• 1 Post
  • 15 Comments
Joined 1 year ago
cake
Cake day: July 23rd, 2023

help-circle
  • emphasis mine:

    Anti-nuclear is like anti-GMO and anti-vax: pure ignorance, and fear of that which they don’t understand.

    First of all anti- #GMO stances are often derived from anti-Bayer-Monsanto stances. There is no transparency about whether Monsanto is in the supply chain of any given thing you buy, so boycotting GMO is as accurate as ethical consumers can get to boycotting Monsanto. It would either require pure ignorance or distaste for humanity to support that company with its pernicious history and intent to eventually take control over the world’s food supply.

    Then there’s the anti-GMO-tech camp (which is what you had in mind). You have people who are anti-all-GMO and those who are anti-risky-GMO. It’s pure technological ignorance to regard all GMO equally safe or equally unsafe. GMO is an umbrella of many techniques. Some of those techniques are as low risk as cross-breeding in ways that can happens in nature. Other invasive techniques are extremely risky & experimental. You’re wiser if you separate the different GMO techniques and accept the low risk ones while condemning the foolishly risky approaches at the hands of a profit-driven corporation taking every shortcut they can get away with.

    So in short:

    • Boycott all U.S.-sourced GMO if you’re an ethical consumer. (note the EU produces GMO without Monsanto)
    • Boycott just high-risk GMO techniques if you’re unethical but at least wise about the risks. (note this is somewhat impractical because you don’t have the transparency of knowing what technique was used)
    • Boycott no GMO at all if you’re ignorant about risks & simultaneously unethical.



  • It’s not a matter of quick learning. If that were the case, GUI is a clear winner. It takes more time to learn a text-driven UI. But the learning curve pays off. You invest more time learning but the reward is reaching a point where you’re much faster than a mouse allows. I started off using gnusocial from a browser then transitioned to #bitlbee, after which I could search, read, and react faster than in the GUI. Same for Mastdon. Sometimes I’m forced into the Mastodon GUI because of something being unimplemented, in which case the loss of speed is apparent. Just like in the 90s, the keyboard is still faster than the mouse.

    BTW, I used a DVORAK keyboard for years. I never measured my speed difference but I think it slowed me down overall because there were moments where the brain would drift into QWERTY mode (and vice versa on a QWERTY keyboard), and the speed difference w/out drifting seemed negligible so I ultimately settled back on a QWERTY keyboard.




  • diyrebel@lemmy.dbzer0.comOPtoAsklemmy@lemmy.mlNo Debian Lemmy clients yet?
    link
    fedilink
    arrow-up
    2
    arrow-down
    11
    ·
    edit-2
    1 year ago

    I have had no choice but to try Firefox because (for years) #Lemmy has been wholly broken on Ungoogled Chromium. And for me the FF-Lemmy UX is terrible.

    Younger generations have no baseline for comparison because they were raised in GUI browsers. My baseline is IRC, gopher, usenet, emacs, lynx, mutt, bitlbee, toot (TUI + CLI), gnu screen, & piles of scripts on 15+ y.o. hardware, etc. So [bart simpson’s grandpa’s voice] all you young whipper-snappers chained to your GUIs with JavaScript, mice, labor-intensive clicking around have a very different reality and baseline of what’s good. Us older folks struggle to find tools that don’t rely on a mouse & which avoid all the #darkPatterns & bugginess of the modern day web.

    (edit) and wtf there are apparently several phone apps for the fedi. I just don’t get how people can like the small screens, small keyboards, and speech-to-text that causes embarrassments.

    The bigger problem is not even the mouse-dependent UI… it’s that browser clients have no practical HDD access apart from cookie storage. Rightly so, but I should have a local copy of things I write because my hard drive has better uptime & availability than any cloud service could have. When censorship strikes msgs are destroyed without backups. And (at least in the case of Mastodon), even the admins cannot recover posts they’ve deleted even if they want to. Wholly trusting a server to keep your records is a bad idea. So a browser can never by suitable for blogging/microblogging, at least certainly not without an archive download option that can be triggered by a cron job.



  • You don’t see the wall because you’re in the included group. Unlike Facebook, Cloudflare hides the wall from those they welcome into their garden. If you click on the screenshot on the OP, you can see what the barrier looks like to those of us who are in the excluded group.

    Otherwise I hope you’re not viewing the world through a simplistic “good guys” / “bad guys” lens s.t. those you deem forces of good surely could not be a “walled garden”. The term serves well w.r.t. places where content is published. Restricted access venues: (Facebook, Cloudflare [with restricted access enabled], LinkedIn, Yelp, Quora,…) are not open access. They are walled gardens.

    While #Signal is in fact technically a walled garden, it’s bizarre to bring it up simply because it’s a p2p platform with no public content to speak of. The term doesn’t really serve us well in a discussion of p2p private chat platforms. Although it’s important to recognize Signal:

    • takes an extremely protectionist stance,
    • deploys tactics to push Signal users into Google’s walled garden,
    • threatens lawsuits against projects who attempt to use the same platform (#LibreSignal),
    • excludes people without mobile phones,
    • and is outspokenly hostile toward the idea of federations

    See https://github.com/privacytools/privacytools.io/issues/779

    The exclusivity of Signal’s design and decision making & careless marginalization of classes of people is comparable to that of orgs like Cloudflare & Microsoft.

    A Cloudflare host can leave the walled garden, but steps are needed

    It is possible to configure a CF host with unrestricted access, in which case you could argue those particular sites are not in the walled garden, but that’s relatively rare. And it still requires a hell of a lot of hand-waving on your part because CF algos still override the user settings in some instances.


  • Im glad we agree. Because its the entire point. You are nitpicking where it suits you and thats not really honest conversation.Tor browser isnt the only way to access tor

    TLS is useful very specifically in the case of banking via Tor Browser, which is the most likely configuration the normal general public would use given the advice to access their bank over Tor.

    There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.

    I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.

    The point is, again, that Tor and specifically exit nodes are more hostile than normal ISP relays.

    And again, those hostile nodes get less info than ISPs. They have to work harder to reach the level of exposure that your ISP has both technical and legal privilege to exploit.

    Saying selling metatdata that is unencrypted is the same level of malicious as a nation state going after you (life and death) or having your identity or bank account stolen is clearly pretty naive.

    Wow did you ever get twisted. You forgot that I excluded targeting by nation states from the threat model as you should. If someone has that in their threat model, they will know some guy in a forum saying “don’t use Tor for banking” is not on the same page, not aligned with their scenario, and not advising them. You don’t have to worry about Snowden blindly taking advice from you.

    It’s naive to assume your ISP is not collecting data on you and using it against you. It’s sensible to realize the risk of a honeypot tapping your bank account and getting away with it and regulation E protections failing is unlikely enough to be negligible.

    You still have to deal with getting your funds back and paying for stuff to live in the interim.

    If you’re in the US, you have ~2-3 bank accounts on avg, and 20 credit cards (US averages). Not to mention the unlikeliness of an account getting MitM compromised despite TLS in the 1st place. Cyber criminals choose the easier paths, just as 3 letter agencies do: they compromise the endpoint. Attacking the middle of a tunnel is very high effort & when it’s achieved they aren’t going to waste it on some avg joe’s small-time bank acct. At best you might have some low-tech attempts that result in no padlock on the user side. But I’ve never seen that in all my years of exclusively banking over Tor.

    Thats a bad assumption.

    Not in the slightest. Everyone is subject to mass surveillance & surveillance capitalism.

    MOST people arent really concerned with it in the western world.

    Most people don’t even have a threat model, or know what it is. But if you ask them how they would like it if their ISP told their debt collector where they bank so the debt collector can go do an unannounced legal money grab, you’ll quickly realize what would be in their threat model if they knew to build one. A lot of Corona Virus economic stimulus checks were grabbed faster than debtors even noticed the money arriving on their account.

    And thats not a Trump thing. its existed WAY before trump. Snowden showed that and it was Obama, not trump, that went after whistleblowers harder than any predecessor before them.

    You missed the source I gave. Obama banned the practice of ISPs selling customer data without their consent. Trump reversed that. That is wholly 100% on Trump. Biden did not overturn Trump, so if you want, you can put some of the fault on Biden.

    W.r.t history, echelon predates Snowden’s revelations and it was exposed to many by Nicky Hagar in the 80s or 90s. But this all a red herring because in the case at hand (banking customers accessing their acct), it’s the particular ISP role of mass surveillance that’s relevant, which Trump enabled. Or course there is plenty of other mass surveillance going on with banking, but all that is orthogonal to whether they use Tor or not. The role of Tor merely mitigates the ISP from tracking where they bank, and prevents banks from tracking where you physically are, both of which are useful protections.

    Further trying to make this about “party” sides is a bad idea. Its something all parties

    You can’t “both sides” this when it’s verifiable that Obama banned the practice and Trump overturned it. While Obama’s hands are dirty on a lot of things (e.g. Patriot Act continuity), it’s specifically Trump who flipped the switch to ISP overcollection. Citation needed if you don’t accept this.

    And there are some areas where straight access TOR is illegal and can get you in trouble.

    The general public knows your general advice to use/not use Tor is technical advice not legal advice, and also not specific to their particular jurisdiction.


  • That’s not a magic bullet for secuirty.

    It wasn’t presented as such. Good security comes in layers (“security in depth”). TLS serves users well but it’s not the only tool in the box.

    There are so many ways to exploit connections. Look at what happened here on lemmy with vulns leading to takeovers of instances with xss of session cookies.

    Tor Browser includes noscript which blocks XSS.

    The primary difference is your ISP is not generally actively hostile. They may want to sell metadata but they aren’t actively trying to exploit you.

    Selling your metadata is exploiting you. And this exploit happens lawfully under a still-existing Trump policy, so you have zero legal protections. Contrast that with crooks stealing money from your bank account, where, if it’s a US account, you have regulation E legal protections.

    If your ISP (or in some cases a nation state is your isp) is actively tracking you, then there are other alternatives that may be better.

    Different tools for different threat models. If you are actually targeted by a nation state, Tor alone is insufficient but it’s still in play in conjunction with other tech. But from context, you were giving general advice to the general public telling them not to use Tor for banking, thus targeting is not in the threat model. But mass surveillance IS (i.e. that of your ISP).

    But to answer my your question my thesis is tor is not necessarily a privacy panacea.

    Tor is an indispensable tool to streetwise users. Of course it is a tool among other tools & techniques.

    The threat model an American or European has is much different than someone from Vietnam or turkey or China, which is also much different than someone from the Nordic countries.

    Those threat models all have a common denominator: mass surveillance. It is safe to assume mass surveillance is in everyone’s threat model as a baseline. Of course there are a variety of other threats in each individual threat model for which you couldn’t necessarily anticipate.





  • Also. Those running an exit node can and do sniff traffic.

    Sure, but if you stop there with that statement you’re just FUD-scaring people from using the service that does more for their privacy than conventional direct clearnet usage. Every connection that matters uses TLS so the exit node honeypot only sees where the traffic is going, not what’s in the traffic and not where it comes from. IOW, the exit node knows much less than your ISP.

    It’s bad practice to login to stuff that’s important (like banking) over tor.

    It’s the other way around. You should insist on using Tor for banking. It’s a bad practice to let your ISP track where you do all your banking.

    Also, nation states can track you using a variety of techniques from fingerprinting to straight up working together to associate connection streams.

    And your thesis is what, that we should make snooping easier for them by not practicing sensible self-defense?

    A large number of tor nodes are run by alphabet agencies.

    Let them work for it - and let them give the Tor network more bandwidth in the process.