to it soon!#torrenting#piracy#computer security#cybersecurity#mine#long post
6 notes
·
View notes
Text
have you noticed that they don't even want you right clicking anymore
#can vouch for absolute enable right click#doesn’t work on every site but it works on a lot of them#yesterday i used it to paste my generated password into the confirmation field on the mcafee website#for some reason they thought disabling paste into a password field was a good fucking idea#firefox#firefox addon
41K notes
·
View notes
Text
Heads up: apparently, "Sega Classics" listings are getting pulled from several distribution platforms. They will be discontinued for sale on December 6th, 2024 at 11:59 PM PST. You can still download them after this time if you have purchased them in the past, but...well, that'll be it.
Considering a third of my Steam wish list was Sega Classics titles, I find this to be a huge bummer. Most of them were $0.99 USD, so they were super affordable alternatives to digging around the retro market. I don't see a reason why they're getting pulled. Can't say I'm optimistic any replacement will be as affordable, either...
So. Uh. Guess if you want some "Phantasy Star" titles, "Alien Soldier," or "Shining Force II" on Steam, you'd better haul ass on your purchases.
43 notes
·
View notes
Text
The only acceptable ads should be shit like "groceries on sale" and "free event at the local library"
103K notes
·
View notes
Text
#can vouch for ublacklist#i use it on windows firefox and on ios safari and both work great#i use multiple ai blocklists and it also helps me block all the useless spammy sites that come up when you try to search for tech advice#reference#anti-ai#ai#misinformation
3K notes
·
View notes
Text
Andrew Garfield on consent and privacy
#apologies for the string of negative news and personal philosophical stances lately#i promise i’ll post something useful soon!#privacy
59K notes
·
View notes
Text
OpenAI are scumbags.
19K notes
·
View notes
Text
There are plenty of reasons not to use twitter any more but for artists, handing over the rights to twitter to train AI with it should be the final straw. So here is another solution.
Also, tools like glaze which poison images against AI are really helpful but they take a long time to process each image so consider just doing a cropped section of the image if you want to share it to twitter.
5K notes
·
View notes
Text
NASA's Lunar Orbiter pics from 1967/8 were deliberately fuzzed and downsampled to hide US spying capabilities
In 1967, the Lunar Orbiter missions sent back exciting – but grainy and low-rez – photos of the moon’s surface.
But it turns out that the Orbiters’ photos were actually super-high-rez, shot on 70mm film and robotically developed inside the orbiters, with the negs raster-scanned at 200 lines/mm and transmitted to ground stations using an undisclosed lossless analog image-compression technology. These were stored on tapes read by fridge-sized $300,000 Ampex FR-900 drives. These images were printed out at 40’ x 54’ so the Apollo astronauts could stroll over them and look for a landing spot.
But these images were not revealed to the public because NASA feared that doing so would also reveal the US’s spy satellite capabilities. Instead, NASA deliberately downrezzed and fuzzed the images that the public got to see.
Ryan Smith tells the amazing story of the preservationists who rescued the images off of disintegrating FR-900 magnetic tapes starting in 2007, under JPL’s Nancy Evans, who set up her team in an abandoned McDonald’s building and dubbed the project “McMoon.”
The McMoon team refurbished salvaged FR-900 drives, homebrewed a digitizer system, and painstaking recovered the 2GB/image files that the system generated. Evans’s team has recovered 2,000 images from 1,500 tapes, all in the public domain and available for download on Moonviews.com.
https://boingboing.net/2018/06/16/ampex-fr-900-drives.html
12K notes
·
View notes
Text
24K notes
·
View notes
Text
Discord is officially blocked in Russia
anti-DPI programs can handle Discord here's Goodbye DPI w/ GUI here's ByeDPI, possibly nicest solution for Android other variants can be found here
regarding VPNs - Windscribe is still the real one, w/ non-standard protocols and special "hostile network" switch, one problem though - limited traffic, so you most likely have to juggle it w/ some noname VPN apps or proxy add-ons
note that it's illegal in Russia to talk about blocks circumvention, so if you don't live in Russia, please share this post, so your followers, who live there could see it and use it
21K notes
·
View notes
Text
I don't want my cellphone to have AI I want it to have 3 days of battery time. I don't want my computer to have AI preinstalled I want it to have seven usb ports and high ram at affordable price. I don't want my games to have AI built levels I want them to be so optimized I could run them on a nokia.
147K notes
·
View notes
Text
10/10/24
31K notes
·
View notes