Seirdy

joined 3 years ago
 

Put together this brief overview to the basics of stylometric fingerprinting resistance. TLDR: obfuscate your language patterns with a good style guide.

[–] Seirdy@lemmy.ml 1 points 2 years ago

Unfortunately, Gitea (the forge software that powers Codeberg) has major accessibility issues. It's not usable from most assistive technologies (e.g. screen readers). GitLab isn't much better.

Sourcehut is pretty much the only GitHub alternative with good accessibility I know of.

[–] Seirdy@lemmy.ml 5 points 2 years ago

This is their privacy policy: https://h5hosting-dra.dbankcdn.com/cch5/petalsearch/global/agreement/privacy-statement.htm?language=en-us

It includes detailed fingerprinting metrics like mouse behavior and font information.

I should probably link it, thanks for the feedback.

[–] Seirdy@lemmy.ml 5 points 2 years ago

I said that about Petal because readers likely hadn't heard of it and didn't have any expectations. l assume readers already knew Bing, Google, and Yandex were bad for privacy.

[–] Seirdy@lemmy.ml 13 points 2 years ago (4 children)

Not at all; there are tons of newish engines out there, the best of which are trying to carve out a niche for themselves in an area that Google and Bing ignore. I listed 44 English engines with their own indexes, along with some for other languages which I'm unfortunately unable to review because I don't speak the langs required.

On these engines, you won't get far if you use natural language queries or expect the engine to make inferences. Use broad terms and keywords instead. I recommend giving Mojeek, Marginalia, Teclis, Petal (bad privacy, but usable through Searx), Kagi, and Alexandria a try.

[–] Seirdy@lemmy.ml 3 points 2 years ago

The reality is more nuanced than this. Wrote up my thoughts on my blog: A layered approach to content blocking.

Strictly speaking about content filtering: declarativeNetRequest is honestly a good thing for like 80% of websites. But there's that 20% that'll need privileged extensions. Content blocking should use a layered approach that lets users selectively enable a more privileged layer. Chromium will instead be axing the APIs required for that privileged layer; Firefox's permission system is too coarse to support a layered approach.

 

A more complex look at where Manifest v3 fits into the content-blocking landscape, and why it can't replace privileged extensions despite bringing important improvements to the table.

 

I find people who agree with me for the wrong reasons to be more problematic than people who simply disagree with me. After writing a lot about why free software is important, I needed to clarify that there are good and bad reasons for supporting it.

You can audit the security of proprietary software quite thoroughly; source code isn't a necessary or sufficient precondition for a particular software implementation to be considered secure.

 

cross-posted from: https://lemmy.ml/post/60818

Lots of people have been spreading the often-unnecessary advice to add a Permissions-Policy response header to their sites to opt-out of Google's FLoC, and some have been going so far as to ask FLOSS maintainers to patch their software to make this the default. When discussions got heated to the point of accusing webmasters who don't implement these headers of being "complicit" in Google's surveillance, I felt I had to write this.

Everybody: please calm down, take a deep breath, and read the spec before you make such prescriptive advice about it.

FLoC is terrible, but telling everyone to add a magic “opt-out header” in every situation conveys a misunderstanding of everything you need to know about the opt-in/out process.

[–] Seirdy@lemmy.ml 1 points 3 years ago

I wrote about both issues, and why Matrix isn't a perfect solution, previously: part 1, part 2. Starring WhatsApp, Firefox, Signal, XMPP, Email, and Matrix.

Also discussed on Lemmy: part 1, part 2.

Signal's problem is being a closed platform; Matrix suffers primarily from complexity. Both enable dependence on a single small group, and therefore enable user domestication. That being said, Matrix is considerably less bad than Signal.

For large public rooms, IRC continues to be the best option. All its issues are client-side; IRCv3 supports history, multiple devices, authentication without NickServ, and even typing notifications. All these features are supported on Oragono. For small, private E2EE rooms, all existing solutions have major trade-offs.

 

A search engine that's optimized for surfing/discovery rather than finding specific information. Focuses on simple, non-commercial, hobbyist sites reminicent of the "old web" without much CSS/JS.

 

Most “alternative” search engines to the big three (Google, Bing, Yandex aka GBY) just proxy their results from GBY. I took a look at 30 non-meta search engines with their own crawlers/indexers to find actual alternatives.

Feedback + additions welcome.

 

I've been using a self-hosted webmentiond on my own site for about a month and a half, and I've loved the experience so I thought I'd share. Deploying is easy; it's just a single statically-linked binary and an assets directory for the web UI.

[–] Seirdy@lemmy.ml 0 points 3 years ago* (last edited 3 years ago) (1 children)

I wrote an article in a similar vein a month ago: Becoming physically immune to brute-force attacks.

Stuffing the planet into a 100%-efficient furnace isn't enough to crack a 256-bit key.

I'm building off those ideas in what will be a little collection of programs that measures and generates passwords given physical constraints of a brute-force attacker (energy, power, mass, etc). The collection isn't really a collection yet; it currently contains almost one complete program: https://sr.ht/~seirdy/MOAC

Edit: URL typo