Pinned post

My failed attempt to get the v3 for (still onion v2 → broken!): torsocks dig +tcp +short +time=4 +tries=1 +dnssec +noauth +noquestion +nocmd +nostats onion.autistici.org TXT @"$(tor-resolve resolver1.opendns.com)"

abortion 

Corporations funding anti-abortion campaigns:

AT&T
Entergy
Exxon
Amazon
Walmart
CBS
CenturyLink
Comcast
Disney
Face­book
Honey­well
Microsoft
Sprint
Veri­zon
Archer Daniels Midland
Coca-Cola
AFLAC
Amgen
Anthem
Bris­tol-Myers Squibb
Centene
CIGNA
DaVita
Eli Lilly
J&J
HCA
Humana
Pfizer
United­Health Group
WellCare
Amer­ican Elec­tric
Chev­ron
Cono­co­
Hallibur­ton
Mara­thon
Occi­dental
Phil­lips
Deere
GM
South­w­est Airlines
Capital One Finan­cial
Citig­roup

brennancenter.org/our-work/ana

For those who host a Fediverse server, this might be worth reading:
github.com/mastodon/mastodon/d

It would really suck if fedi servers started getting taken offline because of the incompetence of the cyber-security community.

@realcaseyrollins #Soapbox is a #Cloudflare site that asks for money “to support our mission to make decentralized social media the new standard and protect users from the abuses of Big Tech.” Yikes. Cloudflare sites are the opposite of decentralized & they surreptitiously feed you (& your private DMs) to “Big Tech”. Thus @soapbox@gleasonator.com is not “sexy”. #hypocrisy

The fact that “torsocks lynx $onion_url” fails demonstrates torsocks is leaky, fragile, & circumventable. Whenever users use torsocks, it only replaces some system calls; it does not force the app to use the calls that it replaces. Yet when running “torsocks lynx -dump -nolist wtfismyip.com/json”, it works as expected 🤔 So is strictly a DNS leaker?

@bleakgrey, Is there an in-band way that users can report ?

By “in-band”, I mean an informal method using Tootle that’s conducive to “eating one’s own dog food” (so to speak) which has a remote chance of being noticed by Tootle devs. I don’t imagine that you would want your personal mentions to get polluted with bug reports.

Notice from the poll above MS is a non-starter for many.

BTW, thanks for creating Tootle- much appreciated!

Show thread

Apple tracks you, even if you don't have Apple devices

iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing.

scss.tcd.ie/doug.leith/apple_g

#privacy #iOS #apple #google #GAFAM

I never use scooter/bicycle rentals because they force you to run non-free s/w from Google Playstore. I brand that whole industry as privacy-naïve. Well now 120,000 passports, driver licenses, & other ID docs have been found online: flipboard.com/topic/asia/thous

I wonder how many users use the “encrypt-to” config option to encrypt all msgs to self so they have a readable copy of what was sent. And of those users how many forget they have that setting when they send a msg anonymously, not realizing the recipient can just run pgpdump to them.

Bad address: https://www.аррӏе.com/

Good address: apple.com/

See the difference?

Me neither. The first one is using Cyrillic charset, the 2nd one - regular Latin

So, how to avoid getting shagged by the Bad Guys?

Not sure about other browsers; in Firefox, you go to about:config, find the network.IDN_show_punycode option and set it to true. From now on, any URLs based on charsets other than Latin will be shown as hex codes.

You're welcome.

If you visit the homepage using a graphical browser over Tor, a blockade denies access. But if you run “torsocks lynx lynx.invisible-island.net/lynx suddenly your Tor IP becomes acceptible to their access rules. by

It’s somewhat of a show-stopper. The only thing worse than spam is ham getting spam treatment. Legit msgs should always be reachable.

Show thread

Another onionmail.info defect (I think): there is no way to access your spam folder. What happens when the server erroneously judges a msg to be spam? POP3 has no concept of folders… no way to access a spam folder. It’s a general blanket problem with all email providers but usually there’s at least a manual way to reach your spam folder. Not with .

Show thread

Anyone who uses .info: the server list shows all servers are 100%. That’s bogus. One of those nodes have been down for a week and the stats still show 100% availability.

Anyone notice problems with nodes in Germany lately? That’s where @torproject lives so I’m surprised the nodes there are having reliability issues.

If more people would take a stand against unreasonable demands from privacy abusing walled gardens, the unreasonable demands would suddenly become less profitable & thus less prevalent.

Show thread

I’m glad Twitter got fined, but the Twitter users who just disclose their phone number on request to a tech giant also deserve what they got. Yes, I’m blaming the victims. () Fuck Twitter, and fuck the victims for trusting Twitter with a mobile phone number.

Show thread
Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.