cyrus

cyrus, 18 days ago

SimpleX is quite a promising project, uses Double Ratchet End-to-End-Encryption (from Signal), and has a very interesting protocol and model to provide quite strong metadata protection, especially in regards to whom you talk to and groups you’re in.

If your threat model requires exceptionally strong Metadata protection, SimpleX is probably going to be your go-to

Though, for a more lenient threat model, where still good, but less laser-focused metadata protection is enough, Signal will probably do just fine.

Personally I use Signal, but I also have a SimpleX Profile, an XMPP Account and Matrix. (preferred in that order)

cyrus, 21 days ago

Just FYI, Heliboard (continuation of OpenBoard) has all of the above. Just note that you’ll need to import Google’s Swype library once to use Swipe-To-Type.

cyrus, 21 days ago

Its great, same as their standalone Speech-To-Text Application.

cyrus, 21 days ago

Yes, they self-implemented that.

So unlike Heliboard, you don’t need to import Google’s Swypelibs.

cyrus, 1 month ago

This is a deliberate decision to force people to turn off tracking protection.

No this is a hilarious fuckup where they forgot to move twitter.com, pbs.twimg.com and more off of the Twitter domains, so Firefox started blocking it because to Firefox it looks like Social Media trackers.

Mozilla already pushed a fix.

cyrus, 1 month ago

That’s just fine.

cyrus, 1 month ago

I won’t properly reply to this, I’m biased cuz a friend of mine works on this 🥴

cyrus, 1 month ago

If all that you wanna do is download stuff, maybe try cobalt.tools

It pretty much just grabs the raw URL to the content for you, without the UI and fluff (in the case of Instagram) so you can just do a little “save as…” and it’s worked quite reliably for me to view content my friends sent me.

cyrus, 1 month ago

The algorithm was neither proposed nor designed by the US government, it was made by (what is now known as) Signal, a 501c nonprofit.

The claims of signal being “state-sponsored” come from assuming how money flows through the OTF - Open Tech Fund - which has gotten grants from government programs before. (IIRC)

It wouldn’t make sense for the US Gov. to make such a grant to make a flawed protocol, as any backdoor they introduce for themselves would work for any outside attacker too - it’s mathematics. It works for everyone or for no one. Would they really wanna make tools that they themselves use, just to have it backdoored by other state actors?

And again, Durov’s claims are entirely assumptions, and that coming from someone that has had [various](mtpsym.github.io// different vulnerabilities and weird bugs on their platform

cyrus, 1 month ago

Musk himself hasn’t actually provided any sources either, all his statements made on Twitter recently are basically pulled from thin air, almost like vague references

cyrus, 1 month ago

That already exists, but it’s weak in terms of encryption.

cyrus, 1 month ago

• the collision is much less of a problem, the issue was that even if you clipped through you had to be in the walking state to open the door (you could clip through before!)

This new tactic involves doing a turnaround, after which for ~1 frame you enter the walking state in midair, allowing you to open the door after being pushed through by the penguin at the right time.

cyrus, 1 month ago

Indeed, these decom projects do not include any of Nintendo’s assets.

The code compiles 1:1 back into a unable ROM but isn’t made just using a source code leak. It is reverse-engineered just like the SM64 decomp

cyrus, 1 month ago

They probably mean the Super Mario 64 Decompilation Project.

The goal was to turn the finished ROM back into unable code, that would do 1:1 the same thing. They finished a couple of years back.

github.com/n64decomp/sm64

cyrus, 1 month ago

Nintendo has not taken action on the massively popular SM64 Decompilation and PC ports (and ironically switch ports) in the past what…3 years?

cyrus, 1 month ago

It isn’t google-free in the sense that it ships microg.org

Unless you enable SafetyNet, none of Google’s code runs.

cyrus, 1 month ago

Proton and Wire didn’t share any decrypted ciphertexts, Wire shared a ProtonMail address and Proton an iCloud Address that they had set as a recovery method.

Personal info like where they live came from Apple.

cyrus, 1 month ago

Most info came from the fact that they made the move to link their personal iCloud Mail as a recovery method.

Infinite wisdom.

cyrus, 1 month ago

there are additional cookies with duration as high as 1825 days, not 180… So which is it?

Whatever the browser reports is what they are actually doing.

In Firefox, enter the developer tools, navigate to the “Storage” tab and open the “Cookies” dropdown. For any given domain you can now look at the “Max Age” or Expiry date.

cyrus, 1 month ago

the metadata still isn’t.

That doesn’t quite work in the case of Signal

The only data that they have, based on transparency reports and dissections of their source code, is the time you created your account and last connected to the servers.

Messages themselves are essentially only relayed, with sealed sender, and anything that would be actually useful to identify who was at a protest and who wasn’t encrypted.

Things like, e.g when messages arrive at the server would have to be monitored live on compromised servers, which reasonably unless you assume* it is wiretapped already prior to a protest, isn’t realistic.

*: of course, I am saying this because making an assumption and portraying it as truth (e.g assuming something is already wiretapped based on no evidence at all) is not the smartest of moves when it comes to threat modeling…especially if you wanna stay sane whilst having a threat model

cyrus, 1 month ago

We really need someone with budget to take Nintendo to court over this.

Sadly, I don’t think that will happen.

cyrus, 1 month ago

have they paid 2.4 million? Last time someone with supposedly that much funding got fucked over by Nintendo they have been sent to jail, and once they came out had to basically pay rent to nintendo for the rest of time.

The reason we didn’t hear anything of that, if I had to guess, is probably an NDA.

cyrus, 1 month ago

At this point its not just “vote with your wallets” because they have like a 8B+ global turnover

Me not giving them 60 bucks does nothing, even the entire Fediverse not giving them 60 bucks would do nothing.

Though, them thwarting game preservation efforts on the basis of shitty DRM? Thats what I’d like to see fought.

cyrus, 1 month ago

I run Ryujinx already, more accurate anyways :)

cyrus, 1 month ago

I’m curious about all the people in this thread saying regarding phone numbers considering I do have an account that’s just an email alias and thats it 🤔

cyrus, 1 month ago

approximately 9 months, sometime in summer of last year

cyrus, 1 month ago

They not only want you to, they require you to.

cyrus, 1 month ago

The idea is quite simple. If you put all your eggs into one basket, if that basket breaks, you’re screwed.

If we put this into context, this would mean that you would, for example, use all of Proton’s services and when Proton does something bad, now your entire suite of services is fucked.

cyrus, 1 month ago

Killergram for Android, assuming you’ve either got a rooted device or LSPatch.

I remember there also being something for Telegram desktop but I can’t find it right now.

cyrus, 1 month ago

TGFOSS doesn’t remove ads. Infact, by the API policies you aren’t allowed to do that as a client maintainer.

cyrus, 1 month ago

Yes, in large public channels there can sometimes be ads. These used to be contextual, but they aren’t anymore.

cyrus, 1 month ago

the Voice Server Backend is basically done, currently there’s ongoing re-works of the desktop client (limited demo at revolt.chat/app IIRC), as well as closed betas for iOS and Android native apps.

There’s also a slew of Third-Party Clients and an open Client-Server API.

Just remember that this project is built by people in their free time, not a VC-Backed company.

cyrus, 1 month ago

They’ve actually ran adverts at the border of sweden telling politicians and alike that were going there to vote on IIRC ChatControl to vote against it

Mullvad is probably the best example of using ads for something good