Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Inspect Your Gadgets > Privacy, security, and keeping yourself from being The Product
 
  • Post
  • Reply
BlankSystemDaemon
Mar 13, 2009

Powered Descent posted:

As for syncing, Mozilla claims Firefox Sync is designed in such a way that their servers never see the un-encrypted data and the password never goes beyond your own device(s): https://hacks.mozilla.org/2018/11/firefox-sync-privacy/. If you're conducting international espionage or something, you probably wouldn't want to trust this tool implicitly. But for an ordinary Internet user trying to cultivate a healthy general-purpose paranoia, it's probably fine.
If you're worried about syncing, there's the option of running your own syncserver, which can use either the old token and storage servers, or new ones written in rust.
I assume they're still working on rewriting the syncserver in rust too, because it uses a version of Python that's now EOL.

For what it's worth, this (along with the account server which is also being rewritten in rust), is what Mozilla uses to host their services.

* # ¿ Feb 20, 2021 19:12
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 26, 2024 06:02
  • Quote
BlankSystemDaemon
Mar 13, 2009

Insanite posted:

I think that you're going to find "you're probably safest hosting your own <thing>" is going to be the solution to a lot of problems in this area--assuming you develop a healthy paranoia, anyway. :tinfoil:
That's almost invariably true, but the main issue is that for a lot of these things, it's setup and configuration hasn't really been run past anyone but the people who set it up first time around, so it usually involves a lot of arcane wizardry that comes about when someone designs something by themselves, or in some cases, when there's one main person in charge of the design, and it's ultimately up to their approval if things get in.

* # ¿ Feb 21, 2021 22:23
  • Quote
BlankSystemDaemon
Mar 13, 2009



 I highly encourage everyone to read the study that underpins the wired article, it's fascinating reading.

Plus, the URI is very old-school cool. :3:

* # ¿ May 15, 2022 13:59
  • Quote
BlankSystemDaemon
Mar 13, 2009



 According to the specifications and various implementations, getting an NXDOMAIN on a query means that query won't be attempted again (until a timeout has passed, at any rate).
This has pretty profound implications when doing blocklists, and is what makes it advantageous to use unbound/nsd/bind instead of simply modifying a hosts file to resolve addresses to 0.0.0.0.

Another advantage of unbound/nsd/bind is that if you're tunneling your traffic from your mobile device to your home network, it also gets to avoid all of the ads without paying for it.

I'm pretty sure this isn't exclusive to FreeBSD, if you avoid following the FreeBSD-exclusive steps.

* # ¿ Jun 17, 2022 10:48
  • Quote
BlankSystemDaemon
Mar 13, 2009

Powered Descent posted:

That's not entirely true. A year ago it came out that they had handed over user IP addresses to the cops. Here's my writeup (and my hot take) when it happened, from the Infosec thread:

Despite this, I do still trust Proton. They could have been more transparent about what was going on, but from a technical perspective, it's hard to see what else they could have done.
I mean, it's not as if anyone else can do any better if they're in any jurisdiction where the laws let active investigations nullify all privacy concerns, - and that, I'm pretty sure, is true for all countries where goons live.
There's precious few places where that isn't the case; Seychelles used to have no laws on this kind of thing but implemented them when they found out they were harbouring all manner of criminals in datacenters, and it's probable that any existing country without similar laws will be under significant pressure from their trade partners to implement them.

In any country where such laws exist, the service providers need to keep logs to protect their own asses, as if they don't they'll be on the hook for whatever criminality their servers are being used to commit - which is ultimately why any privacy provider promising to not keep logs is probably not telling the truth or not all of it.

* # ¿ Sep 2, 2022 21:31
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Inspect Your Gadgets > Privacy, security, and keeping yourself from being The Product