pound_heap

joined 2 years ago
[–] pound_heap@lemm.ee 5 points 4 days ago

And Mullvad is not in business if selling user profiles to advertisers, at least as far as we know

[–] pound_heap@lemm.ee 17 points 4 days ago (2 children)

Because the data used in browser fingerprinting is also used to render pages. Example: a site needs to know the size of browser window to properly fit all design elements.

[–] pound_heap@lemm.ee 5 points 6 days ago

No. I'm using Tor for Reddit all the time since they banned VPN. Reddit even has their .onion site

[–] pound_heap@lemm.ee -3 points 1 week ago

The title of this is a misleading simplification. $4.5 tn is not "Tax Giveaway to the Rich". It's a maximum cap on total tax cuts that could be in this budget. It is likely to include renewal of 2017 income tax cuts and increased child tax credit - both of these were popular and not just "for rich".

They may also raise SALT cap which benefits higher income people from states with high property taxes. Living in one myself, I can tell you that you don't need a mansion in a top school district to pay much more than $10k in property taxes. So this one is not just for billionaires for sure, but maybe from upper middle class.

There are promises Trump made to eliminate income taxes on tips and social security, which are obviously not beneficial only to rich. But I heard it would cost a lot, especially SS one. Not sure if $4.5tn is enough.

Unfortunately, it looks like proposed spending cuts to Medicaid and food stamps are favored by GOP and may be easy to pass, but they don't cover tax cuts by a big margin. So they can hurt people in need, and still have to balloon national debt even more.

[–] pound_heap@lemm.ee 3 points 1 week ago (1 children)

I think this should be baked into client apps.

The popular email analogy works here too. When you are setting up a new phone, you get a default email client app that offers you to log in or sign up to the default email service. And usually user can choose to log in with their service if choice, for which they have to sign up in advance outside the client app.

Having a default Fediverse client on new phones is not happening anytime soon, but if someone's mother installs a client app from the store link sent to them by a family member, she can get similar default onboarding experience.

Default instance can be picked by geo location, or maybe the less used out of 3 most popular instances. Or even maybe an instance ran by the client app developers.

[–] pound_heap@lemm.ee 2 points 1 week ago

FAKE NEWS!!! Why would you want to pull an ancient lever mechanism if you can do it in a few taps on the touch screen. Sure, unless you have a premium subscription, you'll have to watch a short video from our partners, tailored individually just for you.

[–] pound_heap@lemm.ee 0 points 2 months ago* (last edited 2 months ago) (2 children)

Well, luxury and rich are closely related terms, aren't they? I think what you described is a financial independence.

I'd add that if you can support your desired level of luxurity for yourself and your family without working anymore - that's being rich.

Edit: I misread the original question, which was asking about wealthy, not rich. Still, I think my answer applies

[–] pound_heap@lemm.ee 5 points 2 months ago

Social Security fund invested in government bonds, so the interest from that goes into the fund.

To be fair the budget deficit was there before Trump. His campaign promises are going to increase it, but they can offset that partially with spending cuts. Also, the government has been using money from the Social Security fund routinely, again nothing new under Trump. They just count it as an internal debt. According to Wikipedia, by 2022 it's been already about 20% of the fund "borrowed" by the government.

[–] pound_heap@lemm.ee 7 points 2 months ago* (last edited 2 months ago)

Apple does extensive audit of mobile apps, including limitations of tracking. So the app cannot spy on something you are not letting it to know. But you are giving it a bunch of info voluntarily.

I'd say using that app on iOS is similar to making a food delivery order using a loyalty member ID. Basically, you are letting the company (McDonald's) know who you are, what is your phone number, where do you live, and what do you like to eat. And if they wish to, they could use all that to purchase your profile from a data brocker. Or they can sell that info for a few cents to make up on that discount.

[–] pound_heap@lemm.ee 3 points 2 months ago

Almost recovered from severe strain of calfs - stupid me tried out a new running gait, landing on front of my soles, and doing this with a quite high pace for me. Also got some gastro issues over the week.

I hope to do a baby run today, though, taking it easy.

[–] pound_heap@lemm.ee 11 points 3 months ago (1 children)

Private transactions, despite what people here are saying. Let me explain:

  1. Privacy is not equal to anonymity. The latter is much harder to achieve.

  2. There is Monero, a crypto made specifically for anonymity. It's not very convenient to use, but it is preserving anonymity with multiple measures.

  3. Even Bitcoin, which is not built for that purpose, is private enough. It depends on how you use it.

  4. Deanonimization in general happens when you link your transaction with personal identifying information, but you can reduce your exposure by following certain opsec rules. I see this situation is better than traditional banking where your transactions are always not anonymous, and privacy is only protected by the bank itself. Data leaks happen, governments can get to your transaction info via legal means, but with crypto you have more options to protect yourself.

[–] pound_heap@lemm.ee 0 points 3 months ago (1 children)

Wrong guess. There is Germany on the list

 

Hey privacy community! A few weeks back I've seen an article posted here or in some other tech community about TSA rolling out biometric ID process in some US airports, that involved taking a face scan.

I had an international flight planned and I wouldn't want to go through biometric ID, but I was anxious of potential delay and having to explain myself to TSA agents. I also convinced my wife to opt out, which could potentially double the delay.

So for the folks who may have the same concerns, I'd like to share my experience.

I went on my flight a few days back from Newark International Airport (EWR). We went through security check in new Terminal A. At the beginning of the security line there were a few clearly visible posters about biometric ID with opt out information. To opt out you just need to tell TSA agent that you don't want your photo to be taken. The poster also says that you will not lose your place in line if you opt out. Same posters are on each agent desk.

The scanning machine is on every agent's desk, next to the opt out posters. It has a screen, about 8", with something that looks like a set of stereo lenses on top of it. The screen shows the live feed of the person in front of it during scanning process, with a template of a face that helps to properly position it. The scanning process seems to be very quick.

Now, for the opt out - it is indeed as easy and seamless as they claim. I asked the agent to not take my picture, he just said OK and asked me for my passport. The scanning machine didn't turn on. He scanned my passport and gave it back, and I was done, no questions asked.

Actually, I noticed that people who had their faces scanned also had to hand passports over. So they had to spend more time with the agent than I. I assume because it was their first time through this biometric collection and next time they just scan their face again and that's it.

And while I was pleased how easy it was for me and my family to opt out of this, in my opinion, completely unnecessary privacy invasion, I have not observed any other person (out of maybe 100 who passed before me) who did the same. Unfortunately, we know here how easily and thoughtless people give away yet another piece of their personal data. In this case, the data that can be used next time to ID people via video surveillance without any consent.

 

Hey all,

I've been using a commercial VPN for years on my mobile devices and home PCs. Recently I've started to use Tailscale and realized I can easily create a self-hosted VPN on a cheap VPS with unlimited traffic.

But I'm not really sure if that's what I need. BTW, I'm not doing anything dangerous, no torrents, no illegal stuff, no journalism or whistleblowing, not even looking up abortion clinics. I just hate mass surveillance and I don't want to be constantly profiled.

Commercial VPN allows to "hide in a crowd" by sharing IP with thousands of other clients. But there are a few issues:

  1. Often sites blacklist VPN IPs, so I can't get in or pass captcha
  2. Performance is not very good
  3. I have to trust VPN to not keep the logs and not sell data. I used Mullvad and they are considered reliable, but you never know until it's too late

With self-hosted VPN, I'm losing benefit of "hiding in crowd" as my VPN will be used only by me and maybe a couple of other people. My understanding is that my VPS outgoing traffic is from static server IP. So if I login to Facebook once, the address is associated with me. I'll also have to trust VPS provider to not analyze my traffic and sell it. On other hand, I'm still protected from my ISP spying, from exposing my real IP address to web sites, from dangers of public WiFi networks. And I might get better performance for about the same price.

What's your take on VPNs? Tell me if you are using self-hosted VPN and why.

 

Hi! I'm seeking some advice and sanity check on hopping from Ubuntu to Fedora on my personal PC. I've been using Ubuntu LTS for almost two years now, switched from Windows and never looked back. But I cannot say I know Linux well. I use my PC for browsing, some gaming with Steam (I have AMD GPU), occasional video editing, tinkering with some self-hosted stuff that is on separate hardware.

I don't like the way Ubuntu is moving with snaps. And LTS version falls behind too much. So I decided to move to Fedora.

My plan is simple:

  1. I will install Fedora on a fresh nvme drive. I want disk encryption, so I'm going to have LUKS over btrfs for /home, and the root will remain unencrypted.
  2. I will copy all files from old /home to new /home, with the exception of dot-files.
  3. I plan to make use of flatpaks, so I don't think configuration for my apps is easily transferable. I'll have to install and configure apps from scratch, unless I'll have to use an RPM package.

Does all of this make sense? Is there a way to simplify app re-configuration in my case?

And as I never used Fedora extensively (booting from live image doesn't count), are there any caveats I should be aware of?

 

Hey,

In the past I used Duolingo to study languages, but now I'm more privacy-conscious and looking for better options. And their recent data breach only solidified that intention.

I recently saw someone posted a comparison table for privacy policies of Duolingo and a number of competing products. Unfortunately I cannot find it now.

Can you give any suggestions? I'm not opposed to paid services, btw

 

Hey all,

I'm looking for something that can track location of my preschooler who starts new school soon. He's too young to get a smartphone, so I have to rule out app based solutions I guess.

My initial research found virtually nothing. One candidate is GeoZilla, which sells nice devices and their pivacy policy looks okayish regarding location data, but it still relies on their servers of course. Another option would be an iWatch, which again puts trust into 3rd party, and the device is quite expensive for a small kid.

Any privacy-oriented trackers out there that I'm missing. Maybe there are some smartphone alternatives that can have cell connectivity and GPS and apps installed, but with much simpler interface?

Update: Thanks everyone! I got GeoZilla tag for now. The app doesn't require personal information, which is good. However, it's annoyingly reminds to enable location for itself to track "me", which I don't need at all. Garmin came as a strong second, mainly due to my child age. Garmin devices are not for very young kids, I believe. And it costs more than GeoZilla. I still have some time to think if I really want this, though. It's not too late to return GeoZilla tag

 

Might be old news for some... TLDR: Some big online tax prep sites have tracker pixels from Meta and Google, which collect things like income, filing status, tax credits, etc.

Original congressional report file

view more: next ›