I couldn’t bring myself to watch more than half of this.
tl;dr: This video is a misleading, sensationalist, bad-fath, hit piece. It’s constructed upon faulty logic, fear of things used or supported by governments, and a single anonymous person’s poorly-reasoned conclusions.
Human behavior is funny, isn’t it? No matter what the topic, there are always people around who like to repeat criticism they heard from someone else, even if it’s so vague as to be useless (“metadata disaster”) or they don’t understand the details at all.
It’s not a disaster. A few minor bits of metadata (avatars and reactions, IIRC) haven’t been moved into the encrypted part of the protocol yet. If that’s a problem for your use case, then you might want to choose a platform with different flaws, or simply avoid those features. It’s already good enough for the needs of many privacy-minded folks, though, and it continues to get better.
The network layer of all internet servers reveals almost everything you listed. Signal has the same problem, and there’s nothing they can do about that. The only way to avoid it is to use a completely peer-to-peer model (Matrix has started work on this, btw) and avoid communicating across network routes that can be monitored.
There might be one exception, depending on what you mean by “Accounts”: The user IDs participating in a room can be seen by server operators and room members. But then again, server operators can already see their users’ IP addresses (which is arguably more sensitive than a user ID), and I believe room members have to be allowed into the room in order to see them. For most of us, that’s fine. Far from a disaster.
Matrix stores all this info and gives it freely to other servers retroactively(!)
Can you show me the part of the spec that allows a server with no room members to get private room info from another server? I’m skeptical, but if true, I believe that would be worth reporting as a bug.
network layer sniffing (which is anyway much harder to do)
Obviously you need someone joining the room for the room metadata to be shared between homeservers.
Well then, your assertion that Matrix gives it freely is false.
Not so with Matrix, where a joining homeserver get full retroactive access to all the room metadata since the room’s creation.
This is false, too. Historical event visibility is controlled by a room setting. (And if you don’t trust admins of a sensitive room to configure for privacy, then you’re going to have bigger problems, no matter what platform it’s on.)
Edit: I suppose you might argue that you can bypass this by running your own homeserver and attempting to join the room from it, thereby granting visibility not through joining (as you wrote), but instead through federation with the server you control. The thing is, you can’t do it without permission. Room admins can simply deny your join request when they see what server you’re on. This might make sense in a particularly sensitive room, for example, just as it would to restrict history visibility.
you really need to stop privacy LARPing
LARPing? I’m not the one stirring up drama with falsehoods and patronizing snark, am I? Farewell.
It was basically too easy for people to post there just because, well, they could.
I expect the difference you’re describing was partly due to moderation (and lack thereof), but also partly due to the barrier to entry imposed by the forum signup process.
Unfortunately, the signup barrier cuts both ways: Despite loving high-quality discussion forums, I seldom bother participating in them these days, mainly because jumping through signup/captcha/email-validation hoops and then having to maintain yet another set of credentials for yet another site, forever, became too much hassle once I had more than a couple dozen. (I have hundreds, so I’m very reluctant to add to the pile.)
OpenID managed to solve a good deal of that hassle, but it’s mostly forgotten these days. I think well-moderated federated services have the potential to solve it completely, though. Here’s hoping.
Curious. When I last looked (quite a while ago) most of the tested pills were MDMA, with many containing caffeine as well. I guess it varies a lot over time.
Developers (two dudes) are super responsive and would likely release an IP customization feature upon request. Is there any service that would tolerate this [D]DOS-y kind of behavior that would feel more privacy friendly than Cloudflare?...
Moreover, there is no way to implement scanning for {something-bad} in our encrypted communications that will not be abused or put people’s safety at risk.
We need lawmakers to understand this.
Edit: And we need to hold those who don’t respect it accountable for their acts of aggression.
Maybe, depending on the algorithm used. Some are designed to produce the same output given similar inputs.
It’s also easy to abuse systems like that in order to get someone falsely flagged, by generating a file with the same checksum as known CSAM.
It’s also easy for someone in power (or with the right access) to add checksums of anything they don’t like, such as documents associated with opposing political or religious views.
One-way math doesn’t preclude finding a collision.
(And just to be clear, checksum in the context of this conversation is a generic term that includes cryptographic hashes and perceptual hashes.)
Also, since we’re talking about a list of checksums, an attacker wouldn’t even have to find a collision with a specific one to get someone in trouble. This makes an attack far easier. See also: the birthday problem.
It’s pretty easy if you use a launcher that can manage Wine, DXVK, and the like. Lutris is good for that, and even has its own database of games with ready-made install scripts. I’m told Steam can register non-steam games and handle it, too.
One nice thing about GOG (in addition to being DRM-free) is that you can download games with a web browser. There’s no need to install their store app, ever.
DualShock 4 and DualSense controllers have official drivers built-in to the linux kernel, including support for the touchpad and motion controls. You probably don’t need something like DS4Windows.
I think that kernel version should handle it, as long as the hid-sony or hid-playstation module is being loaded. (Some 6.7 and early 6.8 kernels had a relevant bug, though.)
It’s hard to say regarding the bluetooth adapter. The branding and price don’t matter; my cheap old no-name dongle worked great. It’s really about whether the parts used inside happen to play well with the other device.
Another thought: Is it possible you have the old version of the DS4, rather than the DS4 v2? If I remember correctly, the light bar is visible through the touchpad only on the v2.
wanting to hop into the world of linux on a dual boot method (one of my favorite games unfortunately cannot be run on linux at all, and it’s a gacha. I don’t want to gamble with my account being banned, so I’m keeping windows for it specifically.) this’ll be my second go at it, I used Pop!_OS briefly but had some issues...
I’m on Debian Stable (with a few backported packages) for both work and gaming. It’s not the most beginner-friendly distro, but I’m no beginner, and I love how low-maintenance it is. It just keeps on working.
I would like to try Qubes OS eventually. I don’t think it will be ready for gaming any time soon, but for privacy and security-minded isolation of components, I expect it’s tough to beat.
In case anyone else is short on time but wants to know what kind of misconduct:
Zhang and Wang describe researchers using services to write their papers for them, falsifying data, plagiarizing, exploiting students without offering authorship and bribing journal editors.
An associate dean emphasized the primacy of the publishing goal. “We should not be overly stringent in identifying and punishing research misconduct, as it hinders our scholars’ research efficiency.”
I hope they’re using this time to learn lessons from their Starfield flop and gather the talent and budget needed to improve upon Skyrim. A modern engine probably wouldn’t hurt.
However, my expectations are very low at this point.
I think it’s safe to assume they know that and would bear it in mind when choosing or building an engine. Their games are famous for modding, after all.
I’m not suggesting that a big budget alone is sufficient to make a good game.
However, enough budget to keep the team employed (note the many gaming industry layoffs lately) and appropriate budgeting (in terms of both money and time) affect things like code, art, and writing quality. It’s kind of important.
You can’t just stomp a new game engine out of the ground
I don’t know what you mean by that, but creating new game engines and migrating from one to another have both been done before.
Is either of those tasks fast or cheap? Of course not.
Are they worthwhile? Sometimes.
Are they possible? Absolutely.
especially not […] if you want it to be as moddable as their current one.
Well, I can understand why you might assume that if you don’t have a lot of experience in software development, but it’s just not true. Making an engine that allows for very moddable games is mainly about planning for it during the design, and either building good tools for the game data or publishing the specs so other people can. It’s not arcane magic.
(And for what it’s worth, while Creation Engine is quite moddable, it has enormous room for improvement in that area. Actually working with it can be a very frustrating experience.)
I think of it as a pool from which to draw and connect story elements, rather than rigid canon. If good writers were given the chance, I think they would find plenty of material to work with.
Their download page doesn’t make this clear: Molly is not on F-Droid.
Instead, the Molly project hosts an F-Droid-compatible repository, which you can configure your F-Droid client to use in addition to / instead of the F-Droid repository. If you do this, the downloaded software will come directly from the Molly developers, not from F-Droid.
Some people avoid this because it loses a layer of oversight. Others prefer it because it avoids a potential attack vector. You’ll have to decide for yourself whether it’s something you want to do.
I have been considering replacing my nearly 7 year old iPhone (although very reluctant) and I was checking for options. Really the only phone that caught my eye was the Sony xperia 1 V, but I found no information about how to degoogle and lock down the device. I really like the features and the built in camera apps, etc. Is...
The Xperia phones are often horrendously locked down
Not really, at least when compared to most other brands. I’ve had three or four different Xperia models, and unlocked the bootloader on every one of them using official Sony tools. They even have official open-source software archives, which are very helpful to people who build de-googled “ROMs”.
The one thing that has been especially locked down is the TA partition, which contains DRM keys used for Sony’s proprietary apps. It’s not needed for an open-source OS like LineageOS.
For this phone specifically, it looks like official LineageOS support is already underway, despite it being a fairly new model:
I would definitely recommend a Pixel device if you’re going to go De-Googling.
Pixels do have unusually good support for user-installed OS, but the irony here is that you can’t truly de-google them, because no OS will change the fact that Google controls the hardware and firmware.
In principle, one could probably do this to a rooted phone by removing all the Google apps, and all the Google services, and giving up the other apps and services that depend on them. It would be a nontrivial task, and the steps would likely be different for each phone model (and possibly each OS version). I don’t know of a project that does this successfully. You might try searching xdaforums.com for someone who has done it.
However, I wouldn’t depend on Google services staying disabled when Google still controls the OS.
IMHO, it’s safer and easier to replace the entire OS.
There is no best, because none of them cover every use case or threat model. However, these are worth considering:
Matrix, if you don’t mind minor meta-data leaks (reactions and avatars have not yet been moved to the encrypted channel, IIRC).
XMPP with OMEMO, if all your contacts are technically skilled enough to manage the requisite clients, servers, and protocol extensions, or if they have a skilled admin to do it for them.
Signal, if you don’t mind linking a phone number to your account, can tolerate an ecosystem effectively married to Google, and accept the risks of a centralized service that can be attacked or shut down by someone with the right access or influence.
In situations where your safety depends on anonymity from the powerful or well-connected, I would instead look for a messaging system tailored for such things. (It would, of course, require giving up some convenient features that most of us expect from a general-purpose chat platform.)
I used XMPP in the past, but long-lived public server support is almost nonexistent these days, and proper setup/maintenance requires too much tech skill for the general public. Also, it lacks modern features that many people have come to expect. I would only suggest it for small groups, and only if you can run your own server and provide tech support.
For my needs, Matrix is the best available today. It covers the things that I find most important, and is constantly improving.
Matrix - A Pit of Abuse with Government Ties (youtu.be)
Does MATRIX recipients know my IP?
I wanna know if MATRIX recipients know my IP, and more globally what the recipients know about me (how the matrix protocol works). THX
I miss console ads being this weird (lemmy.world)
So let's say I wanna ping 1.1.1.1... every 5 seconds... forever. Alternatives? (lemmings.world)
Developers (two dudes) are super responsive and would likely release an IP customization feature upon request. Is there any service that would tolerate this [D]DOS-y kind of behavior that would feel more privacy friendly than Cloudflare?...
From Infocom to 80 Days: An oral history of text games and interactive fiction (arstechnica.com)
EU delays decision over scanning encrypted messages for CSAM (www.engadget.com)
GOG Summer Sale has arrived (www.gog.com)
Human Brains Can Tell Deepfake Voices from Real Ones (www.news.uzh.ch)
Intel just updated us on game crashes, and it’s not looking good (www.pcgamesn.com)
What is your BG3 unpopular opinion?
what's your current linux distro?
wanting to hop into the world of linux on a dual boot method (one of my favorite games unfortunately cannot be run on linux at all, and it’s a gacha. I don’t want to gamble with my account being banned, so I’m keeping windows for it specifically.) this’ll be my second go at it, I used Pop!_OS briefly but had some issues...
Elite researchers in China say they had ‘no choice’ but to commit misconduct (www.nature.com)
Archived version...
Why don’t you like Apple?
Real question. I would like to know what drives you to hate Apple? (In terms of privacy of course because in terms of price it’s another story).
Mozilla restores Firefox add-ons banned in Russia (www.theregister.com)
Larian confirms players can keep digital game given in error
Today, it has been 6 years since The Elder Scrolls 6 teaser (www.youtube.com)
Can't download Signal fork Molly
Their website says to get it on F-Droid: molly.im/download/fdroid/...
De-googling and privacy on Sony xperia
I have been considering replacing my nearly 7 year old iPhone (although very reluctant) and I was checking for options. Really the only phone that caught my eye was the Sony xperia 1 V, but I found no information about how to degoogle and lock down the device. I really like the features and the built in camera apps, etc. Is...
Civ VI Huge 95% off steam deal (store.steampowered.com)
Civ VI is pretty cheap right now, grabbing it at the moment for 3€, but that might change from region to region....
Sid Meier’s Civilization VII - Official Teaser Trailer (www.youtube.com)
I hope it’s better than Civ 6.
What's the best messaging platform?
Cross-posted from : lemmy.ml/post/16566616...