• 0 Posts
  • 36 Comments
Joined 4M ago
cake
Cake day: Jan 21, 2021

help-circle
rss

This is a very minor issue if it is an issue at all.

The system log is private. The only apps that can access it are apps that are given special permission from your phone manufacturer. This manufacturer could also get this information other ways if they wanted to.

The only real issue here is that it raises the attack surface because instead of a website or app needing to break into your OS, they can also break into one of these built-in apps. So it would be easier to find an exploit chain that could retrieve these identifiers.

The real question to be asking here is why do these apps need access to the system log in the first place?


Only works with gmail. This needs some sendmail support.

(Sidenote: I do realize that it is weird that a command line tool has become the defacto email sending API)


supposedly breaking the SSL and re-encrypting it with their SSL

There is no doubt here, this is how basically all CDNs work. You need to see the plaintext request in order to perform caching and most other features that they provide.

I agree, if the content is very sensitive then you shouldn’t trust a third party. However in practice most companies trust third parties whether that is a hosting provider, analytics or any number of functions that it is easier to outsource.

I think the concern arises because Cloudflare is big. This has benefits and drawbacks.

  • Generally larger companies have more resources to invest in security.
  • Covering such a large portion of the web gives them a lot of possible tracking data if they want to use it maliciously (for whatever your personal definition of malicious is).

I agree that we shouldn’t be giving money to companies who do not support our use cases on our hardware. But unfortunately RISC-V is years away from being close to competitive in the laptop space.


I agree! Just seeing a single parent of context would make a huge difference.

It would also be pretty cool to group replies to the same comment together.


That is a very large leap to assume from the leaked data. IIUC the leaked data just says that there was a Signal account associated to his phone number. It could have been one friend or journalist that he wanted to talk to. He may have signed up to see what it is all about. As far as I am aware there is no evidence that he was a significant user, or that he prefers it over his own messaging apps.

I’m not saying that FB apps are trustworthy, but I honestly would have been more surprised if he didn’t have a signal account.


I basically don’t like apps messing in my folders anyways so I don’t worry about it too much. I leave the defaults but the only XDG defined folder I really use is Downloads but I basically use that folder for any temporary data.

Other than that I will symlink the configs of certain apps that I care about (git, zsh, vim, …) into a good place for me and I keep most of my work in ~/p which is basically a directory of git repos.

So basically I find the XDG stuff mostly useless so I keep the stuff I care about out of those folders.

(Although I do wish more apps respected XDG_CONFIG_DIR rather than dumping crap into my home directory. )



191.0.0.10.in-addr.arpa

I do find it weird that this is an internal IP. I would check if this query works. Also maybe checking to see if your VPN has anything at this IP.


If you really want you can set a trace filter on your firewall to see what users those requests are coming from. This is reverse-DNS. It looks up the hostname for an IP address. There are various reasons to do this.

  1. Some applications filter based on the hostname. They need to convert the IP to a hostname (and they query the hostname to ensure it maps to the IP to verify)
  2. Some applications show this to the user (some bittorrent clients try to show you peer hostnames).
  3. Some applications log the hostname.

So there are a wide variety of reasons. You would have to trace this back to the application to find out why exactly it is happening for you.


Your best bet is using the Tor Browser.

  • The Tor network effectively hides your IP from these services.
  • The Tor browser works hard to reduce fingerprinting options.
  • Blocking some trackers can also reduce the chance that one of them manages to identify you.

But remember, you need to use the Tor Browser every time you log in. A single time that you login from your own IP and they will associate that IP with your account.


I don’t see the problem. People at sopuli.xyz are allowed to post to !technology@lemmy.ml. In fact I don’t see a !technology@sopuli.xyz community https://sopuli.xyz/search/q/technology/type/Communities/sort/TopAll/page/1.


I’ve also successfully put self-hosted servers into a network namespace that routes everything through Tor (basically like a VPN, except through Tor). This works for basically every service as long as it uses TCP. However if it has native proxy support configuring that can be easier if you trust that it doesn’t leak.


You would have to read their privacy policy and decide if you trust them to determine if they track you based on your IP.

RSS works by something downloading the RSS feed. So some IP will need to connect to Reddit to fetch it. If you don’t want to reveal your IP then you need to fetch it from somewhere else.

  • Use Tor to download the feeds.
  • Use a hosted service to fetch the feeds. However that service will see your IP and know what feeds that you are reading.
  • Use a VPN. But the VPN will see your IP and that you are connecting to Reddit.
  • Use a proxy. But the proxy will see your IP and what you are fetching.

So basically yes, fetching an RSS feed will be associated with an IP address (like anything else across the internet) so if you don’t want Reddit to see your IP address you will need to get something else to connect to Reddit on your behalf.


Lemmy should probably add a <link rel=alternate> element that points to the feed. This way you can just put the page URL into your RSS reader and people who use RSS browser extensions can find it automatically.


I think it is a good idea, but I don’t think it is a significant concern anyways.

Pros:

  • Avoids sharing your IP with the site.
  • Avoids leaking domain information (DNS + SNI)

Cons:

  • Slower.
  • Slightly more resource intensive.

Since RSS is generally an async background job the cons are basically non-existent so why not get the minor privacy benefits?


Just because it is not the advice that is expected does not make it bad advice. Obviously these names have some questionable behaviours but in this case they often have separate privacy policies for their DNS services (or the Mozilla endpoint for their DNS services) which makes it much better than the other Google products which are lumped behind a single privacy policy which isn’t very privacy friendly.

Unfortunately it is impossible to know for sure they are complying with the privacy policy, but this applies to all providers, no matter how large or what businesses they have other than providing DNS. So while you shouldn’t blindly follow some random post on the internet you should may give these providers a second look-over and consider that these large companies have some privacy benefits if their privacy policy is accurate.


This is controversial because they are “big bad” companies. But in some cases I think that is a plus because they have some responsibility to do as they say.

  1. Use a resolver that is a part of Mozilla’s Trusted Recursive Resolver Program. Mozilla makes them agree to a solid privacy policy: https://wiki.mozilla.org/Security/DOH-resolver-policy#Conforming_Resolvers
  2. Google DNS. Obviously controversial but their privacy policy is very good. They keep “full” logs for at most 48 hours and only for debugging purposes.

The major concern for all of these is that they are allowed the keep anonymized logs forever. This means that if the hostname itself it sensitive then it can be recorded forever. (For example if you have “secret” subdomains).

The other option is running your own recursive resolver, this mostly nullifies the private subdomain issue as only the authoritative server will see it (other than network snoopers) however this has very real downsides.

  1. It exposes your IP address to many authoritative servers with no guarantees about the logs they keep.
  2. It can be slow as there is no shared cache.
  3. Requests from your resolver to the internet are not encrypted.

Disclaimer: I used to work at Google (but not on Google Public DNS) and have no affiliation with other named or referenced companies.


That’s cool! Last I checked peertube doesn’t support subscribing to mastodon accounts though. Maybe I’ll try it out. Most of my friends aren’t using peertube though so the private content isn’t as useful to me there.


There are also very few web-based chat apps that work well on a mobile display. Most services require you to install the app to access on mobile. (Although you can get the desktop interface by changing your user agent) So sure, it isn’t the most exciting thing but it is cool to know that you can access Matrix from anywhere as long as you have a web browser.