rcbrk

joined 3 years ago
[–] [email protected] 1 points 4 hours ago

a private DNS server that only has records from your local services would at least prevent apps from reaching out as long as they aren’t smart enough to fall back to an IP address if DNS fails.

Yes, this. It's important that your local DNS server does not even forward queries from the isolated subnet to external DNS, because these queries (and responses) can contain information. ("DNS tunneling").

[–] [email protected] 20 points 6 days ago (3 children)

What will this mean for Lemmy instances? XMPP servers? Email servers?

What if a 15 year old runs their own personal Mastodon server? LoL this is gonna be yet another entertaining Australian government shitshow.

 

The government is being pretty coy about the details, so most of the article is necessarily conjecture.

Selected excerpts from the article:

The definition of a social media service, as per the Online Safety Act

An electronic service that satisfies the following conditions:

  1. The sole or primary purpose of the service is to enable online social interaction between two or more end users;
  2. The service allows end users to link to, or interact with, some or all of the other end users;
  3. The service allows end users to post material on the service.

Under the proposed changes, it will be the responsibility of social media companies to take reasonable steps to block people under 16.

How will your age be verified?

The government's legislation won't specify the technical method for proving a person's age.

Several options are on the table, including providing ID and biometrics such as face scanning.

The government's currently running an age assurance trial to assess all the methods, and it's scheduled to continue into 2025.

Based on the results of that trial, eSafety commissioner Julie Inman Grant will make recommendations to platforms.

It's possible that Australians will be asked to provide their IDs or biometric data directly to social media companies in order to use their platforms, but that's not guaranteed.

Many of the big players, including Meta, have instead argued for the age verification onus to be placed on app stores, rather than individual platforms, as that would mean proving your age once — rather than every time you sign up to a platform.

It's also possible that a third-party company that specialises in ID verification will act as a go-between between users and social media platforms.

No matter which model is adopted, the prime minister has said privacy protections will be introduced to cover any data people end up providing.

[–] [email protected] 3 points 1 week ago

I think a lot of comments have missed that ntfy.sh does not use UnifiedPush, the ntfy server is a UnifiedPush provider and the ntfy app is a UnifiedPush distributor.

[–] [email protected] 1 points 1 week ago

Regarding encryption of the push message, from https://unifiedpush.org/developers/spec/android/ :

Push message: This is an array of bytes (ByteArray) sent by the application server to the push server. The distributor sends this message to the end user application. It MUST be the raw POST data received by the push server (or the rewrite proxy if present). The message MUST be an encrypted content that follows RFC8291. Its size is between 1 and 4096 bytes (inclusive).

[–] [email protected] 4 points 1 month ago (1 children)

^PSST, rumour is that paedophiles use HTTPS...^

[–] [email protected] 4 points 1 month ago

That rules it out for me then. I like to use XMPP+OMEMO with about 4-5 clients which I can continue a conversation with at any time. Main mobile, tablet, desktop, other desktop, and backup mobile which is usually switched off. (Even if a device has been missing for too long and run out of OMEMO keys, the keys sync up again once I send a message with it.)

[–] [email protected] 6 points 1 month ago (2 children)

You have to trust the servers with your metadata, and that the servers have their inter-server communication locked down, but at least you can choose/operate servers.

Some clients are a bit flaky with their e2e encryption defaults or from a UI perspective it is easy to send an unencrypted message (in a new chat for example) before noticing that was how it was set.

There are a few XEPs the server needs which enable things like OMEMO, efficient mobile data/battery use, offline and multiple device deliverability, file transfers, etc. Audio/video calling has various requirements as I think xmpp only facilitates the setup of the call.

[–] [email protected] 19 points 1 month ago* (last edited 1 month ago) (2 children)

XMPP lacks good clients and suffers from fragmentation of protocol standards implementation

  • For Android: Conversations is excellent, also on F-Droid if you don't want to use the Google store.
  • For iOS/MacOS: Siskin or iOS/MacOS: Monal.
  • For Linux/Windows: Gajim or Linux: Dino.

"Protocol fragmentation" is not a valid complaint about XMPP -- it's like complaining that ActivityPub is fragmented; but that's not a problem: you use the services (Mastodon, Lemmy, Kbin, etc) built with it which suit your needs, mostly interacting with that sector of the federation (eg, Lemmy+Kbin), but get a little interoperability with other sectors as a bonus (eg, Lemmy+Mastodon).

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago) (1 children)

The HK company's ~~branding~~design/branding was licensed to a manufacturer nominally based in Europe.

Edit: many sources, but here's one: https://www.reuters.com/world/middle-east/trail-mystery-woman-whose-company-licensed-exploding-pagers-2024-09-20/

[–] [email protected] 5 points 2 months ago

Most ~~people~~^1^, even in this very thread, clearly don't [...]

  1. Signal shill-bot personas.
 
69
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Panquake have released some source code. Not for Panquake itself, but for a link shortening service. I suppose it's a brand-exposure exercise.

https://talkliberation.substack.com/p/panquake-early-release-pnqk-now-available

 

"Mr Rolles was arrested in late June, when he was pulled off the street in Sydney for allegedly blocking roads and obstructing traffic."

Since late June, Greg Rolles must produce on demand his computer and mobile phone for police inspection, and tell them his passwords.

He is not allowed to use any encrypted messaging apps, like Signal or WhatsApp. He can only have one mobile phone. [...]

These are the strict technology-related bail conditions imposed on some Blockade Australia climate protesters — a development legal experts have criticised as "unusual" and "extreme". [...]

Defence lawyer Mark Davis, who is representing some of the Blockade Australia activists, said the vagueness of the prohibition was concerning.

"It used to name the things you couldn't have, and then they made it all encrypted communication," he said.

"It could be you're on your PlayStation."

He also takes issue with the non-association rules, and the lack of specificity about what an "association" might be. Mr Davis said one of his clients had been pulled in by police after they reacted with a "thumbs up" emoji to Facebook comments [...]

1
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
 

So, this is interesting. I wanted to find that essay by @[email protected] outlining the many issues of Signal and suggested alternatives, but DuckDuckGo had nothing for me. Not on the first page, not on the 2nd, 3rd, 4th, 5th page.

I thought maybe I just imagined the title, but sure enough, on searching lemmy posts, it was right there. Then I thought "hang on, there's hardly a mention let alone criticism of signal on any page of those search results!".

Hmm.. the wording might be a bit ambiguous, but let's compare:

All of the following except Gigablast returned a healthy list of results including the original essay:

view more: next ›